** Description changed: - ubuntu@ubuntu:~$ systemd-detect-virt + [ Impact ] + + Due to the implementation of /proc/device-tree as a symlink, systemd- + detect-virt is unable to perform device-tree related checks, breaking + virtualization detection on the non x86_64 systems where such checks are + enabled. + + [ Test Plan ] + + This test needs to be performed on a non x86_64 Questing system that uses device trees. If you have one lying around already: + - Run `ls -l /proc/device-tree` and check that it is a symlink to /sys/firmware/devicetree/base. + - If it does not exist: your system does not use device trees. + - If it is a regular folder: your machine was not affected by the original bug. You can still run the below test plan anyways to ensure that the fix does not cause a regression on such systems. However, this is very unlikely as the symlink was introduced in 2014. + - If it is a symlink to a different location: this patch will not fix the bug on your machine, and please let us know where it is a symlink to instead. + + If you need to spin up a machine specifically for this test, instructions on setting up a RISC-V QEMU machine can be found at https://canonical-ubuntu-boards.readthedocs-hosted.com/en/latest/how-to/qemu-riscv/. Particular details: + - The RISC-V guest image used must be a Questing image. Due to its requirement for a rva23s64 emulated CPU, QEMU 10.1 or later is required, and the easiest way to ensure this is to use a Ubuntu Questing host. + - As the bug concerns device tree detection, the QEMU machine must be booted with acpi turned off. + - The guest must be booted using QEMU: when booted using EDK II, systemd-detect-virt bails early after inspecting files in /sys/class/dmi/id/ before hitting the check affected by AppArmor. + + On the non x86_64 system: run systemd-detect-virt and ensure that it + does not encounter a permission denial error. + + [ Where problems could occur ] + + The additions to the systemd-detect-virt profile are loosening + confinement. However, if a user manually modified the installed + profiles, then the package upgrade would cause conflicts, and rejection + of the incoming changes (either by hand during an interactive upgrade or + automatically during an batch unattended upgrade) would result in end + users not getting the packaged fix. + + [ Other Info ] + + ----Original bug report: + + ubuntu@ubuntu:~$ systemd-detect-virt Failed to check for virtualization: Permission denied - - ubuntu@ubuntu:~$ sudo systemd-detect-virt + ubuntu@ubuntu:~$ sudo systemd-detect-virt Failed to check for virtualization: Permission denied From: systemd 257 (257.9-0ubuntu2) ubuntu@ubuntu:~$ uname -a Linux ubuntu 6.17.0-5-generic #5.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Sep 23 20:28:40 UTC 2025 riscv64 riscv64 riscv64 GNU/Linux - - This is Ubuntu 25.10 riscv64 running within qemu-system-riscv64 on Ubuntu 25.10 x86_64 + This is Ubuntu 25.10 riscv64 running within qemu-system-riscv64 on + Ubuntu 25.10 x86_64 See https://github.com/systemd/systemd/issues/39192 for full analysis. Solved with systemd-detect-virt from github: systemd 259 (259~devel) https://github.com/systemd/systemd/issues/39192#issuecomment-3373625656 ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: systemd 257.9-0ubuntu2 ProcVersionSignature: User Name 6.17.0-5.5.1-generic 6.17.0-rc7 Uname: Linux 6.17.0-5-generic riscv64 ApportVersion: 2.33.1-0ubuntu3 Architecture: riscv64 CasperMD5CheckResult: unknown CloudArchitecture: riscv64 CloudBuildName: server CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSerial: 20250624 CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud-net) CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read kernel buffer failed: Operation not permitted Date: Wed Oct 8 17:10:26 2025 Lspci-vt: - -[0000:00]-+-00.0 Red Hat, Inc. QEMU PCIe Host bridge - +-01.0 Red Hat, Inc. Virtio RNG - \-02.0 Red Hat, Inc. Virtio block device + -[0000:00]-+-00.0 Red Hat, Inc. QEMU PCIe Host bridge + +-01.0 Red Hat, Inc. Virtio RNG + \-02.0 Red Hat, Inc. Virtio block device Lsusb: Error: command ['lsusb'] failed with exit code 1: Lsusb-t: - + Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1: MachineType: riscv-virtio qemu ProcEnviron: - LANG=C.UTF-8 - PATH=(custom, no user) - SHELL=/bin/bash - TERM=vt220 - XDG_RUNTIME_DIR=<set> + LANG=C.UTF-8 + PATH=(custom, no user) + SHELL=/bin/bash + TERM=vt220 + XDG_RUNTIME_DIR=<set> ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.17.0-5-generic root=UUID=423824f9-91ff-4e47-a13e-549b3604b64e ro efi=debug earlycon=sbi SourcePackage: systemd UpgradeStatus: No upgrade log present (probably fresh install) acpidump: - + dmi.bios.date: 01/01/2025 dmi.bios.release: 25.1 dmi.bios.vendor: U-Boot dmi.bios.version: 2025.01-3ubuntu4 dmi.board.name: qemu dmi.board.vendor: riscv-virtio dmi.chassis.type: 3 dmi.modalias: dmi:bvnU-Boot:bvr2025.01-3ubuntu4:bd01/01/2025:br25.1:svnriscv-virtio:pnqemu:pvr:rvnriscv-virtio:rnqemu:rvr:cvn:ct3:cvr:sku: dmi.product.name: qemu dmi.sys.vendor: riscv-virtio
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127111 Title: within qemu-RISCV64: systemd-detect-virt results in "Failed to check for virtualization: Permission denied" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2127111/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
