Public bug reported:
Ubuntu version:
25.10 (Questing), also reproducible on 26.04
Description:
The AppArmor profile for lsusb (/etc/apparmor.d/lsusb) does not allow
read access to /etc/udev/hwdb.bin.
Since usbutils (>= 1:013) uses the udev hardware database (hwdb.bin) to
resolve vendor/product names when USB string descriptors are missing,
this restriction causes lsusb to fail to display human-readable device
names for certain devices.
The issue is subtle because lsusb still lists devices correctly, but
without proper name resolution when fallback to hwdb is required.
Reproduction:
Ensure AppArmor is enforcing and the lsusb profile is active:
sudo aa-status | grep lsusb
Run:
lsusb
Observe missing or generic device names for devices that rely on hwdb fallback.
Check kernel log:
dmesg | grep DENIED
Example:
apparmor="DENIED" operation="open" profile="lsusb"
name="/etc/udev/hwdb.bin"
Expected behavior:
lsusb should be able to read /etc/udev/hwdb.bin and display proper
vendor/product names.
Actual behavior:
Access to /etc/udev/hwdb.bin is denied by AppArmor, resulting in
incomplete or missing device names.
/etc/udev/hwdb.bin r,
/etc/systemd/hwdb/hwdb.bin r,
Then reload:
sudo apparmor_parser -r /etc/apparmor.d/lsusb
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: apparmor 5.0.0~alpha1-0ubuntu8.3
ProcVersionSignature: Ubuntu 6.17.0-20.20-generic 6.17.13
Uname: Linux 6.17.0-20-generic x86_64
ApportVersion: 2.33.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Sat Apr 11 00:29:43 2026
InstallationDate: Installed on 2024-09-03 (584 days ago)
InstallationMedia: Kubuntu 24.04.1 LTS "Noble Numbat" - Release amd64 (20240827)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.17.0-20-generic
root=UUID=6adf07e1-58ba-4e56-a915-778e83e3b6fc ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog: 2026-04-06T20:56:22.258209+03:00 Vivobook dbus-daemon[29963]: [session
uid=0 pid=29961 pidfd=4] AppArmor D-Bus mediation is enabled
UpgradeStatus: Upgraded to questing on 2025-10-11 (181 days ago)
mtime.conffile..etc.apparmor.d.lsusb: 2026-04-10T23:28:10.405690
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug questing
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2148047
Title:
lsusb AppArmor profile blocks access to /etc/udev/hwdb.bin, causing
incomplete device identification
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2148047/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
