Bug: apparmor denials in 32.1

[orndorffgrant]

Description of the bug

On a xenial lxd-vm after a pro attach we get:

      2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED begin
      2024-05-21 15:22:29,438:WARNING:root:May 21 19:20:58 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   63.187079] audit: type=1400 audit(1716319258.652:25): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache_systemd_detect_virt" pid=3582 comm="systemd-detect-" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.253406] audit: type=1400 audit(1716319259.720:26): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.253671] audit: type=1400 audit(1716319259.720:27): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.253817] audit: type=1400 audit(1716319259.720:28): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.253952] audit: type=1400 audit(1716319259.720:29): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.254086] audit: type=1400 audit(1716319259.720:30): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.254247] audit: type=1400 audit(1716319259.720:31): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.254406] audit: type=1400 audit(1716319259.720:32): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.254537] audit: type=1400 audit(1716319259.720:33): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      May 21 19:20:59 upro-behave-xenial-system-under-test-0521-151920682865 kernel: [   64.254665] audit: type=1400 audit(1716319259.720:34): apparmor="DENIED" operation="ptrace" profile="ubuntu_pro_esm_cache//ps" pid=3589 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"
      2024-05-21 15:22:29,438:WARNING:root:XXX apparmor DENIED end

And on a focal lxd-vm after a pro attach we get:

      2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED begin
      2024-05-21 15:25:25,975:WARNING:root:May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319473.279:43): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemd_detect_virt" name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" pid=3114 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319473.447:44): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319473.447:45): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched" pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319473.447:46): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319473.447:47): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/environ" pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:33 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319473.447:48): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched" pid=3115 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319484.553:49): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemd_detect_virt" name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" pid=3322 comm="systemd-detect-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319484.709:50): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319484.713:51): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched" pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319484.717:52): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319484.717:53): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/environ" pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      May 21 19:24:44 upro-behave-focal-system-under-test-0521-152234400502 kernel: audit: type=1400 audit(1716319484.717:54): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache_systemctl" name="/proc/1/sched" pid=3323 comm="systemctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
      2024-05-21 15:25:25,975:WARNING:root:XXX apparmor DENIED end

Expected behavior

No apparmor denied messages

To Reproduce

tox run -e behave -- -D install_from=proposed features/attach_validtoken.feature:194 features/attach_validtoken.feature:196

System information:

• Ubuntu release: xenial and focal
• Pro Client version: 32.1

Additional context

found while verifying 32.1 in -proposed

[panlinux]

Reproduced the failure with the package from proposed on focal. Then used this to test my branch:

tox run -e behave -- -D install_from=local features/attach_validtoken.feature:194 features/attach_validtoken.feature:196 -D releases=focal -D machine_types=lxd-vm

That passed. Next, xenial.

[panlinux]

xenial passed after another change