[Touch-packages] [Bug 1959646] [NEW] dhcrelay does not obey -i interface option
Public bug reported: If one starts dhcrelay with explicitly specifying the interfaces to listen,it silently ignores these options and still listens on all interfaces. This is neither what the man page says (it says, only if no interface is given, it listen on all interfaces), nor what is needed. It might be even considered being a security bug because dhcrelay listens on interfaces it shouldn't. Needless filter work causes unwanted overhead as well. Wrt. the source package the patches/dhcrelay-listen.patch seems to be the root cause. It makes no sense at all to me ... Please explain or remove. ** Affects: isc-dhcp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1959646 Title: dhcrelay does not obey -i interface option Status in isc-dhcp package in Ubuntu: New Bug description: If one starts dhcrelay with explicitly specifying the interfaces to listen,it silently ignores these options and still listens on all interfaces. This is neither what the man page says (it says, only if no interface is given, it listen on all interfaces), nor what is needed. It might be even considered being a security bug because dhcrelay listens on interfaces it shouldn't. Needless filter work causes unwanted overhead as well. Wrt. the source package the patches/dhcrelay-listen.patch seems to be the root cause. It makes no sense at all to me ... Please explain or remove. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1959646/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1917187] Re: lxc cgroup2: containers unbootable
Hmmm, that's an old one. IIRC the real root cause was, that some files possibly included via /usr/share/lxc/config/ubuntu.common.conf still used lxc.cgroup.devices.* instead of lxc.cgroup2.devices.* (the machine was upgraded from bionic to focal). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1917187 Title: lxc cgroup2: containers unbootable Status in lxc package in Ubuntu: Invalid Bug description: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal If one sets in /etc/default/grub (as e.g. desired by facebook oomd): GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1 swapaccount=1 ..." lxc is not able to start any containers anymore. # lxc-start -F n04-01 lxc-start: n04-01: conf.c: lxc_setup_boot_id: 3249 Permission denied - Failed to mount /dev/.lxc-boot-id to /proc/sys/kernel/random/boot_id Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted [!!] Failed to mount API filesystems. Exiting PID 1... config: --- # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.apparmor.profile = lxc-default-cgns-with-mounting lxc.start.auto = 1 lxc.rootfs.path = dir:/zones/n04-01/rootfs lxc.rootfs.options = noatime lxc.mount.fstab = /zones/n04-01/fstab lxc.uts.name = n04-01 lxc.arch = amd64 # Network configuration lxc.net.0.type = macvlan lxc.net.0.macvlan.mode = bridge lxc.net.0.flags = up lxc.net.0.link = vlan2 lxc.net.0.hwaddr = 00:80:41:22:0d:10 lxc.net.0.name = n04-01_0 #lxc.include = /zones/n04-01/nvconfig lxc.start.order = 16 #lxc.net.0.ipv4 = 10.2.1.65/16 #lxc.net.0.ipv4.gateway = 10.2.0.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1917187/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1917187] [NEW] lxc cgroup2: containers unbootable
Public bug reported: Distributor ID: Ubuntu Description:Ubuntu 20.04.2 LTS Release:20.04 Codename: focal If one sets in /etc/default/grub (as e.g. desired by facebook oomd): GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1 swapaccount=1 ..." lxc is not able to start any containers anymore. # lxc-start -F n04-01 lxc-start: n04-01: conf.c: lxc_setup_boot_id: 3249 Permission denied - Failed to mount /dev/.lxc-boot-id to /proc/sys/kernel/random/boot_id Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted [!!] Failed to mount API filesystems. Exiting PID 1... config: --- # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.apparmor.profile = lxc-default-cgns-with-mounting lxc.start.auto = 1 lxc.rootfs.path = dir:/zones/n04-01/rootfs lxc.rootfs.options = noatime lxc.mount.fstab = /zones/n04-01/fstab lxc.uts.name = n04-01 lxc.arch = amd64 # Network configuration lxc.net.0.type = macvlan lxc.net.0.macvlan.mode = bridge lxc.net.0.flags = up lxc.net.0.link = vlan2 lxc.net.0.hwaddr = 00:80:41:22:0d:10 lxc.net.0.name = n04-01_0 #lxc.include = /zones/n04-01/nvconfig lxc.start.order = 16 #lxc.net.0.ipv4 = 10.2.1.65/16 #lxc.net.0.ipv4.gateway = 10.2.0.1 ** Affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1917187 Title: lxc cgroup2: containers unbootable Status in lxc package in Ubuntu: New Bug description: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal If one sets in /etc/default/grub (as e.g. desired by facebook oomd): GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1 swapaccount=1 ..." lxc is not able to start any containers anymore. # lxc-start -F n04-01 lxc-start: n04-01: conf.c: lxc_setup_boot_id: 3249 Permission denied - Failed to mount /dev/.lxc-boot-id to /proc/sys/kernel/random/boot_id Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted [!!] Failed to mount API filesystems. Exiting PID 1... config: --- # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.apparmor.profile = lxc-default-cgns-with-mounting lxc.start.auto = 1 lxc.rootfs.path = dir:/zones/n04-01/rootfs lxc.rootfs.options = noatime lxc.mount.fstab = /zones/n04-01/fstab lxc.uts.name = n04-01 lxc.arch = amd64 # Network configuration lxc.net.0.type = macvlan lxc.net.0.macvlan.mode = bridge lxc.net.0.flags = up lxc.net.0.link = vlan2 lxc.net.0.hwaddr = 00:80:41:22:0d:10 lxc.net.0.name = n04-01_0 #lxc.include = /zones/n04-01/nvconfig lxc.start.order = 16 #lxc.net.0.ipv4 = 10.2.1.65/16 #lxc.net.0.ipv4.gateway = 10.2.0.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1917187/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1917192] [NEW] lxc-stop -r does not work
Public bug reported: Distributor ID: Ubuntu Description:Ubuntu 20.04.2 LTS Release:20.04 Codename: focal lxc-stop -r -n $zone Stops the container, but does not reboot it anymore, as in bionic. ** Affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1917192 Title: lxc-stop -r does not work Status in lxc package in Ubuntu: New Bug description: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal lxc-stop -r -n $zone Stops the container, but does not reboot it anymore, as in bionic. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1917192/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1810458] [NEW] do-release-upgrade fails with "No such file or directory: 'gpg'"
Public bug reported: > + do-release-upgrade Checking for a new Ubuntu release Get:1 Upgrade tool signature [819 B] Get:2 Upgrade tool [1,263 kB] Fetched 1,264 kB in 0s (0 B/s) authenticate 'bionic.tar.gz' against 'bionic.tar.gz.gpg' Traceback (most recent call last): File "/usr/bin/do-release-upgrade", line 200, in fetcher.run() File "/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py", line 282, in run if not self.authenticate(): File "/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py", line 76, in authenticate if self.gpgauthenticate(f, sig): File "/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py", line 108, in gpgauthenticate close_fds=False, universal_newlines=True) File "/usr/lib/python3.5/subprocess.py", line 947, in __init__ restore_signals, start_new_session) File "/usr/lib/python3.5/subprocess.py", line 1551, in _execute_child raise child_exception_type(errno_num, err_msg) FileNotFoundError: [Errno 2] No such file or directory: 'gpg' > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 16.04.5 LTS Release:16.04 Codename: xenial > + apt dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > which gpg gpg: Command not found. > which gpg2 /usr/bin/gpg2 ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1810458 Title: do-release-upgrade fails with "No such file or directory: 'gpg'" Status in apparmor package in Ubuntu: New Bug description: > + do-release-upgrade Checking for a new Ubuntu release Get:1 Upgrade tool signature [819 B] Get:2 Upgrade tool [1,263 kB] Fetched 1,264 kB in 0s (0 B/s) authenticate 'bionic.tar.gz' against 'bionic.tar.gz.gpg' Traceback (most recent call last): File "/usr/bin/do-release-upgrade", line 200, in fetcher.run() File "/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py", line 282, in run if not self.authenticate(): File "/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py", line 76, in authenticate if self.gpgauthenticate(f, sig): File "/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py", line 108, in gpgauthenticate close_fds=False, universal_newlines=True) File "/usr/lib/python3.5/subprocess.py", line 947, in __init__ restore_signals, start_new_session) File "/usr/lib/python3.5/subprocess.py", line 1551, in _execute_child raise child_exception_type(errno_num, err_msg) FileNotFoundError: [Errno 2] No such file or directory: 'gpg' > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.5 LTS Release: 16.04 Codename: xenial > + apt dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > which gpg gpg: Command not found. > which gpg2 /usr/bin/gpg2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1810458/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811051] [NEW] lxc-templates: too many senseless dependencies
Public bug reported: # apt install lxc-templates Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: busybox-static cloud-image-utils debootstrap dirmngr distro-info genisoimage gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv ibverbs-providers libaio1 libassuan0 libcurl3-gnutls libibverbs1 libiscsi7 libksba8 libnghttp2-14 libnl-3-200 libnl-route-3-200 libnpth0 libnspr4 libnss3 libpsl5 librados2 librbd1 librtmp1 pinentry-curses publicsuffix qemu-block-extra qemu-utils sharutils uuid-runtime wget Suggested packages: cloud-utils-euca mtools ubuntu-archive-keyring dbus-user-session pinentry-gnome3 tor shunit2 wodim cdrkit-doc parcimonie xloadimage scdaemon qemu-user-static pinentry-doc sharutils-doc The following NEW packages will be installed: busybox-static cloud-image-utils debootstrap dirmngr distro-info genisoimage gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm ibverbs-providers libaio1 libassuan0 libcurl3-gnutls libibverbs1 libiscsi7 libksba8 libnghttp2-14 libnl-3-200 libnl-route-3-200 libnpth0 libnspr4 libnss3 libpsl5 librados2 librbd1 librtmp1 lxc-templates pinentry-curses publicsuffix qemu-block-extra qemu-utils sharutils uuid-runtime wget The following packages will be upgraded: gpgv 1 upgraded, 40 newly installed, 0 to remove and 76 not upgraded. 3 not fully installed or removed. Need to get 10.9 MB of archives. After this operation, 40.8 MB of additional disk space will be used. ... 41 MB of totally useless bloat just to get some config alias text files is far too much! Actually this package should not have any dependencies at all! > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 18.04 LTS Release:18.04 Codename: bionic ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1811051 Title: lxc-templates: too many senseless dependencies Status in apparmor package in Ubuntu: New Bug description: # apt install lxc-templates Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: busybox-static cloud-image-utils debootstrap dirmngr distro-info genisoimage gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv ibverbs-providers libaio1 libassuan0 libcurl3-gnutls libibverbs1 libiscsi7 libksba8 libnghttp2-14 libnl-3-200 libnl-route-3-200 libnpth0 libnspr4 libnss3 libpsl5 librados2 librbd1 librtmp1 pinentry-curses publicsuffix qemu-block-extra qemu-utils sharutils uuid-runtime wget Suggested packages: cloud-utils-euca mtools ubuntu-archive-keyring dbus-user-session pinentry-gnome3 tor shunit2 wodim cdrkit-doc parcimonie xloadimage scdaemon qemu-user-static pinentry-doc sharutils-doc The following NEW packages will be installed: busybox-static cloud-image-utils debootstrap dirmngr distro-info genisoimage gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm ibverbs-providers libaio1 libassuan0 libcurl3-gnutls libibverbs1 libiscsi7 libksba8 libnghttp2-14 libnl-3-200 libnl-route-3-200 libnpth0 libnspr4 libnss3 libpsl5 librados2 librbd1 librtmp1 lxc-templates pinentry-curses publicsuffix qemu-block-extra qemu-utils sharutils uuid-runtime wget The following packages will be upgraded: gpgv 1 upgraded, 40 newly installed, 0 to remove and 76 not upgraded. 3 not fully installed or removed. Need to get 10.9 MB of archives. After this operation, 40.8 MB of additional disk space will be used. ... 41 MB of totally useless bloat just to get some config alias text files is far too much! Actually this package should not have any dependencies at all! > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04 LTS Release: 18.04 Codename: bionic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1811051/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1769284] [NEW] ssh client: blowfish-cbc required - missing in bionic
Public bug reported: In bionic openssh client/server ships without blowfish-cbc, arcfour, arcfour128, arcfour256 and cast128-cbc. Unfortunately they are required for backward compatibility, especially for embedded devices, which do not support other ciphers (e.g. Rittal Liquid Cooling Package for racks). So disable them per default is ok, but one should still be able to use them on demand for older, non-upgradable HW/SW envs. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1769284 Title: ssh client: blowfish-cbc required - missing in bionic Status in openssh package in Ubuntu: New Bug description: In bionic openssh client/server ships without blowfish-cbc, arcfour, arcfour128, arcfour256 and cast128-cbc. Unfortunately they are required for backward compatibility, especially for embedded devices, which do not support other ciphers (e.g. Rittal Liquid Cooling Package for racks). So disable them per default is ok, but one should still be able to use them on demand for older, non-upgradable HW/SW envs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1769284/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1769284] Re: ssh client: blowfish-cbc required - missing in bionic
No, this is not an option. Also note, that this breaks a lot of workflows without reason, because Ubuntu ssh client simply stops working with a message like "~/.ssh/config line 3: Bad SSH2 cipher spec '...'": it simply does not know such ciphers (does not ignore them). So especially in environments with shared homes bionic (the usual case in enterprises?) cannot be deployed (and telling people, that they need to use different options when the are on bionic, is simply is useless pain for the users as well as company hotlines). Ubuntu should do, what all major enterprise ready distributions/unices do, i.e. bundle support for those ciphers for backward compatibility, but disable them per default). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1769284 Title: ssh client: blowfish-cbc required - missing in bionic Status in openssh package in Ubuntu: Won't Fix Status in openssh-ssh1 package in Ubuntu: Fix Released Bug description: In bionic openssh client/server ships without blowfish-cbc, arcfour, arcfour128, arcfour256 and cast128-cbc. Unfortunately they are required for backward compatibility, especially for embedded devices, which do not support other ciphers (e.g. Rittal Liquid Cooling Package for racks). So disable them per default is ok, but one should still be able to use them on demand for older, non-upgradable HW/SW envs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1769284/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1347020] Re: systemd does not boot in a container
I'm running utopic with latest updates. Any container, which has systemd running simply hangs, when /sbin/init gets started (no matter, whether config has 'lxc.kmsg = 0' or not). Tried it previously with a trusty and today with a vivid container. So wondering, whether there is a bugfix available at all? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1347020 Title: systemd does not boot in a container Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: Triaged Bug description: Opening against cloud-init for now, but ultimately might end up as bug-fixes / srus against some other packages in trusty. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1432683] Re: apt-get install lxc doesn't load required apparmor profiles
It appears, that something is still broken. Because systemd doesn't
work, I installed upstart + upstart-sysv (and uninstalled systemd-
sysv), but unfortunately sssd doesn't come up (has exactly the same
config, as in other < 14.10 zones, where it works as expected). And
because sssd doesn't come up, other depending services like autofs
doesn't come up either.
The problem seems to be /lib/init/apparmor-profile-load as well, which returns
with 1 and thus probably causes start always fail.
As a workaround I modified /etc/init/sssd.conf:
...
pre-start script
test -f /etc/sssd/sssd.conf || { stop; exit 0; }
/lib/init/apparmor-profile-load usr.sbin.sssd || true
end script
...
which makes it work, however, I still wonder, what apparmor-profile-load
causes to return != 0 ...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1432683
Title:
apt-get install lxc doesn't load required apparmor profiles
Status in apparmor package in Ubuntu:
Fix Released
Status in init-system-helpers package in Ubuntu:
Triaged
Status in lxc package in Ubuntu:
Fix Committed
Status in squid3 package in Ubuntu:
Fix Released
Status in upstart package in Ubuntu:
Triaged
Bug description:
I'm trying to use LXC on my openstack instance which runs vivid daily:
$ sudo apt-get install lxc -y
$ sudo lxc-create -t ubuntu-cloud --name=vivid -- --flush-cache
--stream=daily --release=vivid
$ sudo lxc-start --name vivid --logfile=lxc.log
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in
foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
In the log file (lxc.log) I observe the following error:
lxc-start 1426516387.814 ERRORlxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory -
failed to change apparmor profile to lxc-container-default
This profile *exists* under /etc/apparmor.d/lxc/lxc-default but was
not loaded appropriately.
This issue disappears if I:
(a) reload apparmor profile manually: sudo /etc/init.d/apparmor reload
or
(b) reboot the instance
I'd expect that 'apt-get install lxc' has to load all appropriate
apparmor profiles to allow starting containers w/o profile reloading /
rebooting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1432683/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1692109] [NEW] mount is broken/misbehaving
Public bug reported: "/bin/mount -t zfs -o defaults,atime,dev,exec,rw,suid,nomand,zfsutil rpool/zones/bla /zones/bla" fails, if env var POSIXLY_CORRECT is set, because it calls "/sbin/mount.zfs rpool/zones/bla /zones/bla -o rw,zfsutil", which is obviously a bug. Options should always come first and operands last ... ** Affects: util-linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1692109 Title: mount is broken/misbehaving Status in util-linux package in Ubuntu: New Bug description: "/bin/mount -t zfs -o defaults,atime,dev,exec,rw,suid,nomand,zfsutil rpool/zones/bla /zones/bla" fails, if env var POSIXLY_CORRECT is set, because it calls "/sbin/mount.zfs rpool/zones/bla /zones/bla -o rw,zfsutil", which is obviously a bug. Options should always come first and operands last ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1692109/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1692109] Re: mount is broken/misbehaving
mount from util-linux 2.27.1 (libmount 2.27.0: selinux, assert, debug) Description:Ubuntu 16.04.2 LTS -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1692109 Title: mount is broken/misbehaving Status in util-linux package in Ubuntu: New Bug description: "/bin/mount -t zfs -o defaults,atime,dev,exec,rw,suid,nomand,zfsutil rpool/zones/bla /zones/bla" fails, if env var POSIXLY_CORRECT is set, because it calls "/sbin/mount.zfs rpool/zones/bla /zones/bla -o rw,zfsutil", which is obviously a bug. Options should always come first and operands last ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1692109/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1692109] Re: mount is broken/misbehaving
AFAICS the problem is libmount/src/context_mount.c:exec_helper() which is uses operands in a wrong/not posixly incorrect way. See also http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/1692109 Title: mount is broken/misbehaving Status in util-linux package in Ubuntu: New Bug description: "/bin/mount -t zfs -o defaults,atime,dev,exec,rw,suid,nomand,zfsutil rpool/zones/bla /zones/bla" fails, if env var POSIXLY_CORRECT is set, because it calls "/sbin/mount.zfs rpool/zones/bla /zones/bla -o rw,zfsutil", which is obviously a bug. Options should always come first and operands last ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1692109/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1693900] [NEW] apt-get update should return exit code != 0 on error
Public bug reported: When running 'apt-get update' (e.g. on a container install post-install script), apt-get return with exit code 0, even so it wasn't able to "update" properly. E.g.: + apt-get update Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease Temporary failure resolving 'de.archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease Temporary failure resolving 'de.archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. It should be corrected to return useful exit code, so that scripts can take the appropriate actions ... ** Affects: apt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1693900 Title: apt-get update should return exit code != 0 on error Status in apt package in Ubuntu: New Bug description: When running 'apt-get update' (e.g. on a container install post- install script), apt-get return with exit code 0, even so it wasn't able to "update" properly. E.g.: + apt-get update Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease Temporary failure resolving 'de.archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease Temporary failure resolving 'de.archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. It should be corrected to return useful exit code, so that scripts can take the appropriate actions ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1693900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1693900] Re: apt-get update should return exit code != 0 on error
Hmmm, IMHO 'Err:' and 'W: Failed to fetch' indicate, that it was not able to update properly and thus the result of the operation is unreliable. So its like "your connection is secured, but may be not". I guess most people wouldn't do any financial transaction when reading this ... ;-) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1693900 Title: apt-get update should return exit code != 0 on error Status in apt package in Ubuntu: Triaged Bug description: When running 'apt-get update' (e.g. on a container install post- install script), apt-get return with exit code 0, even so it wasn't able to "update" properly. E.g.: + apt-get update Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease Temporary failure resolving 'de.archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease Temporary failure resolving 'de.archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. It should be corrected to return useful exit code, so that scripts can take the appropriate actions ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1693900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1693900] Re: apt-get update should return exit code != 0 on error
The bug/subject here is, that apt-get doesn't return a proper exit code, not, what else one could use to workaround the bug. Saying, that update from one of all (i.e. 1+) sites is sufficient is like going to fly with a jet, where one of two engines is already broken before it starts. Making this decision for yourself is ok, but making it for all other passengers is IMHO irresponsible. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1693900 Title: apt-get update should return exit code != 0 on error Status in apt package in Ubuntu: Triaged Bug description: When running 'apt-get update' (e.g. on a container install post- install script), apt-get return with exit code 0, even so it wasn't able to "update" properly. E.g.: + apt-get update Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease Temporary failure resolving 'de.archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease Temporary failure resolving 'de.archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. It should be corrected to return useful exit code, so that scripts can take the appropriate actions ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1693900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1693900] Re: apt-get update should return exit code != 0 on error
Actually this is the problem: Users think, their system is up-to-date, but it is not for sure because a site failed to respond. Therefore only if _all_ sites answered the request properly, apt-get should return 0. If not, it should return a specified return code, which lets the callee know, that there was a problem [and imply, that a subsequent apt-get upgrade might bring the system to the latest supported state, or not]. If the exit code for such situations is documented properly, the tool can still decide, whether to run the upgrade or would be bredless art. BTW: It doesn't really matter, what error (whether temp. DNS, LDAP lookup, network, etc.) prevented a successful update. Fact is, that there was an error and this needs to be communicated. CLI tools do that via exit code. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1693900 Title: apt-get update should return exit code != 0 on error Status in apt package in Ubuntu: Triaged Bug description: When running 'apt-get update' (e.g. on a container install post- install script), apt-get return with exit code 0, even so it wasn't able to "update" properly. E.g.: + apt-get update Err:1 http://de.archive.ubuntu.com/ubuntu xenial InRelease Temporary failure resolving 'de.archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:3 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease Temporary failure resolving 'de.archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://de.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'de.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. It should be corrected to return useful exit code, so that scripts can take the appropriate actions ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1693900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1690891] [NEW] RFE: remove ureadahead from package minimal
Public bug reported: Since on common platforms ureadahead solves nothing but causes a huge amount of garbage/totally useless error messages, which makes it really hard to extract the important messages from e.g. journalctl output, it should be removed from ubuntu-minimal. If there are people, who need it, can still explicitly install it. ** Affects: ureadahead (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ureadahead in Ubuntu. https://bugs.launchpad.net/bugs/1690891 Title: RFE: remove ureadahead from package minimal Status in ureadahead package in Ubuntu: New Bug description: Since on common platforms ureadahead solves nothing but causes a huge amount of garbage/totally useless error messages, which makes it really hard to extract the important messages from e.g. journalctl output, it should be removed from ubuntu-minimal. If there are people, who need it, can still explicitly install it. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ureadahead/+bug/1690891/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868892] Re: initramfs-tools/hooks/udev for network *.link really sucks
Łukasz Zemczak, yes, upgraded a machine from bionic to focal - same
problem. However, the patch looks not optimal but sufficient.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1868892
Title:
initramfs-tools/hooks/udev for network *.link really sucks
Status in systemd package in Ubuntu:
In Progress
Status in systemd source package in Xenial:
In Progress
Status in systemd source package in Bionic:
Fix Committed
Status in systemd source package in Eoan:
Fix Committed
Status in systemd source package in Focal:
In Progress
Bug description:
[impact]
If the /{etc,lib}/systemd/network directory itself is a symlink, the find
command will not actually find any of the files in the dir it links to.
[test case]
$ sudo touch /etc/systemd/network/lp1868892.link
$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-5.4.0-21-generic
...
$ sudo lsinitramfs /boot/initrd.img-5.4.0-21-generic | grep lp1868892
usr/lib/systemd/network/lp1868892.link
$ sudo mv /etc/systemd/network /etc/systemd/network.abc
$ sudo ln -s network.abc /etc/systemd/network
$ sudo update-initramfs -u
$ sudo lsinitramfs /boot/initrd.img-5.4.0-21-generic | grep lp1868892
$
[regression potential]
this adjusts how link files are included in the initramfs, so
regressions would likely occur when creating new initramfs, such as
failure to create initramfs at all, or failure to properly copy link
files into the initramfs, causing network setup failure.
[scope]
this is a Debian/Ubuntu specific file, and the Debian MR was just
opened, so this is needed for Debian and all releases of Ubuntu.
[other info]
This bug likely has a very limited impact, as it is uncommon to
symlink either the /lib/systemd/network or /etc/systemd/network dirs.
[original description]
If one creates e.g. /etc/systemd/network.cu and
/etc/systemd/network.fc and symlinks /etc/systemd/network to one of
them, network setup will fail on reboot, because /usr/share/initramfs-
tools/hooks/udev does a very poor job: it simply checks for a
directory instead of the link files and therefore skips copying
required files to the ram image. Another poor job is done when copying
the files to the ram image: instead of following symlinks it copies
them as which in turn makes them useless, because it does not copy the
related dirs and thus the symlinks point to nothing. So keeping the
system in an consistent state which such poor scripts is very hard,
asking for trouble.
Suggested fix is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1868892/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868892] [NEW] initramfs-tools/hooks/udev for network *.link really sucks
Public bug reported: If one creates e.g. /etc/systemd/network.cu and /etc/systemd/network.fc and symlinks /etc/systemd/network to one of them, network setup will fail on reboot, because /usr/share/initramfs-tools/hooks/udev does a very poor job: it simply checks for a directory instead of the link files and therefore skips copying required files to the ram image. Another poor job is done when copying the files to the ram image: instead of following symlinks it copies them as which in turn makes them useless, because it does not copy the related dirs and thus the symlinks point to nothing. So keeping the system in an consistent state which such poor scripts is very hard, asking for trouble. Suggested fix is attached. ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Patch added: "/usr/share/initramfs-tools/hooks/udev patch" https://bugs.launchpad.net/bugs/1868892/+attachment/5341158/+files/networkd-ramfs.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1868892 Title: initramfs-tools/hooks/udev for network *.link really sucks Status in systemd package in Ubuntu: New Bug description: If one creates e.g. /etc/systemd/network.cu and /etc/systemd/network.fc and symlinks /etc/systemd/network to one of them, network setup will fail on reboot, because /usr/share/initramfs- tools/hooks/udev does a very poor job: it simply checks for a directory instead of the link files and therefore skips copying required files to the ram image. Another poor job is done when copying the files to the ram image: instead of following symlinks it copies them as which in turn makes them useless, because it does not copy the related dirs and thus the symlinks point to nothing. So keeping the system in an consistent state which such poor scripts is very hard, asking for trouble. Suggested fix is attached. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1868892/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1424233] [NEW] RFE lxc: lxc should do a better jon of housekeeping containers
Public bug reported: Right now lxc does a pretty poor job wrt. managing containers, i.e. one needs to know, where containers have been installed to be able to access/use/manage them (option -P dir) unless they've been installed in the default location. Even if one knows the install path, it is still a pain to work with corresponding lxc commands, because one always needs to specify -P ... This really sucks (especially if one needs to service foreign machines). So the proposal is, that if a zone gets created, lxc puts a symlink to the related config under /etc/lxc/cfg/ or something like that and all lxc tools like lxc-ls first check this directory, and if the link destination exists, it has all information it needs to know., i.e. all "-P idontknow" madness is not required anymore. ** Affects: upstart (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upstart in Ubuntu. https://bugs.launchpad.net/bugs/1424233 Title: RFE lxc: lxc should do a better jon of housekeeping containers Status in upstart package in Ubuntu: New Bug description: Right now lxc does a pretty poor job wrt. managing containers, i.e. one needs to know, where containers have been installed to be able to access/use/manage them (option -P dir) unless they've been installed in the default location. Even if one knows the install path, it is still a pain to work with corresponding lxc commands, because one always needs to specify -P ... This really sucks (especially if one needs to service foreign machines). So the proposal is, that if a zone gets created, lxc puts a symlink to the related config under /etc/lxc/cfg/ or something like that and all lxc tools like lxc-ls first check this directory, and if the link destination exists, it has all information it needs to know., i.e. all "-P idontknow" madness is not required anymore. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1424233/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1424233] Re: RFE lxc: lxc should do a better jon of housekeeping containers
** Package changed: upstart (Ubuntu) => lxc (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424233 Title: RFE lxc: lxc should do a better jon of housekeeping containers Status in lxc package in Ubuntu: New Bug description: Right now lxc does a pretty poor job wrt. managing containers, i.e. one needs to know, where containers have been installed to be able to access/use/manage them (option -P dir) unless they've been installed in the default location. Even if one knows the install path, it is still a pain to work with corresponding lxc commands, because one always needs to specify -P ... This really sucks (especially if one needs to service foreign machines). So the proposal is, that if a zone gets created, lxc puts a symlink to the related config under /etc/lxc/cfg/ or something like that and all lxc tools like lxc-ls first check this directory, and if the link destination exists, it has all information it needs to know., i.e. all "-P idontknow" madness is not required anymore. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424233/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1424253] [NEW] RFE: procps tools should support lxc
Public bug reported:
Container management/monitoring is currently a pain, because procps do
not support container, i.e. there is no way to tell the tools to
"filter" the output wrt. a certain zone or to add a column, which shows
the zone name a process belongs to.
E.g. for what is needed:
{ps|pgrep|pkill|top} ... -z $myzone
# show zone name as well
{ps|top} -Z
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1424253
Title:
RFE: procps tools should support lxc
Status in lxc package in Ubuntu:
New
Bug description:
Container management/monitoring is currently a pain, because procps do
not support container, i.e. there is no way to tell the tools to
"filter" the output wrt. a certain zone or to add a column, which
shows the zone name a process belongs to.
E.g. for what is needed:
{ps|pgrep|pkill|top} ... -z $myzone
# show zone name as well
{ps|top} -Z
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424253/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1413699] [NEW] pkill|pgrep are buggy
Public bug reported:
'pgrep upstart-udev-bridge' should definitely spit out a pid, but it
doesn't. When one uses the option -f than it actually prints the PID of
the upstart-udev-bridge process. However using -f is a bad workaround,
because than (at least wrt. the man page) the arguments and operands get
included into the match, which may break scripts or even lead to
security issues.
I guess, the bug is, that p{grep|kill} strips off everything after the
first '-' of the command before it actually tries to compare with the
given operand (or something like that).
** Affects: procps (Ubuntu)
Importance: Undecided
Status: New
** Package changed: system-config-kickstart (Ubuntu) => procps (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1413699
Title:
pkill|pgrep are buggy
Status in procps package in Ubuntu:
New
Bug description:
'pgrep upstart-udev-bridge' should definitely spit out a pid, but it
doesn't. When one uses the option -f than it actually prints the PID
of the upstart-udev-bridge process. However using -f is a bad
workaround, because than (at least wrt. the man page) the arguments
and operands get included into the match, which may break scripts or
even lead to security issues.
I guess, the bug is, that p{grep|kill} strips off everything after the
first '-' of the command before it actually tries to compare with the
given operand (or something like that).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1413699/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1413699] Re: pkill|pgrep are buggy
Please read carefully! This bug is not about upstart-udev-bridge or any
other service but about PGREP . 'pgrep upstart-udev-bridge' is just an
example, which should work on any Ubuntu, i.e. to reproduce the problem!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1413699
Title:
pkill|pgrep are buggy
Status in procps package in Ubuntu:
New
Bug description:
'pgrep upstart-udev-bridge' should definitely spit out a pid, but it
doesn't. When one uses the option -f than it actually prints the PID
of the upstart-udev-bridge process. However using -f is a bad
workaround, because than (at least wrt. the man page) the arguments
and operands get included into the match, which may break scripts or
even lead to security issues.
I guess, the bug is, that p{grep|kill} strips off everything after the
first '-' of the command before it actually tries to compare with the
given operand (or something like that).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1413699/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1424253] Re: RFE: procps tools should support lxc
Actually that's not the same at all, because $cgroup != $lxc_name . Your
workaround is absolutely user UNfriendly, i.e. still hard to read and
for casual users inconvinient, because one needs supply all that many
format options ...
Anyway, I agree, that these utils should support such things out of the
box, but 'til than, it remains a distribution thing.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1424253
Title:
RFE: procps tools should support lxc
Status in lxc package in Ubuntu:
Invalid
Status in procps package in Ubuntu:
New
Bug description:
Container management/monitoring is currently a pain, because procps do
not support container, i.e. there is no way to tell the tools to
"filter" the output wrt. a certain zone or to add a column, which
shows the zone name a process belongs to.
E.g. for what is needed:
{ps|pgrep|pkill|top} ... -z $myzone
# show zone name as well
{ps|top} -Z
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424253/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1424233] Re: RFE lxc: lxc should do a better jon of housekeeping containers
Yepp, and that's IMHO a design flaw. E.g. if one wants to distribute the load on iots storage, it might make sense, to distribute the zones of several storage devices, e.g. zone1 on JBOD1, zone2 on JBOD2, etc As said, the only thing, which lxc nees to track is a single "config directory" which either contains the symlinks to the "real" zone configs OR the real config fails itself - since they usually contain lxc.rootfs = ..., there is not really a need, to keep it in its original place. And last but not least, IMHO LXC should have an interest to make things easy to manage for the users, otherwise there is no wonder, why everyone is talking about docker but not about lxc ... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1424233 Title: RFE lxc: lxc should do a better jon of housekeeping containers Status in lxc package in Ubuntu: Won't Fix Bug description: Right now lxc does a pretty poor job wrt. managing containers, i.e. one needs to know, where containers have been installed to be able to access/use/manage them (option -P dir) unless they've been installed in the default location. Even if one knows the install path, it is still a pain to work with corresponding lxc commands, because one always needs to specify -P ... This really sucks (especially if one needs to service foreign machines). So the proposal is, that if a zone gets created, lxc puts a symlink to the related config under /etc/lxc/cfg/ or something like that and all lxc tools like lxc-ls first check this directory, and if the link destination exists, it has all information it needs to know., i.e. all "-P idontknow" madness is not required anymore. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1424233/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1367214] Re: Newly installed openssh-server and upstart: status: Unknown job: ssh
Probably because this piece of junk (upstart) just silently discards any *.conf file with errors/unknown directives in it instead of reporting/logging the problem. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upstart in Ubuntu. https://bugs.launchpad.net/bugs/1367214 Title: Newly installed openssh-server and upstart: status: Unknown job: ssh Status in upstart package in Ubuntu: Confirmed Bug description: Just after installing openssh-server, there is no ssh service in the initctl's list. Consequently, the SSH server cannot be started: # initctl start ssh initctl: Unknown job: ssh # dpkg -l | grep ssh ii openssh-client 1:6.6p1-2ubuntu2 i386 secure shell (SSH) client, for secure access to remote machines ii openssh-server 1:6.6p1-2ubuntu2 i386 secure shell (SSH) server, for secure access from remote machines # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS" # initctl reload-configuration # initctl list | grep ssh ssh-agent start/running # ps axuw | grep ssh ivoras1578 0.0 0.0 4216 200 ?Ss Sep08 0:00 ssh-agent -s root 11810 0.0 0.0 6168 852 pts/2S+ 11:26 0:00 grep ssh # initctl start ssh initctl: Unknown job: ssh Running "/etc/init.d/ssh" does not do anything since the script exits, AFAIK in the upstart check. Running "service ssh restart" results in: # service ssh restart stop: Unknown job: ssh start: Unknown job: ssh After rebooting the machine, sshd is started (!), but still not visible in "initctl list" (!!) and running /etc/init.d/ssh still doesn't do anything (!!!), as well as the "service" command returning the same "Unknown job: ssh" error. Exactly the same problem happens with the php5-fpm service. I've also installed nginx and while it can be controlled by using /etc/init.d/nginx , it is not visible in "initctl list". The question is - how do I control the services in Ubuntu 14.04? This is a fresh install, the ssh service was the first service installed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1367214/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1410637] [NEW] gai.conf changes seem to have no effect
Public bug reported: Ubuntu documentation states, that changing /etc/gai.conf is the way to be able to prefer IPv4 over IPv6. So from the original gai.conf we removed the comment in front of the precedence statements AND set the value for :::0:0/96 to 60. Unfortunately this does not seem to have an effect. E.g.: 'getent hosts heise.de' still returns '2a02:2e0:3fe:1001:302:: heise.de' instead of '193.99.144.80heise.de', even if no interface has an IPv6 addr configured, all /proc/sys/net/ipv6/conf/*/disable_ipv6 have the value 1 and no ipv6 specific iptables/rules are in use. This is extremly odd and needs to be fixed. /etc/nsswitch.conf uses 'hosts: files dns'. Linux tb 3.16.0-24-generic #32-Ubuntu SMP Tue Oct 28 13:07:32 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux cat /etc/os-release NAME="Ubuntu" VERSION="14.10 (Utopic Unicorn)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 14.10" VERSION_ID="14.10" HOME_URL="http://www.ubuntu.com/"; SUPPORT_URL="http://help.ubuntu.com/"; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"; ** Affects: eglibc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1410637 Title: gai.conf changes seem to have no effect Status in eglibc package in Ubuntu: New Bug description: Ubuntu documentation states, that changing /etc/gai.conf is the way to be able to prefer IPv4 over IPv6. So from the original gai.conf we removed the comment in front of the precedence statements AND set the value for :::0:0/96 to 60. Unfortunately this does not seem to have an effect. E.g.: 'getent hosts heise.de' still returns '2a02:2e0:3fe:1001:302:: heise.de' instead of '193.99.144.80 heise.de', even if no interface has an IPv6 addr configured, all /proc/sys/net/ipv6/conf/*/disable_ipv6 have the value 1 and no ipv6 specific iptables/rules are in use. This is extremly odd and needs to be fixed. /etc/nsswitch.conf uses 'hosts: files dns'. Linux tb 3.16.0-24-generic #32-Ubuntu SMP Tue Oct 28 13:07:32 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux cat /etc/os-release NAME="Ubuntu" VERSION="14.10 (Utopic Unicorn)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 14.10" VERSION_ID="14.10" HOME_URL="http://www.ubuntu.com/"; SUPPORT_URL="http://help.ubuntu.com/"; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"; To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1410637/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1624415] [NEW] tcsh coredumps all the time on tab
Public bug reported: When a users having tcsh as its [login] shell presses tab key (autocompletion), tcsh coredumps immediately, always: admin.python ~ > gdb tcsh GNU gdb (Ubuntu 7.11.90.20160906-0ubuntu1) 7.11.90.20160906-git ... (gdb) run Starting program: /local/home/admin/tcsh admin.python ~ > ls . Suspended (tty output) admin.python ~ > fg gdb tcsh Program received signal SIGSEGV, Segmentation fault. __GI___rewinddir (dirp=0x771808) at ../sysdeps/posix/rewinddir.c:34 34 ../sysdeps/posix/rewinddir.c: No such file or directory. (gdb) quit A debugging session is active. Inferior 1 [process 25990] will be killed. Quit anyway? (y or n) y admin.python ~ > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu Yakkety Yak (development branch) Release:16.10 Codename: yakkety ** Affects: apport (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1624415 Title: tcsh coredumps all the time on tab Status in apport package in Ubuntu: New Bug description: When a users having tcsh as its [login] shell presses tab key (autocompletion), tcsh coredumps immediately, always: admin.python ~ > gdb tcsh GNU gdb (Ubuntu 7.11.90.20160906-0ubuntu1) 7.11.90.20160906-git ... (gdb) run Starting program: /local/home/admin/tcsh admin.python ~ > ls . Suspended (tty output) admin.python ~ > fg gdb tcsh Program received signal SIGSEGV, Segmentation fault. __GI___rewinddir (dirp=0x771808) at ../sysdeps/posix/rewinddir.c:34 34../sysdeps/posix/rewinddir.c: No such file or directory. (gdb) quit A debugging session is active. Inferior 1 [process 25990] will be killed. Quit anyway? (y or n) y admin.python ~ > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Yakkety Yak (development branch) Release: 16.10 Codename: yakkety To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1624415/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1347020] Re: systemd does not boot in a container
Today I upgraded our last utopic containers (~10) to vivid using do- release-upgrade: Everywhere the same: after reboot systemd is the only thing which is running in the container, but nothing else happens. It doesn't start anything! So the only way to get the stuff fixed is to manually attach to the container, do a ' ln -sf upstart /sbin/init', logout and force a lxc-stop/start of the container and do the remaining things ... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1347020 Title: systemd does not boot in a container Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: Fix Released Bug description: Opening against cloud-init for now, but ultimately might end up as bug-fixes / srus against some other packages in trusty. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1394249] [NEW] lxc package dependencies over-constrained
Public bug reported: Obviously lxc does NOT depend on dnsmasq-base and thus this dependency should be lowered to "optional" or "recommended". Today entities using containers already have proper DNS as well as DHCP servers and thus do not need at all another point of failure/possible weak software/redundant aka non-green services like the dnsmasq stuff. ** Affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1394249 Title: lxc package dependencies over-constrained Status in “lxc” package in Ubuntu: New Bug description: Obviously lxc does NOT depend on dnsmasq-base and thus this dependency should be lowered to "optional" or "recommended". Today entities using containers already have proper DNS as well as DHCP servers and thus do not need at all another point of failure/possible weak software/redundant aka non-green services like the dnsmasq stuff. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1394249/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1394263] [NEW] lxc: unconditional overwrite of USE_LXC_BRIDGE
Public bug reported: Defining USE_LXC_BRIDGE and than overwriting it unconditionally in the source /etc/default/lxc-net doesn't make sense/is confusing. ** Affects: lxc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1394263 Title: lxc: unconditional overwrite of USE_LXC_BRIDGE Status in “lxc” package in Ubuntu: New Bug description: Defining USE_LXC_BRIDGE and than overwriting it unconditionally in the source /etc/default/lxc-net doesn't make sense/is confusing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1394263/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1394352] [NEW] apparmor: Multiple definitions ... bailing out
Public bug reported:
When one creates a incorrect profile, apparmor_parser seems to leave an
artifact of the "problem" file in the same directory, which in turn
leads to another error, when the file gets fixed. Not sure, how appamor
stuff works, but this is simply an unacceptable behavior! It should put
its temp. stuff to its own private directory, if it really needs to make
a copy of whatever
E.g.: ( lxc-default == package delivered original)
ls -l /etc/apparmor.d/lxc
total 40
-rw-r--r-- 1 root root 506 Nov 19 21:34 lxc-default
-rw-r--r-- 1 root root 544 Oct 10 06:53 lxc-default-with-mounting
-rw-r--r-- 1 root root 588 Oct 10 06:53 lxc-default-with-nesting
sudo sed -e '/}/ i\\tmount options (rw, bind),' -i
/etc/apparmor.d/lxc/lxc-default
sudo apparmor_parser -r /etc/apparmor.d/lxc-containers
: AppArmor parser error for /etc/apparmor.d/lxc-containers in
/etc/apparmor.d/lxc/lxc-default at line 11: Found unexpected character: '('
ls -l /etc/apparmor.d/lxc
total 40
-rw-r--r-- 1 root root 506 Nov 19 21:35 lxc-default
-rw-r--r-- 1 root root 544 Oct 10 06:53 lxc-default-with-mounting
-rw-r--r-- 1 root root 588 Oct 10 06:53 lxc-default-with-nesting
-rw-r--r-- 1 root root 479 Nov 19 21:34 lxc-defaulte
# fix it:
sed -e '/mount options/ s,options ,options=,' -i
/etc/apparmor.d/lxc/lxc-default
sudo apparmor_parser -r /etc/apparmor.d/lxc-containers
: Multiple definitions for profile lxc-container-default exist,bailing out.
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1394352
Title:
apparmor: Multiple definitions ... bailing out
Status in “lxc” package in Ubuntu:
New
Bug description:
When one creates a incorrect profile, apparmor_parser seems to leave
an artifact of the "problem" file in the same directory, which in turn
leads to another error, when the file gets fixed. Not sure, how
appamor stuff works, but this is simply an unacceptable behavior! It
should put its temp. stuff to its own private directory, if it really
needs to make a copy of whatever
E.g.: ( lxc-default == package delivered original)
ls -l /etc/apparmor.d/lxc
total 40
-rw-r--r-- 1 root root 506 Nov 19 21:34 lxc-default
-rw-r--r-- 1 root root 544 Oct 10 06:53 lxc-default-with-mounting
-rw-r--r-- 1 root root 588 Oct 10 06:53 lxc-default-with-nesting
sudo sed -e '/}/ i\\tmount options (rw, bind),' -i
/etc/apparmor.d/lxc/lxc-default
sudo apparmor_parser -r /etc/apparmor.d/lxc-containers
: AppArmor parser error for /etc/apparmor.d/lxc-containers in
/etc/apparmor.d/lxc/lxc-default at line 11: Found unexpected character: '('
ls -l /etc/apparmor.d/lxc
total 40
-rw-r--r-- 1 root root 506 Nov 19 21:35 lxc-default
-rw-r--r-- 1 root root 544 Oct 10 06:53 lxc-default-with-mounting
-rw-r--r-- 1 root root 588 Oct 10 06:53 lxc-default-with-nesting
-rw-r--r-- 1 root root 479 Nov 19 21:34 lxc-defaulte
# fix it:
sed -e '/mount options/ s,options ,options=,' -i
/etc/apparmor.d/lxc/lxc-default
sudo apparmor_parser -r /etc/apparmor.d/lxc-containers
: Multiple definitions for profile lxc-container-default exist,bailing out.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1394352/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1394263] Re: lxc: unconditional overwrite of USE_LXC_BRIDGE
Well, it is strange: If there is such a setting in /etc/default/lxc, one usually assumes, that this is the master of the disaster and gets "propagated" downwards, but obviously it is not ... And thus I wonder, which files in the lxc forest need to be checked as well to avoid further surprises ... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1394263 Title: lxc: unconditional overwrite of USE_LXC_BRIDGE Status in “lxc” package in Ubuntu: Incomplete Bug description: Defining USE_LXC_BRIDGE and than overwriting it unconditionally in the source /etc/default/lxc-net doesn't make sense/is confusing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1394263/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
