Public bug reported:
When running tests of azure-vm-utils package on Questing 25.10 on an
Azure VM machines we see:
ubuntu@nmvedirect:~$ python3 --version
Python 3.13.7
ubuntu@nmvedirect:~$ sudo python3 ./selftest.py
azure-nvme-id info: AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=os\n/dev/nvme1n1: type=local,index=1,name=nvme-110G-1\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=os', type='os', index=None, lun=None, name=None,
extra={}), 'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={})}, azure_nvme_id_json_stdout='[\n {\n "path":
"/dev/nvme0n1",\n "model": "MSFT NVMe Accelerator v1.0",\n "properties":
{\n "type": "os"\n },\n "vs": ""\n },\n {\n "path":
"/dev/nvme1n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n
}\n]\n', azure_nvme_id_json_stderr='', azure_nvme_id_json_returncode=0,
azure_nvme_id_json_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model='MSFT NVMe Accelerator v1.0', nvme_id='', type='os', index=None,
lun=None, name=None, extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={})},
azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
error while fetching disk size: CalledProcessError(32, ['lsblk', '-b', '-n',
'-o', 'SIZE', '-d', '/dev/nvme1n1'])
Traceback (most recent call last):
File "/home/ubuntu/./selftest.py", line 1118, in <module>
main()
~~~~^^
File "/home/ubuntu/./selftest.py", line 1110, in main
validator = AzureVmUtilsValidator(
skip_imds_validation=args.skip_imds_validation,
skip_symlink_validation=args.skip_symlink_validation,
)
File "/home/ubuntu/./selftest.py", line 867, in __init__
self.disk_info = DiskInfo.gather()
~~~~~~~~~~~~~~~^^
File "/home/ubuntu/./selftest.py", line 427, in gather
nvme_local_disk_size_gib = min(
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
)
File "/home/ubuntu/./selftest.py", line 428, in <genexpr>
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/home/ubuntu/./selftest.py", line 195, in get_disk_size_gib
proc = subprocess.run(
["lsblk", "-b", "-n", "-o", "SIZE", "-d", disk_path],
...<3 lines>...
check=True,
)
File "/usr/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['lsblk', '-b', '-n', '-o', 'SIZE',
'-d', '/dev/nvme1n1']' returned non-zero exit status 32.
This is due to apparmor lsblk profile:
sudo dmesg | grep lsblk
[ 461.611820] audit: type=1400 audit(1759492274.036:192): apparmor="DENIED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=1707 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I'm submitting the attached patch to upstream to fix it, which I tested
is OK:
ubuntu@t-questing-check-package:~$ sudo vim /etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo apparmor_parser -r /etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo systemctl reload apparmor
ubuntu@t-questing-check-package:~$ sudo ./selftest.py
[2025-10-03 14:31:00,379] azure-nvme-id info:
AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=local,index=1,name=nvme-110G-1', type='local',
index=1, lun=None, name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})},
azure_nvme_id_json_stdout='[\n {\n "path": "/dev/nvme0n1",\n "model":
"Microsoft NVMe Direct Disk v2",\n "properties": {\n "type": "local",\n
"index": 1,\n "name": "nvme-110G-1"\n },\n "vs":
"type=local,index=1,name=nvme-110G-1"\n },\n {\n "path": "/dev/nvme1n1",\n
"model": "MSFT NVMe Accelerator v1.0",\n "properties": {\n "type":
"os"\n },\n "vs": ""\n }\n]\n', azure_nvme_id_json_stderr='',
azure_nvme_id_json_returncode=0, azure_nvme_id_json_disks={'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={}),
'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model='MSFT NVMe
Accelerator v1.0', nvme_id='', type='os', index=None, lun=None, name=None,
extra={})}, azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
[2025-10-03 14:31:00,385] no SCSI resource disk found
[2025-10-03 14:31:00,385] disks info: DiskInfo(root_device='nvme1n1p1',
dev_disk_azure_links=['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001', '/dev/disk/azure/os',
'/dev/disk/azure/os-part1', '/dev/disk/azure/os-part13',
'/dev/disk/azure/os-part14', '/dev/disk/azure/os-part15'],
dev_disk_azure_resource_disk=None, dev_disk_azure_resource_disk_size_gib=0,
nvme_local_disk_size_gib=110, nvme_local_disks_v1=[],
nvme_local_disks_v2=['nvme0n1'], nvme_local_disks=['nvme0n1'],
nvme_remote_data_disks=[], nvme_remote_disks=[], nvme_remote_os_disk='nvme1n1',
root_device_is_nvme=True, scsi_resource_disk=None,
scsi_resource_disk_size_gib=0)
[2025-10-03 14:31:00,408] sku config: None
[2025-10-03 14:31:00,408] validate_azure_nvme_id_help OK: 'Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_id_version OK: 0.6.0-4
[2025-10-03 14:31:00,408] validate_azure_nvme_id_invalid_arg OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id OK: '/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id_json OK: '[\n {\n "path":
"/dev/nvme0n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n },\n
{\n "path": "/dev/nvme1n1",\n "model": "MSFT NVMe Accelerator v1.0",\n
"properties": {\n "type": "os"\n },\n "vs": ""\n }\n]\n'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_data OK: []
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_local OK:
['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001']
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_os OK:
'/dev/disk/azure/os'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_resource OK:
'/dev/disk/azure/resource'
[2025-10-03 14:31:00,408] validate_scsi_resource_disk OK:
/dev/disk/azure/resource => None
[2025-10-03 14:31:00,408] validate_interface enP64000s1 OK:
NetworkInterface(name='enP64000s1', driver='mlx5_core',
mac='7c:1e:52:5d:4e:18', ipv4_addrs=[], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_interface eth0 OK:
NetworkInterface(name='eth0', driver='hv_netvsc', mac='7c:1e:52:5d:4e:18',
ipv4_addrs=['10.0.0.49'], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_networking OK:
NetworkInfo(interfaces={'enP64000s1': NetworkInterface(name='enP64000s1',
driver='mlx5_core', mac='7c:1e:52:5d:4e:18', ipv4_addrs=[],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'}), 'eth0': NetworkInterface(name='eth0',
driver='hv_netvsc', mac='7c:1e:52:5d:4e:18', ipv4_addrs=['10.0.0.49'],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})})
[2025-10-03 14:31:00,408] validate_sku_config SKIPPED: no sku configuration for
VM size 'Standard_E2ads_v6'
[2025-10-03 14:31:00,408] success!
And, in dmesg:
[ 2477.205168] audit: type=1400 audit(1759494289.696:387): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="lsblk" pid=4270
comm="apparmor_parser"
[ 2512.115007] audit: type=1400 audit(1759494324.607:388): apparmor="ALLOWED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=4287 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Actually, the tests are skipped as they need to be run inside an Azure
VM, but in the CPC Azure squad, we run them manually as part of this
package validation.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Affects: apparmor (Ubuntu Questing)
Importance: Undecided
Status: New
** Attachment added: "lsblk_azure_nmve_r.patch"
https://bugs.launchpad.net/bugs/2126920/+attachment/5915694/+files/lsblk_azure_nmve_r.patch
** Also affects: apparmor (Ubuntu Questing)
Importance: Undecided
Status: New
** Description changed:
When running tests of azure-vm-utils package on Questing 25.10 on an
Azure VM machines we see:
ubuntu@nmvedirect:~$ python3 --version
- Python 3.13.5
+ Python 3.13.7
ubuntu@nmvedirect:~$ sudo python3 ./selftest.py
azure-nvme-id info: AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=os\n/dev/nvme1n1: type=local,index=1,name=nvme-110G-1\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=os', type='os', index=None, lun=None, name=None,
extra={}), 'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={})}, azure_nvme_id_json_stdout='[\n {\n "path":
"/dev/nvme0n1",\n "model": "MSFT NVMe Accelerator v1.0",\n "properties":
{\n "type": "os"\n },\n "vs": ""\n },\n {\n "path":
"/dev/nvme1n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n
}\n]\n', azure_nvme_id_json_stderr='', azure_nvme_id_json_returncode=0,
azure_nvme_id_json_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model='MSFT NVMe Accelerator v1.0', nvme_id='', type='os', index=None,
lun=None, name=None, extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={})},
azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
error while fetching disk size: CalledProcessError(32, ['lsblk', '-b', '-n',
'-o', 'SIZE', '-d', '/dev/nvme1n1'])
Traceback (most recent call last):
- File "/home/ubuntu/./selftest.py", line 1118, in <module>
- main()
- ~~~~^^
- File "/home/ubuntu/./selftest.py", line 1110, in main
- validator = AzureVmUtilsValidator(
- skip_imds_validation=args.skip_imds_validation,
- skip_symlink_validation=args.skip_symlink_validation,
- )
- File "/home/ubuntu/./selftest.py", line 867, in __init__
- self.disk_info = DiskInfo.gather()
- ~~~~~~~~~~~~~~~^^
- File "/home/ubuntu/./selftest.py", line 427, in gather
- nvme_local_disk_size_gib = min(
- get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
- )
- File "/home/ubuntu/./selftest.py", line 428, in <genexpr>
- get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
- ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
- File "/home/ubuntu/./selftest.py", line 195, in get_disk_size_gib
- proc = subprocess.run(
- ["lsblk", "-b", "-n", "-o", "SIZE", "-d", disk_path],
- ...<3 lines>...
- check=True,
- )
- File "/usr/lib/python3.13/subprocess.py", line 577, in run
- raise CalledProcessError(retcode, process.args,
- output=stdout, stderr=stderr)
+ File "/home/ubuntu/./selftest.py", line 1118, in <module>
+ main()
+ ~~~~^^
+ File "/home/ubuntu/./selftest.py", line 1110, in main
+ validator = AzureVmUtilsValidator(
+ skip_imds_validation=args.skip_imds_validation,
+ skip_symlink_validation=args.skip_symlink_validation,
+ )
+ File "/home/ubuntu/./selftest.py", line 867, in __init__
+ self.disk_info = DiskInfo.gather()
+ ~~~~~~~~~~~~~~~^^
+ File "/home/ubuntu/./selftest.py", line 427, in gather
+ nvme_local_disk_size_gib = min(
+ get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
+ )
+ File "/home/ubuntu/./selftest.py", line 428, in <genexpr>
+ get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
+ ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
+ File "/home/ubuntu/./selftest.py", line 195, in get_disk_size_gib
+ proc = subprocess.run(
+ ["lsblk", "-b", "-n", "-o", "SIZE", "-d", disk_path],
+ ...<3 lines>...
+ check=True,
+ )
+ File "/usr/lib/python3.13/subprocess.py", line 577, in run
+ raise CalledProcessError(retcode, process.args,
+ output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['lsblk', '-b', '-n', '-o', 'SIZE',
'-d', '/dev/nvme1n1']' returned non-zero exit status 32.
-
This is due to apparmor lsblk profile:
sudo dmesg | grep lsblk
[ 461.611820] audit: type=1400 audit(1759492274.036:192): apparmor="DENIED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=1707 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I'm submitting the attached patch to upstream to fix it, which I tested
is OK:
-
ubuntu@t-questing-check-package:~$ sudo vim /etc/apparmor.d/lsblk
- ubuntu@t-questing-check-package:~$ sudo apparmor_parser -r
/etc/apparmor.d/lsblk
+ ubuntu@t-questing-check-package:~$ sudo apparmor_parser -r
/etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo systemctl reload apparmor
ubuntu@t-questing-check-package:~$ sudo ./selftest.py
[2025-10-03 14:31:00,379] azure-nvme-id info:
AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=local,index=1,name=nvme-110G-1', type='local',
index=1, lun=None, name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})},
azure_nvme_id_json_stdout='[\n {\n "path": "/dev/nvme0n1",\n "model":
"Microsoft NVMe Direct Disk v2",\n "properties": {\n "type": "local",\n
"index": 1,\n "name": "nvme-110G-1"\n },\n "vs":
"type=local,index=1,name=nvme-110G-1"\n },\n {\n "path": "/dev/nvme1n1",\n
"model": "MSFT NVMe Accelerator v1.0",\n "properties": {\n "type":
"os"\n },\n "vs": ""\n }\n]\n', azure_nvme_id_json_stderr='',
azure_nvme_id_json_returncode=0, azure_nvme_id_json_disks={'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={}),
'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model='MSFT NVMe
Accelerator v1.0', nvme_id='', type='os', index=None, lun=None, name=None,
extra={})}, azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
[2025-10-03 14:31:00,385] no SCSI resource disk found
[2025-10-03 14:31:00,385] disks info: DiskInfo(root_device='nvme1n1p1',
dev_disk_azure_links=['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001', '/dev/disk/azure/os',
'/dev/disk/azure/os-part1', '/dev/disk/azure/os-part13',
'/dev/disk/azure/os-part14', '/dev/disk/azure/os-part15'],
dev_disk_azure_resource_disk=None, dev_disk_azure_resource_disk_size_gib=0,
nvme_local_disk_size_gib=110, nvme_local_disks_v1=[],
nvme_local_disks_v2=['nvme0n1'], nvme_local_disks=['nvme0n1'],
nvme_remote_data_disks=[], nvme_remote_disks=[], nvme_remote_os_disk='nvme1n1',
root_device_is_nvme=True, scsi_resource_disk=None,
scsi_resource_disk_size_gib=0)
[2025-10-03 14:31:00,408] sku config: None
[2025-10-03 14:31:00,408] validate_azure_nvme_id_help OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_id_version OK: 0.6.0-4
[2025-10-03 14:31:00,408] validate_azure_nvme_id_invalid_arg OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id OK: '/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id_json OK: '[\n {\n
"path": "/dev/nvme0n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n },\n
{\n "path": "/dev/nvme1n1",\n "model": "MSFT NVMe Accelerator v1.0",\n
"properties": {\n "type": "os"\n },\n "vs": ""\n }\n]\n'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_data OK: []
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_local OK:
['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001']
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_os OK:
'/dev/disk/azure/os'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_resource OK:
'/dev/disk/azure/resource'
[2025-10-03 14:31:00,408] validate_scsi_resource_disk OK:
/dev/disk/azure/resource => None
[2025-10-03 14:31:00,408] validate_interface enP64000s1 OK:
NetworkInterface(name='enP64000s1', driver='mlx5_core',
mac='7c:1e:52:5d:4e:18', ipv4_addrs=[], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_interface eth0 OK:
NetworkInterface(name='eth0', driver='hv_netvsc', mac='7c:1e:52:5d:4e:18',
ipv4_addrs=['10.0.0.49'], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_networking OK:
NetworkInfo(interfaces={'enP64000s1': NetworkInterface(name='enP64000s1',
driver='mlx5_core', mac='7c:1e:52:5d:4e:18', ipv4_addrs=[],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'}), 'eth0': NetworkInterface(name='eth0',
driver='hv_netvsc', mac='7c:1e:52:5d:4e:18', ipv4_addrs=['10.0.0.49'],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})})
[2025-10-03 14:31:00,408] validate_sku_config SKIPPED: no sku configuration
for VM size 'Standard_E2ads_v6'
[2025-10-03 14:31:00,408] success!
-
And, in dmesg:
-
[ 2477.205168] audit: type=1400 audit(1759494289.696:387): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="lsblk" pid=4270
comm="apparmor_parser"
[ 2512.115007] audit: type=1400 audit(1759494324.607:388): apparmor="ALLOWED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=4287 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
-
- Actually, the tests are skipped as they need to be run inside an Azure VM,
but in the CPC Azure squad, we run them manually as part of this package
validation.
+ Actually, the tests are skipped as they need to be run inside an Azure
+ VM, but in the CPC Azure squad, we run them manually as part of this
+ package validation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126920
Title:
lsblk profile need to allow read access to Azure NVMe ACPI hierarchy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2126920/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
