Hi Ryan,
I added the SRU template... please let me know if something is not clear
or if you consider anything else needs to be added.
** Description changed:
+ [ Impact ]
+
+ * On Ubuntu 25.20 (Questing), in Azure VMs using NVMe devices, the
+ AppArmor profile for lsblk does not permit read access to certain ACPI /
+ sysfs nodes needed to enumerate NVMe metadata (e.g. the ACPI NVMe
+ namespace path).
+
+ * This affects any user or automation relying on NVMe description using
+ lsblk, which is the case of the selftest.py script, used in the
+ autopackages test of the azure-vm-utils package (which as of today we're
+ skipping).
+
+ * The patch is limited in scope (just relaxing read access to a narrow
+ set of sysfs/ACPI paths) and has low regression risk.
+
+ [ Test Plan ]
+
+ * You will need an Azure account for creating the machine. In an Azure
+ VM created with support for NMVe devices, e.g:
+
+ az vm create --resource-group miriam-azure-vm-utils --name t-m-lsblk
+ --image "Canonical:ubuntu-25_10-daily:server:latest" --ssh-key-values
+ ~/.ssh/id_rsa.pub --size Standard_E2ads_v6 --admin-username ubuntu
+
+ * run:
+
+ sudo lsblk
+ sudo journalctl --boot --grep apparmor
+
+ you will see entries like this:
+
+
+ ubuntu@t-m-lsblk:~$ sudo journalctl --boot --grep apparmor | grep
"/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/"
+ Oct 10 15:33:58 t-m-lsblk kernel: audit: type=1400 audit(1760110438.106:192):
apparmor="DENIED" operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7ad35d50-c05b-47ab-b3a0-56a9a845852b/pcic05b:00/c05b:00:00.0/nvme/nvme0/nvme0n1/hidden"
pid=1726 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+
+ * You can manually chek it also trying to query an NMVe device with
+ lsblk:
+
+ ubuntu@t-m-lsblk:~$ nvme list
+ Node Generic SN Model
Namespace Usage Format
FW Rev
+ --------------------- --------------------- --------------------
---------------------------------------- ---------- --------------------------
---------------- --------
+ /dev/nvme0n1 /dev/ng0n1 SN: 000001 MSFT NVMe
Accelerator v1.0 0x1 32.21 GB / 32.21 GB 512 B +
0 B v1.00000
+ /dev/nvme1n1 /dev/ng1n1 5c44c9a8790fe8d60001 Microsoft
NVMe Direct Disk v2 0x1 118.11 GB / 118.11 GB 512 B +
0 B NVMDV002
+
+ ubuntu@t-m-lsblk:~$ sudo lsblk -b -n -o SIZE -d /dev/nvme0n1
+ lsblk: /dev/nvme0n1: failed to get sysfs name: Permission denied
+
+ * Once the fix is applied (and apparmor lsblk profile reloaded), we
+ don't see more entries in the syslog and we get an output for the manual
+ checking like this:
+
+ ubuntu@t-m-lsblk:~$ lsblk -b -n -o SIZE -d '/dev/nvme1n1'
+ 32213303296
+
+
+ [ Where problems could occur ]
+
+ * The patch might omit a needed sub-path under the ACPI / NVMe sysfs
+ tree, so some device metadata remains inaccessible.
+
+ * It might unintentionally allow broader sysfs access than intended
+ (though this is unlikely as rules are very specific to the Azure
+ hierarchy).
+
+ * A future kernel or Azure update might rearrange the sysfs paths (e.g.
+ rename or move NVMe/ACPI directories), making the rules obsolete.
+
+ * If the profile is not reloaded or incorrectly installed, the old
+ profile might persist, making tests falsely appear to fail or succeed.
+
+ [ Other Info ]
+
+ * Merged upstream at
+ https://gitlab.com/apparmor/apparmor/-/merge_requests/1808
+
+ [ Original Description ]
+
When running tests of azure-vm-utils package on Questing 25.10 on an
Azure VM machines we see:
ubuntu@nmvedirect:~$ python3 --version
Python 3.13.7
ubuntu@nmvedirect:~$ sudo python3 ./selftest.py
azure-nvme-id info: AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=os\n/dev/nvme1n1: type=local,index=1,name=nvme-110G-1\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=os', type='os', index=None, lun=None, name=None,
extra={}), 'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={})}, azure_nvme_id_json_stdout='[\n {\n "path":
"/dev/nvme0n1",\n "model": "MSFT NVMe Accelerator v1.0",\n "properties":
{\n "type": "os"\n },\n "vs": ""\n },\n {\n "path":
"/dev/nvme1n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n
}\n]\n', azure_nvme_id_json_stderr='', azure_nvme_id_json_returncode=0,
azure_nvme_id_json_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model='MSFT NVMe Accelerator v1.0', nvme_id='', type='os', index=None,
lun=None, name=None, extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={})},
azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
error while fetching disk size: CalledProcessError(32, ['lsblk', '-b', '-n',
'-o', 'SIZE', '-d', '/dev/nvme1n1'])
Traceback (most recent call last):
File "/home/ubuntu/./selftest.py", line 1118, in <module>
main()
~~~~^^
File "/home/ubuntu/./selftest.py", line 1110, in main
validator = AzureVmUtilsValidator(
skip_imds_validation=args.skip_imds_validation,
skip_symlink_validation=args.skip_symlink_validation,
)
File "/home/ubuntu/./selftest.py", line 867, in __init__
self.disk_info = DiskInfo.gather()
~~~~~~~~~~~~~~~^^
File "/home/ubuntu/./selftest.py", line 427, in gather
nvme_local_disk_size_gib = min(
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
)
File "/home/ubuntu/./selftest.py", line 428, in <genexpr>
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/home/ubuntu/./selftest.py", line 195, in get_disk_size_gib
proc = subprocess.run(
["lsblk", "-b", "-n", "-o", "SIZE", "-d", disk_path],
...<3 lines>...
check=True,
)
File "/usr/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['lsblk', '-b', '-n', '-o', 'SIZE',
'-d', '/dev/nvme1n1']' returned non-zero exit status 32.
This is due to apparmor lsblk profile:
sudo dmesg | grep lsblk
[ 461.611820] audit: type=1400 audit(1759492274.036:192): apparmor="DENIED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=1707 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I'm submitting the attached patch to upstream to fix it, which I tested
is OK:
ubuntu@t-questing-check-package:~$ sudo vim /etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo apparmor_parser -r
/etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo systemctl reload apparmor
ubuntu@t-questing-check-package:~$ sudo ./selftest.py
[2025-10-03 14:31:00,379] azure-nvme-id info:
AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=local,index=1,name=nvme-110G-1', type='local',
index=1, lun=None, name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})},
azure_nvme_id_json_stdout='[\n {\n "path": "/dev/nvme0n1",\n "model":
"Microsoft NVMe Direct Disk v2",\n "properties": {\n "type": "local",\n
"index": 1,\n "name": "nvme-110G-1"\n },\n "vs":
"type=local,index=1,name=nvme-110G-1"\n },\n {\n "path": "/dev/nvme1n1",\n
"model": "MSFT NVMe Accelerator v1.0",\n "properties": {\n "type":
"os"\n },\n "vs": ""\n }\n]\n', azure_nvme_id_json_stderr='',
azure_nvme_id_json_returncode=0, azure_nvme_id_json_disks={'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={}),
'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model='MSFT NVMe
Accelerator v1.0', nvme_id='', type='os', index=None, lun=None, name=None,
extra={})}, azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
[2025-10-03 14:31:00,385] no SCSI resource disk found
[2025-10-03 14:31:00,385] disks info: DiskInfo(root_device='nvme1n1p1',
dev_disk_azure_links=['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001', '/dev/disk/azure/os',
'/dev/disk/azure/os-part1', '/dev/disk/azure/os-part13',
'/dev/disk/azure/os-part14', '/dev/disk/azure/os-part15'],
dev_disk_azure_resource_disk=None, dev_disk_azure_resource_disk_size_gib=0,
nvme_local_disk_size_gib=110, nvme_local_disks_v1=[],
nvme_local_disks_v2=['nvme0n1'], nvme_local_disks=['nvme0n1'],
nvme_remote_data_disks=[], nvme_remote_disks=[], nvme_remote_os_disk='nvme1n1',
root_device_is_nvme=True, scsi_resource_disk=None,
scsi_resource_disk_size_gib=0)
[2025-10-03 14:31:00,408] sku config: None
[2025-10-03 14:31:00,408] validate_azure_nvme_id_help OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_id_version OK: 0.6.0-4
[2025-10-03 14:31:00,408] validate_azure_nvme_id_invalid_arg OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id OK: '/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id_json OK: '[\n {\n
"path": "/dev/nvme0n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n },\n
{\n "path": "/dev/nvme1n1",\n "model": "MSFT NVMe Accelerator v1.0",\n
"properties": {\n "type": "os"\n },\n "vs": ""\n }\n]\n'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_data OK: []
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_local OK:
['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001']
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_os OK:
'/dev/disk/azure/os'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_resource OK:
'/dev/disk/azure/resource'
[2025-10-03 14:31:00,408] validate_scsi_resource_disk OK:
/dev/disk/azure/resource => None
[2025-10-03 14:31:00,408] validate_interface enP64000s1 OK:
NetworkInterface(name='enP64000s1', driver='mlx5_core',
mac='7c:1e:52:5d:4e:18', ipv4_addrs=[], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_interface eth0 OK:
NetworkInterface(name='eth0', driver='hv_netvsc', mac='7c:1e:52:5d:4e:18',
ipv4_addrs=['10.0.0.49'], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_networking OK:
NetworkInfo(interfaces={'enP64000s1': NetworkInterface(name='enP64000s1',
driver='mlx5_core', mac='7c:1e:52:5d:4e:18', ipv4_addrs=[],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'}), 'eth0': NetworkInterface(name='eth0',
driver='hv_netvsc', mac='7c:1e:52:5d:4e:18', ipv4_addrs=['10.0.0.49'],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})})
[2025-10-03 14:31:00,408] validate_sku_config SKIPPED: no sku configuration
for VM size 'Standard_E2ads_v6'
[2025-10-03 14:31:00,408] success!
And, in dmesg:
[ 2477.205168] audit: type=1400 audit(1759494289.696:387): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="lsblk" pid=4270
comm="apparmor_parser"
[ 2512.115007] audit: type=1400 audit(1759494324.607:388): apparmor="ALLOWED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=4287 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Actually, the tests are skipped as they need to be run inside an Azure
VM, but in the CPC Azure squad, we run them manually as part of this
package validation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126920
Title:
lsblk profile need to allow read access to Azure NVMe ACPI hierarchy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2126920/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
