AppArmor

  1. Bug #2023025
  2. Activity log

Activity log for bug #2023025

Date Who What changed Old value New value Message
2023-06-06 11:08:24 Michael Vogt bug added bug
2023-06-06 11:24:39 Michael Vogt description We see integration test failures on arch linux related to apparmor, e.g. https://github.com/snapcore/snapd/actions/runs/5186349409/jobs/9347774708?pr=12870 It looks like it's this rule: ``` mount options=(rw, rslave) /, ``` The error is the following: ``` ... 2023-06-06T08:59:58.6472304Z error: cannot perform the following tasks: 2023-06-06T08:59:58.6473193Z - Connect network-control-consumer:network-control to core:network-control (cannot setup profiles for snap "network-control-consumer": cannot load apparmor profiles: exit status 1 2023-06-06T08:59:58.6473774Z apparmor_parser output: 2023-06-06T08:59:58.6474032Z Encoding of mount rule failed 2023-06-06T08:59:58.6474551Z ERROR processing policydb rules for profile snap.network-control-consumer.cmd, failed to load 2023-06-06T08:59:58.6474944Z ) ... 2023-06-06T08:59:59.5091838Z + apparmor_parser --version 2023-06-06T08:59:59.5093210Z AppArmor parser version 3.1.4 ... ``` the profile is here: https://paste.ubuntu.com/p/fQ8bv6VvWG/ - and apparmor_parser --debug here https://paste.ubuntu.com/p/dvxX9Xd9yZ/ (but that does not give a failure oddly enough) This might be releated to https://bugs.launchpad.net/apparmor/+bug/1648245 We see integration test failures on arch linux related to apparmor, e.g. https://github.com/snapcore/snapd/actions/runs/5186349409/jobs/9347774708?pr=12870 It looks like it's this rule: ``` mount options=(rw, rslave) /, ``` The error is the following: ``` ... 2023-06-06T08:59:58.6472304Z error: cannot perform the following tasks: 2023-06-06T08:59:58.6473193Z - Connect network-control-consumer:network-control to core:network-control (cannot setup profiles for snap "network-control-consumer": cannot load apparmor profiles: exit status 1 2023-06-06T08:59:58.6473774Z apparmor_parser output: 2023-06-06T08:59:58.6474032Z Encoding of mount rule failed 2023-06-06T08:59:58.6474551Z ERROR processing policydb rules for profile snap.network-control-consumer.cmd, failed to load 2023-06-06T08:59:58.6474944Z ) ... 2023-06-06T08:59:59.5091838Z + apparmor_parser --version 2023-06-06T08:59:59.5093210Z AppArmor parser version 3.1.4 ... ``` the profile is here: https://paste.ubuntu.com/p/fQ8bv6VvWG/ - and apparmor_parser --debug here https://paste.ubuntu.com/p/dvxX9Xd9yZ/ (but that does not give a failure oddly enough) This might be releated to https://bugs.launchpad.net/apparmor/+bug/1648245 I created https://github.com/snapcore/snapd/pull/12871 to match the new behavior.
2023-06-27 11:01:22 Michael Vogt apparmor: status New Fix Released