[Bug 2116288] Re: apparmor ssh-keygen profile causes regressions in openssh testsuite

Thu, 10 Jul 2025 19:55:34 -0700 

Hello,

I tried to make a VM today with uvtool, and I hit this.

$ uvt-kvm create --cpu 4 --memory 4096 --disk 10 noble-test release=noble 
arch=amd64
Saving key "/tmp/uvt-kvm.sshtmph3jkrr4b/rsa" failed: Permission denied
Saving key "/tmp/uvt-kvm.sshtmph3jkrr4b/ecdsa" failed: Permission denied
Saving key "/tmp/uvt-kvm.sshtmph3jkrr4b/ed25519" failed: Permission denied
Traceback (most recent call last):
  File "/usr/bin/uvt-kvm", line 35, in <module>
    uvtool.libvirt.kvm.main_cli_wrapper(sys.argv[1:])
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/uvtool/libvirt/kvm.py", line 1118, in 
main_cli_wrapper
    main(*args, **kwargs)
    ~~~~^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/uvtool/libvirt/kvm.py", line 1113, in 
main
    args.func(parser, args)
    ~~~~~~~~~^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/uvtool/libvirt/kvm.py", line 866, in 
main_create
    ssh_host_keys, ssh_known_hosts = uvtool.ssh.generate_ssh_host_keys()
                                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib/python3/dist-packages/uvtool/ssh.py", line 73, in 
generate_ssh_host_keys
    raise RuntimeError("Could not create any key")
RuntimeError: Could not create any key

uvtool places its ssh keys in /tmp/uvt-kvm.sshtmp<random>/algorithm, so
this is outside .ssh.

I think we need to relax this change as it seems to affect quite a few
packages.

1Jul 11 14:43:24 ThinkPad-X1 kernel: audit: type=1400
audit(1752201804.011:295): apparmor="DENIED" operation="mknod"
class="file" profile="ssh-keygen" name="/home/matthew/test/rsa" pid=6245
comm="ssh-keygen" requested_mask="c" denied_mask="c" fsuid=1000
ouid=1000

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2116288

Title:
  apparmor ssh-keygen profile causes regressions in openssh testsuite

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2116288/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to