Public bug reported: We are seeing an apparmor DENIED audit message in CPC's Resolute and Noble testing pipelines:
'Mar 01 21:52:18 alan-resolute-tpqofsymyu kernel: audit: type=1400 audit(1772401938.245:192): apparmor="DENIED" operation="capable" class="cap" profile="ubuntu_pro_esm_cache_systemd_detect_virt" pid=3768 comm="systemd-detect-" capability=38 capname="perfmon"' From the apparmor team: That denial is for capabilities (7). It seems that `ubuntu_pro_esm_cache_systemd_detect_virt` needs a rule in the following syntax: ``` capability perfmon, ``` Locally reproduced with the latest Resolute daily image (https://cloud- images.ubuntu.com/resolute/20260221/): Description: Ubuntu Resolute Raccoon (development branch) Release: 26.04 Package: linux-virtual Version: 6.19.0-6.6 Package: systemd Version: 259-1ubuntu3 Package: apparmor Version: 5.0.0~beta1-0ubuntu2 Logs: ubuntu@ubuntu:~$ journalctl --no-pager | grep DENIED Mar 04 18:03:59 ubuntu kernel: audit: type=1400 audit(1772647439.196:190): apparmor="DENIED" operation="capable" class="cap" profile="ubuntu_pro_esm_cache_systemd_detect_virt" pid=1127 comm="systemd-detect-" capability=38 capname="perfmon" ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Tags: noble resolute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2143251 Title: ubuntu_pro_esm_cache_systemd_detect_virt apparmor DENIED audit messages for perfmon capability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2143251/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
