Public bug reported:
[ Impact ]
The new apparmor profile for esm-cache.service has sub profiles for
subprocesses and some of them were incomplete, resulting in the
following apparmor DENIED messages in the following situations:
On xenial, after a `pro attach`:
2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED begin
2024-05-21 15:22:29,438:WARNING:root:May 21 19:20:58
upro-behave-xenial-system-under-test-0521-151920682865 kernel: [ 63.187079]
audit: type=1400 audit(1716319258.652:25): apparmor="DENIED" operation="ptrace"
profile="ubuntu_pro_esm_cache_systemd_detect_virt" pid=3582
comm="systemd-detect-" requested_mask="trace" denied_mask="trace"
peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253406] audit: type=1400 audit(1716319259.720:26):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253671] audit: type=1400 audit(1716319259.720:27):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253817] audit: type=1400 audit(1716319259.720:28):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253952] audit: type=1400 audit(1716319259.720:29):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254086] audit: type=1400 audit(1716319259.720:30):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254247] audit: type=1400 audit(1716319259.720:31):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254406] audit: type=1400 audit(1716319259.720:32):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254537] audit: type=1400 audit(1716319259.720:33):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254665] audit: type=1400 audit(1716319259.720:34):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED end
On focal, after a `pro attach`:
2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED begin
2024-05-21 15:25:25,975:WARNING:root:May 21 19:24:33
upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400
audit(1716319473.279:43): apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache_systemd_detect_virt"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3114 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:44): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:45): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:46): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:47): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:48): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.553:49): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemd_detect_virt"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3322 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.709:50): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.713:51): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:52): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:53): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:54): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED end
[ Test Plan ]
These were caught by the automated verification tests for v32.1 in
-proposed. If all of the automated verification tests pass for the
version with this fix (32.2), then that will be considered a
verification for this bug as well.
The specific tests that found this issue can be run with the following
command:
tox run -e behave -- -D install_from=proposed
features/attach_validtoken.feature:194
features/attach_validtoken.feature:196
[ Where problems could occur ]
The fix edits the template for the ubuntu_pro_esm_cache apparmor
profile. If mistakes were made, it may cause new apparmor denials or
other related issues, ultimately meaning esm-cache.service wouldn't run
properly, preventing esm update notifications from being displayed on
unattached machines.
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
[ Impact ]
The new apparmor profile for esm-cache.service has sub profiles for
subprocesses and some of them were incomplete, resulting in the
following apparmor DENIED messages in the following situations:
-
On xenial, after a `pro attach`:
- 2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED begin
- 2024-05-21 15:22:29,438:WARNING:root:May 21 19:20:58
upro-behave-xenial-system-under-test-0521-151920682865 kernel: [ 63.187079]
audit: type=1400 audit(1716319258.652:25): apparmor="DENIED" operation="ptrace"
profile="ubuntu_pro_esm_cache_systemd_detect_virt" pid=3582
comm="systemd-detect-" requested_mask="trace" denied_mask="trace"
peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253406] audit: type=1400 audit(1716319259.720:26):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253671] audit: type=1400 audit(1716319259.720:27):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253817] audit: type=1400 audit(1716319259.720:28):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253952] audit: type=1400 audit(1716319259.720:29):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254086] audit: type=1400 audit(1716319259.720:30):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254247] audit: type=1400 audit(1716319259.720:31):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254406] audit: type=1400 audit(1716319259.720:32):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254537] audit: type=1400 audit(1716319259.720:33):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254665] audit: type=1400 audit(1716319259.720:34):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
- 2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED end
-
+ 2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED begin
+ 2024-05-21 15:22:29,438:WARNING:root:May 21 19:20:58
upro-behave-xenial-system-under-test-0521-151920682865 kernel: [ 63.187079]
audit: type=1400 audit(1716319258.652:25): apparmor="DENIED" operation="ptrace"
profile="ubuntu_pro_esm_cache_systemd_detect_virt" pid=3582
comm="systemd-detect-" requested_mask="trace" denied_mask="trace"
peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253406] audit: type=1400 audit(1716319259.720:26):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253671] audit: type=1400 audit(1716319259.720:27):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253817] audit: type=1400 audit(1716319259.720:28):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.253952] audit: type=1400 audit(1716319259.720:29):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254086] audit: type=1400 audit(1716319259.720:30):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254247] audit: type=1400 audit(1716319259.720:31):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254406] audit: type=1400 audit(1716319259.720:32):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254537] audit: type=1400 audit(1716319259.720:33):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865
kernel: [ 64.254665] audit: type=1400 audit(1716319259.720:34):
apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps"
pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
+ 2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED end
On focal, after a `pro attach`:
- 2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED begin
- 2024-05-21 15:25:25,975:WARNING:root:May 21 19:24:33
upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400
audit(1716319473.279:43): apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache_systemd_detect_virt"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3114 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
- May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:44): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:45): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:46): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:47): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:48): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.553:49): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemd_detect_virt"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3322 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
- May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.709:50): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.713:51): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:52): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:53): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
- May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:54): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- 2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED end
-
+ 2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED begin
+ 2024-05-21 15:25:25,975:WARNING:root:May 21 19:24:33
upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400
audit(1716319473.279:43): apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache_systemd_detect_virt"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3114 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
+ May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:44): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:45): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:46): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:47): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319473.447:48): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.553:49): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemd_detect_virt"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3322 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
+ May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.709:50): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.713:51): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:52): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:53): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl"
name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
+ May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502
kernel: audit: type=1400 audit(1716319484.717:54): apparmor="DENIED"
operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched"
pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ 2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED end
[ Test Plan ]
These were caught by the automated verification tests for v32.1 in
-proposed. If all of the automated verification tests pass for the
version with this fix (32.2), then that will be considered a
verification for this bug as well.
+ The specific tests that found this issue can be run with the following
+ command:
+
+ tox run -e behave -- -D install_from=proposed
+ features/attach_validtoken.feature:194
+ features/attach_validtoken.feature:196
+
[ Where problems could occur ]
The fix edits the template for the ubuntu_pro_esm_cache apparmor
profile. If mistakes were made, it may cause new apparmor denials or
other related issues, ultimately meaning esm-cache.service wouldn't run
properly, preventing esm update notifications from being displayed on
unattached machines.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2066929
Title:
32.1 in -proposed causes new apparmor denials
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2066929/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
