Lubuntu
/
livecd-rootfs
mirror of https://git.launchpad.net/livecd-rootfs
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: support kernel with different apparmor feats

Browse Source 
Jammy HWE is rolling to 5.19. the 5.19 kernel introduced more apparmor
features, specifically ipc. due to the roll, we now must support builds
with 2 different feature sets.

This specifically affects snap-preseeding, where if a snap_preseed is
run with a mismatched apparmor feature set, snap will require a restart
to match the running kernel's feature set. in the clouds, this can add
somehwere between 5-10s (as of checks on 20230404). This is a large boot
time performance hit.

Implementation is done at the `snap_validate_seed` function level. This
function is called in snap scenarios. It checks for an installed kernel
in the chroot, gets the major.min version, and checks for
apparmor/$KERN. If found, it will do a copy of the directory, providing
a naive override mechanism.

For CPC builds, we are adding a call to `snap_validate_seed` at the end
of affected hooks as well. This is a safe procedure to call, as it
reruns the snap_preseed for all snaps. By running at the end of build
processes, it ensures that any kernel changes done during the build are
taken into account.
jammy-sru-1996489
John Chittum 2 years ago
parent 3effc18b69
commit bd1690bd16
No known key found for this signature in database
GPG Key ID: 42FD6DD37F7F195B
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File

11
live-build/functions
Unescape View File

@ -760,6 +760,17 @@ snap_preseed() {
snap_validate_seed() {
local CHROOT_ROOT=$1
if [ -e ${CHROOT_ROOT}/boot/vmlinuz ]; then
local kern_major_min=$(readlink --canonicalize --no-newline ${CHROOT_ROOT}/boot/vmlinuz | grep --extended-regexp --only-matching --max-count 1 '[0-9]+\.[0-9]+')
if [ -d /usr/share/livecd-rootfs/live-build/apparmor/${kern_major_min} ]; then
# if an Ubuntu version has different kernel apparmor features between LTS and HWE kernels
# a snap pre-seeding issue can occur, where the incorrect apparmor features are reported
# basic copy of a directory structure overriding the "generic" feature set
# which is tied to the LTS kernel
cp -R --verbose /usr/share/livecd-rootfs/live-build/apparmor/${kern_major_min}/* /usr/share/livecd-rootfs/live-build/apparmor/generic/
fi
fi
if [ -e "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml" ]; then
snap debug validate-seed "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml"
/usr/lib/snapd/snap-preseed --reset $(realpath "${CHROOT_ROOT}")

Write Preview
Loading…
Cancel
Save