$ apt policy apparmor
apparmor:
Installed: 4.1.0~beta5-0ubuntu14.1
Candidate: 4.1.0~beta5-0ubuntu14.1
Version table:
*** 4.1.0~beta5-0ubuntu14.1 100
100 http://archive.ubuntu.com/ubuntu plucky-proposed/main amd64 Packages
100 /var/lib/dpkg/status
4.1.0~beta5-0ubuntu14 500
500 http://archive.ubuntu.com/ubuntu plucky/main amd64 Packages
Launched "/usr/bin/sleep infinity" in another terminal to provide a
target process to ionice
`sudo iotop-c` is launched successfully
`sudo aa-status` shows an iotop-c profile loaded, and `ps -Zelf | grep
-F iotop-c` shows that iotop-c is being confined by an iotop-c profile
in enforce mode
ionice'ing the sleep process from be/4 to rt/3 completed successfully
Test plan verification considered successful
** Tags removed: verification-needed verification-needed-plucky
** Tags added: verification-done verification-done-plucky
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2107727
Title:
iotop-c: Call of nl_init fails due to insufficient rights
Status in apparmor package in Ubuntu:
Fix Released
Status in iotop-c package in Ubuntu:
Invalid
Status in apparmor source package in Plucky:
Fix Committed
Status in iotop-c source package in Plucky:
Invalid
Status in apparmor source package in Questing:
Fix Released
Status in iotop-c source package in Questing:
Invalid
Bug description:
[ Impact ]
iotop-c failed to launch at all due to permission denials in nl_init
and missing capabilities in the iotop-c profile. Even after granting
iotop-c the permissions required for nl_init to succeed, it was still
missing the permissions required to re-nice processes.
[ Test Plan ]
* Run `sudo aa-status` and verify that an iotop-c profile is loaded
* Launch iotop-c under sudo (make sure to invoke iotop-c directly instead of
iotop, which might be symlinked to the distinct iotop-py)
- Without the fix: iotop-c fails to launch due to permission denials in
nl_init
- With the fix: iotop-c should launch successfully
* Attempt to set the ionice value of a running process using iotop-c, and
verify that the operation succeeds
[ Where problems could occur ]
The additions to the iotop-c profile are loosening confinement on a
profile. However, if a user manually modified the installed profiles,
then the package upgrade would cause conflicts, and rejection of the
incoming changes (either by hand during an interactive upgrade or
automatically during an batch unattended upgrade) would result in end
users not getting the packaged fix.
[ Other Info ]
--------Original bug description
On a fresh installation of Kubuntu 25.04 in VirtualBox
Installation of packages 1.26-1, 1.27-1 and 1.28-1 work, but program iotop-c
does not start due to insufficient rights with output:
nl_init: insufficient rights
Interestingly, all three packages work on Kubuntu 24.10
Therefore, this appears to be a problem with the underlying operating system.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2107727/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
