Test stuck here:
4 0 356 1 20 0 2888 1716 - Ss hvc1 0:00 /bin/sh
1 0 3081 356 20 0 2888 140 - S+ hvc1 0:00 \_
/bin/sh
4 0 3082 3081 20 0 10192 4268 - S+ hvc1 0:00
\_ su -s /bin/bash ubuntu -c set -e; export USER=`id -nu`; . /etc/profile
>/dev/null 2>&1 || true; . ~/.profile >/dev/null 2>&1 || true;
buildtree="/tmp/autopkgtest.y9SOlW/build.P79/src"; mkdir -
4 1000 3091 3082 20 0 7892 3844 do_wai Ss ? 0:00
\_ bash -c set -e; export USER=`id -nu`; . /etc/profile >/dev/null 2>&1 ||
true; . ~/.profile >/dev/null 2>&1 || true;
buildtree="/tmp/autopkgtest.y9SOlW/build.P79/src"; mkdir -p -m 1777 -- "
0 1000 3099 3091 20 0 2888 1000 do_wai S ? 0:00
\_ /bin/sh /tmp/autopkgtest.y9SOlW/build.P79/src/debian/tests/run-tests
1 1000 3100 3099 20 0 7892 1756 do_wai S ? 0:00
\_ bash -c set -e; export USER=`id -nu`; . /etc/profile >/dev/null
2>&1 || true; . ~/.profile >/dev/null 2>&1 || true;
buildtree="/tmp/autopkgtest.y9SOlW/build.P79/src"; mkdir -p -m 1
0 1000 3104 3100 20 0 6192 1024 pipe_r S ? 0:00
| \_ tee -a /tmp/autopkgtest.y9SOlW/run-tests-stderr
1 1000 3101 3099 20 0 7892 1672 do_wai S ? 0:00
\_ bash -c set -e; export USER=`id -nu`; . /etc/profile >/dev/null
2>&1 || true; . ~/.profile >/dev/null 2>&1 || true;
buildtree="/tmp/autopkgtest.y9SOlW/build.P79/src"; mkdir -p -m 1
0 1000 3103 3101 20 0 6192 1016 pipe_r S ? 0:00
| \_ tee -a /tmp/autopkgtest.y9SOlW/run-tests-stdout
0 1000 6038 3099 20 0 6676 2484 do_wai S ? 0:00
\_ make -j4 check VERBOSE=1
0 1000 6039 6038 20 0 7760 3388 do_wai S ? 0:00
\_ /bin/bash -c fail=; \ if (target_option=k; case
${target_option-} in ?) ;; *) echo "am__make_running_with_option: internal
error: invalid" "target option '${target_option-}' spe
1 1000 7081 6039 20 0 7760 1988 do_wai S ? 0:00
\_ /bin/bash -c fail=; \ if (target_option=k; case
${target_option-} in ?) ;; *) echo "am__make_running_with_option: internal
error: invalid" "target option '${target_option-}'
0 1000 7082 7081 20 0 6684 2676 do_wai S ? 0:00
\_ make check
0 1000 7086 7082 20 0 6684 2696 do_wai S ? 0:00
\_ make check-TESTS
0 1000 7094 7086 20 0 7760 3344 do_wai S ? 0:00
\_ /bin/bash -c set +e;
bases='test_vtpm_proxy.log test_tpm2_vtpm_proxy.log test_ctrlchannel2.log
test_ctrlchannel4.log test_tpm2_ctrlchannel2.log test_commandline.
0 1000 7103 7094 20 0 6908 2892 do_wai S ? 0:00
\_ make test-suite.log
TEST_LOGS=test_vtpm_proxy.log test_tpm2_vtpm_proxy.log test_ctrlchannel2.log
test_ctrlchannel4.log test_tpm2_ctrlchannel2.log test_comman
0 1000 7141 7103 20 0 7764 3264 do_wai S ? 0:00
\_ /bin/bash ../test-driver --test-name
test_commandline --log-file test_commandline.log --trs-file
test_commandline.trs --color-tests no --enable-hard-erro
0 1000 7163 7141 20 0 8160 4012 pipe_r S ? 0:00
| \_ bash ./test_commandline
0 1000 7613 7163 20 0 17092 9184 skb_wa S ? 0:00
| \_ python3
/tmp/autopkgtest.y9SOlW/build.P79/src/tests/test_clientfds.py
0 1000 7626 7613 20 0 8532 2348 do_pol S ? 0:00
| \_ /usr/bin/swtpm socket
--fd=3 --ctrl type=unixio,clientfd=5 --pid file=/tmp/tmp.jkBt3n3qVc/swtpm.pid
--tpmstate dir=/tmp/tmp.jkBt3n3qVc --secc
0 1000 7406 7103 20 0 7764 3268 do_wai S ? 0:00
\_ /bin/bash ../test-driver --test-name
test_ctrlchannel3 --log-file test_ctrlchannel3.log --trs-file
test_ctrlchannel3.trs --color-tests no --enable-hard-e
0 1000 7425 7406 20 0 8168 3940 pipe_r S ? 0:00
\_ bash ./test_ctrlchannel3
0 1000 7444 7425 20 0 9220 6640 do_pol S ? 0:00
\_ /usr/bin/swtpm socket --flags
not-need-init --ctrl type=unixio,path=/tmp/tmp.6u48xQf27g/sock --tpmstate
dir=/tmp/tmp.6u48xQf27g -t --pid file=/tm
0 1000 7486 7425 20 0 17092 9252 skb_wa S ? 0:00
\_ python3
/tmp/autopkgtest.y9SOlW/build.P79/src/tests/test_setdatafd.py
Related denies:
[ 94.237953] audit: type=1400 audit(1647945881.998:14): apparmor="DENIED"
operation="sendmsg" profile="swtpm" pid=7444 comm="swtpm" family="unix"
sock_type="dgram" protocol=0 requested_mask="send" denied_mask="send" addr=none
peer_addr=none peer="unconfined"
[ 96.248392] audit: type=1400 audit(1647945884.006:15): apparmor="DENIED"
operation="sendmsg" profile="swtpm" pid=7626 comm="swtpm" family="unix"
sock_type="dgram" protocol=0 requested_mask="send" denied_mask="send" addr=none
peer_addr=none peer="unconfined"
Repro:
SWTPM_EXE=/usr/bin/swtpm SWTPM_IOCTL=swtpm_ioctl SWTPM_BIOS=swtpm_bios
SWTPM_SETUP=swtpm_setup SWTPM_CERT=swtpm_cert SWTPM_TEST_SECCOMP_OPT="--seccomp
action=none" make -j4 check VERBOSE=1
The rule we need for that is:
unix (send) type=dgram addr=none peer=(addr=none),
With that things pass locally, building in PPA for a cross-arch retest
on autopkgtest infrastructure
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950631
Title:
[FFe] wrap swtpm in an apparmor profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1950631/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
