[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"
** Description changed: + Christian summarizes this after the great reports by Martin: + + gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3 + and added more later. + + Due to that anything linked against gnutls while being apparmor isolated + now hits similar denials, preventing the desired effect of the config + change BTW. + + I think for safety we WANT to always allow this access, otherwise people + will subtly not have crypto control about the more important (those + isolated) software. Because after the denial I'd expect this to not + really disable it in the program linked to gnutls (details might vary + depending what they really use gnutls for). + + I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now + fixing a few but leaving this open in some others not spotted. + + I'd therefore suggest, but we need to discuss, to therefore change it in + /etc/apparmor.d/abstractions/base. + + Therefore I'm adding gnutls (and Adrien) as well as apparmor to the bug + tasks. + --- --- Merely booting current noble cloud image with "chrony" installed causes this: audit: type=1400 audit(1710152842.540:107): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/chronyd" name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 - --- + --- --- Running any VM in libvirt causes a new AppArmor violation in current noble. This is a regression, this didn't happen in any previous release. Reproducer: virt-install --memory 50 --pxe --virt-type qemu --os-variant alpinelinux3.8 --disk none --wait 0 --name test1 (This is the simplest way to create a test VM. But it's form or shape doesn't matter at all). Results in lots of audit: type=1400 audit(1710146677.570:108): apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 libvirt-daemon 10.0.0-2ubuntu1 apparmor 4.0.0~alpha4-0ubuntu1 libgnutls30:amd64 3.8.3-1ubuntu1 ** Also affects: gnutls28 (Ubuntu) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Description changed: Christian summarizes this after the great reports by Martin: gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3 and added more later. Due to that anything linked against gnutls while being apparmor isolated now hits similar denials, preventing the desired effect of the config change BTW. I think for safety we WANT to always allow this access, otherwise people will subtly not have crypto control about the more important (those isolated) software. Because after the denial I'd expect this to not really disable it in the program linked to gnutls (details might vary depending what they really use gnutls for). I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now fixing a few but leaving this open in some others not spotted. I'd therefore suggest, but we need to discuss, to therefore change it in /etc/apparmor.d/abstractions/base. Therefore I'm adding gnutls (and Adrien) as well as apparmor to the bug tasks. - --- - --- - Merely booting current noble cloud image with "chrony" installed causes - this: + --- --- --- --- --- --- --- --- --- --- --- --- + --- --- --- --- --- --- --- --- --- --- --- --- + + + Merely booting current noble cloud image with "chrony" installed causes this: audit: type=1400 audit(1710152842.540:107): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/chronyd" name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 - --- - --- - Running any VM in libvirt causes a new AppArmor violation in current - noble. This is a regression, this didn't happen in any previous release. + --- --- --- --- --- --- --- --- --- --- --- --- + --- --- --- --- --- --- --- --- --- --- --- --- + + + Running any VM in libvirt causes a new AppArmor violation in current noble. This is a regression, this didn't happen in any previous release. Reproducer: virt-install --memory 50 --pxe --virt-type qemu --os-variant alpinelinux3.8 --disk none --wait 0 --name test1 (This is the simplest way to create a test VM. But it's form or shape doesn't matter at all). Results in lots of audit: type=1400 audit(1710146677.570:108): apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 libvirt-daemon 10.0.0-2ubuntu1 apparmor 4.0.0~alpha4-0ubuntu1 libgnutls30:amd64 3.8.3-1ubuntu1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bug
[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"
There is precedence in /etc/apparmor.d/abstractions/base holding various rules
like these
$ grep etc_ro /etc/apparmor.d/abstractions/base
@{etc_ro}/locale/** r,
@{etc_ro}/locale.alias r,
@{etc_ro}/localtime r,
@{etc_ro}/bindresvport.blacklistr,
@{etc_ro}/ld.so.cache mr,
@{etc_ro}/ld.so.confr,
@{etc_ro}/ld.so.conf.d/{,*.conf}r,
@{etc_ro}/ld.so.preload r,
@{etc_ro}/ld-musl-*.pathr,
I'd think the better fix is to allow it there.
Actually, base isn't the best.
I think it should go into /etc/apparmor.d/abstractions/crypto (which is
included by base)
If Adrien knows about similar, "whoever uses it should have read access to that
config to restrict it accordingly" config files we might want to add them all
in one block there.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739
Title:
apparmor="DENIED" operation="open" class="file" profile="virt-aa-
helper" name="/etc/gnutls/config"
Status in apparmor package in Ubuntu:
New
Status in chrony package in Ubuntu:
New
Status in gnutls28 package in Ubuntu:
New
Status in libvirt package in Ubuntu:
New
Status in apparmor source package in Noble:
New
Status in chrony source package in Noble:
New
Status in gnutls28 source package in Noble:
New
Status in libvirt source package in Noble:
New
Bug description:
Christian summarizes this after the great reports by Martin:
gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
and added more later.
Due to that anything linked against gnutls while being apparmor
isolated now hits similar denials, preventing the desired effect of
the config change BTW.
I think for safety we WANT to always allow this access, otherwise
people will subtly not have crypto control about the more important
(those isolated) software. Because after the denial I'd expect this to
not really disable it in the program linked to gnutls (details might
vary depending what they really use gnutls for).
I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
fixing a few but leaving this open in some others not spotted.
I'd therefore suggest, but we need to discuss, to therefore change it
in /etc/apparmor.d/abstractions/base.
Therefore I'm adding gnutls (and Adrien) as well as apparmor to the
bug tasks.
--- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --- --- --- --- --- --- ---
Merely booting current noble cloud image with "chrony" installed causes this:
audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
operation="open" class="file" profile="/usr/sbin/chronyd"
name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
--- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --- --- --- --- --- --- ---
Running any VM in libvirt causes a new AppArmor violation in current noble.
This is a regression, this didn't happen in any previous release.
Reproducer:
virt-install --memory 50 --pxe --virt-type qemu --os-variant
alpinelinux3.8 --disk none --wait 0 --name test1
(This is the simplest way to create a test VM. But it's form or shape
doesn't matter at all).
Results in lots of
audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
operation="open" class="file" profile="virt-aa-helper"
name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
libvirt-daemon 10.0.0-2ubuntu1
apparmor 4.0.0~alpha4-0ubuntu1
libgnutls30:amd64 3.8.3-1ubuntu1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"
Suggestion would be something like:
--- /etc/apparmor.d/abstractions/crypto.orig2024-03-11 11:05:24.027597234
+
+++ /etc/apparmor.d/abstractions/crypto 2024-03-11 11:06:12.035895701 +
@@ -24,4 +24,7 @@
/etc/crypto-policies/*/*.txt r,
/usr/share/crypto-policies/*/*.txt r,
+ # Global gnutls config
+ @{etc_ro}/gnutls/config
+
include if exists
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739
Title:
apparmor="DENIED" operation="open" class="file" profile="virt-aa-
helper" name="/etc/gnutls/config"
Status in apparmor package in Ubuntu:
New
Status in chrony package in Ubuntu:
New
Status in gnutls28 package in Ubuntu:
New
Status in libvirt package in Ubuntu:
New
Status in apparmor source package in Noble:
New
Status in chrony source package in Noble:
New
Status in gnutls28 source package in Noble:
New
Status in libvirt source package in Noble:
New
Bug description:
Christian summarizes this after the great reports by Martin:
gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
and added more later.
Due to that anything linked against gnutls while being apparmor
isolated now hits similar denials, preventing the desired effect of
the config change BTW.
I think for safety we WANT to always allow this access, otherwise
people will subtly not have crypto control about the more important
(those isolated) software. Because after the denial I'd expect this to
not really disable it in the program linked to gnutls (details might
vary depending what they really use gnutls for).
I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
fixing a few but leaving this open in some others not spotted.
I'd therefore suggest, but we need to discuss, to therefore change it
in /etc/apparmor.d/abstractions/base.
Therefore I'm adding gnutls (and Adrien) as well as apparmor to the
bug tasks.
--- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --- --- --- --- --- --- ---
Merely booting current noble cloud image with "chrony" installed causes this:
audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
operation="open" class="file" profile="/usr/sbin/chronyd"
name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
--- --- --- --- --- --- --- --- --- --- --- ---
--- --- --- --- --- --- --- --- --- --- --- ---
Running any VM in libvirt causes a new AppArmor violation in current noble.
This is a regression, this didn't happen in any previous release.
Reproducer:
virt-install --memory 50 --pxe --virt-type qemu --os-variant
alpinelinux3.8 --disk none --wait 0 --name test1
(This is the simplest way to create a test VM. But it's form or shape
doesn't matter at all).
Results in lots of
audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
operation="open" class="file" profile="virt-aa-helper"
name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
libvirt-daemon 10.0.0-2ubuntu1
apparmor 4.0.0~alpha4-0ubuntu1
libgnutls30:amd64 3.8.3-1ubuntu1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"
Hey, I think everything in the gnutls/ directory should be allowed: there can be profiles with arbitrary names (or at least alnum I guess) which define priority/configuration strings that can be used by gnutls applications. I'm not aware of anything else that typically goes there but I haven't checked. I'll have another look today. More generally, there can be the same issue for openssl which has its own abstraction file but isn't included by default AFAIU. A similar issue could apply to ssl_certs since some apps/libraries ship their own cert bundle and could function despite not having access to the system store (I'm looking at you python). I don't know what would be a typical behavior here but I'm pretty sure that the whole range of possible behavior exists in the wild. I'm wondering if I understood the current rules fine because based on my understanding, I would have expected warnings for these too. A noteworthy change is https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303 : it would access to /etc/nss . I don't know if NSS silently ignores inaccessible system-wide configuration or not. You might want to include it already. I think all these libraries should probably fail on EPERM. Probably 0 change upstreams accept such a change if it's needed however. :P -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056739 Title: apparmor="DENIED" operation="open" class="file" profile="virt-aa- helper" name="/etc/gnutls/config" Status in apparmor package in Ubuntu: New Status in chrony package in Ubuntu: New Status in gnutls28 package in Ubuntu: New Status in libvirt package in Ubuntu: New Status in apparmor source package in Noble: New Status in chrony source package in Noble: New Status in gnutls28 source package in Noble: New Status in libvirt source package in Noble: New Bug description: Christian summarizes this after the great reports by Martin: gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3 and added more later. Due to that anything linked against gnutls while being apparmor isolated now hits similar denials, preventing the desired effect of the config change BTW. I think for safety we WANT to always allow this access, otherwise people will subtly not have crypto control about the more important (those isolated) software. Because after the denial I'd expect this to not really disable it in the program linked to gnutls (details might vary depending what they really use gnutls for). I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now fixing a few but leaving this open in some others not spotted. I'd therefore suggest, but we need to discuss, to therefore change it in /etc/apparmor.d/abstractions/base. Therefore I'm adding gnutls (and Adrien) as well as apparmor to the bug tasks. --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Merely booting current noble cloud image with "chrony" installed causes this: audit: type=1400 audit(1710152842.540:107): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/chronyd" name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Running any VM in libvirt causes a new AppArmor violation in current noble. This is a regression, this didn't happen in any previous release. Reproducer: virt-install --memory 50 --pxe --virt-type qemu --os-variant alpinelinux3.8 --disk none --wait 0 --name test1 (This is the simplest way to create a test VM. But it's form or shape doesn't matter at all). Results in lots of audit: type=1400 audit(1710146677.570:108): apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 libvirt-daemon 10.0.0-2ubuntu1 apparmor 4.0.0~alpha4-0ubuntu1 libgnutls30:amd64 3.8.3-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056753] [NEW] pygobject FTBFS on armhf: time_t build test failure
Public bug reported: pygobject fails to build on armhf, the only Ubuntu 32-bit architecture that has done the time_t transition. test_gi.py runs a time_t test that I believe is using functions in glib2.0 Test log excerpt tests/test_gi.py ... [ 21%] . --- stderr --- Fatal Python error: Aborted Current thread 0xf785e020 (most recent call first): File "/<>/tests/test_gi.py", line 579 in test_time_t_in File "/usr/lib/python3.12/unittest/case.py", line 589 in _callTestMethod File "/usr/lib/python3.12/unittest/case.py", line 634 in run File "/usr/lib/python3.12/unittest/case.py", line 690 in __call__ File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 338 in runtest File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 170 in pytest_runtest_call File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 263 in File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 342 in from_call File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 262 in call_runtest_hook File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 223 in call_and_report File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 134 in runtestprotocol File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 115 in pytest_runtest_protocol File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 352 in pytest_runtestloop File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 327 in _main File "/usr/lib/python3/dist-packages/_pytest/main.py", line 273 in wrap_session File "/usr/lib/python3/dist-packages/_pytest/main.py", line 320 in pytest_cmdline_main File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 175 in main File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 198 in console_main File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 7 in File "", line 88 in _run_code File "", line 198 in _run_module_as_main Full build log == https://launchpad.net/ubuntu/+source/pygobject/3.47.0-3build1/+latestbuild/armhf ** Affects: pygobject (Ubuntu) Importance: High Status: Triaged ** Tags: ftbfs noble -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pygobject in Ubuntu. https://bugs.launchpad.net/bugs/2056753 Title: pygobject FTBFS on armhf: time_t build test failure Status in pygobject package in Ubuntu: Triaged Bug description: pygobject fails to build on armhf, the only Ubuntu 32-bit architecture that has done the time_t transition. test_gi.py runs a time_t test that I believe is using functions in glib2.0 Test log excerpt tests/test_gi.py ... [ 21%] . --- stderr --- Fatal Python error: Aborted Current thread 0xf785e020 (most recent call first): File "/<>/tests/test_gi.py", line 579 in test_time_t_in File "/usr/lib/python3.12/unittest/case.py", line 589 in _callTestMethod File "/usr/lib/python3.12/unittest/case.py", line 634 in run File "/usr/lib/python3.12/unittest/case.py", line 690 in __call__ File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 338 in runtest File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 170 in pytest_runtest_call File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 263 in File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 342 in from_call File "/u
[Touch-packages] [Bug 2056753] Re: pygobject FTBFS on armhf: time_t build test failure
** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pygobject in Ubuntu. https://bugs.launchpad.net/bugs/2056753 Title: pygobject FTBFS on armhf: time_t build test failure Status in pygobject package in Ubuntu: Triaged Bug description: pygobject fails to build on armhf, the only Ubuntu 32-bit architecture that has done the time_t transition. test_gi.py runs a time_t test that I believe is using functions in glib2.0 Test log excerpt tests/test_gi.py ... [ 21%] . --- stderr --- Fatal Python error: Aborted Current thread 0xf785e020 (most recent call first): File "/<>/tests/test_gi.py", line 579 in test_time_t_in File "/usr/lib/python3.12/unittest/case.py", line 589 in _callTestMethod File "/usr/lib/python3.12/unittest/case.py", line 634 in run File "/usr/lib/python3.12/unittest/case.py", line 690 in __call__ File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 338 in runtest File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 170 in pytest_runtest_call File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 263 in File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 342 in from_call File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 262 in call_runtest_hook File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 223 in call_and_report File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 134 in runtestprotocol File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 115 in pytest_runtest_protocol File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 352 in pytest_runtestloop File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 327 in _main File "/usr/lib/python3/dist-packages/_pytest/main.py", line 273 in wrap_session File "/usr/lib/python3/dist-packages/_pytest/main.py", line 320 in pytest_cmdline_main File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 175 in main File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 198 in console_main File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 7 in File "", line 88 in _run_code File "", line 198 in _run_module_as_main Full build log == https://launchpad.net/ubuntu/+source/pygobject/3.47.0-3build1/+latestbuild/armhf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pygobject/+bug/2056753/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
** Also affects: initramfs-tools (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: open-iscsi (Ubuntu Jammy)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/apparmor/+git/apparmor/+merge/462142 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056739 Title: apparmor="DENIED" operation="open" class="file" profile="virt-aa- helper" name="/etc/gnutls/config" Status in apparmor package in Ubuntu: New Status in chrony package in Ubuntu: New Status in gnutls28 package in Ubuntu: New Status in libvirt package in Ubuntu: New Status in apparmor source package in Noble: New Status in chrony source package in Noble: New Status in gnutls28 source package in Noble: New Status in libvirt source package in Noble: New Bug description: Christian summarizes this after the great reports by Martin: gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3 and added more later. Due to that anything linked against gnutls while being apparmor isolated now hits similar denials, preventing the desired effect of the config change BTW. I think for safety we WANT to always allow this access, otherwise people will subtly not have crypto control about the more important (those isolated) software. Because after the denial I'd expect this to not really disable it in the program linked to gnutls (details might vary depending what they really use gnutls for). I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now fixing a few but leaving this open in some others not spotted. I'd therefore suggest, but we need to discuss, to therefore change it in /etc/apparmor.d/abstractions/base. Therefore I'm adding gnutls (and Adrien) as well as apparmor to the bug tasks. --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Merely booting current noble cloud image with "chrony" installed causes this: audit: type=1400 audit(1710152842.540:107): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/chronyd" name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Running any VM in libvirt causes a new AppArmor violation in current noble. This is a regression, this didn't happen in any previous release. Reproducer: virt-install --memory 50 --pxe --virt-type qemu --os-variant alpinelinux3.8 --disk none --wait 0 --name test1 (This is the simplest way to create a test VM. But it's form or shape doesn't matter at all). Results in lots of audit: type=1400 audit(1710146677.570:108): apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 libvirt-daemon 10.0.0-2ubuntu1 apparmor 4.0.0~alpha4-0ubuntu1 libgnutls30:amd64 3.8.3-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056758] [NEW] ubuntu-bug doesn't let me file bugs for Snap thunderbird
Public bug reported: I'm trying to report a bug in the new Snap for Thunderbird. When I run "ubuntu-bug thunderbird", it: * Collects information correctly after I input the sudo password * Opens a page like https://bugs.launchpad.net/distros/+filebug/a9564134-dfa6-11ee-85a7-c7116d9f638e?, which does not seem to be valid. This is not the case for Firefox, which works fine with ubuntu-bug. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: apport 2.28.0-0ubuntu1 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CrashReports: 640:1000:124:483410:2024-03-11 14:47:26.874792575 +0400:2024-03-11 14:47:27.874792575 +0400:/var/crash/_opt_Citrix_ICAClient_util_storebrowse.1000.crash 640:0:124:29135:2024-03-10 17:02:30.124656623 +0400:2024-03-10 17:02:30.124656623 +0400:/var/crash/_usr_share_apport_apport.0.crash CurrentDesktop: KDE Date: Mon Mar 11 16:54:18 2024 InstallationDate: Installed on 2022-08-29 (560 days ago) InstallationMedia: Kubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1) PackageArchitecture: all SourcePackage: apport UpgradeStatus: Upgraded to noble on 2024-02-23 (17 days ago) ** Affects: apport (Ubuntu) Importance: Undecided Status: New ** Affects: thunderbird (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble ** Also affects: thunderbird (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/2056758 Title: ubuntu-bug doesn't let me file bugs for Snap thunderbird Status in apport package in Ubuntu: New Status in thunderbird package in Ubuntu: New Bug description: I'm trying to report a bug in the new Snap for Thunderbird. When I run "ubuntu-bug thunderbird", it: * Collects information correctly after I input the sudo password * Opens a page like https://bugs.launchpad.net/distros/+filebug/a9564134-dfa6-11ee-85a7-c7116d9f638e?, which does not seem to be valid. This is not the case for Firefox, which works fine with ubuntu-bug. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: apport 2.28.0-0ubuntu1 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CrashReports: 640:1000:124:483410:2024-03-11 14:47:26.874792575 +0400:2024-03-11 14:47:27.874792575 +0400:/var/crash/_opt_Citrix_ICAClient_util_storebrowse.1000.crash 640:0:124:29135:2024-03-10 17:02:30.124656623 +0400:2024-03-10 17:02:30.124656623 +0400:/var/crash/_usr_share_apport_apport.0.crash CurrentDesktop: KDE Date: Mon Mar 11 16:54:18 2024 InstallationDate: Installed on 2022-08-29 (560 days ago) InstallationMedia: Kubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1) PackageArchitecture: all SourcePackage: apport UpgradeStatus: Upgraded to noble on 2024-02-23 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/2056758/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056758] Re: ubuntu-bug doesn't let me file bugs for Snap thunderbird
Marking thunderbird as affected as well, since the bug is specific to it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/2056758 Title: ubuntu-bug doesn't let me file bugs for Snap thunderbird Status in apport package in Ubuntu: New Status in thunderbird package in Ubuntu: New Bug description: I'm trying to report a bug in the new Snap for Thunderbird. When I run "ubuntu-bug thunderbird", it: * Collects information correctly after I input the sudo password * Opens a page like https://bugs.launchpad.net/distros/+filebug/a9564134-dfa6-11ee-85a7-c7116d9f638e?, which does not seem to be valid. This is not the case for Firefox, which works fine with ubuntu-bug. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: apport 2.28.0-0ubuntu1 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CrashReports: 640:1000:124:483410:2024-03-11 14:47:26.874792575 +0400:2024-03-11 14:47:27.874792575 +0400:/var/crash/_opt_Citrix_ICAClient_util_storebrowse.1000.crash 640:0:124:29135:2024-03-10 17:02:30.124656623 +0400:2024-03-10 17:02:30.124656623 +0400:/var/crash/_usr_share_apport_apport.0.crash CurrentDesktop: KDE Date: Mon Mar 11 16:54:18 2024 InstallationDate: Installed on 2022-08-29 (560 days ago) InstallationMedia: Kubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1) PackageArchitecture: all SourcePackage: apport UpgradeStatus: Upgraded to noble on 2024-02-23 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/2056758/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
Definitely, I'm doing something very wrong.
I deployed a new VM (VMware) through MaaS, using the original initrd.
Applied the patch and did the same things I mentioned in my comment
above.
This time, the keyboard does not work (seems to be stuck; I'm not able
to scroll up to see what happens).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2053165] Re: [noble] Version 2.7.5 causes software-properties to crash
*** This bug is a duplicate of bug 2053228 ***
https://bugs.launchpad.net/bugs/2053228
Please do not delete files, certainly not ubuntu.sources, or you will no
longer get updates.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-apt in Ubuntu.
https://bugs.launchpad.net/bugs/2053165
Title:
[noble] Version 2.7.5 causes software-properties to crash
Status in python-apt package in Ubuntu:
Confirmed
Bug description:
Hi,
Only since recent 2.7.5 update along with 0.99.42 for software-properties.
Crash on start-up.
$ software-properties-gtk
Traceback (most recent call last):
File "/usr/bin/software-properties-gtk", line 100, in
app = SoftwarePropertiesGtk(datadir=options.data_dir, options=options,
file=file)
^^^
File
"/usr/lib/python3/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py",
line 163, in __init__
SoftwareProperties.__init__(self, options=options, datadir=datadir,
File
"/usr/lib/python3/dist-packages/softwareproperties/SoftwareProperties.py", line
109, in __init__
self.backup_sourceslist()
File
"/usr/lib/python3/dist-packages/softwareproperties/SoftwareProperties.py", line
437, in backup_sourceslist
source_bkp = SourceEntry(line=source.line,file=source.file)
^^
File "/usr/lib/python3/dist-packages/aptsources/sourceslist.py", line 509,
in __init__
raise ValueError("Classic SourceEntry cannot be written to .sources file")
ValueError: Classic SourceEntry cannot be written to .sources file
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2053165/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056753] Re: pygobject FTBFS on armhf: time_t build test failure
** Also affects: gobject-introspection (Ubuntu) Importance: Undecided Status: New ** Bug watch added: gitlab.gnome.org/GNOME/gobject-introspection/-/issues #494 https://gitlab.gnome.org/GNOME/gobject-introspection/-/issues/494 ** Also affects: gobject-introspection via https://gitlab.gnome.org/GNOME/gobject-introspection/-/issues/494 Importance: Unknown Status: Unknown ** Changed in: gobject-introspection (Ubuntu) Status: New => Triaged ** Changed in: gobject-introspection (Ubuntu) Importance: Undecided => High ** Bug watch added: Debian Bug tracker #1066032 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066032 ** Also affects: gobject-introspection (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066032 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gobject-introspection in Ubuntu. https://bugs.launchpad.net/bugs/2056753 Title: pygobject FTBFS on armhf: time_t build test failure Status in GObject Introspection: Unknown Status in gobject-introspection package in Ubuntu: Triaged Status in pygobject package in Ubuntu: Triaged Status in gobject-introspection package in Debian: Unknown Bug description: pygobject fails to build on armhf, the only Ubuntu 32-bit architecture that has done the time_t transition. test_gi.py runs a time_t test that I believe is using functions in glib2.0 Test log excerpt tests/test_gi.py ... [ 21%] . --- stderr --- Fatal Python error: Aborted Current thread 0xf785e020 (most recent call first): File "/<>/tests/test_gi.py", line 579 in test_time_t_in File "/usr/lib/python3.12/unittest/case.py", line 589 in _callTestMethod File "/usr/lib/python3.12/unittest/case.py", line 634 in run File "/usr/lib/python3.12/unittest/case.py", line 690 in __call__ File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 338 in runtest File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 170 in pytest_runtest_call File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 263 in File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 342 in from_call File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 262 in call_runtest_hook File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 223 in call_and_report File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 134 in runtestprotocol File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 115 in pytest_runtest_protocol File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 352 in pytest_runtestloop File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 327 in _main File "/usr/lib/python3/dist-packages/_pytest/main.py", line 273 in wrap_session File "/usr/lib/python3/dist-packages/_pytest/main.py", line 320 in pytest_cmdline_main File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 175 in main File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 198 in console_main File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 7 in File "", line 88 in _run_code File "", line 198 in _run_module_as_main Full build log == https://launchpad.net/ubuntu/+source/pygobject/3.47.0-3build1/+latestbuild/armhf To manage notifications about this bug go to: https://bugs.launchpad.net/gobject-introspection/+bug/2056753/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
[ Impact ]
* MAAS cannot PXE-boot a machine that has iSCSI disks
* Focal is the default Ubuntu distribution deployed by MAAS, so we should
back-port this to ensure it works out-of-the-box.
[ Test Plan ]
* reproducing this issue requires a machine with iSCSI disks (Cisco UCS Manager
in the original report), and a MAAS controller (3.4 or better)
* the issue can be observed by simply enlisting the machine in MAAS. It will
fail to boot due to the missing BOOTIF configuration.
[ Where problems could occur ]
* the problematic code was an attempt to fix LP#2037202, so we should watch out
for regressions.
[ Other Info ]
*
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056768] [NEW] apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/"
Public bug reported: There is an AppArmor regression in current noble. In cockpit we recently started to test on noble (to prevent the "major regressions after release" fiasco from 23.10 again). For some weird reason, rsyslog is installed *by default* [1] in the cloud images. That is a rather pointless waste of CPU and disk space, as it's an unnecessary running daemon and duplicates all the written logs. But more specifically, we noticed [2] an AppArmor rejection. Reproducer is simple: logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE this causes type=1400 audit(1710168739.345:108): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/" pid=714 comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=102 ouid=0 Note that it doesn't actually fail, the "EMERGENCY_MESSAGE" does appear in the journal and also in /var/log/syslog. But it's some noise that triggers our (and presumbly other admin's) log detectors. rsyslog 8.2312.0-3ubuntu3 apparmor 4.0.0~alpha4-0ubuntu1 [1] https://cloud-images.ubuntu.com/daily/server/noble/current/noble-server-cloudimg-amd64.manifest [2] https://cockpit-logs.us-east-1.linodeobjects.com/pull-6048-20240311-125838-b465e9b2-ubuntu-stable-other-cockpit-project-cockpit/log.html#118 ** Affects: rsyslog (Ubuntu) Importance: Undecided Status: New ** Affects: rsyslog (Ubuntu Noble) Importance: Undecided Status: New ** Tags: apparmor cockpit-test noble regression-release ** Also affects: rsyslog (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/2056768 Title: apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/" Status in rsyslog package in Ubuntu: New Status in rsyslog source package in Noble: New Bug description: There is an AppArmor regression in current noble. In cockpit we recently started to test on noble (to prevent the "major regressions after release" fiasco from 23.10 again). For some weird reason, rsyslog is installed *by default* [1] in the cloud images. That is a rather pointless waste of CPU and disk space, as it's an unnecessary running daemon and duplicates all the written logs. But more specifically, we noticed [2] an AppArmor rejection. Reproducer is simple: logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE this causes type=1400 audit(1710168739.345:108): apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/" pid=714 comm=72733A6D61696E20513A526567 requested_mask="r" denied_mask="r" fsuid=102 ouid=0 Note that it doesn't actually fail, the "EMERGENCY_MESSAGE" does appear in the journal and also in /var/log/syslog. But it's some noise that triggers our (and presumbly other admin's) log detectors. rsyslog 8.2312.0-3ubuntu3 apparmor 4.0.0~alpha4-0ubuntu1 [1] https://cloud-images.ubuntu.com/daily/server/noble/current/noble-server-cloudimg-amd64.manifest [2] https://cockpit-logs.us-east-1.linodeobjects.com/pull-6048-20240311-125838-b465e9b2-ubuntu-stable-other-cockpit-project-cockpit/log.html#118 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2056768/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056753] Re: pygobject FTBFS on armhf: time_t build test failure
** Changed in: gobject-introspection Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gobject-introspection in Ubuntu. https://bugs.launchpad.net/bugs/2056753 Title: pygobject FTBFS on armhf: time_t build test failure Status in GObject Introspection: New Status in gobject-introspection package in Ubuntu: Triaged Status in pygobject package in Ubuntu: Triaged Status in gobject-introspection package in Debian: Unknown Bug description: pygobject fails to build on armhf, the only Ubuntu 32-bit architecture that has done the time_t transition. test_gi.py runs a time_t test that I believe is using functions in glib2.0 Test log excerpt tests/test_gi.py ... [ 21%] . --- stderr --- Fatal Python error: Aborted Current thread 0xf785e020 (most recent call first): File "/<>/tests/test_gi.py", line 579 in test_time_t_in File "/usr/lib/python3.12/unittest/case.py", line 589 in _callTestMethod File "/usr/lib/python3.12/unittest/case.py", line 634 in run File "/usr/lib/python3.12/unittest/case.py", line 690 in __call__ File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 338 in runtest File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 170 in pytest_runtest_call File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 263 in File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 342 in from_call File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 262 in call_runtest_hook File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 223 in call_and_report File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 134 in runtestprotocol File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 115 in pytest_runtest_protocol File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 352 in pytest_runtestloop File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 327 in _main File "/usr/lib/python3/dist-packages/_pytest/main.py", line 273 in wrap_session File "/usr/lib/python3/dist-packages/_pytest/main.py", line 320 in pytest_cmdline_main File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 175 in main File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 198 in console_main File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 7 in File "", line 88 in _run_code File "", line 198 in _run_module_as_main Full build log == https://launchpad.net/ubuntu/+source/pygobject/3.47.0-3build1/+latestbuild/armhf To manage notifications about this bug go to: https://bugs.launchpad.net/gobject-introspection/+bug/2056753/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in Kubuntu
** Summary changed: - All Snaps are denied the ability to use DBus for notifications and apptray indicators + All Snaps are denied the ability to use DBus for notifications and apptray indicators in Kubuntu ** Summary changed: - All Snaps are denied the ability to use DBus for notifications and apptray indicators in Kubuntu + All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors Status in snapd: New Status in apparmor package in Ubuntu: New Bug description: OS: Kubuntu Noble 24.04 Alpha (two-day old install) snapd version: 2.61.2 Affected Snaps: firefox, thunderbird, element-desktop Steps to reproduce: # For Firefox: 1. Open the Firefox Snap. 2. Open https://www.bennish.net/web-notifications.html. 3. Click "Authorize" and allow the website to send notifications. 4. Click "Show". Expected result: A notification should be displayed by Plasma, similar to other notifications the system displays. Actual result: The notification shows up in the upper-right corner of the display, improperly themed and obviously generated by Firefox as a fallback. # For Thunderbird: 1. Open the Thunderbird Snap. 2. Ensure you are connected to an email account. 3. Unfocus the Thunderbird window. 4. Wait for an email to come through. Expected result: When the email comes through, a notification should be displayed by Plasma, similar to other notifications the system displays. Actual result: The notification shows up improperly themed and obviously generated by Thunderbird as a fallback. # For Element: 1. Open the Element Snap. Expected result: An apptray indicator should appear in the system tray with the Element logo. Actual result: No such indicator appears. 2. Log in, ask someone to ping you, then unfocus the window and wait for the ping to come through. Expected result: A notification should be displayed by Plasma, similar to other notifications the system displays. Actual result: No notification appears at all. Additional information: Based on the output of snappy-debug, this appears to be AppArmor related, at least for element-desktop (but presumably for the others too). Of note are some of the following log entries: ``` = AppArmor = Time: 2024-03-10T13:4 Log: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ListActivatableNames" mask="send" name="org.freedesktop.DBus" pid=2950 label="snap.element-desktop.element-desktop" peer_label="unconfined" DBus access = AppArmor = Time: 2024-03-10T13:4 Log: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/modules/kwalletd5" interface="org.kde.KWallet" member="isEnabled" mask="send" name="org.kde.kwalletd5" pid=2950 label="snap.element-desktop.element-desktop" peer_pid=1762 peer_label="unconfined" DBus access = AppArmor = Time: 2024-03-10T13:4 Log: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/modules/kwalletd5" interface="org.kde.KWallet" member="close" mask="send" name="org.kde.kwalletd5" pid=2950 label="snap.element-desktop.element-desktop" peer_pid=1762 peer_label="unconfined" DBus access = AppArmor = Time: 2024-03-10T13:4 Log: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/StatusNotifierItem" interface="org.freedesktop.DBus.Properties" member="GetAll" name=":1.45" mask="receive" pid=2950 label="snap.element-desktop.element-desktop" peer_pid=2394 peer_label="plasmashell" DBus access = AppArmor = Time: 2024-03-10T13:4 Log: apparmor="DENIED" operation="dbus_signal" bus="session" path="/StatusNotifierItem" interface="org.kde.StatusNotifierItem" member="NewToolTip" mask="send" name="org.freedesktop.DBus" pid=2950 label="snap.element-desktop.element-desktop" peer_pid=2394 peer_label="plasmashell" DBus access ``` Booting with `apparmor=0` set on the kernel command line fixes the issue with Element (apptray indicator appears, notifications show up). Obviously this is not a solution, but it does isolate AppArmor as being at least partially at fault. This issue seems to be somewhat similar to https://forum.snapcraft.io/t/dbus-related-apparmor-denials/37422, however it seems as if Element is trying to hit the right paths and interfaces and is still being denied (based on looking at the info in https://github.com/snapcore/snapd/blob/master/interfaces/builtin/desktop_legacy.go and comparing the paths and interfaces there with the paths and interfaces shown by snappy-debug. I talked about this issue with Erich Eickmeyer and he men
[Touch-packages] [Bug 2046477] Re: Enable unprivileged user namespace restrictions by default
Just to make sure that we really talk about the same thing: This bug
sounds like it is *intended* that
unshare --user --map-root-user /bin/bash -c whoami
(as unpriv user) now fails in current Ubuntu 24.04 noble. That still
worked in released 23.10.
I am starting to test Cockpit on the current noble dailies [1] to make
sure everything is ready for 24.04 LTS (as 23.10 was a bit of a
disaster..), and aside from some non-fatal AppAmor noise this is the
most important issue. This breaks /usr/lib/cockpit/cockpit-desktop ,
which uses an user namespace to isolate cockpit's web server + a
browser, and that isolation is absolutely crucial for its security.
I can update cockpit-ws.deb to ship a new file /etc/apparmor.d/cockpit-
desktop with
-- 8< ---
abi ,
include
profile cockpit-desktop /usr/lib/cockpit/cockpit-desktop flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
-- 8< ---
I confirmed that this works fine. I just wanted to check that this is
intended, and not circumventing your intentions here?
Thanks!
[1] https://github.com/cockpit-project/bots/pull/6048
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046477
Title:
Enable unprivileged user namespace restrictions by default
Status in apparmor package in Ubuntu:
Triaged
Bug description:
As per https://discourse.ubuntu.com/t/spec-unprivileged-user-
namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626,
unprivileged user namespace restrictions for Ubuntu 23.10 are to be
enabled by default via a sysctl.d conf file in apparmor, and for that
to happen, the restrictions need to be enabled for 24.04
When the unprivileged user namespace restrictions are enabled, various
applications within and outside the Ubuntu archive fail to function,
as they use unprivileged user namespaces as part of their normal
operation.
A search of the Ubuntu archive for the 23.10 release was performed
looking for all applications that make legitimate use of the
CLONE_NEWUSER argument, the details of which can be seen in
https://docs.google.com/spreadsheets/d/1MOPVoTW0BROF1TxYqoWeJ3c6w2xKElI4w-VjdCG0m9s/edit#gid=2102562502
For each package identified in that list, an investigation was made to
determine if the application actually used this as an unprivileged
user, and if so which of the binaries within the package were
affected.
The full investigation can be seen in
https://warthogs.atlassian.net/browse/SEC-1898 (which is unfortunately
private) but is summarised to the following list of Ubuntu source
packages, as well as some out-of-archive applications that are known
to use unprivileged user namespaces.
For each of these binaries, an apparmor profile is required so that
the binary can be granted use of unprivileged user namespaces - an
example profile for the ch-run binary within the charliecloud package
is shown:
$ cat /etc/apparmor.d/ch-run
abi ,
include
profile ch-run /usr/bin/ch-run flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
However, in a few select cases, it has been decided not to ship an apparmor
profile, since this would effectively allow this mitigation to be bypassed. In
particular, the unshare and setns binaries within the util-linux package are
installed on every Ubuntu system, and allow an unprivileged user the ability to
launch an arbitrary application within a new user namespace. Any malicious
application then that wished to exploit an unprivileged user namespace to
conduct an attack on the kernel would simply need to spawn itself via `unshare
-U` or similar to be granted this permission. Therefore, due to the ubiquitous
nature of the unshare (and setns) binaries, profiles are not planned to be
provided for these by default.
Similarly, the bwrap binary within bubblewrap is also installed by default on
Ubuntu Desktop 24.04 and can also be used to launch arbitrary binaries within a
new user namespace and so no profile is planned to be provided for this either.
In Bug 2035315 new apparmor profiles were added to the apparmor
package for various applications which require unprivileged user
namespaces, using a new unconfined profile mode. They were also added
in the AppArmor upstream project.
As well as enabling the sysctl via the sysctl.d conf file, it is
proposed to add logic into the apparmor.service systemd unit to check
that the kernel supports the unconfined profile mode and that it is
enabled - and if not then to force disable the userns restrictions
sysctl via the following logic:
userns_restricted=$(sysctl -n kernel.apparmor_restrict_unprivileged_userns)
unconfined_userns=$([ -f
/sys/kernel/security/apparmor/features/policy
[Touch-packages] [Bug 2056753] Re: pygobject FTBFS on armhf: time_t build test failure
** Changed in: gobject-introspection (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gobject-introspection in Ubuntu. https://bugs.launchpad.net/bugs/2056753 Title: pygobject FTBFS on armhf: time_t build test failure Status in GObject Introspection: New Status in gobject-introspection package in Ubuntu: Triaged Status in pygobject package in Ubuntu: Triaged Status in gobject-introspection package in Debian: New Bug description: pygobject fails to build on armhf, the only Ubuntu 32-bit architecture that has done the time_t transition. test_gi.py runs a time_t test that I believe is using functions in glib2.0 Test log excerpt tests/test_gi.py ... [ 21%] . --- stderr --- Fatal Python error: Aborted Current thread 0xf785e020 (most recent call first): File "/<>/tests/test_gi.py", line 579 in test_time_t_in File "/usr/lib/python3.12/unittest/case.py", line 589 in _callTestMethod File "/usr/lib/python3.12/unittest/case.py", line 634 in run File "/usr/lib/python3.12/unittest/case.py", line 690 in __call__ File "/usr/lib/python3/dist-packages/_pytest/unittest.py", line 338 in runtest File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 170 in pytest_runtest_call File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 263 in File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 342 in from_call File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 262 in call_runtest_hook File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 223 in call_and_report File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 134 in runtestprotocol File "/usr/lib/python3/dist-packages/_pytest/runner.py", line 115 in pytest_runtest_protocol File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 352 in pytest_runtestloop File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/main.py", line 327 in _main File "/usr/lib/python3/dist-packages/_pytest/main.py", line 273 in wrap_session File "/usr/lib/python3/dist-packages/_pytest/main.py", line 320 in pytest_cmdline_main File "/usr/lib/python3/dist-packages/pluggy/_callers.py", line 102 in _multicall File "/usr/lib/python3/dist-packages/pluggy/_manager.py", line 119 in _hookexec File "/usr/lib/python3/dist-packages/pluggy/_hooks.py", line 501 in __call__ File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 175 in main File "/usr/lib/python3/dist-packages/_pytest/config/__init__.py", line 198 in console_main File "/usr/lib/python3/dist-packages/pytest/__main__.py", line 7 in File "", line 88 in _run_code File "", line 198 in _run_module_as_main Full build log == https://launchpad.net/ubuntu/+source/pygobject/3.47.0-3build1/+latestbuild/armhf To manage notifications about this bug go to: https://bugs.launchpad.net/gobject-introspection/+bug/2056753/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2049995] Re: System volume doesn't change volume
After this update of this package "alsa-ucm-conf:amd64" the system volume it's working as expected. So far, the issue is gone. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2049995 Title: System volume doesn't change volume Status in alsa-driver package in Ubuntu: Confirmed Bug description: Hi, as described here https://askubuntu.com/questions/1487030/system- volume-doesnt-change-app-volume, I also have this problem. I've already tried to boot with a Manjaro USB live with Gnome and there the volume works as expected. ProblemType: Bug DistroRelease: Ubuntu 23.10 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 6.5.0-14.14-generic 6.5.3 Uname: Linux 6.5.0-14-generic x86_64 ApportVersion: 2.27.0-0ubuntu5 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: japimentel 8590 F wireplumber /dev/snd/controlC0: japimentel 8590 F wireplumber /dev/snd/seq:japimentel 8580 F pipewire CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sun Jan 21 10:28:26 2024 InstallationDate: Installed on 2023-11-21 (61 days ago) InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/12/2023 dmi.bios.release: 1.21 dmi.bios.vendor: LENOVO dmi.bios.version: MLCN21WW dmi.board.asset.tag: NO Asset Tag dmi.board.name: LNVNB161216 dmi.board.vendor: LENOVO dmi.board.version: No DPK dmi.chassis.asset.tag: NO Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Yoga Pro 7 14APH8 dmi.ec.firmware.release: 1.21 dmi.modalias: dmi:bvnLENOVO:bvrMLCN21WW:bd07/12/2023:br1.21:efr1.21:svnLENOVO:pn82Y8:pvrYogaPro714APH8:rvnLENOVO:rnLNVNB161216:rvrNoDPK:cvnLENOVO:ct10:cvrYogaPro714APH8:skuLENOVO_MT_82Y8_BU_idea_FM_YogaPro714APH8: dmi.product.family: Yoga Pro 7 14APH8 dmi.product.name: 82Y8 dmi.product.sku: LENOVO_MT_82Y8_BU_idea_FM_Yoga Pro 7 14APH8 dmi.product.version: Yoga Pro 7 14APH8 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2049995/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
Something I forgot to mention, and it may be relevant after seeing the
comment above: I'm using the HWE kernel for Jammy.
Is it better to rollback to Focal with the default kernel?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052482] Re: Bad packet length 2424479189 Connection corrupted
I am not sure I fully understand the latest comment. Does it mean that 8.0p1-19.0.1 just works? What about 8.0p1-19.0.1.2, mentioned in [1]? [1] https://linux.oracle.com/errata/ELSA-2024-12164.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052482 Title: Bad packet length 2424479189 Connection corrupted Status in openssh package in Ubuntu: Incomplete Bug description: ssh-clent: uname -a :5.15.0-48-generic #54-Ubuntu ``` Ubuntu 22.04.3 LTS OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 ``` ssh-server: ``` OracleLinux 8.9 OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 ``` ``` userxxx@userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/userxxx/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/userxxx/.ssh/known_hosts2' debug3: ssh_connect_direct: entering debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/userxxx/.ssh/id_rsa type 0 debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2 debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_xmss type -1 debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1 debug1: identity file /home/userxxx/.ssh/id_dsa type -1 debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx' debug3: record_hostkey: found key type ED25519 in file /home/userxxx/.ssh/known_hosts:20 debug3: load_hostkeys_file: loaded 1 keys from 192.168.xxx.xxx debug1: load_hostkeys: fopen /home/userxxx/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-...@openssh.com, using HostkeyAlgorithms verbatim debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-...@openssh.com debug2: host key algorithms: ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,sk-ssh-ed25519-cert-...@openssh.com,sk-ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25...@openssh.com,sk-ecdsa-sha2-nistp...@openssh.com,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.co
[Touch-packages] [Bug 2052930] Re: liblocale-gettext-perl autopkgtests fail against glibc 2.39
It turns out the fix was already in the upstream repo as a PR for a while (couple of years?). I've submitted a Salsa MR to proactively address the issue before it shows up there: https://salsa.debian.org/perl-team/modules/packages/liblocale-gettext- perl/-/merge_requests/1 and I've uploaded the same changes in Ubuntu. ** Changed in: liblocale-gettext-perl (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to liblocale-gettext-perl in Ubuntu. https://bugs.launchpad.net/bugs/2052930 Title: liblocale-gettext-perl autopkgtests fail against glibc 2.39 Status in glibc package in Ubuntu: Triaged Status in liblocale-gettext-perl package in Ubuntu: Fix Committed Bug description: The autopkgtests for liblocale-gettext-perl fail against glibc 2.39 with the following errors: autopkgtest [15:27:03]: test autodep8-perl-build-deps: [--- 243s t/bind.t ... 243s 1..1 243s # Running under perl version 5.036000 for linux 243s # Current time local: Wed Feb 7 15:27:02 2024 243s # Current time GMT: Wed Feb 7 15:27:02 2024 243s # Using Test.pm version 1.31 243s ok 1 243s ok 243s t/frconvert.t .. 243s 1..1 243s # Running under perl version 5.036000 for linux 243s # Current time local: Wed Feb 7 15:27:02 2024 243s # Current time GMT: Wed Feb 7 15:27:02 2024 243s # Using Test.pm version 1.31 243s not ok 1 243s # Failed test 1 in t/frconvert.t at line 22 243s # t/frconvert.t line 22 is: ok(0); 243s Failed 1/1 subtests 243s t/jaconvert.t .. 243s 1..1 243s # Running under perl version 5.036000 for linux 243s # Current time local: Wed Feb 7 15:27:03 2024 243s # Current time GMT: Wed Feb 7 15:27:03 2024 243s # Using Test.pm version 1.31 243s test 243s not ok 1 243s # Failed test 1 in t/jaconvert.t at line 23 243s # t/jaconvert.t line 23 is: ok(0); 243s Failed 1/1 subtests 243s t/raw.t 243s 1..1 243s # Running under perl version 5.036000 for linux 243s # Current time local: Wed Feb 7 15:27:03 2024 243s # Current time GMT: Wed Feb 7 15:27:03 2024 243s # Using Test.pm version 1.31 243s not ok 1 243s # Failed test 1 in t/raw.t at line 14 243s # t/raw.t line 14 is: ok(0); 243s Failed 1/1 subtests 243s t/use.t 243s 1..1 243s # Running under perl version 5.036000 for linux 243s # Current time local: Wed Feb 7 15:27:03 2024 243s # Current time GMT: Wed Feb 7 15:27:03 2024 243s # Using Test.pm version 1.31 243s ok 1 243s ok 243s 243s Test Summary Report 243s --- 243s t/frconvert.t (Wstat: 0 Tests: 1 Failed: 1) 243s Failed test: 1 243s t/jaconvert.t (Wstat: 0 Tests: 1 Failed: 1) 243s Failed test: 1 243s t/raw.t (Wstat: 0 Tests: 1 Failed: 1) 243s Failed test: 1 243s Files=5, Tests=5, 1 wallclock secs ( 0.03 usr 0.01 sys + 0.09 cusr 0.07 csys = 0.20 CPU) 243s Result: FAIL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2052930/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
I have read in a couple other pages that I can edit /etc/apparmor.d/firefox. Since I'm using version 124 beta 9, and my firefox is installed in /opt/firefox, do I just adjust the path in that file to make it work? Thanks much in advance for the help. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP Status in AppArmor: New Status in akonadiconsole package in Ubuntu: Fix Released Status in akregator package in Ubuntu: Fix Released Status in angelfish package in Ubuntu: Fix Released Status in apparmor package in Ubuntu: Fix Released Status in bubblewrap package in Ubuntu: Confirmed Status in cantor package in Ubuntu: Fix Released Status in devhelp package in Ubuntu: Fix Released Status in digikam package in Ubuntu: Fix Released Status in epiphany-browser package in Ubuntu: Fix Released Status in evolution package in Ubuntu: Fix Released Status in falkon package in Ubuntu: Fix Released Status in firefox package in Ubuntu: Confirmed Status in freecad package in Ubuntu: Confirmed Status in geary package in Ubuntu: Confirmed Status in ghostwriter package in Ubuntu: Fix Released Status in gnome-packagekit package in Ubuntu: Confirmed Status in goldendict-webengine package in Ubuntu: Confirmed Status in kalgebra package in Ubuntu: Fix Released Status in kchmviewer package in Ubuntu: Confirmed Status in kdeplasma-addons package in Ubuntu: Fix Released Status in kgeotag package in Ubuntu: Fix Released Status in kiwix package in Ubuntu: Confirmed Status in kmail package in Ubuntu: Fix Released Status in konqueror package in Ubuntu: Fix Released Status in kontact package in Ubuntu: Fix Released Status in loupe package in Ubuntu: Confirmed Status in marble package in Ubuntu: Fix Released Status in notepadqq package in Ubuntu: Confirmed Status in opam package in Ubuntu: Fix Released Status in pageedit package in Ubuntu: Confirmed Status in plasma-desktop package in Ubuntu: Fix Released Status in plasma-welcome package in Ubuntu: Fix Released Status in privacybrowser package in Ubuntu: Confirmed Status in qmapshack package in Ubuntu: Confirmed Status in qutebrowser package in Ubuntu: Confirmed Status in rssguard package in Ubuntu: Confirmed Status in steam package in Ubuntu: Fix Committed Status in supercollider package in Ubuntu: Confirmed Status in tellico package in Ubuntu: Fix Released Bug description: Hi, I run Ubuntu development branch 24.04 and I have a problem with Epiphany browser 45.1-1 (Gnome Web): program doesn't launch, and I get this error $ epiphany bwrap: Creating new namespace failed: Permission denied ** (epiphany:12085): ERROR **: 14:44:35.023: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1 Trappe pour point d'arrêt et de trace (core dumped) $ epiphany bwrap: Creating new namespace failed: Permission denied ** (epiphany:30878): ERROR **: 22:22:26.926: Failed to fully launch dbus-proxy: Le processus fils s’est terminé avec le code 1 Trappe pour point d'arrêt et de trace (core dumped) Thanks for your help! To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
I think you can continue with your current kernel. We should back-port
this to all LTS
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056187] Re: fails to configure BOOTIF when using iscsi
nice!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2056187
Title:
fails to configure BOOTIF when using iscsi
Status in initramfs-tools package in Ubuntu:
Fix Committed
Status in open-iscsi package in Ubuntu:
Invalid
Status in initramfs-tools source package in Jammy:
New
Status in open-iscsi source package in Jammy:
New
Bug description:
we have a bad interaction between initramfs-tools and open-iscsi,
resulting in the boot interface not being configured.
when the iscsi has a static address, the script `local-top/iscsi` from
open-iscsi creates a /run/net-$DEVICE.conf file for the iscsi
interface. The existence of this file makes configure_networking()
skip configuring the BOOTIF later due to this code in
`scripts/functions`:
for x in /run/net-"${DEVICE}".conf /run/net-*.conf ; do
if [ -e "$x" ]; then
IP=done
break
fi
done
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2039294] Re: apparmor docker
This issue is also affecting me, and I do not have experience with apparmor profiles to update the correct file. Can someone explain in more details a patch that fixes the issue ? (more precisely: what line should I write ? in what file ?) Obviously: it is also a pain to have this issue with the stock system configuration, I hope this issue gets fixed sooner than later. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2039294 Title: apparmor docker Status in docker: New Status in apparmor package in Ubuntu: Incomplete Bug description: No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 23.10 Release:23.10 Codename: mantic Docker version 24.0.5, build 24.0.5-0ubuntu1 Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all signals?) doesn't reach the target process. Works when apparmor is uninstalled. [17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172626 comm="runc" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/sbin/runc" [17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172633 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="/usr/sbin/runc" To manage notifications about this bug go to: https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2039294] Re: apparmor docker
@gvarouchas, you need to be more specific. There are a couple interrelated issues in this bug. What is the exact Denial message you are getting. The will look something like the denial messages in comment 5. You can find them using sudo dmesg | grep DENIED or journalctl -g apparmor -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2039294 Title: apparmor docker Status in docker: New Status in apparmor package in Ubuntu: Incomplete Bug description: No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 23.10 Release:23.10 Codename: mantic Docker version 24.0.5, build 24.0.5-0ubuntu1 Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all signals?) doesn't reach the target process. Works when apparmor is uninstalled. [17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172626 comm="runc" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/sbin/runc" [17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172633 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="/usr/sbin/runc" To manage notifications about this bug go to: https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2026757] Re: dnsmasq on Ubuntu Jammy crashes on neutron-dhcp-agent updates
I wonder if the latest update to Jammy has fixed the issue? Is this issue still occurring for you when upgrading to the Jammy package version 2.90-0ubuntu0.22.04.1 Julia? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2026757 Title: dnsmasq on Ubuntu Jammy crashes on neutron-dhcp-agent updates Status in Ironic: Triaged Status in neutron: New Status in dnsmasq package in Ubuntu: Invalid Status in dnsmasq source package in Jammy: Incomplete Status in dnsmasq source package in Kinetic: Won't Fix Status in dnsmasq source package in Lunar: Invalid Status in dnsmasq source package in Mantic: Invalid Bug description: The Ironic project's CI has been having major blocking issues moving to utilizing Ubuntu Jammy and with some investigation we were able to isolate the issues down to the dhcp updates causing dnsmasq to crash on Ubuntu Jammy, which ships with dnsmasq 2.86. This issue sounds similar to an issue known about to the dnsmasq maintainers, where dnsmasq would crash with updates occurring due to configuration refresh[0]. This resulted in us upgrading dnsmasq to the version which ships with Ubuntu Lunar. Which was no better. Dnsmasq still crashed upon record updates for addresses and ports getting configuration added/changed/removed. We later downgraded to the version of dnsmasq shipped in Ubuntu Focal, and dnsmasq stopped crashing and appeared stable enough to utilize for CI purposes. ** Kernel log from Ubuntu Jammy Package ** [229798.876726] dnsmasq[81586]: segfault at 7c28 ip 7f6e8313147e sp 7fffb3d6f830 error 4 in libc.so.6[7f6e830b4000+195000] [229798.876745] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [229805.444912] dnsmasq[401428]: segfault at dce8 ip 7fe63bf6a47e sp 7ffdb105b440 error 4 in libc.so.6[7fe63beed000+195000] [229805.444933] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [230414.213448] dnsmasq[401538]: segfault at 78b8 ip 7f12160e447e sp 7ffed6ef2190 error 4 in libc.so.6[7f1216067000+195000] [230414.213467] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [230465.098989] dnsmasq[402665]: segfault at c378 ip 7f81458f047e sp 7fff0db334a0 error 4 in libc.so.6[7f8145873000+195000] [230465.099005] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [231787.247374] dnsmasq[402863]: segfault at 7318 ip 7f3940b9147e sp 7ffc8df4f010 error 4 in libc.so.6[7f3940b14000+195000] [231787.247392] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [231844.886399] dnsmasq[405182]: segfault at dc58 ip 7f32a29e147e sp 7ffddedd7480 error 4 in libc.so.6[7f32a2964000+195000] [231844.886420] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [234692.482154] dnsmasq[405289]: segfault at 67d8 ip 7fab0c5c447e sp 7fffd6fd8fa0 error 4 in libc.so.6[7fab0c547000+195000] [234692.482173] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a ** Kernel log entries from Ubuntu Lunar package ** [234724.842339] dnsmasq[409843]: segfault at fffd ip 7f35a147647e sp 7ffd536038c0 error 5 in libc.so.6[7f35a13f9000+195000] [234724.842368] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [234784.918116] dnsmasq[410019]: segfault at fffd ip 7f634233947e sp 7fff33877f20 error 5 in libc.so.6[7f63422bc000+195000] [234784.918133] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [235022.163339] dnsmasq[410151]: segfault at fffd ip 7f21dd37f47e sp 7fff9bf
[Touch-packages] [Bug 2039294] Re: apparmor docker
As a temporary patch on my system, I disabled the apparmor rules for /usr/sbin/runc Following the documentation to disable one single apparmor profile (link: https://help.ubuntu.com/community/AppArmor#Disable_one_profile ) : ``` sudo ln -s /etc/apparmor.d/usr.sbin.runc /etc/apparmor.d/disable/ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.runc ``` docker can now send signals to its containers. --- re-activating is documented in the next paragraph in the page above: ``` sudo rm /etc/apparmor.d/disable/usr.sbin.runc sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.runc ``` docker stop will not be able to send a signal to its containers anymore. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2039294 Title: apparmor docker Status in docker: New Status in apparmor package in Ubuntu: Incomplete Bug description: No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 23.10 Release:23.10 Codename: mantic Docker version 24.0.5, build 24.0.5-0ubuntu1 Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all signals?) doesn't reach the target process. Works when apparmor is uninstalled. [17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172626 comm="runc" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/sbin/runc" [17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED" operation="signal" class="signal" profile="docker-default" pid=172633 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="/usr/sbin/runc" To manage notifications about this bug go to: https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056802] [NEW] crypttab does not honor `x-initrd.attach` option
Public bug reported: From systemd version 245+ an option was added x-initrd.attach - Setup this encrypted block device in the initrd, similarly to systemd.mount(5) units marked with x-initrd.mount. Although it's not necessary to mark the mount entry for the root file system with x-initrd.mount, x-initrd.attach is still recommended with the encrypted block device containing the root file system as otherwise systemd will attempt to detach the device during the regular system shutdown while it's still in use. With this option the device will still be detached but later after the root file system is unmounted. All other encrypted block devices that contain file systems mounted in the initrd should use this option. Added in version 245. [0] - release: noble systemd version: 253.5-1ubuntu6 Install noble to a vm with virt-manager and encrypt the lvm during subiquity install. After successful install, Modify /etc/crypttab to include the parameter in the 4th column example: sda6_crypt UUID=099aae4a-b11b-49a6-a6c4-62939eddf7a0 none luks,x-initrd.attach update-initramfs -u -k all During boot or shutdown the logs show cryptsetup: WARNING: dm_crypt-0: ignoring unknown option x-initrd.attach There are two separate problems 1. crypttab doesn't recognize x-initrd.attach option in /etc/crypttab file. cryptsetup: WARNING: dm_crypt-0: ignoring unknown option x-initrd.attach 2. this error happens on shutdown/restart [systemd-cryptsetup]: Device dm-crypt-0 is still in use. [systemd-cryptsetup]: Failed to deactivate: Device or resource busy. The vm does eventually shutdown after throwing the above warnings. [0] https://www.freedesktop.org/software/systemd/man/latest/crypttab.html#x-initrd.attach These patches look like they could fix the issue, The last one might not be needed. git format-patch -1 8ce02b87cece09797c1030c778db4180e1e2ce2e https://github.com/systemd/systemd/commit/8ce02b87cece09797c1030c778db4180e1e2ce2e git format-patch -1 1dc85eff1d0dff18aaeaae530c91bf53f34b726e https://github.com/systemd/systemd/commit/1dc85eff1d0dff18aaeaae530c91bf53f34b726e git format-patch -1 bf1484c70a24cf04c145a9509c8124ffd7fb0879 https://github.com/systemd/systemd/commit/bf1484c70a24cf04c145a9509c8124ffd7fb0879 ** Affects: systemd (Ubuntu) Importance: Undecided Assignee: Heather Lemon (hypothetical-lemon) Status: New ** Affects: systemd (Ubuntu Bionic) Importance: Undecided Status: Won't Fix ** Affects: systemd (Ubuntu Focal) Importance: Undecided Status: New ** Affects: systemd (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: systemd (Ubuntu Mantic) Importance: Undecided Status: New ** Affects: systemd (Ubuntu Noble) Importance: Undecided Assignee: Heather Lemon (hypothetical-lemon) Status: New ** Changed in: systemd (Ubuntu) Assignee: (unassigned) => Heather Lemon (hypothetical-lemon) ** Also affects: systemd (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Noble) Importance: Undecided Assignee: Heather Lemon (hypothetical-lemon) Status: New ** Also affects: systemd (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Jammy) Importance: Undecided Status: New ** Description changed: From systemd version 245+ an option was added x-initrd.attach, which Setup this encrypted block device in the initrd, similarly to systemd.mount(5) units marked with x-initrd.mount. - Although it's not necessary to mark the mount entry for the root file + Although it's not necessary to mark the mount entry for the root file system with x-initrd.mount, x-initrd.attach is still recommended with the encrypted block device containing the root file system as otherwise systemd will attempt to detach the device during the regular system shutdown while it's still in use. With this option the device will still be detached but later after the root file system is unmounted. All other encrypted block devices that contain file systems mounted in the initrd should use this option. - Added in version 245. [0] + Added in version 245. [0] - - release: noble + release: noble systemd version: 253.5-1ubuntu6 Install noble to a vm with virt-manager and encrypt the lvm during subiquity install. After successful install, - Modify /etc/crypttab to include the parameter in the 4th column + Modify /etc/crypttab to include the parameter in the 4th column example: sda6_crypt UUID=099aae4a-b11b-49a6-a6c4-62939eddf7a0 none luks,x-initrd.attach update-initramfs -u -k all - During boot or shutdown the logs show + During boot or shutdown the logs show cryptsetup: WARNING: dm_crypt-0: ignoring unknown option x-initrd.attach - There are two separat
[Touch-packages] [Bug 2056804] [NEW] Screen corruption on kernel 6.5.0-25, but not on 6.5.0-21
Public bug reported: After updating to 6.5.0-25, I am experiencing a very peculiar form of screen corruption. It has been persistent and consistent across reboots. It does not manifest on 6.5.0-21, neither on 5.15.0-100. Another peculiarity is that right clicking on the right side and lower side of the screen makes the right-click menu appear in the upper-left area of the screen. I am attaching screenshots, kernel version is at the end of the filename. --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: shock 4322 F pulseaudio /dev/snd/controlC0: shock 4322 F pulseaudio CRDA: N/A CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2021-03-28 (1079 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) MachineType: Undefined Undefined NonfreeKernelModules: nvidia_modeset nvidia Package: linux (not installed) ProcFB: 0 astdrmfb 1 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-100-generic root=/dev/mapper/ubuntu_vg-ubuntu_root ro vfio-pci.ids=10de:17c8,10de:0fb0 quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 5.15.0-100.110-generic 5.15.143 RelatedPackageVersions: linux-restricted-modules-5.15.0-100-generic N/A linux-backports-modules-5.15.0-100-generic N/A linux-firmware 20220329.git681281e4-0ubuntu3.29 RfKill: 0: hci0: Bluetooth Soft blocked: no Hard blocked: no Tags: jammy Uname: Linux 5.15.0-100-generic x86_64 UpgradeStatus: Upgraded to jammy on 2024-02-20 (20 days ago) UserGroups: adm cdrom dip input libvirt lpadmin lxd plugdev render sambashare sudo _MarkForUpload: True dmi.bios.date: 06/26/2018 dmi.bios.release: 4.6 dmi.bios.vendor: GIGABYTE dmi.bios.version: R23 dmi.board.asset.tag: 01234567890123456789AN dmi.board.name: Undefined dmi.board.vendor: Undefined dmi.board.version: 0001 dmi.chassis.asset.tag: 01234567890123456789AN dmi.chassis.type: 17 dmi.chassis.vendor: Undefined dmi.chassis.version: 0001 dmi.modalias: dmi:bvnGIGABYTE:bvrR23:bd06/26/2018:br4.6:svnUndefined:pnUndefined:pvr0002:rvnUndefined:rnUndefined:rvr0001:cvnUndefined:ct17:cvr0001:skuGIGABYTEServer: dmi.product.name: Undefined dmi.product.sku: GIGABYTE Server dmi.product.version: 0002 dmi.sys.vendor: Undefined ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: apport-collected jammy ** Attachment added: "Screenshot from 2024-03-11 21-31-48 6.5.0-25.png" https://bugs.launchpad.net/bugs/2056804/+attachment/5754914/+files/Screenshot%20from%202024-03-11%2021-31-48%206.5.0-25.png ** Package changed: mesa (Ubuntu) => linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/2056804 Title: Screen corruption on kernel 6.5.0-25, but not on 6.5.0-21 Status in linux package in Ubuntu: New Bug description: After updating to 6.5.0-25, I am experiencing a very peculiar form of screen corruption. It has been persistent and consistent across reboots. It does not manifest on 6.5.0-21, neither on 5.15.0-100. Another peculiarity is that right clicking on the right side and lower side of the screen makes the right-click menu appear in the upper-left area of the screen. I am attaching screenshots, kernel version is at the end of the filename. --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: shock 4322 F pulseaudio /dev/snd/controlC0: shock 4322 F pulseaudio CRDA: N/A CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 22.04 InstallationDate: Installed on 2021-03-28 (1079 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) MachineType: Undefined Undefined NonfreeKernelModules: nvidia_modeset nvidia Package: linux (not installed) ProcFB: 0 astdrmfb 1 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-100-generic root=/dev/mapper/ubuntu_vg-ubuntu_root ro vfio-pci.ids=10de:17c8,10de:0fb0 quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 5.15.0-100.110-generic 5.15.143 RelatedPackageVersions: linux-restricted-modules-5.15.0-100-generic N/A linux-backports-modules-5.15.0-100-generic N/A linux-firmware 20220329.git681281e4-0ubuntu3.29 RfKill: 0: hci0: Bluetooth Soft blocked: no Hard blocked: no Tags: jammy Uname: Linux 5.15.0-100-generic x86_64 UpgradeStatus: Upgraded to jammy on 2024-02-20 (20 days ago) UserGroups: adm cdrom dip input libvirt lpadmin lxd plugdev render sambashare sudo _MarkForUpload: True dmi.bios.date: 06/26/2018 dmi.bios.r
[Touch-packages] [Bug 2056802] Re: crypttab does not honor `x-initrd.attach` option
Thank you for the bug, Heather! I'm marking Bionic as "Won't Fix", as it's EOL. If needed, please re-target against Pro 18.04. Thanks! ** Changed in: systemd (Ubuntu Bionic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2056802 Title: crypttab does not honor `x-initrd.attach` option Status in systemd package in Ubuntu: New Status in systemd source package in Bionic: Won't Fix Status in systemd source package in Focal: New Status in systemd source package in Jammy: New Status in systemd source package in Mantic: New Status in systemd source package in Noble: New Bug description: From systemd version 245+ an option was added x-initrd.attach - Setup this encrypted block device in the initrd, similarly to systemd.mount(5) units marked with x-initrd.mount. Although it's not necessary to mark the mount entry for the root file system with x-initrd.mount, x-initrd.attach is still recommended with the encrypted block device containing the root file system as otherwise systemd will attempt to detach the device during the regular system shutdown while it's still in use. With this option the device will still be detached but later after the root file system is unmounted. All other encrypted block devices that contain file systems mounted in the initrd should use this option. Added in version 245. [0] - release: noble systemd version: 253.5-1ubuntu6 Install noble to a vm with virt-manager and encrypt the lvm during subiquity install. After successful install, Modify /etc/crypttab to include the parameter in the 4th column example: sda6_crypt UUID=099aae4a-b11b-49a6-a6c4-62939eddf7a0 none luks,x-initrd.attach update-initramfs -u -k all During boot or shutdown the logs show cryptsetup: WARNING: dm_crypt-0: ignoring unknown option x-initrd.attach There are two separate problems 1. crypttab doesn't recognize x-initrd.attach option in /etc/crypttab file. cryptsetup: WARNING: dm_crypt-0: ignoring unknown option x-initrd.attach 2. this error happens on shutdown/restart [systemd-cryptsetup]: Device dm-crypt-0 is still in use. [systemd-cryptsetup]: Failed to deactivate: Device or resource busy. The vm does eventually shutdown after throwing the above warnings. [0] https://www.freedesktop.org/software/systemd/man/latest/crypttab.html#x-initrd.attach These patches look like they could fix the issue, The last one might not be needed. git format-patch -1 8ce02b87cece09797c1030c778db4180e1e2ce2e https://github.com/systemd/systemd/commit/8ce02b87cece09797c1030c778db4180e1e2ce2e git format-patch -1 1dc85eff1d0dff18aaeaae530c91bf53f34b726e https://github.com/systemd/systemd/commit/1dc85eff1d0dff18aaeaae530c91bf53f34b726e git format-patch -1 bf1484c70a24cf04c145a9509c8124ffd7fb0879 https://github.com/systemd/systemd/commit/bf1484c70a24cf04c145a9509c8124ffd7fb0879 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2056802/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1930914] Re: ubuntu-minimal depends on ubuntu-advantage-tools
This is just malicious. You are not only packacking Ubuntu as adware, you are making it deliberately harder to unbreak for people interested specifically in spam removal. While Ubuntu with easily removed ads would be still adware it would be at least less annoying for people wishing to fix it. And here you make deliberately harder to remove ads, despite that it would already requires tinkering not done by vast majority of people. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1930914 Title: ubuntu-minimal depends on ubuntu-advantage-tools Status in ubuntu-meta package in Ubuntu: Won't Fix Bug description: This is counter to #1566183 There is no reason to enforce desktop users who manage machine on their own to install ubuntu-advantage- tools, especially when this is 'minimal' version. This should include only essential packages to make the OS functional ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: ubuntu-minimal 1.450.2 ProcVersionSignature: Ubuntu 5.4.0-73.82-lowlatency 5.4.106 Uname: Linux 5.4.0-73-lowlatency x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.18 Architecture: amd64 CasperMD5CheckResult: skip Date: Fri Jun 4 18:54:56 2021 InstallationDate: Installed on 2020-01-29 (491 days ago) InstallationMedia: Ubuntu-MATE 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: ubuntu-meta UpgradeStatus: Upgraded to focal on 2020-06-27 (342 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1930914/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1930914] Re: ubuntu-minimal depends on ubuntu-advantage-tools
> Canonical needs to make money and those ads aren't spammy at all. I get ads on every single SSH login, that is incredibly spammy. Currently for me that is majority of ad consumption and I will get rid of it even if it means migration of several servers I am managing to a different OS. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1930914 Title: ubuntu-minimal depends on ubuntu-advantage-tools Status in ubuntu-meta package in Ubuntu: Won't Fix Bug description: This is counter to #1566183 There is no reason to enforce desktop users who manage machine on their own to install ubuntu-advantage- tools, especially when this is 'minimal' version. This should include only essential packages to make the OS functional ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: ubuntu-minimal 1.450.2 ProcVersionSignature: Ubuntu 5.4.0-73.82-lowlatency 5.4.106 Uname: Linux 5.4.0-73-lowlatency x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.18 Architecture: amd64 CasperMD5CheckResult: skip Date: Fri Jun 4 18:54:56 2021 InstallationDate: Installed on 2020-01-29 (491 days ago) InstallationMedia: Ubuntu-MATE 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: ubuntu-meta UpgradeStatus: Upgraded to focal on 2020-06-27 (342 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1930914/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
