Good point, I had assumed it was the armhf bit but no, it must be related to LXD, because I have the exact same issues when using an arm64 container, but can't reproduce directly on the host. I never hit it on arm64 because autopkgtests use VMs there.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2119734 Title: armhf: bad flag handling on move_mount syscall Status in apparmor package in Ubuntu: New Bug description: Hi, It seems there are issues with the move_mount syscall on ARM64 questing kernels when running an armhf userspace, I'm getting some "failed flags match" errors that didn't use to be there. Repro steps: ubuntu@schopin-glibc:~$ cat test.c #define _GNU_SOURCE #include <sys/types.h> #include <sys/mount.h> #include <unistd.h> #include <fcntl.h> #include <assert.h> #include <sched.h> int main() { int r; // Make private mount ns assert(!unshare(CLONE_NEWNS)); assert(!mount("none", "/", NULL, MS_REC | MS_PRIVATE, NULL)); int fd = fsopen ("tmpfs", FSOPEN_CLOEXEC); assert(fd != -1); assert(fsconfig(fd, FSCONFIG_SET_STRING, "size", "2048", 0) != -1); assert(fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0) != -1); int mfd = fsmount (fd, FSMOUNT_CLOEXEC, MOUNT_ATTR_NODEV); assert(mfd != -1); r = move_mount (mfd, "", AT_FDCWD, "/tmp", MOVE_MOUNT_F_EMPTY_PATH); assert(r != -1 && "this is where this should not fail"); return 0; } ubuntu@schopin-glibc:~$ lxc launch ubuntu-daily:noble/armhf noble-armhf Launching noble-armhf ubuntu@schopin-glibc:~$ lxc exec noble-armhf -- apt-get update > /dev/null ubuntu@schopin-glibc:~$ lxc exec noble-armhf -- apt-get install -y gcc libc-dev > /dev/null ubuntu@schopin-glibc:~$ lxc file push test.c noble-armhf/root/ ubuntu@schopin-glibc:~$ lxc exec noble-armhf gcc test.c ubuntu@schopin-glibc:~$ lxc exec noble-armhf ./a.out a.out: test.c:23: main: Assertion `r != -1 && "this is where this should not fail"' failed. ubuntu@schopin-glibc:~$ sudo dmesg | tail -n 5 [63411.354990] audit: type=1400 audit(1754562335.413:2498): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="lxd-noble-armhf_</var/snap/lxd/common/lxd>" name="/run/systemd/mount-rootfs/proc/cpuinfo" pid=2876232 comm="(d-logind)" flags="rw, nosuid, nodev, noexec, remount, bind" [63411.354993] audit: type=1400 audit(1754562335.413:2499): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="lxd-noble-armhf_</var/snap/lxd/common/lxd>" name="/run/systemd/mount-rootfs/proc/slabinfo" pid=2876232 comm="(d-logind)" flags="rw, nosuid, nodev, noexec, remount, bind" [63411.562761] audit: type=1400 audit(1754562335.622:2500): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" label="lxd-noble-armhf_</var/snap/lxd/common/lxd>//&:lxd-noble-armhf_<var-snap-lxd-common-lxd>:unconfined" name="rsyslogd" pid=2876255 comm="apparmor_parser" [63499.281362] kauditd_printk_skb: 39 callbacks suppressed [63499.281416] audit: type=1400 audit(1754562423.342:2540): apparmor="DENIED" operation="mount" class="mount" info="failed flags match" error=-13 profile="lxd-noble-armhf_</var/snap/lxd/common/lxd>" name="/tmp/" pid=2898548 comm="a.out" flags="rw, move" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2119734/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
