The workaround from #71 worked almost perfectly out of the box, I've
only seen 1-2 windows staying under the dock. I probably simply need
bump the delay a bit from the default value.
Thanks a lot @popov895. @ballogy, thanks for working on this with
upstream!
--
You received this bug
FYI, snapd is a "base-less" snap:
$ lxc launch ubuntu-minimal-daily:22.04 c1
$ lxc shell c1
root@c1:~# snap list
No snaps are installed yet. Try 'snap install hello-world'.
root@c1:~# snap install snapd
2024-02-15T21:17:09Z INFO Waiting for automatic snapd restart...
snapd 2.61.1 from Canonical✓
** Description changed:
In removing the LXD snap from preseeding in the server seed for Ubuntu
- 24.04 as part LP #2051346 [1] we also removed the snaps snap and the
+ 24.04 as part LP #2051346 [1] we also removed the snapd snap and the
core22 snap.
This means that are subsequent snap
@slyon I saw that https://git.launchpad.net/network-
manager/commit/?h=netplan/lunar-
gu=900b2e15bce37363b263a224e60674f804114693 requires the `file`
package to be available. Some systems don't have installed, albeit
probably not common on desktops but I though I'd mention just in case.
That same
Public bug reported:
During normal operation, chromium wants to read
/proc/pressure/{cpu,io,memory} but is denied by the Apparmor policy:
$ journalctl -b0 -k --grep 'chromium.chromium' | grep -F 'name="/proc/pressure/'
Apr 19 10:40:27 sdeziel-lemur kernel: audit: type=1400
Public bug reported:
# Issue description
After installing chromium with hwacc (snap refresh chromium --channel
latest/candidate/hwacc) I notice a lot of those new messages in dmesg:
Dec 20 13:38:13 sdeziel-lemur kernel: audit: type=1400
audit(1671561493.126:3297): apparmor="DENIED"
Thanks for the test build Nathan, it works as I no longer see those
denials with the provided snap (chromium 107.0.5304.62). Thanks again!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
I just checked 105.0.5195.102-0ubuntu0.18.04.1 and the
changelog.Debian.gz is a file so marking as fix released.
** Changed in: chromium-browser (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is
** Summary changed:
- [snap] apparmor denials on /sys/devices/virtual/dmi/id/bios_vendor,
board_name and board_vendor
+ [snap] apparmor denials on /sys/devices/virtual/dmi/id/bios_vendor,
bios_version, board_name and board_vendor
** Description changed:
When starting chromium's snap, those
Public bug reported:
When starting chromium's snap, those messages are logged:
$ journalctl -o cat -k --grep 'apparmor="DENIED"' | grep -F
snap.chromium.chromium
audit: type=1400 audit(1666194773.600:424): apparmor="DENIED" operation="open"
profile="snap.chromium.chromium"
Marking as fix released because newer chromium/snapd do not get any
denials for syscall=273 on amd64.
Tested with:
$ snap list snapd chromium
Name Version RevTracking Publisher Notes
chromium 106.0.5249.119 2136 latest/stable canonical✓ -
snapd 2.57.4
*** This bug is a duplicate of bug 1900679 ***
https://bugs.launchpad.net/bugs/1900679
Chromium's snap is causing a lot of apparmor/seccomp noise (see other
bugs) but this bug only mentions syscall=203 (sched_setaffinity) which
is now fixed as mentioned in LP: #1900679.
** This bug has been
I've marked the chromium bug as invalid since snapd now allows
sched_setaffinity with browser-sandbox: true (see comment 16). I checked
here with firefox and chromium (both snaps) and the only syscall=203
denial is unrelated:
$ journalctl -o cat -b-1 -k --grep syscall=203
audit: type=1326
I can confirm the denials on /sys/devices/virtual/dmi/id/sys_vendor and
product_name are gone now, thanks!
$ snap list snapd
Name Version RevTracking Publisher Notes
snapd 2.57.4 17336 latest/stable canonical✓ snapd
** Changed in: chromium-browser (Ubuntu)
Status: New
Awesome, thank you Olivier!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1983502
Title:
[snap] seccomp denials for syscall=314 on amd64
Status in thunderbird package in
There are quite a few "pending" crash reports and one from the day I
opened this bug so I'd say yes, it's failing to submit them:
sdeziel@sdeziel-lemur:~/snap/thunderbird/common/.thunderbird/Crash
Reports/pending$ ls -ltr | tail
-rw--- 1 sdeziel sdeziel 2088424 May 27 14:04
thunderbird itself seems to be working fine but the crashreport seemed
to have other issues due to Apparmor:
Aug 3 12:02:04 sdeziel-lemur thunderbird_thunderbird.desktop[32515]:
ExceptionHandler::GenerateDump cloned child 150187
Aug 3 12:02:04 sdeziel-lemur
This bug was reported against an old Ubuntu release and an old
Thunderbird version. Please try to reproduce with current
Ubuntu/Thunderbird version and open a new bug if needed. Thanks!
** Changed in: thunderbird (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug
Public bug reported:
$ snap list thunderbird
Name VersionRev Tracking Publisher Notes
thunderbird 102.1.0-2 237 latest/stable canonical✓ -
During normal operation, the following is logged:
Aug 03 12:07:58 foo kernel: audit: type=1326 audit(1659542878.718:511):
Marking as fix released because the upstream bug was closed and the fix
was verified to work in comment 20 (version 91.7.0). Ubuntu currently
ships version 91.11.0.
** Changed in: thunderbird (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a
I've found a workaround that was tested on Ubuntu 20.04:
$ cat /etc/systemd/system/systemd-logind.service.d/override.conf
# XXX: required to have /proc mounted with hidepid=2,gid=pidgrp
[Service]
SupplementaryGroups=pidgrp
--
You received this bug notification because you are a member of
Thanks for the explanation and pointer to the ML thread, makes sense to
me now.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1966562
Title:
ubuntu-minimal should not depend on
Here is the syscall number => name mapping on amd64:
312: sys_kcmp
314: sys_sched_setattr (so also covered in LP: #1900679)
330: pkey_alloc
** Description changed:
# Steps to reproduce
1) Install Chromium's snap
snap install chromium
2) Monitor logs
journalctl -o cat -f --grep
Public bug reported:
# Steps to reproduce
1) Install Chromium's snap
snap install chromium
2) Monitor logs
journalctl -o cat -f --grep chromium
3) Start Chromium
journalctl will be filled with errors due to some syscalls not permitted
by the seccomp policy, like those:
Apr 14 11:18:14
Thanks Jeremy!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1966127
Title:
ubuntu-desktop-minimal pulls gnome-session which is in universe
Status in gdm3 package in Ubuntu:
It's been a while that ubuntu-minimal depends on isc-dhcp-client:
$ apt-cache show ubuntu-minimal | grep Depends | grep dhcp
Depends: adduser, apt, apt-utils, console-setup, debconf, debconf-i18n,
e2fsprogs, eject, init, iproute2, iputils-ping, isc-dhcp-client, kbd, kmod,
less, locales,
Public bug reported:
ubuntu-minimal already depends on `init` which depends on `systemd-sysv`
which depends on `systemd` which comes with `systemd-networkd` that has
a DHCP client in it.
Having the isc-dhcp-client package feels redundant.
# Additional information
$ lsb_release -rd
Description:
Public bug reported:
ubuntu-desktop-minimal is in main but installing it pulls gnome-session
from universe. Here is how to reproduce it:
1) Create a Jammy VM:
$ lxc launch images:ubuntu/jammy jammy-vm --vm
2) Enter the Jammy VM:
$ lxc shell jammy-vm
3) Install ubuntu-desktop-minimal
This bug is probably fixed but I'll mark it as incomplete hoping that
someone would take the time to test it with supported versions.
** Changed in: ppp (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is
> these can be added fairly soon.
> https://gitlab.com/apparmor/apparmor/-/merge_requests/684
>
> though that is just landing it upstream and I am not sure when the
> next ubuntu upload will be
At least on 20.04, the profile comes from the firefox package, not the
apparmor one:
$ dpkg -S
Public bug reported:
I had a .odt file opened in libreoffice.writer when it suddenly reported
having crashed. `snap info libreoffice` confirmed the snap was refreshed
few minutes before I noticed the crash. This is related to LP: #1616650
but I wouldn't expect the currently running app to simply
No visible user impact other than the noise, sorry for not mentioning
this outright.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1905344
Title:
[snap] thunderbird seccomp
Public bug reported:
Launching thunderbird's snap result in the following logs:
Nov 23 20:07:37 simon-lemur kernel: audit: type=1326 audit(1606180057.636:655):
auid=1000 uid=1000 gid=1000 ses=2 pid=8588 comm="thunderbird-bin"
exe="/snap/thunderbird/95/thunderbird-bin" sig=0 arch=c03e
Public bug reported:
Whenever I start chromium's snap, I get the following messages:
Aug 6 10:50:08 simon-lemur kernel: [10608.138795] audit: type=1326
audit(1596725407.998:159): auid=1000 uid=1000 gid=1000 ses=2 pid=32290
comm="chrome"
Oops, it should have been LOW, not LEGACY. Here it is again to avoid any
confusion:
As a workaround, can you try lowering the profile from MEDIUM [1] to LOW
[2]:
sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string =
*** This bug is a duplicate of bug 1872778 ***
https://bugs.launchpad.net/bugs/1872778
As a workaround, can you try lowering the profile from MEDIUM [1] to LOW
[2]:
sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string =
As a workaround, can you try lowering the profile from MEDIUM [1] to
LEGACY:
sudo mkdir /etc/gnutls
cat << EOF | sudo tee -a /etc/gnutls/config
[overrides]
default-priority-string =
NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-DTLS1.2:%PROFILE_LEGACY
EOF
1:
** This bug is no longer a duplicate of bug 1872778
update-crypto-policies not affecting Gnome Online Accounts
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-online-accounts in Ubuntu.
https://bugs.launchpad.net/bugs/1860461
Public bug reported:
Since the snap upgrade to 80.0.3987.132, chromium keeps complaining
about I/O errors that are apparently due to missing Apparmor rules. Here
is what gets logged by "journalctl -f -o cat" when starting and closing
chromium:
AVC apparmor="DENIED" operation="unlink"
So this bug will be fixed when snapd's 2.43 SRU goes through. I
appreciate the pointer for the gpu-process sanboxing problem and its
workaround! Many thanks Jalon!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in
** Tags added: snap
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1862262
Title:
[snap] apparmor denials on /sys/devices/virtual/dmi/id/sys_vendor and
product_name
Public bug reported:
When starting chromium's snap, those messages are logged:
Feb 6 12:34:17 foo kernel: [106190.836260] audit: type=1400
audit(1581010457.097:1372): apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/sys/devices/virtual/dmi/id/sys_vendor"
pid=20044
On 2019-12-11 12:33 p.m., Rafael David Tinoco wrote:
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this
On 2019-12-11 12:33 p.m., Rafael David Tinoco wrote:
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this bug notification because you are a member of Desktop
Public bug reported:
Running Chromium's snap result in a lot of Apparmor noise like this:
audit: type=1400 audit(0): apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/mount/utab" pid=0 comm="chrome"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit:
** Tags added: snap
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1817329
Title:
[snap] update hides the running browser
Status in chromium-browser package in Ubuntu:
Public bug reported:
Problem description:
I had a couple of tabs open in incognito mode and the Chromium window
was minimized/didn't had the focus. Suddenly, the desktop icon vanished
then reappeared, but the new icon indicated that Chromium was not
running (no "dot"/running indicator next to
Public bug reported:
I don't have any Thunderbolt devices so I masked the unused the
bolt.service. This causes problem with gnome-control-center.
Steps to reproduce:
1) launch gnome-control-center
$ gnome-control-center
2) navigate to Thunderbolt section
go to Devices, then Thunderbolt and
Thanks for confirming with version 63. In the apport report from version
62.0.3 there was:
[68851.399630] firefox[9800]: unhandled signal 11 at
nip 0954e70ece40 lr 0954e70ed414 code 1
I'd check if that's still the case with version 63. Attaching a fresh
apport report
@aixguy, Firefox got an update recently so version 63 should be
available. Would you mind checking if this new version also segfaults?
** Changed in: firefox (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is
Thanks Jan for confirming it was fixed!
** Changed in: firefox (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/794036
Title:
Unable
@David, thanks for the feedback!
** Changed in: firefox (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1578853
Title:
Firefox
Hi Daniel,
On 2018-05-11 04:46 PM, daniel CURTIS wrote:
> Thank You very much for an informations. Yes, there was some changes to
> the Sandbox (vide 'about:support'), because after update there was one
> new option with 'false' value (I have had similar issue in the past but
> it's not important
@Lonnie, it is already released, see the security announcement:
https://usn.ubuntu.com/3645-1/
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1770600
Title:
Firefox v60: does not
The sandboxing improvements are explained in more details here:
https://www.morbo.org/2018/05/linux-sandboxing-improvements-in_10.html
Since I see no setuid binaries, presumably the additional capabilities
are used in the unprivileged user namespace.
--
You received this bug notification
@Daniel, it looks like there was some changes to the sandboxing of
Firefox. I needed to add the following rules to make FF 60 work again:
# new with FF 60
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
owner @{PROC}/@{pid}/{u,g}id_map w,
owner
I added a link to the upstream bug, thanks for the guidance Daniel.
** Bug watch added: freedesktop.org Bugzilla #105508
https://bugs.freedesktop.org/show_bug.cgi?id=105508
** Also affects: xorg-server via
https://bugs.freedesktop.org/show_bug.cgi?id=105508
Importance: Unknown
Finally found what changed. I updated /etc/fstab to have /proc mounted
with hidepid=2,gid=sudo for added security. This works perfectly on
16.04 but totally breaks on 17.10.
To recap: mounting /proc with "nodev,noexec,nosuid" works but adding
"hidepid=2,gid=sudo" breaks.
** Tags added:
** Summary changed:
- Fatal server error: (EE) xf86OpenConsole: Cannot open virtual console 1
(Permission denied)
+ mounting /proc with hidepid causes: Fatal server error: (EE) xf86OpenConsole:
Cannot open virtual console 1 (Permission denied)
--
You received this bug notification because you
*** This bug is a duplicate of bug 1720908 ***
https://bugs.launchpad.net/bugs/1720908
** This bug has been marked a duplicate of bug 1720908
Firefox cannot load Flash because of libxul broken dependency
--
You received this bug notification because you are a member of Desktop
Packages,
Fixed at least in Xenial:
$ hardening-check /usr/lib/thunderbird/thunderbird
/usr/lib/thunderbird/thunderbird:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
$
Could you please try to reproduce with the updated version:
55.0.2+build1-0ubuntu0.17.04.1. This new version addresses some
performance regressions. I don't know if it's available for Kali just
yet though.
** Changed in: firefox (Ubuntu)
Status: New => Incomplete
--
You received this bug
Hi Daniel, you can get Firefox 54.0 from artful-proposed so you might
want to use that until it officially lands in artful-updates. See
https://wiki.ubuntu.com/Testing/EnableProposed for how to install
packages from -proposed.
--
You received this bug notification because you are a member of
Public bug reported:
unity-lens-applications is apparently wrongly shipping
/usr/locale/da/LC_MESSAGES/unity-lens-applications.mo
This is the only translation file (.mo) shipped by unity-lens-applications. It
seems that the other translation files are shipped by
language-pack-gnome-CC-base
Looks like it would be intentional according to https://www.mozilla.org
/en-US/firefox/53.0/releasenotes/ :
"Ended Firefox Linux support for processors older than Pentium 4 and AMD
Opteron"
Also, for Windows, they require SSE2 since Firefox 49.
--
You received this bug notification because you
Public bug reported:
Steps to reproduce:
1) select a reply email (one with lines starting with ">")
2) type "Ctrl-e" to open it in edit mode
3) highlight the body text including some lines beginning with ">"
4) paste the text in gedit or another editor
5) notices the lines surrounding those
This isn't a problem with Firefox. It seems like MS folks have not added
the "www." prefix to their TLS certificate. Try going to
https://hotmail.co.uk/ instead.
** Changed in: firefox (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of
On 2017-01-31 05:46 PM, Jean-Philippe Guérard wrote:
> I was able to reproduce the problem, but only using the flash plugin:
>
> Jan 31 23:38:34 tigreraye kernel: [221147.141240] audit: type=1400
> audit(1485902314.881:3406): apparmor="DENIED" operation="mknod"
>
On 2017-01-31 02:51 PM, Thomas Mayer wrote:
> Ugly as it is, but mozilla could also maintain profiles for different
> feature sets, or distros, respectively.
>
> But there's more: Different versions of FF with different requirements.
> The only right place to keep track of that is in the source
On 2017-01-31 02:20 PM, Thomas Mayer wrote:
> Why should all the distros do that independently? There's a lot of
> redundancy which could be allocated elsewhere.
Indeed but cross-distro compatibility is profiles as not every
distro/release have the same feature set. For example, not all supported
@Thomas, how is this bug not a dup of LP: #1553758 that was opened
before and contains the exact same Apparmor denial?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1660268
Title:
On 2017-01-31 01:24 PM, Thomas Mayer wrote:
> @sdeziel That was intentional: How should someone keep track of what
> your profile fixes if there's no ticket for each rule?
I see your point.
> How should a maintainer decide if that should be merged?
The problem is that nobody seems to care about
** This bug is no longer a duplicate of bug 1533232
missing many apparmor rules on Xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1553758
Title:
usr.bin.firefox apparmor
*** This bug is a duplicate of bug 1553758 ***
https://bugs.launchpad.net/bugs/1553758
** This bug has been marked a duplicate of bug 1553758
usr.bin.firefox apparmor profile blocks access to meminfo
--
You received this bug notification because you are a member of Desktop
Packages,
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
** This bug has been marked a duplicate of bug 1533232
missing many apparmor rules on Xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
** Attachment removed: "local/usr.bin.firefox"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+attachment/4811453/+files/usr.bin.firefox
** Attachment added: "local/usr.bin.firefox"
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
@Jean-Philippe, most if not all the rules are covered in the proposed rule
addition in LP: #1533232
@Thomas, I just added the dbus session receive Mounted member to the same LP,
thanks.
Marking as
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
** This bug has been marked a duplicate of bug 1533232
missing many apparmor rules on Xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
@Thomas, some of the rules are related to E10S but a lot predate it. I
noticed you opened quite a few bugs with regards to Firefox's profile,
most of those would have been fixed had one included my
local/usr.bin.firefox rules into the main profile as shipped by the
package.
I try to keep the
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
** This bug has been marked a duplicate of bug 1533232
missing many apparmor rules on Xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
@Jean-Philippe, I use the Firefox profile extensively with some
additional local/ rules (LP: #1533232) but I never ran into a situation
where Firefox needed to access /dev/shm. Could you double check if you
still have those denial on a fully updated system? Thanks
--
You received this bug
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
** This bug has been marked a duplicate of bug 1533232
missing many apparmor rules on Xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
Fixed by apparmor 2.10.95 that was backported to Trusty.
** Changed in: firefox (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1553711
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
@Frank, the vfs mounttracker missing rules are covered in LP: #1533232
The .ICE-unix socket ones are now fixed at least in Xenial as the proper
rule was added to abstractions/X
** This bug has been marked
*** This bug is a duplicate of bug 1533232 ***
https://bugs.launchpad.net/bugs/1533232
** This bug has been marked a duplicate of bug 1533232
missing many apparmor rules on Xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
** Attachment removed: "local/usr.bin.firefox"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+attachment/4782501/+files/usr.bin.firefox
** Attachment added: "local/usr.bin.firefox"
For a long while, I've been using this local include file with success
on Xenial 16.04. To make use of it, download the "local/usr.bin.firefox"
file to /tmp and do:
sudo cp /tmp/usr.bin.firefox /etc/apparmor.d/local/usr.bin.firefox
sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.firefox
** Attachment removed: "local/usr.bin.firefox"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+attachment/4782500/+files/usr.bin.firefox
** Attachment added: "local/usr.bin.firefox"
** Attachment removed: "local/usr.bin.firefox"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+attachment/4782466/+files/usr.bin.firefox
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
** Attachment added: "local/usr.bin.firefox"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+attachment/4782500/+files/usr.bin.firefox
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
I'm attaching my refreshed local include.
** Attachment removed: "local/usr.bin.firefox"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+attachment/4548596/+files/local-usr.bin.firefox
** Attachment added: "local/usr.bin.firefox"
Marc, I'm assuming this is related to this
https://scarybeastsecurity.blogspot.ca/2016/11/0day-exploit-advancing-
exploitation.html, right?
Like the author, I question the upstream decision to include FLIC
support in the "good" set. Would it be possible to move that plugin to
the "bad" or the
Thanks Aron and Sebastien, I can confirm that version
1.2.2-0ubuntu0.16.04.1 from xenial-proposed fixes the problem.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1568829
The upstream patch was included in NM 1.2.2 so Yakkety is not affected,
only Xenial is.
The attached debdiff contains the upstream patch backported to Xenial.
The resulting package resolve the issue. If anything is missing for the
SRU process, please let me know.
** Patch added:
This was fixed upstream:
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-applet in Ubuntu.
Thanks Alberto. https://bugzilla.gnome.org/show_bug.cgi?id=769324
** Description changed:
+ Steps to reproduce:
+
+ 1. (Re-)mount /proc with hidepid=1 (or =2)
+ 2. Restart nm-applet
+
+ nm-applet's icon does not reappear after the restart. This used to work
+ with version 1.0.
+
+
+ Original
** Summary changed:
- nm-applet icon not showing
+ nm-applet icon not showing when /proc is mounted with hidepid!=0
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-applet in Ubuntu.
This is similar to LP: #1541678 which has a simpler and more generic
patch.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1519120
Title:
Xenial: VLAN interfaces don't work
Simon's patch [1] was included in version 2.72 (Vivid and later).
Marking as fix released.
1:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=006c162382aaa30f63413b876ecbe805280c3d36
** Changed in: dnsmasq (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug
1 - 100 of 173 matches
Mail list logo
