Failing CPC tests show that the preseeded apparmor features don't
include policy:unconfined_restrictions for the 6.5 kernel. This change
adds the feature preseed.
Fixes LP: #2062929
lp: #2037567. starting in kernel 6.5.0.1006, there's been an update to
apparmor features. Creates the 6.5 kernel directory, fully populates
with feats checked from a machine running 6.5.0.1006 installed from
proposed (as of 20230927).
(cherry picked from commit 5427e5ad6c02b2d7c203cc6597aff5518d5b344c)
LP: 2031943
Same issue as affected 5.19. 6.2 apparmor featureset differs from 5.15.
Identified the same feature as 5.19, so copied over.
populated 6.2 with all of generic directory as well. Compatibility mode for
possible future change
During Realtime kernel image build, there was an error during
validating snap seed which derivative images copied 5.19
apparmor feature and can't validate when Realtime kernel (5.15)
installed [0].
To prevent this, bind correct apparmor feature with kernel
version.
[0] https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2024639
the 5.19 kernel added ipc posix_mqueue apparmor features. the generic
set of apparmor features for the 5.15 LTS jammy kernel does not have
this feature. Along with the commit "support kernel with different
apparmor feats", this ensures that the HWE kernel for 5.19 has a
matching set.
note that on the next HWE roll, another directory will need to be added.
For each new HWE kernel roll, checking capabilities, creating the
directory, and adding the correct features will be required.
