debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #09718
[Bug 2127111] Re: within qemu-RISCV64: systemd-detect-virt results in "Failed to check for virtualization: Permission denied"
** Also affects: apparmor (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: systemd (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Resolute)
Importance: Undecided
Assignee: Ryan Lee (rlee287)
Status: In Progress
** Also affects: systemd (Ubuntu Resolute)
Importance: Undecided
Status: Invalid
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2127111
Title:
within qemu-RISCV64: systemd-detect-virt results in "Failed to check
for virtualization: Permission denied"
Status in apparmor package in Ubuntu:
In Progress
Status in systemd package in Ubuntu:
Invalid
Status in apparmor source package in Questing:
New
Status in systemd source package in Questing:
New
Status in apparmor source package in Resolute:
In Progress
Status in systemd source package in Resolute:
Invalid
Bug description:
[ Impact ]
Due to the implementation of /proc/device-tree as a symlink, systemd-
detect-virt is unable to perform device-tree related checks, breaking
virtualization detection on the non x86_64 systems where such checks
are enabled.
[ Test Plan ]
This test needs to be performed on a non x86_64 Questing system that uses device trees. If you have one lying around already:
- Run `ls -l /proc/device-tree` and check that it is a symlink to /sys/firmware/devicetree/base.
- If it does not exist: your system does not use device trees.
- If it is a regular folder: your machine was not affected by the original bug. You can still run the below test plan anyways to ensure that the fix does not cause a regression on such systems. However, this is very unlikely as the symlink was introduced in 2014.
- If it is a symlink to a different location: this patch will not fix the bug on your machine, and please let us know where it is a symlink to instead.
If you need to spin up a machine specifically for this test, instructions on setting up a RISC-V QEMU machine can be found at https://canonical-ubuntu-boards.readthedocs-hosted.com/en/latest/how-to/qemu-riscv/. Particular details:
- The RISC-V guest image used must be a Questing image. Due to its requirement for a rva23s64 emulated CPU, QEMU 10.1 or later is required, and the easiest way to ensure this is to use a Ubuntu Questing host.
- As the bug concerns device tree detection, the QEMU machine must be booted with acpi turned off.
- The guest must be booted using QEMU: when booted using EDK II, systemd-detect-virt bails early after inspecting files in /sys/class/dmi/id/ before hitting the check affected by AppArmor.
On the non x86_64 system: run systemd-detect-virt and ensure that it
does not encounter a permission denial error.
[ Where problems could occur ]
The additions to the systemd-detect-virt profile are loosening
confinement. However, if a user manually modified the installed
profiles, then the package upgrade would cause conflicts, and
rejection of the incoming changes (either by hand during an
interactive upgrade or automatically during an batch unattended
upgrade) would result in end users not getting the packaged fix.
[ Other Info ]
----Original bug report:
ubuntu@ubuntu:~$ systemd-detect-virt
Failed to check for virtualization: Permission denied
ubuntu@ubuntu:~$ sudo systemd-detect-virt
Failed to check for virtualization: Permission denied
From: systemd 257 (257.9-0ubuntu2)
ubuntu@ubuntu:~$ uname -a
Linux ubuntu 6.17.0-5-generic #5.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Sep 23 20:28:40 UTC 2025 riscv64 riscv64 riscv64 GNU/Linux
This is Ubuntu 25.10 riscv64 running within qemu-system-riscv64 on
Ubuntu 25.10 x86_64
See https://github.com/systemd/systemd/issues/39192 for full analysis.
Solved with systemd-detect-virt from github: systemd 259 (259~devel)
https://github.com/systemd/systemd/issues/39192#issuecomment-3373625656
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: systemd 257.9-0ubuntu2
ProcVersionSignature: User Name 6.17.0-5.5.1-generic 6.17.0-rc7
Uname: Linux 6.17.0-5-generic riscv64
ApportVersion: 2.33.1-0ubuntu3
Architecture: riscv64
CasperMD5CheckResult: unknown
CloudArchitecture: riscv64
CloudBuildName: server
CloudID: nocloud
CloudName: unknown
CloudPlatform: nocloud
CloudSerial: 20250624
CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud-net)
CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read kernel buffer failed: Operation not permitted
Date: Wed Oct 8 17:10:26 2025
Lspci-vt:
-[0000:00]-+-00.0 Red Hat, Inc. QEMU PCIe Host bridge
+-01.0 Red Hat, Inc. Virtio RNG
\-02.0 Red Hat, Inc. Virtio block device
Lsusb: Error: command ['lsusb'] failed with exit code 1:
Lsusb-t:
Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: riscv-virtio qemu
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=vt220
XDG_RUNTIME_DIR=<set>
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.17.0-5-generic root=UUID=423824f9-91ff-4e47-a13e-549b3604b64e ro efi=debug earlycon=sbi
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
acpidump:
dmi.bios.date: 01/01/2025
dmi.bios.release: 25.1
dmi.bios.vendor: U-Boot
dmi.bios.version: 2025.01-3ubuntu4
dmi.board.name: qemu
dmi.board.vendor: riscv-virtio
dmi.chassis.type: 3
dmi.modalias: dmi:bvnU-Boot:bvr2025.01-3ubuntu4:bd01/01/2025:br25.1:svnriscv-virtio:pnqemu:pvr:rvnriscv-virtio:rnqemu:rvr:cvn:ct3:cvr:sku:
dmi.product.name: qemu
dmi.sys.vendor: riscv-virtio
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2127111/+subscriptions
References
