[2.11.0-rc2] recent Focal releases include an ubuntu_pro_apt_news that AppArmor blocks
#7385
Comments
|
I'm going to remove this from the 2.11.0 milestone just because this is a regression in an Ubuntu package + apparmor profile and there's nothing for us to fix even if we wanted to. And there's no impact to SD systems aside from the log entry. |
|
Good call, @legoktm. The preceding log entries you asked for are from immediately after boot, which confirms that this is an upstream bug and not SecureDrop-involved at all, except that it violates our expectation of no AppArmor denials. Feel free to close outright. |
|
OK cool, so presumably whenever Ubuntu (or bento?) creates new VM images with an updated ubuntu-pro-client, it'll go away. And we don't see it on prod systems (AFAIK) because the installer upgrades packages before rebooting, so it's already fixed by then. I'm going to leave this open because I expect we're going to add a suppression of some kind in the test because it's still an issue on our noble staging job. |
This is an upstream Ubuntu bug that was fixed, but occurs before packages are updated and SecureDrop is installed, so there's really nothing for us to do until new VM images and installer ISOs are made available Fixes #7385.
|
I've added a fix for this into #7360. |
This is an upstream Ubuntu bug that was fixed, but occurs before packages are updated and SecureDrop is installed, so there's really nothing for us to do until new VM images and installer ISOs are made available Fixes #7385.
Description
As of at least https://portal.cloud.hashicorp.com/vagrant/discover/bento/ubuntu-20.04/versions/202407.23.0, AppArmor blocks Ubuntu's
ubuntu_pro_apt_newsutility.Steps to Reproduce
Clean installation of SecureDrop
2.11.0-rc2on VMs.Expected Behavior
securedrop-admin verifysucceeds on a fresh installation.Actual Behavior
app/test_apparmor.py::test_aa_no_denies_in_syslog[paramiko:/app-prod]fails with:The preceding log entries are:
Comments
The text was updated successfully, but these errors were encountered: