Can you confirm that this only happens on ARM64 with an armhf userspace?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2119734
Title:
armhf: bad flag handling on move_mount syscall
To manage notifi
This looks like a separate bug - could you file it as such?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2098993
Title:
Last updates to apparmor broke all AppImages, which depend on
fusermount
T
** Tags added: sec-7196
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2119237
Title:
Pollinate on Questing fails while reading from /tmp
To manage notifications about this bug go to:
https://bugs.l
Jammy and Noble do not have an lsblk profile, but they do have PCI based
rules and abstractions that have the same issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115234
Title:
Improper matchi
** Tags added: sec-7195
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2119541
Title:
nss-systemd does not grant access to the GDM user database
To manage notifications about this bug go to:
https:/
I have addressed the review comments by editing the SRU text in each of
the bugs linked and would appreciate another lookover in order to move
this SRU forward.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
** Description changed:
SRU Justification:
[ Impact ]
The plasmashell profile was missing the new path to QtWebEngineProcess,
causing the entire desktop environment to crash upon attempted usage of
the Web Browser widget.
[ Test Plan ]
This test needs to be executed on a
** Description changed:
[ Impact ]
The parser did not handle the norelatime mount flag correctly,
essentially treating its addition to a list of mount flags as a no-op. A
test should also be included to ensure that the behavior is fixed and
not broken again.
[ Test Plan ]
Th
** Description changed:
SRU Justification:
[ Impact ]
* lsblk on an s390x system that uses DASD disks shows no output.
* journactl shows lsblk is blocked by apparmor:
2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400
audit(1744729346.034:270): appar
** Description changed:
SRU Justification:
[ Impact ]
lsblk would segfault when run from a confined context due to missing
permissions on the binary execution path, and the lsblk profile need
rules to give m+r permissions for the binaries themselves. One example
of where this wou
** Tags added: sec-7062
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2117553
Title:
Please include libnuma abstraction
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubun
We have no objections to packaging up the libnuma abstraction for
Questing.
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Ryan Lee (rlee287)
--
You received this bug notification because you are a mem
** Description changed:
[ Impact ]
The apparmor.d man page contained incorrect information about the
combination of mount options=(list) options in (list), so this
documentation should be fixed, and a test included to ensure that the
documented behavior matches the actual behavior.
** Description changed:
[ Impact ]
The parser did not handle the norelatime mount flag correctly,
essentially treating its addition to a list of mount flags as a no-op. A
test should also be included to ensure that the behavior is fixed and
not broken again.
[ Test Plan ]
Th
** Description changed:
SRU Justification:
[ Impact ]
The remmina profile is missing a bunch of rules that would be needed in
order to allow usage of all its functionality. For example, remmina
lacked permissions to read ssh keys for the SSH and SFTP operation
modes, lacked permi
** Description changed:
SRU Justification:
[ Impact ]
lsblk would segfault when run from a confined context due to missing
permissions on the binary execution path, and the lsblk profile need
rules to give m+r permissions for the binaries themselves. One example
of where this wou
** Description changed:
[ Impact ]
Various commands segfaulted when run from a confined context due to
missing permissions on the binary execution path, and their
corresponding profiles need rules to give m+r permissions for the
binaries themselves.
[ Test Plan ]
- * Run `sud
** Description changed:
[ Impact ]
The parser did not handle the norelatime mount flag correctly,
essentially treating its addition to a list of mount flags as a no-op. A
test should also be included to ensure that the behavior is fixed and
not broken again.
[ Test Plan ]
Th
** Description changed:
SRU Justification:
[ Impact ]
The openvpn profile lacked permissions to manage DHCP settings, causing
OpenVPN to fail to work with DHCP options set (either in client configs
or with servers that were pushing such settings).
[ Test Plan ]
* This te
** Description changed:
SRU Justification:
[ Impact ]
- The openvpn profile lacked permissions to manage pushed DHCP settings,
- causing openvpn to fail to work with servers that were pushing such
- settings.
+ The openvpn profile lacked permissions to manage DHCP settings, causing
+ Ope
** Description changed:
SRU Justification:
[ Impact ]
The openvpn profile lacked permissions to manage pushed DHCP settings,
causing openvpn to fail to work with servers that were pushing such
settings.
[ Test Plan ]
- * This test description assumes no access to existing
** Description changed:
SRU Justification:
[ Impact ]
Configuration of an OpenVPN client with a "remote some_hostname.local"
rule on Plucky fails because the OpenVPN profile does not allow access
to /run/avahi-daemon/socket for mDNS lookups.
[ Test Plan ]
Test plan for th
** Also affects: fuse3 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2116834
Title:
Were you trying to mount/use any FUSE-based filesystem when this
occurred, or did it just spin and use up CPU consumption from desktop
boot?
** Tags added: sec-7029
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
@enr0n MR approved but we'd greatly appreciate having AppArmor complain-
mode logs for the other failing autopkgtests as well, as well as the one
that invokes the ssh-sk-helper. These are logs we'll need to obtain
(whether from you or from trying to reproduce the failures ourselves) in
order to cre
Proposed merge request acknowledged; I'll look it over later today but
I'm fine with pulling the profile until this can be fixed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2116288
Title:
apparmo
I'm interpreting this last comment as stating that you will modify the
regression testsuite to put ssh-keygen files in an allowed location,
instead of putting them in /tmp where apparmor would cause denials. If
you'd like us to update the profile instead, please let us know.
** Tags added: sec-699
** Description changed:
SRU Justification:
[ Impact ]
The plasmashell profile was missing the new path to QtWebEngineProcess,
causing the entire desktop environment to crash upon attempted usage of
the Web Browser widget.
[ Test Plan ]
This test needs to be executed on a
** Description changed:
SRU Justification:
[ Impact ]
The plasmashell profile was missing the new path to QtWebEngineProcess,
causing the entire desktop environment to crash upon attempted usage of
the Web Browser widget.
[ Test Plan ]
This test needs to be executed on a
** Description changed:
SRU Justification:
[ Impact ]
The openvpn profile lacked permissions to manage pushed DHCP settings,
causing openvpn to fail to work with servers that were pushing such
settings.
[ Test Plan ]
* This test description assumes no access to existing
** Description changed:
SRU Justification:
[ Impact ]
Configuration of an OpenVPN client with a "remote some_hostname.local"
rule on Plucky fails because the OpenVPN profile does not allow access
to /run/avahi-daemon/socket for mDNS lookups.
[ Test Plan ]
Test plan for th
** Description changed:
[ Impact ]
The apparmor.d man page contained incorrect information about the
combination of mount options=(list) options in (list), so this
documentation should be fixed, and a test included to ensure that the
documented behavior matches the actual behavior.
** Description changed:
[ Impact ]
The parser did not handle the norelatime mount flag correctly,
essentially treating its addition to a list of mount flags as a no-op. A
test should also be included to ensure that the behavior is fixed and
not broken again.
[ Test Plan ]
Th
** Description changed:
SRU Justification:
[ Impact ]
The plasmashell profile was missing the new path to QtWebEngineProcess,
causing the entire desktop environment to crash upon attempted usage of
the Web Browser widget.
[ Test Plan ]
This test needs to be executed on a
** Description changed:
[ Impact ]
fusermount3 lacked permissions to mount with noatime, which is needed to
use fuse_overlayfs.
[ Test Plan ]
After installation of the new AppArmor version, the machine might need
to be rebooted. If a reboot between installation and test plan e
** Description changed:
[ Impact ]
sshfs mounts specified in /etc/fstab would fail to mount when a mount of
all filesystems specified in the fstab was attempted with mount -a. This
was due to a missing noexec mount flag specification in the mount rules
of fusermount3's profile.
[
** Description changed:
SRU Justification:
[ Impact ]
fusermount3 lacked permissions to mount to /cvmfs subdirectories,
breaking usage of the CernVM FS.
[ Test Plan ]
- * The following instructions are adapted from
https://cvmfs.readthedocs.io/en/stable/cpt-quickstart.html
** Description changed:
[ Impact ]
iotop-c failed to launch at all due to permission denials in nl_init and
- missing capabilities in the iotop-c profile.
+ missing capabilities in the iotop-c profile. Even after granting iotop-c
+ the permissions required for nl_init to succeed, it was sti
** Description changed:
[ Impact ]
The unprivileged_userns profile did not grant access to the root
directory, which was an oversight in a profile that is intended to allow
almost all accesses except for capabilities usage. This would e.g. break
listing of the root directory contents
** Description changed:
SRU Justification:
[ Impact ]
lsblk would segfault when run from a confined context due to missing
permissions on the binary execution path, and the lsblk profile need
rules to give m+r permissions for the binaries themselves. One example
of where this wou
** Description changed:
[ Impact ]
Various commands segfaulted when run from a confined context due to
missing permissions on the binary execution path, and their
corresponding profiles need rules to give m+r permissions for the
binaries themselves.
[ Test Plan ]
* Run `sud
** Description changed:
[ Impact ]
Various commands segfaulted when run from a confined context due to
missing permissions on the binary execution path, and their
corresponding profiles need rules to give m+r permissions for the
binaries themselves.
[ Test Plan ]
+ * Run `sud
** Description changed:
SRU Justification:
[ Impact ]
lsblk would segfault when run from a confined context due to missing
permissions on the binary execution path, and the lsblk profile need
- rules to give m+r permissions for the binaries themselves.
+ rules to give m+r permissions
** Description changed:
SRU Justification:
[ Impact ]
* lsblk on an s390x system that uses DASD disks shows no output.
* journactl shows lsblk is blocked by apparmor:
2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400
audit(1744729346.034:270): appar
** Changed in: apparmor (Ubuntu Plucky)
Status: New => Confirmed
** Changed in: usbutils (Ubuntu Plucky)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110212
Tit
*** This bug is a duplicate of bug 2107455 ***
https://bugs.launchpad.net/bugs/2107455
** This bug has been marked a duplicate of bug 2107455
segfault of lsblk s390x in containers due to apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
** Tags added: sec-6525
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111845
Title:
autopkgtests failing with fuse3 3.17
To manage notifications about this bug go to:
https://bugs.launchpad.net/ap
** Summary changed:
- Ubuntu 25.05 plucky: lsusb --tree command doesn't works
+ Ubuntu 25.04 plucky: lsusb --tree command doesn't works
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110212
Title:
** Tags added: sec-6489
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110212
Title:
Ubuntu 25.05 plucky: lsusb --tree command doesn't works
To manage notifications about this bug go to:
https://bu
Can you please attach the apparmor denial entries to this bug report?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110212
Title:
Ubuntu 25.05 plucky: lsusb --tree command doesn't works
To manage
We have received multiple reports of remmina breakage caused by an
incomplete AppArmor profile, and we are planning to pull the profile
from Plucky entirely. Please see
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2107723 and
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/211023
This might be a separate fusermount bug - could you please file a new
issue against AppArmor and include any AppArmor denial logs that might
have been generated?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Updated debdiff to fix the issue identified; we are no longer attempting
to match the version number of this Plucky upload to the package version
in Questing.
** Patch added: "apparmor_4.1.0~beta5-0ubuntu14.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2110236/+attachment/
** Changed in: apparmor (Ubuntu Questing)
Status: New => Fix Released
** Changed in: apparmor (Ubuntu Plucky)
Status: New => Confirmed
** Changed in: apparmor (Ubuntu Questing)
Assignee: (unassigned) => Ryan Lee (rlee287)
--
You received this bug notification becaus
** Description changed:
[ Impact ]
sshfs mounts specified in /etc/fstab would fail to mount when a mount of
all filesystems specified in the fstab was attempted with mount -a. This
- was due to a missing noexec mount flag specification in the mount rules.
+ was due to a missing noexec mou
** Description changed:
- My sshfs mounts from /etc/fstab stopped working after upgrading to
- Plucky. This is the line from my fstab:
+ [ Impact ]
+
+ sshfs mounts specified in /etc/fstab would fail to mount when a mount of
+ all filesystems specified in the fstab was attempted with mount -a. Th
** Description changed:
[ Impact ]
This SRU contains fixes for a number of bugs:
- * The unprivileged_userns profile did not have access to the root directory
(LP: #2110616)
- * lsblk could not list DASD devices on IBM System Z (LP: #2107402)
- * Various commands segfaulted when run fro
FYI the iotop-c profile fixing is tracked in
https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug/2107727.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111604
Title:
lsblk: failed to get sysfs n
** Tags added: sec-6372
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111885
Title:
openvpn doesn't work with opensc hw tokens (apparmor denied)
To manage notifications about this bug go to:
https
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Ryan Lee (rlee287)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111807
Title:
Plucky broke fstab sshfs mounts, which depend
Going to be updating this again as a different bug report came in that
made us realize that one of the fixes included in this SRU was
incomplete.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110236
Could you please link to an autopkgtest failure log that would help us
investigate?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111845
Title:
autopkgtests failing with fuse3 3.17
To manage notif
Can you please attach AppArmor denial logs for those mounts?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2098993
Title:
Last updates to apparmor broke all AppImages, which depend on
fusermount
Can you provide more details, such as log entries, about how GNU guix
fails without an AppArmor profile?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111753
Title:
Add profile for GNU guix
To man
** Tags added: sec-6367
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111807
Title:
Plucky broke fstab sshfs mounts, which depend on fusermount
To manage notifications about this bug go to:
https:
** Tags added: sec-6366
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111604
Title:
lsblk: failed to get sysfs name: Permission denied
To manage notifications about this bug go to:
https://bugs.la
Could you share the contents of /etc/apparmor.d/firefox from your
system?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110066
Title:
Online Accounts error when adding a Google account with non-sna
** Tags added: sec-6337
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111205
Title:
fusermount3 profile blocks libfuse module in flatpak
To manage notifications about this bug go to:
https://bugs.
** Description changed:
SRU Justification:
[ Impact ]
The remmina profile is missing a bunch of rules that would be needed in
- order to allow usage of all its functionality. As such, we will need to
+ order to allow usage of all its functionality. For example, remmina
+ lacked permiss
** Changed in: iotop-c (Ubuntu Plucky)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107727
Title:
iotop-c: Call of nl_init fails due to insufficient rights
To manage
Updated debdiff with changelog updated based on feedback.
** Description changed:
[ Impact ]
This SRU contains fixes for a number of bugs:
- * The unprivileged_userns profile did not have access to the root directory
(https://gitlab.com/apparmor/apparmor/-/issues/505)
+ * The unprivileg
Public bug reported:
[ Impact ]
The parser did not handle the norelatime mount flag correctly,
essentially treating its addition to a list of mount flags as a no-op. A
test should also be included to ensure that the behavior is fixed and
not broken again.
[ Test Plan ]
This bug is caught by an
Public bug reported:
[ Impact ]
The apparmor.d man page contained incorrect information about the
combination of mount options=(list) options in (list), so this
documentation should be fixed, and a test included to ensure that the
documented behavior matches the actual behavior.
[ Test Plan ]
C
Public bug reported:
[ Impact ]
Various commands segfaulted when run from a confined context due to
missing permissions on the binary execution path, and their
corresponding profiles need rules to give m+r permissions for the
binaries themselves.
[ Test Plan ]
* Add the following to a new file
Public bug reported:
SRU Justification:
[ Impact ]
fusermount3 lacked permissions to mount to /cvmfs subdirectories,
breaking usage of the CernVM FS.
[ Test Plan ]
* The following instructions are adapted from
https://cvmfs.readthedocs.io/en/stable/cpt-quickstart.html
- Install the cvmfs
Public bug reported:
[ Impact ]
fusermount3 lacked permissions to mount with noatime, which is needed to
use fuse_overlayfs.
[ Test Plan ]
After installation of the new AppArmor version, the machine might need
to be rebooted. If a reboot between installation and test plan execution
is needed fo
** Description changed:
+ SRU Justification:
+
+ [ Impact ]
+
+ The remmina profile is missing a bunch of rules that would be needed in
+ order to allow usage of all its functionality. As such, we will need to
+ pull the remmina profile from Plucky to avoid breaking its usages.
+
+ [ Test Plan
** Description changed:
+ [ Impact ]
+
+ iotop-c failed to launch at all due to permission denials in nl_init and
+ missing capabilities in the iotop-c profile.
+
+ [ Test Plan ]
+
+ * Launch iotop-c under sudo (make sure to invoke iotop-c directly instead of
iotop, which might be symlinked t
** Description changed:
+ SRU Justification:
+
+ [ Impact ]
+
Configuration of an OpenVPN client with a "remote some_hostname.local"
rule on Plucky fails because the OpenVPN profile does not allow access
to /run/avahi-daemon/socket for mDNS lookups.
+
+ [ Test Plan ]
+
+ Test plan for th
** Description changed:
+ SRU Justification:
+
+ [ Impact ]
+
+ The openvpn profile lacked permissions to manage DNS settings for pushed
+ DHCP settings (LP: #2107596)
+
+ [ Test Plan ]
+
+ * This test description assumes no access to existing machines that use
OpenVPN. Additional testing of
** Description changed:
+ SRU Justification:
+
+ [ Impact ]
+
+ The plasmashell profile was missing the new path to QtWebEngineProcess,
+ causing the entire desktop environment to crash upon attempted usage of
+ the Web Browser widget.
+
+ [ Test Plan ]
+
+ This test needs to be executed on a
** Description changed:
SRU Justification:
[ Impact ]
- * lsblk on an s390x system that uses DASD disks shows no output.
-
- * journactl shows lsblk is blocked by apparmor:
-2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400
-audit(1744729346.034:270): appar
or automatically during an batch unattended upgrade) would
result in end users not getting this fix.
[ Other Info ]
This bug was originally reported at
https://gitlab.com/apparmor/apparmor/-/issues/505.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Assignee: Ryan Lee (rlee287
** Description changed:
SRU Justification:
[ Impact ]
* lsblk on an s390x system that uses DASD disks shows no output.
* journactl shows lsblk is blocked by apparmor:
2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400
audit(1744729346.034:270): appar
The root cause of this issue is not related to the unprivileged_userns,
and this was instead an instance of a more general problem we found
involving profiles on applications and rules required for exec
transitions from confined. I'll replace the test plan with one
corresponding to the root cause i
** Description changed:
SRU Justification:
[ Impact ]
- * lsblk on an s390x system that uses DASD disks shows no output.
-
- * journactl shows lsblk is blocked by apparmor:
-2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400
-audit(1744729346.034:270): appa
It's not quite correct, because the underlying bug isn't due to the
unprivileged_userns profile but is instead due to the lsblk profile, but
I can fix that part of the text myself.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:
** Tags added: sec-6302
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2109707
Title:
apparmor openvpn pritunl problem
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu
The proposed uploaded for Plucky is also available at
https://launchpad.net/~rlee287/+archive/ubuntu/apparmor-
staging/+packages in a PPA.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110236
Title:
** Changed in: util-linux (Ubuntu Plucky)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107402
Title:
lsblk on IBM z Systems blocked by apparmor in 25.04
To manage no
Public bug reported:
[ Impact ]
This SRU contains fixes for a number of bugs:
* The unprivileged_userns profile did not have access to the root directory
(https://gitlab.com/apparmor/apparmor/-/issues/505)
* lsblk could not list DASD devices on IBM System Z (LP: #2107402)
* Various commands s
Note: this affects linux-hwe-6.11 but not linux-generic (6.8).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110161
Title:
capable-bpfcc fails to launch due to bpf compilation error
To manage noti
Public bug reported:
$ sudo capable-bpfcc
[sudo] password for ryan-lee:
In file included from /virtual/main.c:14:
In file included from include/uapi/linux/ptrace.h:183:
In file included from arch/x86/include/asm/ptrace.h:175:
In file included from arch/x86/include/asm/paravirt_types.h:12:
In
** Tags added: sec-6287
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107727
Title:
iotop-c: Call of nl_init fails due to insufficient rights
To manage notifications about this bug go to:
https://
I was able to reproduce and confirm this bug, which will need fixing in
the apparmor package.
In the meantime, you can add the rule "network netlink raw," to
/etc/apparmor.d/local/iotop-c and reboot, as a workaround.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
** Changed in: iotop-c (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107727
Title:
iot
to
extract the following BUG trace from /var/log/kern.log after the fact:
2025-05-01T17:46:22.726963-07:00 ryan-lee-laptop-13-amd kernel: watchdog: BUG:
soft lockup - CPU#3 stuck for 336s! [Renderer:5725]
2025-05-01T17:46:22.726974-07:00 ryan-lee-laptop-13-amd kernel: Modules linked
in: vhost_net
Can you please attach logs with AppArmor denial information as well as
additional information (beyond "not working anymore") that could help us
reproduce the failures locally?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
This was reported for Noble in
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2105840, and the
plan is to SRU the fix (currently in Plucky) back to Noble and Oracular.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bu
** Tags added: sec-6207
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2109394
Title:
AppArmor breaks Incus containers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu
1 - 100 of 168 matches
Mail list logo
