Ubuntu
initramfs-tools-ubuntu-touch package

Sometimes apparmor fails to generate a proper cache if rules are bind-mounted (provided by the device tarball)

Bug #1425704 reported by Ricardo Salveti
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
initramfs-tools-ubuntu-touch (Ubuntu)
New
Undecided
Unassigned

Bug Description

The file /usr/share/apparmor/hardware/graphics.d/apparmor-easyprof-ubuntu_android can be bind-mounted by the device tarball in order for it to provide the specific apparmor rules for such hardware.

That works well most of the time, but we noticed that (specially after updates) that the generated cache is not containing the changes that are bind-mounted when the device booted (as part of the initrd).

The private bug 1373923 for krillin covers this issue if required.

As a workaround we decided to push the device specifics apparmor rules as part of lxc-android-config. The good side effect of that is that the pre-generated cache files can be used right on the first boot.

This bug is just to track the investigation if it shows up again on a following up hardware.

See original description
Ricardo Salveti (rsalveti)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.