Ubuntu
ubuntu-advantage-tools package

Merge ~ahasenack/ubuntu/+source/ubuntu-advantage-tools:focal-ignore-apparmor-errors-when-starting-apt-news-2057937 into ubuntu/+source/ubuntu-advantage-tools:ubuntu/focal-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/ubuntu-advantage-tools
  3. focal-ignore-apparmor-errors-when-starting-apt-news-2057937
  4. Merge into ubuntu/focal-devel
Proposed by Andreas Hasenack
Status: Superseded
Proposed branch: ~ahasenack/ubuntu/+source/ubuntu-advantage-tools:focal-ignore-apparmor-errors-when-starting-apt-news-2057937
Merge into: ubuntu/+source/ubuntu-advantage-tools:ubuntu/focal-devel
Diff against target: 44 lines (+14/-2)
3 files modified
debian/changelog (+12/-0)
systemd/apt-news.service (+1/-1)
uaclient/version.py (+1/-1)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+462780@code.launchpad.net

This proposal has been superseded by a proposal from 2024-03-25.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

See discussion at the noble MP:
https://code.launchpad.net/~ahasenack/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/462716

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Rejected from unapproved, due to missing version update in uaclient/version.py

~ahasenack/ubuntu/+source/ubuntu-advantage-tools:focal-ignore-apparmor-errors-when-starting-apt-news-2057937 updated
2554538... by Andreas Hasenack

version.py: bump to 31.2.2

bfc82fa... by Andreas Hasenack

changelog

Unmerged commits

bfc82fa... by Andreas Hasenack

changelog

2554538... by Andreas Hasenack

version.py: bump to 31.2.2

be5a82c... by Andreas Hasenack

changelog

ffe1e24... by Andreas Hasenack

apt-news.service: ignore apparmor errors when starting

It's possible to have a system where apparmor is enabled, but no profile
is loaded. This happens when the user removed the apparmor debian
package. In that situation, the ubuntu_pro_apt_news profile will not be
loaded into the kernel at startup, and systemd will fail to apply it to
the service when starting.

Systemd already ignores the apparmor setting when apparmor is disabled,
but in this situation it is still enabled. The fix is to configure the
service to also ignore errors when apparmor is enabled.

The drawback is that the service might run unconfined now if there are
problems applying the selected apparmor profile on startup.

Fixes: #3002
LP: #2057937

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 6f6cf69..0f80881 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,15 @@
6+ubuntu-advantage-tools (31.2.2~20.04) focal; urgency=medium
7+
8+ * version.py: match version from d/changelog (LP: #2058934)
9+
10+ -- Andreas Hasenack <andreas@canonical.com> Mon, 25 Mar 2024 11:49:51 -0300
11+
12+ubuntu-advantage-tools (31.2.1~20.04) focal; urgency=medium
13+
14+ * apt-news.service: ignore apparmor errors when starting (LP: #2057937)
15+
16+ -- Andreas Hasenack <andreas@canonical.com> Wed, 20 Mar 2024 09:25:41 -0300
17+
18 ubuntu-advantage-tools (31.2~20.04) focal; urgency=medium
19
20 * Backport new upstream release (LP: #2048921)
21diff --git a/systemd/apt-news.service b/systemd/apt-news.service
22index 2bab966..5e1e0a7 100644
23--- a/systemd/apt-news.service
24+++ b/systemd/apt-news.service
25@@ -14,7 +14,7 @@ Description=Update APT News
26 [Service]
27 Type=oneshot
28 ExecStart=/usr/bin/python3 /usr/lib/ubuntu-advantage/apt_news.py
29-AppArmorProfile=ubuntu_pro_apt_news
30+AppArmorProfile=-ubuntu_pro_apt_news
31 CapabilityBoundingSet=~CAP_SYS_ADMIN
32 CapabilityBoundingSet=~CAP_NET_ADMIN
33 CapabilityBoundingSet=~CAP_NET_BIND_SERVICE
34diff --git a/uaclient/version.py b/uaclient/version.py
35index a1f69da..a20dae6 100644
36--- a/uaclient/version.py
37+++ b/uaclient/version.py
38@@ -14,7 +14,7 @@ from uaclient.defaults import CANDIDATE_CACHE_PATH, UAC_RUN_PATH
39 from uaclient.exceptions import ProcessExecutionError
40 from uaclient.system import subp
41
42-__VERSION__ = "31.2"
43+__VERSION__ = "31.2.2"
44 PACKAGED_VERSION = "@@PACKAGED_VERSION@@"
45
46

Subscribers

People subscribed via source and target branches

to status/vote changes: