Skip to content

Workaround issue starting 22.04 containers on recent kernels#519

Merged
dmitry-lyfar merged 2 commits into
mainfrom
fix/snapd-apparmor-systemd-journal
Oct 22, 2025
Merged

Workaround issue starting 22.04 containers on recent kernels#519
dmitry-lyfar merged 2 commits into
mainfrom
fix/snapd-apparmor-systemd-journal

Conversation

@jonathan-conder
Copy link
Copy Markdown
Contributor

@jonathan-conder jonathan-conder commented Oct 21, 2025

Description

Workaround https://bugs.launchpad.net/snapd/+bug/2127244. See comments for details.

Self-review quick check

  • Make decisions that cost a lot to reverse explicit in the PR description.
  • Avoid nested conditions.
  • Delete dead code and redundant comments.
  • Normalise symmetries by sticking to doing identical things identically.
// one way to handle errors
if err := f(); err != nil {
   ...
}

// one way to handle multiple returns
val, err := f()
if err != nil {
   ...
}
...
  • Check that coupled code elements, files, and directories are adjacent. For example, test data is stored as close as possible to a test.
  • Put variable declaration and initialisation together.
  • Divide large expressions into digestable and self-explanatory ones. Use multiple variables if required.
  • Put a blank line between two logically different chunks of code.
  • Follow the style guide for new error messages.

Docs

  • I have checked and added or updated relevant documentation.
  • I have checked and added or updated relevant release notes.
  • I have included the technical author in the review.

Or:

  • I confirm the PR has no implications for documentation.

@jonathan-conder jonathan-conder self-assigned this Oct 21, 2025
Copilot AI reviewed Oct 21, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a workaround for Launchpad bug #2127244, which prevents Ubuntu 22.04 containers from starting on recent kernels due to an AppArmor issue in snapd. The workaround patches the snap-confine AppArmor profile in newly launched 22.04 containers to allow access to /run/systemd/journal/stdout.

Key Changes

  • Added AppArmor profile patching for Ubuntu 22.04 containers after launch
  • Embedded both old and new versions of the snap-confine AppArmor profile for comparison
  • Modified launch workflow to apply patches automatically

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
internal/workshop/lxd/snap-confine.old Embedded original AppArmor profile from snapd 2.71 for comparison
internal/workshop/lxd/snap-confine.new Embedded patched AppArmor profile with stdout access permission
internal/workshop/lxd/lxd_backend.go Added patchInstance function to detect and apply AppArmor profile fix for 22.04 containers

Comment thread internal/workshop/lxd/lxd_backend.go
Comment thread internal/workshop/lxd/lxd_backend.go
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Oct 22, 2025

TICS Quality Gate

✔️ Passed

workshop

All conditions passed

See the results in the TICS Viewer

The following files have been checked for this project
  • internal/workshop/lxd/lxd_backend.go

Automatic-tests / code-coverage / TICS GitHub Action

@dmitry-lyfar dmitry-lyfar merged commit 3997459 into main Oct 22, 2025
12 checks passed
@dmitry-lyfar dmitry-lyfar deleted the fix/snapd-apparmor-systemd-journal branch October 22, 2025 06:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dmitry-lyfar dmitry-lyfar dmitry-lyfar approved these changes

Assignees

@jonathan-conder jonathan-conder

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonathan-conder @dmitry-lyfar