Hi all,
On 09-09-2023 13:06, Paul Gevers wrote:
All ci.d.n workers (except riscv64) now run the kernel from
bookworm-backports. systemd passes it's autopkgtest again in unstable,
testing and stable.
We're having issues [1] with the (backports and) unstable kernel on our
main amd64 host, so w
On Mon, 2023-09-11 at 13:45 +0200, Michael Biebl wrote:
> Am 09.09.23 um 14:20 schrieb intrigeri:
>
> > At this stage it seems clear that the bug and the corresponding
> > ideal fix are in the AppArmor part of src:linux, and the bug
> > affects at least src:apparmor and src:lxc. I'd like to reflec
On Mon, 2023-09-04 at 12:39 -0700, John Johansen wrote:
> On 9/4/23 12:32, Michael Biebl wrote:
> > John, could you help with getting this fix into 6.1.x?
>
> yes, I am working on a patch.
Hi John,
I wanted to check in to see if you've had a chance to work on that
patch for the 6.1 kernel. The
Control: severity -1 important
Am 09.09.23 um 14:20 schrieb intrigeri:
Hi again,
Thank you all for working both on workarounds for Debian CI and on
a proper upstream Linux kernel fix. Impressive cross-team work! :)
+1
At this stage it seems clear that the bug and the corresponding ideal
fix
Hi again,
Thank you all for working both on workarounds for Debian CI and on
a proper upstream Linux kernel fix. Impressive cross-team work! :)
At this stage it seems clear that the bug and the corresponding ideal
fix are in the AppArmor part of src:linux, and the bug affects at
least src:apparmo
Hi,
On 03-09-2023 10:50, Paul Gevers wrote:
I have manually upgraded the s390x host and
rebooted, so that can serve as a test arch.
All ci.d.n workers (except riscv64) now run the kernel from
bookworm-backports. systemd passes it's autopkgtest again in unstable,
testing and stable.
Paul
On 9/4/23 12:32, Michael Biebl wrote:
Am 04.09.23 um 20:23 schrieb Mathias Gibbens:
On Mon, 2023-09-04 at 01:00 -0700, John Johansen wrote:
I took a quick look through v6.1..v6.3.1
there is a patch that I think is the likely fix, it first landed in v6.2
1cf26c3d2c4c apparmor: fix apparmor med
Am 04.09.23 um 20:23 schrieb Mathias Gibbens:
On Mon, 2023-09-04 at 01:00 -0700, John Johansen wrote:
I took a quick look through v6.1..v6.3.1
there is a patch that I think is the likely fix, it first landed in v6.2
1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
On Mon, 2023-09-04 at 01:00 -0700, John Johansen wrote:
> I took a quick look through v6.1..v6.3.1
>
> there is a patch that I think is the likely fix, it first landed in v6.2
>
> 1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
Thanks for the pointer John -- I think t
Hello,
Am Samstag, 2. September 2023, 01:13:11 CEST schrieb Mathias Gibbens:
> A minimal reproducer is to install bookworm and create a container
> with a systemd service using a hardening option like
> PrivateNetwork=yes. With the latest bookworm kernel (6.1.38-4), the
> service will fail. But,
Am 03.09.23 um 10:50 schrieb Paul Gevers:
Hi,
On 03-09-2023 02:56, Michael Biebl wrote:
ng?
Do the debci maintainers / lxc maintainers / release team have any
preference regarding a/, b/ and c/ ?
One part of me likes the ci.d.n infrastructure to run stable as an
example of "eat your own
Hi,
On 03-09-2023 02:56, Michael Biebl wrote:
My main concern is to "stop the bleeding" quickly, so to speak,
especially/mainly for debci.
I agree with you, but also consider that with this issue being there
since ~ April 2023 we don't need to rush.
I guess we have three options here:
a/ u
Control: severity -1 serious
I'm tentatively raising this to RC, mainly to make this issue more
visible for other maintainers.
OpenPGP_signature.asc
Description: OpenPGP digital signature
Hi everyone
Am 02.09.23 um 13:09 schrieb Antonio Terceiro:
On Fri, Sep 01, 2023 at 11:13:11PM +, Mathias Gibbens wrote:
I don't think we have a good understanding of the root cause of this
issue. Initially we thought this was a known upstream issue with all-
but very recent versions of a
On Fri, Sep 01, 2023 at 11:13:11PM +, Mathias Gibbens wrote:
> Control: block 1038315 by -1
> Control: block 1042880 by -1
>
> I don't think we have a good understanding of the root cause of this
> issue. Initially we thought this was a known upstream issue with all-
> but very recent versio
Control: block 1038315 by -1
Control: block 1042880 by -1
I don't think we have a good understanding of the root cause of this
issue. Initially we thought this was a known upstream issue with all-
but very recent versions of apparmor and a corresponding lxc profile
fix [0]. However, it appears t
Am 01.09.23 um 13:23 schrieb Michael Biebl:
The only way to fix the container was to use the aforementioned
`lxc.apparmor.profile = unconfined`.
I think we should do that as the breakage is rather widespread and I
already see individual packages trying to work around that to at least
keep debci
17 matches
Mail list logo
