Public bug reported:
* Canonical Public Cloud discovered that `chronyc -c sources` now fails with
`506 Cannot talk to daemon` with the latest kernels. We are seeing this in
linux-azure and linux-gcp kernels (6.8.0-1005.5)
* Disabling AppArmor (`sudo systemctl stop apparmor`) completely results in no
regression and `chronyc -c sources` returns as expected
* Disabling the apparmor profile for `chronyd` only results in no regression
and `chronyc -c sources` returns as expected
* There are zero entries in dmesg when this occurs
* There are zero entries in dmesg when this occurs if the apparmor profile for
`chronyd` is placed in complain mode instead of enforce mode
* We changed the time server from the internal GCP metadata.google.internal to
the ubuntu time server ntp.ubuntu.com with no change in behaviour
We also noted issues with DNS resolution in snaps like `google-cloud-cli` in
GCE images.
* Disabling apparmor completely for snaps too (`sudo systemctl stop
snapd.apparmor`) results in no regression and calling the snaps returns
as expected.
The same issues are present in azure kernel `linux-azure` `6.8.0-1005.5` and
the -proposed `6.8.0-25.25` generic kernel.
This is a release blocker for Noble release
** Affects: chrony (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: snapd (Ubuntu)
Importance: Undecided
Status: New
** Affects: chrony (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: snapd (Ubuntu Noble)
Importance: Undecided
Status: New
** Tags: block-proposed block-proposed-noble
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2061851
Title:
linux-gcp 6.8.0-1005.5 (+ others) Noble kernel regression iwth new
apparmor profiles/features
Status in chrony package in Ubuntu:
New
Status in linux package in Ubuntu:
New
Status in snapd package in Ubuntu:
New
Status in chrony source package in Noble:
New
Status in linux source package in Noble:
New
Status in snapd source package in Noble:
New
Bug description:
* Canonical Public Cloud discovered that `chronyc -c sources` now fails with
`506 Cannot talk to daemon` with the latest kernels. We are seeing this in
linux-azure and linux-gcp kernels (6.8.0-1005.5)
* Disabling AppArmor (`sudo systemctl stop apparmor`) completely results in
no regression and `chronyc -c sources` returns as expected
* Disabling the apparmor profile for `chronyd` only results in no regression
and `chronyc -c sources` returns as expected
* There are zero entries in dmesg when this occurs
* There are zero entries in dmesg when this occurs if the apparmor profile
for `chronyd` is placed in complain mode instead of enforce mode
* We changed the time server from the internal GCP metadata.google.internal
to the ubuntu time server ntp.ubuntu.com with no change in behaviour
We also noted issues with DNS resolution in snaps like `google-cloud-cli` in
GCE images.
* Disabling apparmor completely for snaps too (`sudo systemctl stop
snapd.apparmor`) results in no regression and calling the snaps
returns as expected.
The same issues are present in azure kernel `linux-azure` `6.8.0-1005.5` and
the -proposed `6.8.0-25.25` generic kernel.
This is a release blocker for Noble release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2061851/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
