Hi Ryan,
I added the SRU template... please let me know if something is not clear
or if you consider anything else needs to be added.
** Description changed:
+ [ Impact ]
+
+ * On Ubuntu 25.20 (Questing), in Azure VMs using NVMe devices, the
+ AppArmor profile for lsblk does not permit read access to certain ACPI /
+ sysfs nodes needed to enumerate NVMe metadata (e.g. the ACPI NVMe
+ namespace path).
+
+ * This affects any user or automation relying on NVMe description using
+ lsblk, which is the case of the selftest.py script, used in the
+ autopackages test of the azure-vm-utils package (which as of today we're
+ skipping).
+
+ * The patch is limited in scope (just relaxing read access to a narrow
+ set of sysfs/ACPI paths) and has low regression risk.
+
+ [ Test Plan ]
+
+ * You will need an Azure account for creating the machine. In an Azure
+ VM created with support for NMVe devices, e.g:
+
+ az vm create --resource-group miriam-azure-vm-utils --name t-m-lsblk
+ --image "Canonical:ubuntu-25_10-daily:server:latest" --ssh-key-values
+ ~/.ssh/id_rsa.pub --size Standard_E2ads_v6 --admin-username ubuntu
+
+ * run:
+
+ sudo lsblk
+ sudo journalctl --boot --grep apparmor
+
+ you will see entries like this:
+
+
+ ubuntu@t-m-lsblk:~$ sudo journalctl --boot --grep apparmor | grep
"/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/"
+ Oct 10 15:33:58 t-m-lsblk kernel: audit: type=1400 audit(1760110438.106:192):
apparmor="DENIED" operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7ad35d50-c05b-47ab-b3a0-56a9a845852b/pcic05b:00/c05b:00:00.0/nvme/nvme0/nvme0n1/hidden"
pid=1726 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+
+ * You can manually chek it also trying to query an NMVe device with
+ lsblk:
+
+ ubuntu@t-m-lsblk:~$ nvme list
+ Node Generic SN Model
Namespace Usage Format
FW Rev
+ --------------------- --------------------- --------------------
---------------------------------------- ---------- --------------------------
---------------- --------
+ /dev/nvme0n1 /dev/ng0n1 SN: 000001 MSFT NVMe
Accelerator v1.0 0x1 32.21 GB / 32.21 GB 512 B +
0 B v1.00000
+ /dev/nvme1n1 /dev/ng1n1 5c44c9a8790fe8d60001 Microsoft
NVMe Direct Disk v2 0x1 118.11 GB / 118.11 GB 512 B +
0 B NVMDV002
+
+ ubuntu@t-m-lsblk:~$ sudo lsblk -b -n -o SIZE -d /dev/nvme0n1
+ lsblk: /dev/nvme0n1: failed to get sysfs name: Permission denied
+
+ * Once the fix is applied (and apparmor lsblk profile reloaded), we
+ don't see more entries in the syslog and we get an output for the manual
+ checking like this:
+
+ ubuntu@t-m-lsblk:~$ lsblk -b -n -o SIZE -d '/dev/nvme1n1'
+ 32213303296
+
+
+ [ Where problems could occur ]
+
+ * The patch might omit a needed sub-path under the ACPI / NVMe sysfs
+ tree, so some device metadata remains inaccessible.
+
+ * It might unintentionally allow broader sysfs access than intended
+ (though this is unlikely as rules are very specific to the Azure
+ hierarchy).
+
+ * A future kernel or Azure update might rearrange the sysfs paths (e.g.
+ rename or move NVMe/ACPI directories), making the rules obsolete.
+
+ * If the profile is not reloaded or incorrectly installed, the old
+ profile might persist, making tests falsely appear to fail or succeed.
+
+ [ Other Info ]
+
+ * Merged upstream at
+ https://gitlab.com/apparmor/apparmor/-/merge_requests/1808
+
+ [ Original Description ]
+
When running tests of azure-vm-utils package on Questing 25.10 on an
Azure VM machines we see:
ubuntu@nmvedirect:~$ python3 --version
Python 3.13.7
ubuntu@nmvedirect:~$ sudo python3 ./selftest.py
azure-nvme-id info: AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=os\n/dev/nvme1n1: type=local,index=1,name=nvme-110G-1\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=os', type='os', index=None, lun=None, name=None,
extra={}), 'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={})}, azure_nvme_id_json_stdout='[\n {\n "path":
"/dev/nvme0n1",\n "model": "MSFT NVMe Accelerator v1.0",\n "properties":
{\n "type": "os"\n },\n "vs": ""\n },\n {\n "path":
"/dev/nvme1n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n
}\n]\n', azure_nvme_id_json_stderr='', azure_nvme_id_json_returncode=0,
azure_nvme_id_json_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model='MSFT NVMe Accelerator v1.0', nvme_id='', type='os', index=None,
lun=None, name=None, extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={})},
azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
error while fetching disk size: CalledProcessError(32, ['lsblk', '-b', '-n',
'-o', 'SIZE', '-d', '/dev/nvme1n1'])
Traceback (most recent call last):
File "/home/ubuntu/./selftest.py", line 1118, in <module>
main()
~~~~^^
File "/home/ubuntu/./selftest.py", line 1110, in main
validator = AzureVmUtilsValidator(
skip_imds_validation=args.skip_imds_validation,
skip_symlink_validation=args.skip_symlink_validation,
)
File "/home/ubuntu/./selftest.py", line 867, in __init__
self.disk_info = DiskInfo.gather()
~~~~~~~~~~~~~~~^^
File "/home/ubuntu/./selftest.py", line 427, in gather
nvme_local_disk_size_gib = min(
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
)
File "/home/ubuntu/./selftest.py", line 428, in <genexpr>
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/home/ubuntu/./selftest.py", line 195, in get_disk_size_gib
proc = subprocess.run(
["lsblk", "-b", "-n", "-o", "SIZE", "-d", disk_path],
...<3 lines>...
check=True,
)
File "/usr/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['lsblk', '-b', '-n', '-o', 'SIZE',
'-d', '/dev/nvme1n1']' returned non-zero exit status 32.
This is due to apparmor lsblk profile:
sudo dmesg | grep lsblk
[ 461.611820] audit: type=1400 audit(1759492274.036:192): apparmor="DENIED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=1707 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I'm submitting the attached patch to upstream to fix it, which I tested
is OK:
ubuntu@t-questing-check-package:~$ sudo vim /etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo apparmor_parser -r
/etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo systemctl reload apparmor
ubuntu@t-questing-check-package:~$ sudo ./selftest.py
[2025-10-03 14:31:00,379] azure-nvme-id info:
AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=local,index=1,name=nvme-110G-1', type='local',
index=1, lun=None, name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})},
azure_nvme_id_json_stdout='[\n {\n "path": "/dev/nvme0n1",\n "model":
"Microsoft NVMe Direct Disk v2",\n "properties": {\n "type": "local",\n
"index": 1,\n "name": "nvme-110G-1"\n },\n "vs":
"type=local,index=1,name=nvme-110G-1"\n },\n {\n "path": "/dev/nvme1n1",\n
"model": "MSFT NVMe Accelerator v1.0",\n "properties": {\n "type":
"os"\n },\n "vs": ""\n }\n]\n', azure_nvme_id_json_stderr='',
azure_nvme_id_json_returncode=0, azure_nvme_id_json_disks={'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={}),
'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model='MSFT NVMe
Accelerator v1.0', nvme_id='', type='os', index=None, lun=None, name=None,
extra={})}, azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
[2025-10-03 14:31:00,385] no SCSI resource disk found
[2025-10-03 14:31:00,385] disks info: DiskInfo(root_device='nvme1n1p1',
dev_disk_azure_links=['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001', '/dev/disk/azure/os',
'/dev/disk/azure/os-part1', '/dev/disk/azure/os-part13',
'/dev/disk/azure/os-part14', '/dev/disk/azure/os-part15'],
dev_disk_azure_resource_disk=None, dev_disk_azure_resource_disk_size_gib=0,
nvme_local_disk_size_gib=110, nvme_local_disks_v1=[],
nvme_local_disks_v2=['nvme0n1'], nvme_local_disks=['nvme0n1'],
nvme_remote_data_disks=[], nvme_remote_disks=[], nvme_remote_os_disk='nvme1n1',
root_device_is_nvme=True, scsi_resource_disk=None,
scsi_resource_disk_size_gib=0)
[2025-10-03 14:31:00,408] sku config: None
[2025-10-03 14:31:00,408] validate_azure_nvme_id_help OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_id_version OK: 0.6.0-4
[2025-10-03 14:31:00,408] validate_azure_nvme_id_invalid_arg OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id OK: '/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id_json OK: '[\n {\n
"path": "/dev/nvme0n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n },\n
{\n "path": "/dev/nvme1n1",\n "model": "MSFT NVMe Accelerator v1.0",\n
"properties": {\n "type": "os"\n },\n "vs": ""\n }\n]\n'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_data OK: []
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_local OK:
['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001']
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_os OK:
'/dev/disk/azure/os'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_resource OK:
'/dev/disk/azure/resource'
[2025-10-03 14:31:00,408] validate_scsi_resource_disk OK:
/dev/disk/azure/resource => None
[2025-10-03 14:31:00,408] validate_interface enP64000s1 OK:
NetworkInterface(name='enP64000s1', driver='mlx5_core',
mac='7c:1e:52:5d:4e:18', ipv4_addrs=[], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_interface eth0 OK:
NetworkInterface(name='eth0', driver='hv_netvsc', mac='7c:1e:52:5d:4e:18',
ipv4_addrs=['10.0.0.49'], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_networking OK:
NetworkInfo(interfaces={'enP64000s1': NetworkInterface(name='enP64000s1',
driver='mlx5_core', mac='7c:1e:52:5d:4e:18', ipv4_addrs=[],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'}), 'eth0': NetworkInterface(name='eth0',
driver='hv_netvsc', mac='7c:1e:52:5d:4e:18', ipv4_addrs=['10.0.0.49'],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})})
[2025-10-03 14:31:00,408] validate_sku_config SKIPPED: no sku configuration
for VM size 'Standard_E2ads_v6'
[2025-10-03 14:31:00,408] success!
And, in dmesg:
[ 2477.205168] audit: type=1400 audit(1759494289.696:387): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="lsblk" pid=4270
comm="apparmor_parser"
[ 2512.115007] audit: type=1400 audit(1759494324.607:388): apparmor="ALLOWED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=4287 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Actually, the tests are skipped as they need to be run inside an Azure
VM, but in the CPC Azure squad, we run them manually as part of this
package validation.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2126920
Title:
lsblk profile need to allow read access to Azure NVMe ACPI hierarchy
Status in apparmor package in Ubuntu:
New
Status in apparmor source package in Questing:
New
Bug description:
[ Impact ]
* On Ubuntu 25.20 (Questing), in Azure VMs using NVMe devices, the
AppArmor profile for lsblk does not permit read access to certain ACPI
/ sysfs nodes needed to enumerate NVMe metadata (e.g. the ACPI NVMe
namespace path).
* This affects any user or automation relying on NVMe description
using lsblk, which is the case of the selftest.py script, used in the
autopackages test of the azure-vm-utils package (which as of today
we're skipping).
* The patch is limited in scope (just relaxing read access to a narrow
set of sysfs/ACPI paths) and has low regression risk.
[ Test Plan ]
* You will need an Azure account for creating the machine. In an
Azure VM created with support for NMVe devices, e.g:
az vm create --resource-group miriam-azure-vm-utils --name t-m-lsblk
--image "Canonical:ubuntu-25_10-daily:server:latest" --ssh-key-values
~/.ssh/id_rsa.pub --size Standard_E2ads_v6 --admin-username ubuntu
* run:
sudo lsblk
sudo journalctl --boot --grep apparmor
you will see entries like this:
ubuntu@t-m-lsblk:~$ sudo journalctl --boot --grep apparmor | grep
"/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/"
Oct 10 15:33:58 t-m-lsblk kernel: audit: type=1400 audit(1760110438.106:192):
apparmor="DENIED" operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7ad35d50-c05b-47ab-b3a0-56a9a845852b/pcic05b:00/c05b:00:00.0/nvme/nvme0/nvme0n1/hidden"
pid=1726 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
* You can manually chek it also trying to query an NMVe device with
lsblk:
ubuntu@t-m-lsblk:~$ nvme list
Node Generic SN Model
Namespace Usage Format
FW Rev
--------------------- --------------------- --------------------
---------------------------------------- ---------- --------------------------
---------------- --------
/dev/nvme0n1 /dev/ng0n1 SN: 000001 MSFT NVMe
Accelerator v1.0 0x1 32.21 GB / 32.21 GB 512 B +
0 B v1.00000
/dev/nvme1n1 /dev/ng1n1 5c44c9a8790fe8d60001 Microsoft
NVMe Direct Disk v2 0x1 118.11 GB / 118.11 GB 512 B +
0 B NVMDV002
ubuntu@t-m-lsblk:~$ sudo lsblk -b -n -o SIZE -d /dev/nvme0n1
lsblk: /dev/nvme0n1: failed to get sysfs name: Permission denied
* Once the fix is applied (and apparmor lsblk profile reloaded), we
don't see more entries in the syslog and we get an output for the
manual checking like this:
ubuntu@t-m-lsblk:~$ lsblk -b -n -o SIZE -d '/dev/nvme1n1'
32213303296
[ Where problems could occur ]
* The patch might omit a needed sub-path under the ACPI / NVMe sysfs
tree, so some device metadata remains inaccessible.
* It might unintentionally allow broader sysfs access than intended
(though this is unlikely as rules are very specific to the Azure
hierarchy).
* A future kernel or Azure update might rearrange the sysfs paths
(e.g. rename or move NVMe/ACPI directories), making the rules
obsolete.
* If the profile is not reloaded or incorrectly installed, the old
profile might persist, making tests falsely appear to fail or succeed.
[ Other Info ]
* Merged upstream at
https://gitlab.com/apparmor/apparmor/-/merge_requests/1808
[ Original Description ]
When running tests of azure-vm-utils package on Questing 25.10 on an
Azure VM machines we see:
ubuntu@nmvedirect:~$ python3 --version
Python 3.13.7
ubuntu@nmvedirect:~$ sudo python3 ./selftest.py
azure-nvme-id info: AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=os\n/dev/nvme1n1: type=local,index=1,name=nvme-110G-1\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=os', type='os', index=None, lun=None, name=None,
extra={}), 'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={})}, azure_nvme_id_json_stdout='[\n {\n "path":
"/dev/nvme0n1",\n "model": "MSFT NVMe Accelerator v1.0",\n "properties":
{\n "type": "os"\n },\n "vs": ""\n },\n {\n "path":
"/dev/nvme1n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n
}\n]\n', azure_nvme_id_json_stderr='', azure_nvme_id_json_returncode=0,
azure_nvme_id_json_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model='MSFT NVMe Accelerator v1.0', nvme_id='', type='os', index=None,
lun=None, name=None, extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={})},
azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
error while fetching disk size: CalledProcessError(32, ['lsblk', '-b', '-n',
'-o', 'SIZE', '-d', '/dev/nvme1n1'])
Traceback (most recent call last):
File "/home/ubuntu/./selftest.py", line 1118, in <module>
main()
~~~~^^
File "/home/ubuntu/./selftest.py", line 1110, in main
validator = AzureVmUtilsValidator(
skip_imds_validation=args.skip_imds_validation,
skip_symlink_validation=args.skip_symlink_validation,
)
File "/home/ubuntu/./selftest.py", line 867, in __init__
self.disk_info = DiskInfo.gather()
~~~~~~~~~~~~~~~^^
File "/home/ubuntu/./selftest.py", line 427, in gather
nvme_local_disk_size_gib = min(
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
)
File "/home/ubuntu/./selftest.py", line 428, in <genexpr>
get_disk_size_gib(f"/dev/{disk}") for disk in nvme_local_disks
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
File "/home/ubuntu/./selftest.py", line 195, in get_disk_size_gib
proc = subprocess.run(
["lsblk", "-b", "-n", "-o", "SIZE", "-d", disk_path],
...<3 lines>...
check=True,
)
File "/usr/lib/python3.13/subprocess.py", line 577, in run
raise CalledProcessError(retcode, process.args,
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['lsblk', '-b', '-n', '-o', 'SIZE',
'-d', '/dev/nvme1n1']' returned non-zero exit status 32.
This is due to apparmor lsblk profile:
sudo dmesg | grep lsblk
[ 461.611820] audit: type=1400 audit(1759492274.036:192): apparmor="DENIED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=1707 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I'm submitting the attached patch to upstream to fix it, which I
tested is OK:
ubuntu@t-questing-check-package:~$ sudo vim /etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo apparmor_parser -r
/etc/apparmor.d/lsblk
ubuntu@t-questing-check-package:~$ sudo systemctl reload apparmor
ubuntu@t-questing-check-package:~$ sudo ./selftest.py
[2025-10-03 14:31:00,379] azure-nvme-id info:
AzureNvmeIdInfo(azure_nvme_id_stdout='/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n',
azure_nvme_id_stderr='', azure_nvme_id_returncode=0,
azure_nvme_id_disks={'nvme0n1': AzureNvmeIdDevice(device='/dev/nvme0n1',
model=None, nvme_id='type=local,index=1,name=nvme-110G-1', type='local',
index=1, lun=None, name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})},
azure_nvme_id_json_stdout='[\n {\n "path": "/dev/nvme0n1",\n "model":
"Microsoft NVMe Direct Disk v2",\n "properties": {\n "type": "local",\n
"index": 1,\n "name": "nvme-110G-1"\n },\n "vs":
"type=local,index=1,name=nvme-110G-1"\n },\n {\n "path": "/dev/nvme1n1",\n
"model": "MSFT NVMe Accelerator v1.0",\n "properties": {\n "type":
"os"\n },\n "vs": ""\n }\n]\n', azure_nvme_id_json_stderr='',
azure_nvme_id_json_returncode=0, azure_nvme_id_json_disks={'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model='Microsoft NVMe Direct Disk v2',
nvme_id='', type='local', index=1, lun=None, name='nvme-110G-1', extra={}),
'nvme1n1': AzureNvmeIdDevice(device='/dev/nvme1n1', model='MSFT NVMe
Accelerator v1.0', nvme_id='', type='os', index=None, lun=None, name=None,
extra={})}, azure_nvme_id_help_stdout='Usage: azure-nvme-id [-d|--debug]
[-u|--udev|-h|--help|-v|--version]\n -d, --debug Enable debug
mode\n -f, --format {plain|json} Output format (default=plain)\n -h, --help
Display this help message\n -u, --udev Enable udev
mode\n -v, --version Display the version\n',
azure_nvme_id_help_stderr='', azure_nvme_id_help_returncode=0,
azure_nvme_id_version_stdout='azure-nvme-id 0.6.0-4\n',
azure_nvme_id_version_stderr='', azure_nvme_id_version_returncode=0,
azure_nvme_id_version='0.6.0-4', azure_nvme_id_zzz_stdout='Usage: azure-nvme-id
[-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format (default=plain)\n
-h, --help Display this help message\n -u, --udev
Enable udev mode\n -v, --version Display the version\n',
azure_nvme_id_zzz_stderr='invalid argument: zzz\n',
azure_nvme_id_zzz_returncode=1)
[2025-10-03 14:31:00,385] no SCSI resource disk found
[2025-10-03 14:31:00,385] disks info: DiskInfo(root_device='nvme1n1p1',
dev_disk_azure_links=['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001', '/dev/disk/azure/os',
'/dev/disk/azure/os-part1', '/dev/disk/azure/os-part13',
'/dev/disk/azure/os-part14', '/dev/disk/azure/os-part15'],
dev_disk_azure_resource_disk=None, dev_disk_azure_resource_disk_size_gib=0,
nvme_local_disk_size_gib=110, nvme_local_disks_v1=[],
nvme_local_disks_v2=['nvme0n1'], nvme_local_disks=['nvme0n1'],
nvme_remote_data_disks=[], nvme_remote_disks=[], nvme_remote_os_disk='nvme1n1',
root_device_is_nvme=True, scsi_resource_disk=None,
scsi_resource_disk_size_gib=0)
[2025-10-03 14:31:00,408] sku config: None
[2025-10-03 14:31:00,408] validate_azure_nvme_id_help OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_id_version OK: 0.6.0-4
[2025-10-03 14:31:00,408] validate_azure_nvme_id_invalid_arg OK: 'Usage:
azure-nvme-id [-d|--debug] [-u|--udev|-h|--help|-v|--version]\n -d, --debug
Enable debug mode\n -f, --format {plain|json} Output format
(default=plain)\n -h, --help Display this help message\n -u,
--udev Enable udev mode\n -v, --version Display the
version\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id OK: '/dev/nvme0n1:
type=local,index=1,name=nvme-110G-1\n/dev/nvme1n1: type=os\n'
[2025-10-03 14:31:00,408] validate_azure_nvme_disks OK: {'nvme0n1':
AzureNvmeIdDevice(device='/dev/nvme0n1', model=None,
nvme_id='type=local,index=1,name=nvme-110G-1', type='local', index=1, lun=None,
name='nvme-110G-1', extra={}), 'nvme1n1':
AzureNvmeIdDevice(device='/dev/nvme1n1', model=None, nvme_id='type=os',
type='os', index=None, lun=None, name=None, extra={})}
[2025-10-03 14:31:00,408] validate_azure_nvmve_id_json OK: '[\n {\n
"path": "/dev/nvme0n1",\n "model": "Microsoft NVMe Direct Disk v2",\n
"properties": {\n "type": "local",\n "index": 1,\n "name":
"nvme-110G-1"\n },\n "vs": "type=local,index=1,name=nvme-110G-1"\n },\n
{\n "path": "/dev/nvme1n1",\n "model": "MSFT NVMe Accelerator v1.0",\n
"properties": {\n "type": "os"\n },\n "vs": ""\n }\n]\n'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_data OK: []
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_local OK:
['/dev/disk/azure/local/by-index/1',
'/dev/disk/azure/local/by-name/nvme-110G-1',
'/dev/disk/azure/local/by-serial/90df032a12b60d6c0001']
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_os OK:
'/dev/disk/azure/os'
[2025-10-03 14:31:00,408] validate_dev_disk_azure_links_resource OK:
'/dev/disk/azure/resource'
[2025-10-03 14:31:00,408] validate_scsi_resource_disk OK:
/dev/disk/azure/resource => None
[2025-10-03 14:31:00,408] validate_interface enP64000s1 OK:
NetworkInterface(name='enP64000s1', driver='mlx5_core',
mac='7c:1e:52:5d:4e:18', ipv4_addrs=[], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_interface eth0 OK:
NetworkInterface(name='eth0', driver='hv_netvsc', mac='7c:1e:52:5d:4e:18',
ipv4_addrs=['10.0.0.49'], udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})
[2025-10-03 14:31:00,408] validate_networking OK:
NetworkInfo(interfaces={'enP64000s1': NetworkInterface(name='enP64000s1',
driver='mlx5_core', mac='7c:1e:52:5d:4e:18', ipv4_addrs=[],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/74be939c-fa00-4f1c-92d2-01b92989e8bc/pcifa00:00/fa00:00:02.0/net/enP64000s1',
'INTERFACE': 'enP64000s1', 'IFINDEX': '3', 'SUBSYSTEM': 'net',
'USEC_INITIALIZED': '9137589', 'AZURE_UNMANAGED_SRIOV': '1',
'ID_NET_MANAGED_BY': 'unmanaged', 'NM_UNMANAGED': '1', 'ID_NET_DRIVER':
'mlx5_core', 'ID_BUS': 'pci', 'ID_VENDOR_ID': '0x15b3', 'ID_MODEL_ID':
'0x101a', 'ID_PCI_CLASS_FROM_DATABASE': 'Network controller',
'ID_PCI_SUBCLASS_FROM_DATABASE': 'Ethernet controller',
'ID_VENDOR_FROM_DATABASE': 'Mellanox Technologies', 'ID_MODEL_FROM_DATABASE':
'MT28800 Family [ConnectX-5 Ex Virtual Function]', 'ID_NET_NAMING_SCHEME':
'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18', 'ID_OUI_FROM_DATABASE':
'Microsoft', 'ID_NET_NAME_PATH': 'enP64000p0s2', 'ID_NET_NAME_SLOT':
'enP64000s1', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00-pci-fa00:00:02.0', 'ID_PATH_TAG':
'acpi-MSFT1000_00-pci-fa00_00_02_0', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'enP64000s1',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/enP64000s1', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'}), 'eth0': NetworkInterface(name='eth0',
driver='hv_netvsc', mac='7c:1e:52:5d:4e:18', ipv4_addrs=['10.0.0.49'],
udev_properties={'DEVPATH':
'/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/7c1e525d-4e18-7c1e-525d-4e187c1e525d/net/eth0',
'INTERFACE': 'eth0', 'IFINDEX': '2', 'SUBSYSTEM': 'net', 'USEC_INITIALIZED':
'3514337', 'ID_NET_DRIVER': 'hv_netvsc', 'NM_UNMANAGED': '1',
'ID_NET_NAMING_SCHEME': 'v257', 'ID_NET_NAME_MAC': 'enx7c1e525d4e18',
'ID_OUI_FROM_DATABASE': 'Microsoft', 'ID_MM_CANDIDATE': '1', 'ID_PATH':
'acpi-MSFT1000:00', 'ID_PATH_TAG': 'acpi-MSFT1000_00', 'ID_NET_LINK_FILE':
'/usr/lib/systemd/network/99-default.link', 'ID_NET_NAME': 'eth0',
'SYSTEMD_ALIAS': '/sys/subsystem/net/devices/eth0', 'TAGS': ':systemd:',
'CURRENT_TAGS': ':systemd:'})})
[2025-10-03 14:31:00,408] validate_sku_config SKIPPED: no sku configuration
for VM size 'Standard_E2ads_v6'
[2025-10-03 14:31:00,408] success!
And, in dmesg:
[ 2477.205168] audit: type=1400 audit(1759494289.696:387): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="lsblk" pid=4270
comm="apparmor_parser"
[ 2512.115007] audit: type=1400 audit(1759494324.607:388): apparmor="ALLOWED"
operation="open" class="file" profile="lsblk"
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0004:00/MSFT1000:00/70b4ac38-05b7-4efe-8862-db2456dfec84/pci05b7:00/05b7:00:00.0/nvme/nvme0/nvme0n1/"
pid=4287 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Actually, the tests are skipped as they need to be run inside an Azure
VM, but in the CPC Azure squad, we run them manually as part of this
package validation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2126920/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
