This is a regression in Plucky, the lsblk profile is new. Compare - https://launchpadlibrarian.net/752337126/buildlog_ubuntu-oracular-s390x.apparmor_4.1.0~beta1-0ubuntu3_BUILDING.txt.gz - https://launchpadlibrarian.net/787477386/buildlog_ubuntu-plucky-s390x.apparmor_4.1.0~beta5-0ubuntu14_BUILDING.txt.gz
Since lsblk is also used in the installer it could potentially even affect that. I've checked and it seems the profile isn't upstream, it is added in a patch set in https://launchpad.net/ubuntu/+source/apparmor/4.1.0~beta4-0ubuntu3 Patch is https://git.launchpad.net/ubuntu/+source/apparmor/tree/debian/patches/ubuntu/lsblk_mr_1437.patch?h=ubuntu/plucky later extended by https://git.launchpad.net/ubuntu/+source/apparmor/tree/debian/patches/ubuntu/lsblk_network_disk_fixup.patch?h=ubuntu/plucky They have no upstream reference, so I assume this is out of the "more apparmor isolation" efforts by security. For now that shortens the fix, we "only" have to add the fix on top right here. Being seeded about everywhere means if we decide it is not just an SRU later we need to respin the world :-/ Let us see what we decide. seeded-in-ubuntu apparmor apparmor (from apparmor) is seeded in: edubuntu: daily-live, daily-preinstalled kubuntu: daily-live lubuntu: daily-live ubuntu-budgie: daily-live ubuntu-core-installer: daily-live ubuntu-mate: daily-live ubuntu-server: daily-live, daily-preinstalled ubuntu-unity: daily-live ubuntu-wsl: daily-live ubuntu: daily-live, daily-preinstalled ubuntucinnamon: daily-live ubuntukylin: daily-live ubuntustudio: daily-live xubuntu: daily-live, daily-minimal apparmor-profiles (from apparmor) is seeded in: ubuntu: supported apparmor-utils (from apparmor) is seeded in: ubuntu: supported libapache2-mod-apparmor (from apparmor) is seeded in: ubuntu: supported libapparmor-dev (from apparmor) is seeded in: kubuntu: supported lubuntu: supported ubuntu-budgie: supported ubuntu: supported libapparmor1 (from apparmor) is seeded in: edubuntu: daily-live, daily-preinstalled kubuntu: daily-live lubuntu: daily-live ubuntu-budgie: daily-live ubuntu-core-installer: daily-live ubuntu-mate: daily-live ubuntu-server: daily-live, daily-preinstalled ubuntu-unity: daily-live ubuntu-wsl: daily-live ubuntu: daily-live, daily-preinstalled ubuntucinnamon: daily-live ubuntukylin: daily-live ubuntustudio: daily-live xubuntu: daily-live, daily-minimal libpam-apparmor (from apparmor) is seeded in: ubuntu: supported python3-apparmor (from apparmor) is seeded in: ubuntu: supported python3-libapparmor (from apparmor) is seeded in: ubuntu: supported ** Changed in: apparmor (Ubuntu) Status: New => Confirmed ** Changed in: apparmor (Ubuntu) Importance: Medium => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2107402 Title: lsblk on IBM z Systems blocked by apparmor in 25.04 Status in Ubuntu on IBM z Systems: New Status in apparmor package in Ubuntu: Confirmed Status in util-linux package in Ubuntu: Invalid Bug description: Fresh install of 25.04 on s390x. Same happens also on upgrade from 24.10 to 25.04 lsblk returns no output journactl shows it is blocked by apparmor This works fine for SCSI devices, it fails only for DASD. ``` 2025-04-15T15:02:26.048055+00:00 s5lp1-gen03 kernel: kauditd_printk_skb: 6 callbacks suppressed 2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:270): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0000/0.0.0101/block/dasda/hidden" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048077+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:271): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0000/0.0.0101/block/dasda/dev" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048078+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:272): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0003/0.0.0104/block/dasdd/hidden" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048079+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:273): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0003/0.0.0104/block/dasdd/dev" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048080+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:274): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0001/0.0.0102/block/dasdb/hidden" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048080+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:275): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0001/0.0.0102/block/dasdb/dev" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048081+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:276): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0002/0.0.0103/block/dasdc/hidden" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 2025-04-15T15:02:26.048081+00:00 s5lp1-gen03 kernel: audit: type=1400 audit(1744729346.034:277): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/css0/0.0.0002/0.0.0103/block/dasdc/dev" pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ``` Attaching also strace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2107402/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
