** Description changed: [ Impact ] Due to the implementation of /proc/device-tree as a symlink, systemd- detect-virt is unable to perform device-tree related checks, breaking virtualization detection on the non x86_64 systems where such checks are enabled. [ Test Plan ] This test needs to be performed on a non x86_64 Questing system that uses device trees. If you have one lying around already: - Run `ls -l /proc/device-tree` and check that it is a symlink to /sys/firmware/devicetree/base. - If it does not exist: your system does not use device trees. - If it is a regular folder: your machine was not affected by the original bug. You can still run the below test plan anyways to ensure that the fix does not cause a regression on such systems. However, this is very unlikely as the symlink was introduced in 2014. - If it is a symlink to a different location: this patch will not fix the bug on your machine, and please let us know where it is a symlink to instead. If you need to spin up a machine specifically for this test, instructions on setting up a RISC-V QEMU machine can be found at https://canonical-ubuntu-boards.readthedocs-hosted.com/en/latest/how-to/qemu-riscv/. Particular details: - The RISC-V guest image used must be a Questing image. Due to its requirement for a rva23s64 emulated CPU, QEMU 10.1 or later is required, and the easiest way to ensure this is to use a Ubuntu Questing host. - As the bug concerns device tree detection, the QEMU machine must be booted with acpi turned off. - - The guest must be booted using QEMU: when booted using EDK II, systemd-detect-virt bails early after inspecting files in /sys/class/dmi/id/ before hitting the check affected by AppArmor. + - The guest must be booted using U-Boot: when booted using EDK II, systemd-detect-virt bails early after inspecting files in /sys/class/dmi/id/ before hitting the check affected by AppArmor. On the non x86_64 system: run systemd-detect-virt and ensure that it does not encounter a permission denial error. [ Where problems could occur ] The additions to the systemd-detect-virt profile are loosening confinement. However, if a user manually modified the installed profiles, then the package upgrade would cause conflicts, and rejection of the incoming changes (either by hand during an interactive upgrade or automatically during an batch unattended upgrade) would result in end users not getting the packaged fix. [ Other Info ] ----Original bug report: ubuntu@ubuntu:~$ systemd-detect-virt Failed to check for virtualization: Permission denied ubuntu@ubuntu:~$ sudo systemd-detect-virt Failed to check for virtualization: Permission denied From: systemd 257 (257.9-0ubuntu2) ubuntu@ubuntu:~$ uname -a Linux ubuntu 6.17.0-5-generic #5.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Sep 23 20:28:40 UTC 2025 riscv64 riscv64 riscv64 GNU/Linux This is Ubuntu 25.10 riscv64 running within qemu-system-riscv64 on Ubuntu 25.10 x86_64 See https://github.com/systemd/systemd/issues/39192 for full analysis. Solved with systemd-detect-virt from github: systemd 259 (259~devel) https://github.com/systemd/systemd/issues/39192#issuecomment-3373625656 ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: systemd 257.9-0ubuntu2 ProcVersionSignature: User Name 6.17.0-5.5.1-generic 6.17.0-rc7 Uname: Linux 6.17.0-5-generic riscv64 ApportVersion: 2.33.1-0ubuntu3 Architecture: riscv64 CasperMD5CheckResult: unknown CloudArchitecture: riscv64 CloudBuildName: server CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSerial: 20250624 CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud-net) CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read kernel buffer failed: Operation not permitted Date: Wed Oct 8 17:10:26 2025 Lspci-vt: -[0000:00]-+-00.0 Red Hat, Inc. QEMU PCIe Host bridge +-01.0 Red Hat, Inc. Virtio RNG \-02.0 Red Hat, Inc. Virtio block device Lsusb: Error: command ['lsusb'] failed with exit code 1: Lsusb-t: Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1: MachineType: riscv-virtio qemu ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=vt220 XDG_RUNTIME_DIR=<set> ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.17.0-5-generic root=UUID=423824f9-91ff-4e47-a13e-549b3604b64e ro efi=debug earlycon=sbi SourcePackage: systemd UpgradeStatus: No upgrade log present (probably fresh install) acpidump: dmi.bios.date: 01/01/2025 dmi.bios.release: 25.1 dmi.bios.vendor: U-Boot dmi.bios.version: 2025.01-3ubuntu4 dmi.board.name: qemu dmi.board.vendor: riscv-virtio dmi.chassis.type: 3 dmi.modalias: dmi:bvnU-Boot:bvr2025.01-3ubuntu4:bd01/01/2025:br25.1:svnriscv-virtio:pnqemu:pvr:rvnriscv-virtio:rnqemu:rvr:cvn:ct3:cvr:sku: dmi.product.name: qemu dmi.sys.vendor: riscv-virtio
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127111 Title: within qemu-RISCV64: systemd-detect-virt results in "Failed to check for virtualization: Permission denied" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2127111/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
