Closed panlinux closed 1 month ago
github-actions[bot]
commented
1 month ago Jira: This PR is not related to a Jira item. (The PR title does not include a SC-#### reference)
GitHub Issues:
Launchpad Bugs:
Documentation: The changes in this PR do not require documentation changes.
👍 this comment to confirm that this is correct.
panlinux
commented
1 month ago I copied the actual rule from /etc/apparmor.d/usr.lib.snapd.snap-confine.real
panlinux
commented
1 month ago The xenial failure is an unexpected update being available:
Assertion Failed: Expected to find exactly:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages have been kept back:
libcurl3-gnutls
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
But got:
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following security update requires Ubuntu Pro with 'esm-infra' enabled:
libcurl3-gnutls
Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04
The following packages have been kept back:
libcurl3-gnutls
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Why is this needed?
This PR solves all of our problems because...
Test Steps
Keep
sudo dmesg -wT | grep ubuntu_prorunning in a terminal (in the same VM, if testing in a VM, or in the host, if testing with a LXD container), and then run this on the system being tested (LXD or VM):there should be no apparmor DENIED message for an access to
/etc/os-release.Additionally, for a more surgical test, also run these:
On a system with the fixed apparmor profile, you should see the contents of /etc/os-release. With the bug, the last command above will return a permission denied error and dmesg will show a corresponding apparmor DENIED error.
Checklist
Does this PR require extra reviews?
Launchpad bug: LP: #2065573 Fixes: #3109