[TOPBLOCKER] file corruption on touch images in rw portions of the filesystem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
Undecided
|
Unassigned | ||
android (Ubuntu) |
Fix Released
|
Critical
|
Sergio Schvezov | ||
android (Ubuntu RTM) |
Fix Released
|
Critical
|
Ricardo Salveti | ||
android-tools (Ubuntu) |
In Progress
|
Low
|
Oliver Grawert | ||
android-tools (Ubuntu RTM) |
In Progress
|
Low
|
Oliver Grawert | ||
initramfs-tools-ubuntu-touch (Ubuntu) |
Fix Released
|
Critical
|
Ricardo Salveti | ||
initramfs-tools-ubuntu-touch (Ubuntu RTM) |
Fix Released
|
Critical
|
Ricardo Salveti | ||
linux-mako (Ubuntu) |
Fix Released
|
Critical
|
Paolo Pisati | ||
linux-mako (Ubuntu RTM) |
Confirmed
|
Critical
|
Paolo Pisati |
Bug Description
Symptoms are that cache files in /var/cache/apparmor and profiles in /var/lib/
Workaround: remove the affected profile and then run 'sudo aa-clickhook'. This obviously is not viable on an end-user device.
The investigation is ongoing and this may not be a problem with the kernel at all, so this bug may be retargeted to another project.
The security team and the kernel team have discussed this a lot and Colin King is currently looking at this. This bug is just so it can be tracked. Here is an excerpt from my latest email to Colin:
"I believe I have conclusively ruled out apparmor_parser and aa-clickhook by creating a new 'home/bug/
http://
Specifically, home/bug/
1. wait for unity8 to start (this ensures the apparmor upstart job is finished)
2. restore apparmor_parser and aa-clickhook, if needed
3. if /home/bug/
/var/
and aa-clickhook were /bin/true during boot so they could not have changed
/var/
4. verify the profiles, exit with error if they do not
5. alternately upgrade/downgrade the packages
6. verify the profiles, exit with error if they do not
7. copy the known good profiles in the previous step to /home/bug/
8. have apparmor_parser and aa-clickhook point to /bin/true
9. reboot
10. go to step 1
In the paste you'll notice that in step 6 the profiles were successfully created by the installation of the packages, then verified, then copied aside, then apparmor_parser and aa-clickhook diverted, then rebooted, only to have the profiles in /var/lib/
IMPORTANT: you will want to update the reproducer and refollow all of these steps (ie, I updated the scripts, the debs, the sudoers file, etc):
$ wget http://
$ tar -zxvf ./aa-corruption
...
$ adb push ./aa-corruption
$ adb shell
phablet@
phablet@
phablet@
phablet@
/etc/sudoers.d/
phablet@
phablet@
phablet@
$ cd ./aa-corruption
$ ./test-from-host.sh
...
The old script is still in place. Simply adjust ./test-from-host.sh to have:
testscript=
#testscript=
The kernel team has verified the above reproducer and symptoms.
Related bugs:
* bug 1371771
* bug 1371765
* bug 1377338
Related branches
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
tags: | added: kernel-key |
tags: | added: rtm14 |
affects: | linux (Ubuntu) → system-image (Ubuntu) |
Changed in android (Ubuntu): | |
assignee: | nobody → Ricardo Salveti (rsalveti) |
tags: | added: touch-2014-11-06 |
summary: |
- file corruption on touch images in rw portions of the filesystem + [TOPBLOCKER] file corruption on touch images in rw portions of the + filesystem |
tags: | added: lt-blocker lt-category-visible lt-prio-high |
Changed in android (Ubuntu): | |
status: | Triaged → In Progress |
Changed in initramfs-tools-ubuntu-touch (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | nobody → Ricardo Salveti (rsalveti) |
Changed in android (Ubuntu): | |
assignee: | Ricardo Salveti (rsalveti) → Sergio Schvezov (sergiusens) |
Changed in initramfs-tools-ubuntu-touch (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in android (Ubuntu RTM): | |
assignee: | nobody → Ricardo Salveti (rsalveti) |
status: | New → In Progress |
importance: | Undecided → Critical |
Changed in initramfs-tools-ubuntu-touch (Ubuntu RTM): | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Ricardo Salveti (rsalveti) |
tags: | removed: lt-blocker |
Changed in linux-mako (Ubuntu): | |
assignee: | Colin Ian King (colin-king) → Paolo Pisati (p-pisati) |
Changed in linux-mako (Ubuntu RTM): | |
assignee: | Colin Ian King (colin-king) → Paolo Pisati (p-pisati) |
Changed in linux-mako (Ubuntu): | |
status: | Confirmed → Fix Released |
Added application- confinement and apparmor tags since this bug affects both and it will be easier to find.