# Testing series jammy
###########################################
Creating jammy-2067810
Starting jammy-2067810
Waiting for container IP
.......Waiting for container ssh
....Connection to 10.0.102.211 22 port [tcp/ssh] succeeded!
Waiting for cloud-init to be done
# Latest u-a-t is installed
###########################################
ubuntu-advantage-tools:
Installed: 32.3~22.04
Candidate: 32.3~22.04
Version table:
*** 32.3~22.04 500
500 http://br.archive.ubuntu.com/ubuntu jammy-updates/main amd64
Packages
100 /var/lib/dpkg/status
27.7~22.04.1 500
500 http://br.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
###########################################
# Creating conditions for the bug
###########################################
###########################################
# Reproducing the bug
###########################################
# Triggering apparmor DENIED messages
###########################################
# aa-exec -p ubuntu_pro_esm_cache//dpkg dpkg --print-foreign-
architectures
# dmesg:
[Fri Jun 21 20:38:29 2024] audit: type=1400 audit(1719002309.477:43):
apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg"
name="/var/lib/dpkg/arch" pid=1435 comm="dpkg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
# aa-exec -p ubuntu_pro_esm_cache apt-cache policy | head
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://br.archive.ubuntu.com/ubuntu jammy-security/multiverse amd64
Packages
release
v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=multiverse,b=amd64
origin br.archive.ubuntu.com
500 http://br.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages
release
v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=universe,b=amd64
origin br.archive.ubuntu.com
500 http://br.archive.ubuntu.com/ubuntu jammy-security/restricted amd64
Packages
# dmesg:
[Fri Jun 21 20:38:29 2024] audit: type=1400 audit(1719002309.833:44):
apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg"
name="/var/lib/dpkg/arch" pid=1442 comm="dpkg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 20:38:29 2024] audit: type=1400 audit(1719002309.853:45):
apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg"
name="/var/lib/dpkg/arch" pid=1443 comm="dpkg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
# esm-cache.service test
###########################################
# /var/lib/apt/periodic/ contents
###########################################
total 8
drwxr-xr-x 2 root root 4096 Jun 21 20:38 .
drwxr-xr-x 5 root root 4096 Jun 21 20:38 ..
# systemctl start esm-cache.service
# dmesg:
[Fri Jun 21 20:38:30 2024] audit: type=1400 audit(1719002310.581:46):
apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg"
name="/var/lib/dpkg/arch" pid=1456 comm="dpkg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 20:38:30 2024] audit: type=1400 audit(1719002310.581:47):
apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache//dpkg"
name="/var/lib/dpkg/arch" pid=1457 comm="dpkg" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[Fri Jun 21 20:38:31 2024] audit: type=1400 audit(1719002311.253:48):
apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch"
pid=1466 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
[Fri Jun 21 20:38:31 2024] audit: type=1400 audit(1719002311.257:49):
apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch"
pid=1468 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
[Fri Jun 21 20:38:31 2024] audit: type=1400 audit(1719002311.261:50):
apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch"
pid=1470 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
[Fri Jun 21 20:38:31 2024] audit: type=1400 audit(1719002311.265:51):
apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch"
pid=1472 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
[Fri Jun 21 20:38:31 2024] audit: type=1400 audit(1719002311.273:52):
apparmor="DENIED" operation="open"
profile="ubuntu_pro_esm_cache//apt_methods_gpgv" name="/var/lib/dpkg/arch"
pid=1475 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
# Updating to proposed
###########################################
deb http://archive.ubuntu.com/ubuntu jammy-proposed main
dpkg-preconfigure: unable to re-open stdin: No such file or directory
ubuntu-advantage-tools:
Installed: 32.3.1~22.04
Candidate: 32.3.1~22.04
Version table:
*** 32.3.1~22.04 500
500 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
100 /var/lib/dpkg/status
32.3~22.04 500
500 http://br.archive.ubuntu.com/ubuntu jammy-updates/main amd64
Packages
27.7~22.04.1 500
500 http://br.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
# Now there must be no apparmor DENIED messages
###########################################
# Triggering apparmor DENIED messages
###########################################
# aa-exec -p ubuntu_pro_esm_cache//dpkg dpkg --print-foreign-
architectures
# dmesg:
# aa-exec -p ubuntu_pro_esm_cache apt-cache policy | head
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-proposed,n=jammy,l=Ubuntu,c=main,b=amd64
origin archive.ubuntu.com
500 http://br.archive.ubuntu.com/ubuntu jammy-security/multiverse amd64
Packages
release
v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=multiverse,b=amd64
origin br.archive.ubuntu.com
500 http://br.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages
# dmesg:
# esm-cache.service test
###########################################
# /var/lib/apt/periodic/ contents
###########################################
total 8
drwxr-xr-x 2 root root 4096 Jun 21 20:38 .
drwxr-xr-x 5 root root 4096 Jun 21 20:38 ..
# systemctl start esm-cache.service
# dmesg:
TEST SUCCEEDED
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067810
Title:
Apparmor denial on /var/lib/dpkg/arch
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067810/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
