Hi all, I'm looking at the focal upload in unapproved.
I see it has this additional change in live-build/functions that is not
mentioned in d/changelog:
--- a/live-build/functions
+++ b/live-build/functions
@@ -726,13 +726,44 @@ snap_preseed() {
snap_validate_seed() {
local CHROOT_ROOT=$1
-
+ local kern_major_min=undefined
+ local boot_filename=undefined
+
+ # ppc64el still uses /boot/vmlinux so we need to determine the boot file
name as non ppc64el use /boot/vmlinuz
+ # We don't need to query the arch as we can use existence of the file to
determine the boot file name. Both
+ # will never be present at the same time.
+ if [ -e ${CHROOT_ROOT}/boot/vmlinuz ]; then
+ boot_filename=vmlinuz
+ elif [ -e ${CHROOT_ROOT}/boot/vmlinux ]; then
+ boot_filename=vmlinux
+ fi
+ if [ ${boot_filename} != undefined ]; then # we have a known boot file so
we can proceed with checking for features to mount
+ kern_major_min=$(readlink --canonicalize --no-newline
${CHROOT_ROOT}/boot/${boot_filename} | grep --extended-regexp --only-matching
--max-count 1 '[0-9]+\.[0-9]+')
+ if [ -d /usr/share/livecd-rootfs/live-build/apparmor/${kern_major_min}
]; then
+ # if an Ubuntu version has different kernel apparmor features
between LTS and HWE kernels
+ # a snap pre-seeding issue can occur, where the incorrect apparmor
features are reported
+ # basic copy of a directory structure overriding the "generic"
feature set
+ # which is tied to the LTS kernel
+
+ # Bind kernel apparmor directory to feature directory for snap
preseeding
+ umount "${CHROOT_ROOT}/sys/kernel/security/apparmor/features/"
+ mount --bind
/usr/share/livecd-rootfs/live-build/apparmor/${kern_major_min}
"${CHROOT_ROOT}/sys/kernel/security/apparmor/features/"
+ fi
+ fi
+
if [ -e "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml" ]; then
snap debug validate-seed "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml"
/usr/lib/snapd/snap-preseed --reset $(realpath "${CHROOT_ROOT}")
/usr/lib/snapd/snap-preseed $(realpath "${CHROOT_ROOT}")
chroot "${CHROOT_ROOT}" apparmor_parser --skip-read-cache
--write-cache --skip-kernel-load --verbose -j `nproc` /etc/apparmor.d
fi
+
+ # Unmount kernel specific apparmor feature
+ # mount generic apparmor feature again (cleanup)
+ if [ -d /build/config/hooks.d/extra/apparmor/${kern_major_min} ]; then
+ umount "${CHROOT_ROOT}/sys/kernel/security/apparmor/features/"
+ mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic
"${CHROOT_ROOT}/sys/kernel/security/apparmor/features/"
+ fi
}
snap_from_seed() {
Looking at the jammy code changes and changelog, this seems to fix LP:
#2038957):
* Enable snap preseeding with ppc64el images where /boot/vmlinux is used
instead of /boot/vmlinuz. (LP: #2038957)
That bug has a focal task, but it was marked as "won't fix" in
https://bugs.launchpad.net/ubuntu/+source/livecd-
rootfs/+bug/2038957/comments/4. Yet here we are with the change.
What do you want to do?
- include this change, and therefore fix #2038957. Then please update
d/changelog, and also update the focal task in that other bug and check if its
test plan still applies here
- not include the change
- something else because I completely misunderstood this.
Please advise. In the meantime, I'm marking the focal task as
incomplete.
** Changed in: livecd-rootfs (Ubuntu Focal)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2052789
Title:
AppArmor profiles missing in kernel 5.15.0-1051+ release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2052789/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
