[Touch-packages] [Bug 2121248] [NEW] DENIED messages attributable to systemd-detect-virt profile appearing in AppArmor logs on Questing machines

Fri, 22 Aug 2025 12:00:38 -0700 

Public bug reported:

CPC's daily image testing has detected DENIED messages in the AppArmor
logs of Questing machines. The messages first appeared on machines
launched from the 20250808 serial, which was the first serial to carry
version 5.0.0~alpha1-0ubuntu1 of apparmor. The messages are attributable
to the systemd-detect-virt profile, which was added to apparmor in the
aforementioned version.

The following is the complete collection of systemd-detect-virt DENIED
messages from one of the machines:

```
Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.869:193): apparmor="DENIED" operation="capable" class="cap" 
profile="systemd-detect-virt" pid=1003 comm="systemd-detect-" capability=12  
capname="net_admin"
Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.869:194): apparmor="DENIED" operation="sendmsg" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="run/systemd/journal/socket" pid=1003 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.869:195): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1003 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.889:196): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1003 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.889:197): apparmor="DENIED" operation="sendmsg" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="run/systemd/notify" pid=1003 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 20 21:38:58 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725938.996:198): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1056 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=105 ouid=0
Aug 20 21:38:58 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725938.996:199): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1056 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=105 ouid=0
Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.369:202): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.398:203): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.398:204): apparmor="DENIED" operation="capable" class="cap" 
profile="systemd-detect-virt" pid=1152 comm="systemd-detect-" capability=12  
capname="net_admin"
Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.398:205): apparmor="DENIED" operation="sendmsg" class="file" 
profile="systemd-detect-virt" name="/run/systemd/notify" pid=1152 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:206): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1200 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:207): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1200 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:208): apparmor="DENIED" operation="capable" class="cap" 
profile="systemd-detect-virt" pid=1200 comm="systemd-detect-" capability=12  
capname="net_admin"
Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:209): apparmor="DENIED" operation="sendmsg" class="file" 
profile="systemd-detect-virt" name="/run/systemd/notify" pid=1200 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.150:210): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1201 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.150:211): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1201 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:39:16 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725956.433:220): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1687 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 20 21:39:16 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725956.433:221): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1687 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Aug 20 21:40:01 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726001.340:222): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2135 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:40:01 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726001.340:223): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2135 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:40:02 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726002.082:224): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 20 21:40:02 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726002.082:225): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2121248

Title:
  DENIED messages attributable to systemd-detect-virt profile appearing
  in AppArmor logs on Questing machines

Status in apparmor package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  CPC's daily image testing has detected DENIED messages in the AppArmor
  logs of Questing machines. The messages first appeared on machines
  launched from the 20250808 serial, which was the first serial to carry
  version 5.0.0~alpha1-0ubuntu1 of apparmor. The messages are
  attributable to the systemd-detect-virt profile, which was added to
  apparmor in the aforementioned version.

  The following is the complete collection of systemd-detect-virt DENIED
  messages from one of the machines:

  ```
  Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.869:193): apparmor="DENIED" operation="capable" class="cap" 
profile="systemd-detect-virt" pid=1003 comm="systemd-detect-" capability=12  
capname="net_admin"
  Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.869:194): apparmor="DENIED" operation="sendmsg" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="run/systemd/journal/socket" pid=1003 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.869:195): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1003 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.889:196): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1003 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:38:57 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725937.889:197): apparmor="DENIED" operation="sendmsg" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="run/systemd/notify" pid=1003 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Aug 20 21:38:58 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725938.996:198): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1056 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=105 ouid=0
  Aug 20 21:38:58 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725938.996:199): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1056 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=105 ouid=0
  Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.369:202): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.398:203): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.398:204): apparmor="DENIED" operation="capable" class="cap" 
profile="systemd-detect-virt" pid=1152 comm="systemd-detect-" capability=12  
capname="net_admin"
  Aug 20 21:39:04 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725944.398:205): apparmor="DENIED" operation="sendmsg" class="file" 
profile="systemd-detect-virt" name="/run/systemd/notify" pid=1152 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:206): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1200 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:207): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1200 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:208): apparmor="DENIED" operation="capable" class="cap" 
profile="systemd-detect-virt" pid=1200 comm="systemd-detect-" capability=12  
capname="net_admin"
  Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.100:209): apparmor="DENIED" operation="sendmsg" class="file" 
profile="systemd-detect-virt" name="/run/systemd/notify" pid=1200 
comm="systemd-detect-" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
  Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.150:210): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1201 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:39:05 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725945.150:211): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1201 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:39:16 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725956.433:220): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1687 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Aug 20 21:39:16 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755725956.433:221): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=1687 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Aug 20 21:40:01 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726001.340:222): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2135 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:40:01 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726001.340:223): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2135 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:40:02 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726002.082:224): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Aug 20 21:40:02 alan-questing-base-mwnssgzfkn kernel: audit: type=1400 
audit(1755726002.082:225): apparmor="DENIED" operation="getattr" class="file" 
info="Failed name lookup - disconnected path" error=-13 
profile="systemd-detect-virt" name="" pid=2152 comm="systemd-detect-" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121248/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to