I've been hit by this problem as well, but for the pread64 syscall. It's
working for me now after playing with my apt conf, getting the bug fix
and then reverting my apt conf, but thought it was worth mentioning
anyway.
I'm on a system with nfs/autofs home directories and nis for logins,
which I b
Tanks
On Tue, Apr 17, 2018 at 4:16 PM, Simon Déziel <1732...@bugs.launchpad.net>
wrote:
> It's already mentioned in the NEWS file but for those who would like to
> test the seccomp sanbox, all that's needed is:
>
> APT::Sandbox::Seccomp "true";
>
> Thanks Julian
>
> --
> You received this bug n
It's already mentioned in the NEWS file but for those who would like to
test the seccomp sanbox, all that's needed is:
APT::Sandbox::Seccomp "true";
Thanks Julian
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
This bug was fixed in the package apt - 1.6~rc1
---
apt (1.6~rc1) unstable; urgency=medium
[ Julian Andres Klode ]
* Experimental support for zstd (LP: #1763839)
* Fix debian/NEWS entry for 1.6~beta1
* Use https for Ubuntu changelogs
* Bump cache major version to allow diffe
Or generally allow network and the getdents stuff, and just block more
esoteric syscalls for now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
T
No - it's the "store" method that's failing (e.g.
recompressing/decompressing files). I disallowed socket and friends for
that, so that's failing. I mean, it's a decompress/compress method, it
should not have network access.
--
You received this bug notification because you are a member of Ubuntu
I wonder if we should turn the sandbox off by default for bionic. Not
sure.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notifications
Something seems broken on your config, all those basic things should be
allowed IMHO (and they are, or I'd hit them as well).
You could iterate on this with [1] which for this would let you also add
"connect".
But I doubt that will eventually resolve your issue.
The question is why does it break
Ok, tried again.. It still not working. Error is 42 though:
marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo tee
/etc/apt/apt.conf.d/99seccomp
[sudo] password for marcos:
apt::sandbox::seccomp::allow { "socket" };
marcos@marcos:~$ sudo apt update
Get:1 http://br.archive.
:-)
Oh I see the line break added by LP in my example lead Jimmy the wrong way.
Obviously for the config to work it needs to be there :-)
@Jimmy - Please retry, and check the file content with e.g. cat after
the echo.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Well, no filename was specified for "tee"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notifications about this bug go to:
https://bug
On Wed, Apr 4, 2018 at 10:12 AM, Jimmy Olsen wrote:
> It`still giving me same error:
>
> marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo
> tee
> [sudo] password for marcos:
> apt::sandbox::seccomp::allow { "socket" };
> marcos@marcos:~$ sudo apt update
>
[...]
> S
It`still giving me same error:
marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo tee
[sudo] password for marcos:
apt::sandbox::seccomp::allow { "socket" };
marcos@marcos:~$ sudo apt update
Get:1 http://br.archive.ubuntu.com/ubuntu bionic InRelease [235 kB]
Hit:2 http://lin
On Wed, Apr 4, 2018 at 8:29 AM, Jimmy Olsen wrote:
> Hi Christian. I tried to run this command but it didnt work:
>
> marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' >
> /etc/apt/apt.conf.d/99seccomp
> bash: /etc/apt/apt.conf.d/99seccomp: Permission denied
>
The path this gets
Hi Christian. I tried to run this command but it didnt work:
marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' >
/etc/apt/apt.conf.d/99seccomp
bash: /etc/apt/apt.conf.d/99seccomp: Permission denied
marcos@marcos:~$ sudo marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow {
"sock
Hmm,
0041 should be sys_socket
With the error present (in your case ppa enabled), could you add this
and retry:
echo 'apt::sandbox::seccomp::allow { "socket" };' >
/etc/apt/apt.conf.d/99seccomp
If it works with that it really was the socket call, and Julian can
consider adding it.
https://bugs.
Just tried to add another PPA (from another program), same error going
on. and I get it fixed when PPA is removed...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies w
Hi Chistian. I tried to add the PPA and it shows me that error:
marcos@marcos:~$ sudo add-apt-repository ppa:otto-kesselgulasch/gimp -y && sudo
apt-get update
[sudo] password for marcos:
gpg: keybox '/tmp/tmp935_1y_p/pubring.gpg' created
gpg: key 3BDAAC08614C4B38: 1 signature not checked due to
The actual seccomp fail is important.
Eventually it is a sandbox and we want to add exceptions after we know it has a
valid use case.
As the above libvirt nss case which we added.
Trying the ppa you mentioned I can run just fine - so something is
special in your setup.
Please the exact details a
Idk if I did has something to do with the bug itself. I noticed this bug
happened just after when I added PPA as seen from
https://www.omgubuntu.co.uk/2018/03/gimp-2-10-release-candidate-released
and ran "sudo apt update && sudo apt upgrade" commands. Once it was
removed,no error was shown anymore.
I've just tried it and I does not face the error anymore.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notifications about this bug go
I've just tried it and I do not face the error anymore.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notifications about this bug go t
This bug was fixed in the package libvirt - 4.0.0-1ubuntu1
---
libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
* Merged with Debian unstable (4.0)
This closes several bugs:
- Error generating apparmor profile when hostname contains spaces
(LP: #77)
- qemu 2.10
Wow, store method opens a socket. I wonder what for. This is
frustrating. Workaround for that would probably be
apt::sandbox::seccomp::allow { "socket" };
+ some more socket operations.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
Sorry I don't have the old log.
But it's also happening now:
turip@turip-xps-ws:~$ sudo -i
root@turip-xps-ws:~# apt-get update
Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
Ign:2 http://dl.google.com/linux/chrome/deb stable InRelease
Get:3 http://hu.archive.u
@Turi with the same number 78? That's important :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notifications about this bug g
I ran into the same problem when updating from a fully patched artfull
to bioninc using the following apt sources:
deb http://archive.ubuntu.com/ubuntu/ bionic main restricted
deb-src http://archive.ubuntu.com/ubuntu/ bionic universe main restricted
multiverse
deb http://archive.ubuntu.com/ubunt
OK, so I think we let this sit for a few more weeks and see what else we
get. So far we have 4 people affected by this. Does not happen for me,
BTW, and yes, I use the mirror method (from -proposed, the old one does
not work and the new one is much better :D).
Now, as to documentation: There is no
Note: my source.lust had no trailing / so for me it was
$ sed -i
's/http:\/\/archive.ubuntu.com\/ubuntu/mirror:\/\/mirrors.ubuntu.com\/mirrors.txt/g'
/etc/apt/sources.list
to trigger the issue
Note (2): Also this feature is still undocumented since all the time
:-/.
--
You received this bug no
Interesting, thanks Mathias for the update.
@Julian - I think this means you have to tackle that from apt itself then? (or
at least find out via which path it triggers the issue now).
How far are you in regard to comment #9 number 3 atm - can you take it into apt
itself already?
--
You receive
Had the same issue, but wihtout libnss-libvirt installed. Switching to
the mirror method also triggers the error.
# sed -i
's/http:\/\/archive.ubuntu.com\/ubuntu\//mirror:\/\/mirrors.ubuntu.com\/mirrors.txt/g'
/etc/apt/sources.list
# apt update
0% [Working]
Seccomp prevented execution of s
** Tags added: libvirt-18.04
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notifications about this bug go to:
https://bugs.launchpad.n
@Tamas - your stack trace might help to identify another source of such
issues, let us know.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To man
Ok, so I will add this on the next libvirt merge to be safe on bionic.
** Changed in: libvirt (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
1. This is appending. You could also write it
apt::sandbox::seccomp::allow:: "getdents" but the list notation is
documented.
2. Right. Others might have other issues, mostly depending on their NSS
modules. I don't think we'll fix all of them. But I don't think there
are many users with non-standar
Hi Julian,
I have broken down the testcase into reproducible steps:
Testcase - TL;DR get running guest with IP and enable libvirt nss:
$ apt install libnss-libvirt libvirt-dameon-system
$ apt update
$ uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily
arch=amd64 label=da
It would be nice if libvirt-nss could ship an /etc/apt/apt.conf.d
/libvirt-nss.conf, or a numbered file like the others, that allows
getdents. I don't think I want to turn it on in general because not
being able to list a directory is kind of useful.
** Also affects: libvirt (Ubuntu)
Importance
I hit this today in a Bionic container trying to use "apt-get download".
Found this bug and based on this trying to provide the debug data that was
requested back then.
So I gathered the crash file with JulianK's hint and then used Tamas
workaround to get all apport tools as needed.
# apport-ret
Note: adding getdents as suggested was enough, there were no further
seccomp hits triggered later on.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp erro
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apt (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt u
Hi,
thanks for your bug report. It seems that something is trying to read a
directory. Could you perhaps run with apt::sandbox::seccomp::print set
to false and gather a stack trace and attach that here? (or let apport
do its magic and report it separately?). This would help figuring out
what needs
Workaround:
echo 'apt::sandbox::seccomp "false";' > /etc/apt/apt.conf.d/999seccomp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732030
Title:
'apt update' dies with seccomp error
To manage notif
42 matches
Mail list logo
