** Description changed: [ Impact ] CPC reported AppArmor denials when building images on systems where /sys/firmware/devicetree is present, as described in https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2131292. The fix, present in resolute, is to add the permission to the apparmor profile. [ Test Plan ] - <TBD> + Run https://github.com/canonical/ubuntu-pro- + client/blob/main/sru/release-37/test-apparmor-firmware-access.sh using a + version without the fix, and see it fail + + Run https://github.com/canonical/ubuntu-pro- + client/blob/main/sru/release-37/test-apparmor-firmware-access.sh using + the version in -proposed, and see it pass + + Remove the hardware mocks from the script, and run with both packages, + see it all passes (so no regressions expected) [ Where problems could occur ] Changing an AppArmor profile always brings two different kinds of risks: getting more denials than expected, or allowing more than intended. We believe the first concern is not a problem because this change is adding a permission without removing any of the existing permissions. We believe the second concern is not a problem because this change limits the permission grant exactly to the path that needs to be accessed, and the change itself was reviewed and approved by the AppArmor team in the upstream PR, as seen in: https://github.com/canonical/ubuntu-pro-client/pull/3515 - The outlined test plan is a reinforcement that the change actually fixes the bug. - + The outlined test plan is a reinforcement that the change actually fixes + the bug. + [ Other Info ] ubuntu-advantage-tools has an SRU exception, but this bug does *not* make use of it, as we are: - not adding any new feature, this is just a bugfix - not sending this fix to EOSS releases
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2144554 Title: [SRU] ubuntu-advantage-tools (37.1 -> 37.2) for Jammy, Noble, Questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2144554/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
