[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

Fri, 28 Feb 2025 04:07:04 -0800 

Sorry to be the bearer of bad news: unfortunately this still appears
broken on certain platforms. Specifically, testing a fresh plucky image
on the Raspberry Pi, the wifi interface was recognized but not
configured:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state 
DOWN group default qlen 1000
    link/ether d8:3a:dd:8e:6e:c8 brd ff:ff:ff:ff:ff:ff
    altname wlxd83add8e6ec8

The apparmor profile in question was from the current released version
of the package:

$ apt policy apparmor
apparmor:
  Installed: 4.1.0~beta5-0ubuntu4
  Candidate: 4.1.0~beta5-0ubuntu4
  Version table:
 *** 4.1.0~beta5-0ubuntu4 500
        500 http://ports.ubuntu.com/ubuntu-ports plucky/main arm64 Packages
        100 /var/lib/dpkg/status

The wifi configuration in netplan was valid, but when running "sudo
netplan apply", the following was observed in the journal:

Feb 21 10:44:24 ubuntu systemd[1]: Reload requested from client PID 2811 
('systemctl') (unit user@1000.service)...
Feb 21 10:44:24 ubuntu systemd[1]: Reloading...
Feb 21 10:44:29 ubuntu systemd[1]: Reloading finished in 4663 ms.
Feb 21 10:44:31 ubuntu systemd-networkd[772]: wlan0: Reconfiguring with 
/run/systemd/network/10-netplan-wlan0.network.
Feb 21 10:44:31 ubuntu systemd-networkd[772]: wlan0: Reconfiguring with 
/run/systemd/network/10-netplan-wlan0.network.
Feb 21 10:44:31 ubuntu systemd[1]: netplan-ovs-cleanup.service - OpenVSwitch 
configuration for cleanup was skipped because of an unmet condition check 
(ConditionFileIsExecutable=/usr/bin/ovs-vsctl).
Feb 21 10:44:31 ubuntu systemd[1]: Started netplan-wpa-wlan0.service - WPA 
supplicant for netplan wlan0.
Feb 21 10:44:31 ubuntu wpa_supplicant[2980]: Successfully initialized 
wpa_supplicant
Feb 21 10:44:31 ubuntu wpa_supplicant[2980]: Failed to open config file 
'/run/netplan/wpa-wlan0.conf', error: Permission denied
Feb 21 10:44:31 ubuntu wpa_supplicant[2980]: Failed to read or parse 
configuration '/run/netplan/wpa-wlan0.conf'.
Feb 21 10:44:31 ubuntu kernel: audit: type=1400 audit(1740134671.722:183): 
apparmor="DENIED" operation="open" class="file" profile="wpa_supplicant" 
name="/run/netplan/wpa-wlan0.conf" pid=2980 comm="wpa_supplicant" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 21 10:44:31 ubuntu wpa_supplicant[2980]: : CTRL-EVENT-DSCP-POLICY clear_all
Feb 21 10:44:31 ubuntu systemd[1]: netplan-wpa-wlan0.service: Main process 
exited, code=exited, status=255/EXCEPTION
Feb 21 10:44:31 ubuntu systemd[1]: netplan-wpa-wlan0.service: Failed with 
result 'exit-code'.

Running "sudo apparmor_parser --remove /etc/apparmor.d/wpa_supplicant"
then re-running "sudo netplan apply" caused the wifi interface to
associate correctly. It would appear that the apparmor profile must also
grant the ability to read "/run/netplan/*.conf" (the wildcard because
the filename is largely unpredictable) in order to support wifi via
netplan on certain common boards.

** Changed in: apparmor (Ubuntu)
       Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  2/19/25 4:44 PM user@1000.service       NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:
    
_promisify/proto[asyncFunc]/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:453:45
    @resource:///org/gnome/shell/ui/init.js:21:20
    ### Promise created here: ###
    _scanDevice@resource:///org/gnome/shell/ui/status/network.js:1821:22
    _scanDevices/<@resource:///org/gnome/shell/ui/status/network.js:1844:35
    _scanDevices@resource:///org/gnome/shell/ui/status/network.js:1844:21
    _startScanning@resource:///org/gnome/shell/ui/status/network.js:1855:14
    NMWirelessToggle/<@resource:///org/gnome/shell/ui/status/network.js:1789:22
    _callHandlers@resource:///org/gnome/gjs/modules/core/_signals.js:130:42
    _emit@resource:///org/gnome/gjs/modules/core/_signals.js:119:10
    open@resource:///org/gnome/shell/ui/quickSettings.js:476:14
    _init/<@resource:///org/gnome/shell/ui/quickSettings.js:226:61
    @resource:///org/gnome/shell/ui/init.js:21:20
    
  2/19/25 4:44 PM       user@1000.service       NM.DeviceError: Scanning not 
allowed while unavailable

  Stack trace:
    
_promisify/proto[asyncFunc]/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:453:45
    @resource:///org/gnome/shell/ui/init.js:21:20
    ### Promise created here: ###
    _scanDevice@resource:///org/gnome/shell/ui/status/network.js:1821:22
    _scanDevices/<@resource:///org/gnome/shell/ui/status/network.js:1844:35
    _scanDevices@resource:///org/gnome/shell/ui/status/network.js:1844:21
    
_startScanning/this._scanTimeoutId<@resource:///org/gnome/shell/ui/status/network.js:1852:22
    @resource:///org/gnome/shell/ui/init.js:21:20
    
  problem occurs/noticed after recent upgrade of the packages:
  libpam-gnome-keyring:amd64 (46.2-1, 48~beta-3)
  gnome-keyring:amd64 (46.2-1, 48~beta-3)
  gnome-keyring-pkcs11:amd64 (46.2-1, 48~beta-3)
  --- 
  ProblemType: Bug
  ApportVersion: 2.31.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: GNOME
  DistroRelease: Ubuntu 25.04
  InstallationDate: Installed on 2025-01-15 (35 days ago)
  InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Daily amd64 (20241216)
  NonfreeKernelModules: zfs
  Package: apparmor 4.1.0~beta5-0ubuntu2
  PackageArchitecture: amd64
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=8f848568-46b8-46b2-9ca3-37041ff7d0e3 ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Tags: package-from-proposed plucky wayland-session
  Uname: Linux 6.12.0-15-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirt lpadmin nordvpn plugdev sudo users
  _MarkForUpload: True
  mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T23:25:36.604214

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to