[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

Sounds very similar to what was done here: apparmor (4.1.0~beta5-0ubuntu12) plucky; urgency=medium [ Ryan Lee ] * Add patch to fix lsblk denials on Hyper-V systems (LP: #2103524): - d/p/u/lsblk_hyper_v_fixup.patch [...] -- Ryan Lee Mon, 24 Mar 2025 10:14:46 -0700 ** Changed in: ap

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

The apparmor patch can well be what's needed, yes. And looks like this apparmor version got already released and is the latest in plucky: $ rmadison --suite=plucky apparmor apparmor | 4.1.0~beta5-0ubuntu12 | plucky | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x Guess we would now n

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

The profile fix will be added as a patch to the version packaged in Plucky, and should be uploaded into the queue by my EOD tomorrow. ** Tags added: sec-6054 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

I just found an updated daily from today: http://cdimage.ubuntu.com/ubuntu-server/daily-live/20250402/plucky-live-server-ppc64el.iso Guess it's worth to try this, since it should incl. the fixed apparmor package. -- You received this bug notification because you are a member of Ubuntu Touch seede

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

Thanks Maxime. What's the plan for landing the fix in Plucky? Will you cherry-pick it, cut a new upstream snapshot, or something like that? Note that there are just 5 working days before Plucky final freeze. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

The patch has been added today in the upstream repository and is therefore not yet present in the current plucky release. Until the next release, you can modify /etc/apparmor.d/lsblk like below Replace `@{sys}/devices/LNXSYSTM:*/LNXSYBUS:*/** r,` by `@{sys}/devices/**/host@{int}/** r,` After relo

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

This issue should be fixed upstream by https://gitlab.com/apparmor/apparmor/-/merge_requests/1606. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2092232 Title: not able

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

this looks like at a minimum the apparmor profile needs to be updated. This needs to be done before any other kernel work. Adding an apparmor task lsblk trace shows openat(AT_FDCWD, "/sys/block/sr0/hidden", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) openat(AT_FDCWD, "/sys/block/sr0/dev