← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #58244

[Bug 1425704] [NEW] Sometimes apparmor fails to generate a proper cache if rules are bind-mounted (provided by the device tarball)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The file /usr/share/apparmor/hardware/graphics.d/apparmor-easyprof-
ubuntu_android can be bind-mounted by the device tarball in order for it
to provide the specific apparmor rules for such hardware.

That works well most of the time, but we noticed that (specially after
updates) that the generated cache is not containing the changes that are
bind-mounted when the device booted (as part of the initrd).

The private bug 1373923 for krillin covers this issue if required.

As a workaround we decided to push the device specifics apparmor rules
as part of lxc-android-config. The good side effect of that is that the
pre-generated cache files can be used right on the first boot.

This bug is just to track the investigation if it shows up again on a
following up hardware.

** Affects: initramfs-tools-ubuntu-touch (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  The file /usr/share/apparmor/hardware/graphics.d/apparmor-easyprof-
  ubuntu_android can be bind-mounted by the device tarball in order for it
  to provide the specific apparmor rules for such hardware.
  
  That works well most of the time, but we noticed that (specially after
  updates) that the generated cache is not containing the changes that are
  bind-mounted when the device booted (as part of the initrd).
  
  The private bug 1373923 for krillin covers this issue if required.
  
  As a workaround we decided to push the device specifics apparmor rules
  as part of lxc-android-config. The good side effect of that is that the
  pre-generated cache files can be used right on the first boot.
+ 
+ This bug is just to track the investigation if it shows up again on a
+ following up hardware.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools-ubuntu-
touch in Ubuntu.
https://bugs.launchpad.net/bugs/1425704

Title:
  Sometimes apparmor fails to generate a proper cache if rules are bind-
  mounted (provided by the device tarball)

Status in initramfs-tools-ubuntu-touch package in Ubuntu:
  New

Bug description:
  The file /usr/share/apparmor/hardware/graphics.d/apparmor-easyprof-
  ubuntu_android can be bind-mounted by the device tarball in order for
  it to provide the specific apparmor rules for such hardware.

  That works well most of the time, but we noticed that (specially after
  updates) that the generated cache is not containing the changes that
  are bind-mounted when the device booted (as part of the initrd).

  The private bug 1373923 for krillin covers this issue if required.

  As a workaround we decided to push the device specifics apparmor rules
  as part of lxc-android-config. The good side effect of that is that
  the pre-generated cache files can be used right on the first boot.

  This bug is just to track the investigation if it shows up again on a
  following up hardware.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools-ubuntu-touch/+bug/1425704/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next