Ubuntu
apparmor package

pivot_root regression test fails under systemd

Bug #1436109 reported by Steve Beattie on 2015-03-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

The pivot_root apparmor regression test fails when systemd is the init daemon:

running pivot_root
Error: pivot_root failed. Test 'PIVOT_ROOT (unconfined)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (bare rule)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (new_root)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (put_old)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (put_old, new_root)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (transition)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (new_root, transition)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'
Error: pivot_root failed. Test 'PIVOT_ROOT (put_old, new_root, transition)' was expected to 'pass'. Reason for failure 'FAIL - pivot_root: Invalid argument'

The reason for this is that systemd mounts the rootfs shared, which prevents the pivot_root(2) call from succeeding. See the systemd commit http://cgit.freedesktop.org/systemd/systemd/commit/?id=b3ac5f8cb98757416d8660023d6564a7c411f0a0 for the justification why they do this.

Related branches

lp:ubuntu/vivid-proposed/apparmor

Revision history for this message

Steve Beattie (sbeattie) wrote on 2015-03-24:

A commit for this issue has been applied upstream: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/2923

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-03-30:

This bug was fixed in the package apparmor - 2.9.1-0ubuntu8

---------------
apparmor (2.9.1-0ubuntu8) vivid; urgency=medium

  [ Steve Beattie ]
  * debian/rules: run make check on the libapparmor library
  * add-chromium-browser.patch: add support for chromium policies
    (LP: #1419294)
  * debian/apparmor.{init,upstart}: add support for triggering
    aa-profile-hook runs when packages are updated via snappy system
    image updates (LP: #1434143)
  * parser-fix_modifier_compilation_+_tests.patch: fix compilation
    of audit modifiers for exec and pivot_root and deny modifiers on
    link rules as well as significantly expand related tests
    (LP: #1431717, LP: #1432045, LP: #1433829)
  * tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
    around pivot_root test failures due to init=systemd (LP: #1436109)
  * GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
    file to X abstraction (LP: #1432126)

  [ Jamie Strandboge ]
  * easyprof-framework-policy.patch: add --include-templates-dir and
    --include-policy-groups-dir options to easyprof to support framework
    policy on snappy

  [ Robie Basak ]
  * Add /lib/apparmor/profile-load; moved from
    /lib/init/apparmor-profile-load from the upstart package. A wrapper at
    the original path is now provided by init-system-helpers. (LP: #1432683)
-- Jamie Strandboge <email address hidden> Sat, 28 Mar 2015 07:22:30 -0500

Changed in apparmor (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package