It looks like the same issue happens with "kill" syscall:
Jul 01 15:52:45 kernel: audit: type=1400 audit(1719849165.951:291):
apparmor="DENIED" operation="signal" class="signal"
profile="lxd-v1_" pid=15369 comm="lxd"
requested_mask="receive" denied_mask="receive" signal=kill
peer="snap.lxd.daemon"
upstream discussion
https://gitlab.com/apparmor/apparmor/-/merge_requests/1247
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067900
Title:
apparmor unconfined profile blocks pivot_root
To manage n
AFAIK, fix was landed
https://gitlab.com/apparmor/apparmor/-/commit/4bb134e4bb950a8c9a1f70a27eb2acd2a35df412
But changelog
https://changelogs.ubuntu.com/changelogs/pool/main/a/apparmor/apparmor_4.0.1really4.0.0-beta3-0ubuntu0.1/changelog
says that everything was reverted back to 4.0.0~beta.
--
Y
https://lists.ubuntu.com/archives/kernel-team/2024-September/153510.html
** Patch added:
"0001-UBUNTU-SAUCE-fan-release-rcu_read_lock-on-skb-discar.patch"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064176/+attachment/5814067/+files/0001-UBUNTU-SAUCE-fan-release-rcu_read_lock-on-skb
** Description changed:
+ SRU Justification:
+
+ [Impact]
+
+ User can trigger a host crash on Jammy/Noble by launching
+ a container which uses Ubuntu FAN network in LXD.
+
+ [Fix]
+
+ A first proposed patch fixes RCU locking by releasing rcu_read_lock
+ on the skb discard codepath.
+
+ Seco
v2 submitted https://lists.ubuntu.com/archives/kernel-
team/2024-September/153551.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064176
Title:
LXD fan bridge causes blocked tasks
To manage not
We have another problem which disappears when I revert
dc757a645cfa82f6ac252365df20a36a9ff82760 ("UBUNTU: SAUCE: apparmor4.0.0
[81/90]: apparmor: convert easy uses of unconfined() to
label_mediates()") commit.
Now it is not connected with unconfined profiles at all, it involves Ubuntu
Noble (host
From LXC side, we probably should fix this too, just to follow the
AppArmor spec. I'll prepare a PR for that.
John, what's the best way to validate AppArmor profiles syntax and
conformance with the spec?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subs
This is the reason:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux-raspi/+git/noble/tree/debian.raspi/config/annotations?h=master-next#n155
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2038582
Minimal reproducer:
# cat test.c
#define _GNU_SOURCE
#include
#include
#includ
Hi Steve,
I have described a reason of this issue above:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2062176/comments/3
>So this is not a bug in glibc,
This is not a bug. This is a kernel configuration issue.
Kernel configuration has COMPAT_32BIT_TIME=n, but must have COMPAT_32BIT_TIME=y
>The test case given in the github issue is invalid, because it builds
without the default noble compiler flags of -D_FILE_OFFSET_BITS=64
-D_TIME_BITS=64 so tells us nothing about what code is actually being
run as part of noble that depends on the old syscall.
It's not invalid, cause we can't req
Another reproducer:
# cat test2.c
#include
#include
void *threadfn(void *ptr)
{
return NULL;
}
int main(int argc, char **argv)
{
pthread_t thread;
pthread_create(&thread, NULL, &threadfn, NULL);
pthread_join(thread, NULL);
return 0;
}
# arm-linux-gnueabihf-gcc -D_FILE_OFF
JFYI: https://github.com/lxc/lxc/pull/4452
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064144
Title:
lxc ships apparmor config that confuses aa-logprof
To manage notifications about this bug go
If I understand correctly, a proper replacement for
mount options=(rw,make-unbindable) -> **,
is
mount options=(rw,make-unbindable) -> /{,**},
It turned out that replacing it with:
mount options=(rw,make-unbindable) -> /**,
does not work properly and restricts anything on /
(see also http
Looks like I'm facing the same issue:
/testbed-packages
autopkgtest-virt-qemu: DBG: +> cat
autopkgtest-virt-qemu: DBG: +>?
autopkgtest-virt-qemu: DBG: +", 'deststdout', "<_io.BufferedReader name='/dev/null'>",
'devnull_read', <_io.BufferedReader name='/dev/null'>]
autopkgtest-virt-qemu: DBG:
** Patch added: "debdiff.diff"
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2059550/+attachment/5763115/+files/debdiff.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059550
Title:
aut
It's worth mentioning that this debdiff includes not only tests
disabling but also fix that allows to build source package on Ubuntu.
If you do:
pull-lp-source liblxc-dev noble-proposed
cd lxc-5.0.3
debuild -S -d
you will see something like this:
dpkg-source -b .
dpkg-source: info: using sourc
Thanks, Julian!
Once this version pass all tests and reach archives I'll prepare PRs for
https://salsa.debian.org/lxc-team/lxc to be in sync with Debian.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
Ok, lxc/1:5.0.3-2ubuntu4 was uploaded and it's getting better but,
unfortunately, "lxc-test-unpriv" test wasn't skipped really.
Despite this bug
(https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/2056461) I
was able to make my local autopkgtest environment to work:
autopkgtest \
--apt-
** Patch added: "debdiff.diff"
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2059550/+attachment/5763468/+files/debdiff.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059550
Title:
aut
Hi!
I would suggest to way 1-2 days, because right now we are trying to get
https://launchpad.net/ubuntu/+source/lxc/1:5.0.3-2ubuntu5 in Noble. This
should solve this problem too.
I can only guess that your problem connected with that 1:5.0.1-0ubuntu8
was early replaced by 1:5.0.3-2ubuntu1, but t
https://autopkgtest.ubuntu.com/packages/l/lxc
all tests are green, except i386 (which is broken for years :-( and this
should not block a migration).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059
Hi!
Couldn't you check if this is fixed for you?
This is what I see now on Noble:
root@lxc-test-noble:~# apt search liblxc
Sorting... Done
Full Text Search... Done
golang-gopkg-lxc-go-lxc.v2-dev/noble 0.0+git20230621.be98af2-1 all
Go bindings for liblxc
liblxc-common/noble,now 1:5.0.3-2ubuntu
https://github.com/canonical/lxd/pull/13820
** Changed in: lxd (Ubuntu)
Assignee: (unassigned) => Aleksandr Mikhalitsyn (mihalicyn)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046486
Ti
see also
https://github.com/canonical/lxd/issues/13810
** Changed in: lxd (Ubuntu)
Status: Confirmed => Fix Committed
** Bug watch added: github.com/canonical/lxd/issues #13810
https://github.com/canonical/lxd/issues/13810
--
You received this bug notification because you are a member
>Ill need to check with mihalicyn if the fix relies on a thr lxd snap
switching base to core24.
no, but we need https://github.com/canonical/lxd-pkg-snap/pull/477
Full details:
https://github.com/canonical/lxd/issues/13810#issuecomment-2253259452
--
You received this bug notification because yo
Public bug reported:
We can see autopkgtest failures on Noble:
https://autopkgtest.ubuntu.com/packages/lxc
1:5.0.3-2ubuntu2 from noble-proposed/universe
Details from log
(https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/l/lxc/20240327_203000_ce7d4@/log.gz):
==
New debdiff.
Tested with:
https://launchpad.net/~mihalicyn/+archive/ubuntu/criu-noble-test-rev2/+packages
** Patch removed: "deb.diff"
https://bugs.launchpad.net/ubuntu/+source/criu/+bug/2066148/+attachment/5780743/+files/deb.diff
** Patch added: "deb.diff"
https://bugs.launchpad.net/ub
rom upstream and so on.
** Changed in: criu (Ubuntu)
Assignee: (unassigned) => Aleksandr Mikhalitsyn (mihalicyn)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2066148
Title:
Ubun
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077413
Title:
apparmor unconfined profile blocks signal sending
To mana
Hey Christian!
thanks a lot for your fast reaction on this report!
>In other words: this looks like normal and expected behaviour to me.
You'll need to add a rule
ok, that makes sense.
>Note that abstractions/base allows signal (receive) peer=unconfined, -
and "unconfined" does not match your p
: ubuntu
Importance: Undecided
Assignee: Aleksandr Mikhalitsyn (mihalicyn)
Status: Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2070048
Title:
nvme-tcp: fix retry logic
To
** Changed in: ubuntu
Assignee: (unassigned) => Aleksandr Mikhalitsyn (mihalicyn)
** Package changed: ubuntu => linux (Ubuntu)
** Changed in: linux (Ubuntu)
Status: Confirmed => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
Have just sent patches for Unstable/Oracular tree:
https://lists.ubuntu.com/archives/kernel-team/2024-June/151662.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2070048
Title:
nvme-tcp: fix retr
Hopefully, this will be fixed by
https://github.com/canonical/lxd/pull/13681
I think we need some help with validation/review and testing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046486
Title:
** Description changed:
SRU Justification
[Impact]
* Request to port some out-of-upstream-tree patches to fix NVMe over TCP
request retry logic issues
[Fix]
* Port patches from LKML:
https://lore.kernel.org/all/20230908100049.80809-1-h...@suse.de/
[Test Plan]
*
https://lore.kernel.org/all/20240628153712.288166-1-aleksandr.mikhalit...@canonical.com/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2046486
Title:
units with credentials fail in LXD containers
T
Public bug reported:
It looks like because of build failures on Noble toolchain:
https://launchpad.net/ubuntu/noble/+source/criu/+builds
precisely the same version was building just fine on Mantic.
$ rmadison criu -u ubuntu
criu | 2.0-2ubuntu3 | xenial/universe | source, a
It's clearly a false-positive on GCC 13.2
Attaching a Debian diff with workaround (disable warnings and prevent
compilation failures).
** Patch added: "deb.diff"
https://bugs.launchpad.net/ubuntu/+source/criu/+bug/2066148/+attachment/5779927/+files/deb.diff
--
You received this bug notifica
Tested with PPA and it looks like compile-time problem is fixed, but now we
have the next one:
https://launchpadlibrarian.net/730889722/buildlog_ubuntu-noble-ppc64el.criu_3.17.1-3ubuntu1_BUILDING.txt.gz
mkdir -p /<>/debian/criu/usr/lib/powerpc64le-linux-gnu
install -m 755 lib/c/libcriu.so
/<>/de
** Patch removed: "deb.diff"
https://bugs.launchpad.net/ubuntu/+source/criu/+bug/2066148/+attachment/5779927/+files/deb.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2066148
Title:
Ubuntu N
New debdiff.
Tested with https://launchpad.net/~mihalicyn/+archive/ubuntu/criu-noble-
test/+packages
** Patch added: "deb.diff"
https://bugs.launchpad.net/ubuntu/+source/criu/+bug/2066148/+attachment/5780743/+files/deb.diff
--
You received this bug notification because you are a member of U
Hi Georgia,
thanks a lot for looking into this issue!
Kind regards,
Alex
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067900
Title:
apparmor unconfined profile blocks pivot_root
To manage notif
Hey John!
Of course, if I have any piece of information about this one (like
reproducer) I'll share it with you. But for now, we only have these two
LXD issues (links are in comment #3) and that's it.
Also you may look into this discussion:
https://github.com/openzfs/zfs/issues/16324
Also, I'm c
I don't think that I have permissions for that ;-)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064176
Title:
LXD fan bridge causes blocked tasks
To manage notifications about this bug go to:
htt
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064176
Title:
LXD fan bridge causes blocked tasks
To manage notifications about
I have some evidences that potentially we have even more serious trouble
with ZFS on Ubuntu Noble 6.8 kernel.
Some time ago LXD team has got a report about LXCFS processes crashes:
https://github.com/lxc/lxcfs/issues/644
After spending really a lot of time checking everything from our side
(in LX
** Summary changed:
- kernel 6.8.0-40: ext4 online resize on thin-provisioned storage gives
'invalid opcode'
+ kernel 6.8.0-40: ext4 online resize on thin-provisioned storage gives BUG at
fs/ext4/resize.c:324
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Looks like this:
https://lore.kernel.org/linux-ext4/ee3df746-901c-40bd-95b5-2a2b73403...@huawei.com
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2081231
Title:
kernel 6.8.0-40: ext4 online resize o
Minimal reproducer:
mkdir -p /tmp/ext4_crash/mnt
EXT4_CRASH_IMG="/tmp/ext4_crash/disk.img"
rm -f $EXT4_CRASH_IMG
truncate $EXT4_CRASH_IMG --size 25MiB
EXT4_CRASH_DEV=$(losetup --find --nooverlap --direct-io=on --show
$EXT4_CRASH_IMG)
mkfs.ext4 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $E
patch for Jammy https://lists.ubuntu.com/archives/kernel-
team/2024-September/154056.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064176
Title:
LXD fan bridge causes blocked tasks
To manage
upstream patch
https://lore.kernel.org/linux-ext4/20240925143325.518508-1-aleksandr.mikhalit...@canonical.com
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2081231
Title:
kernel 6.8.0-40: ext4 onlin
** Tags removed: verification-needed-jammy-linux
** Tags added: verification-done-jammy-linux
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064176
Title:
LXD fan bridge causes blocked tasks
To man
@ernestl 2) @LXD team: What in lxd is responsible for populating
"/var/snap/lxd/common/shmounts/lxcfs"?
https://github.com/canonical/lxd-pkg-snap/blob/0b6e8e9a61c48f87244ccb9b34fb4cd35a007ae6/snapcraft/commands/daemon.start#L149C68-L149C79
and
https://github.com/canonical/lxd-pkg-snap/blob/0b6e8e9
** Tags removed: verification-needed-noble-linux
** Tags added: verification-done-noble-linux
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064176
Title:
LXD fan bridge causes blocked tasks
To man
55 matches
Mail list logo
