Public bug reported:
Description:
Machine ID: 99134ead42e64d62a50817fb06051b4b
Issue: Livepatch failed with Could not retrieve client information
due to AppArmor blocking network access for snap.canonical-
livepatch.canonical-livepatch and snap.canonical-livepatch.canonical-
livepatchd. Fixed by adding network inet, network inet6, to these
profiles. Additionally, snap-update-ns.canonical-livepatch was denied
read access to /usr/local/, resolved by adding /usr/local/ r,.
Steps to Reproduce: Install canonical-livepatch on Ubuntu 24.04,
enable livepatch, and observe AppArmor denials in dmesg.
Resolution: Modified AppArmor profiles and cleared cache.
System: Ubuntu 24.04, kernel 6.11.0-26.26~24.04.1-generic, snapd
2.68.4, canonical-livepatch 10.10.3.
Attachments:
sudo dmesg | grep -i apparmor | grep -i livepatch (from before the fix,
if available)
sudo journalctl -u apparmor | grep -i livepatch
sudo canonical-livepatch status
/etc/apparmor.d/local/snap.canonical-livepatch.canonical-livepatch
/etc/apparmor.d/local/snap.canonical-livepatch.canonical-livepatchd
/etc/apparmor.d/local/snap-update-ns.canonical-livepatch
Suggested Fix: Update default AppArmor profiles to include network inet,
network inet6, for livepatch snaps and /usr/local/ r, for snap-update-
ns.canonical-livepatch.
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2113910
Title:
Canonical Livepatch AppArmor profiles block network access and
/usr/local/ read
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2113910/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
