@mvo I don't understand why we'd add the "assumes" to the kernel's
snapcraft.yaml now since we're reverting the problematic AppArmor
commit. A kernel with the AppArmor commit will never be released to
stable (or -updates/-security) so I don't think that the "assumes"
workaround is needed any
Thanks Jamie! I looked into this from the snapd side and I think we
should do the following:
a) wait with the release of the *snap* until snapd 2.41 is released (scheduled
Sep 9, we can try to release sooner if its criticial)
b) add the following to the kernel snapcraft.yaml: "assumes:
If the kernel team could add the "assumes" to the edge kernel relatively
soon that would be great. Then we can do some extra testing to double
check that devices behave correctly when both core and kernel are
refreshed in the same transaction.
--
You received this bug notification because you
Reverting the patch according to comment #20.
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
After discussing with Field, snapd, kernel and the security team, this
will break existing Ubuntu Core devices that use the 4.4 kernel and the
network-manager snap in the default channel (per reporter, the 1.10
channel is unaffected). Therefore, the 4.4 kernels snaps that include
this change (ie,
The fix causes at least the network-manager fails to work in Ubuntu
Core: https://bugs.launchpad.net/snapd/+bug/1840873
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
Hello.
I would like to note, that when Linux kernel has been updated to
4.4.0-160.188 version[1] (with, among others, patches for LP:#1658219
and LP:#1838090), I've had to update a few profiles (such as Audacious,
Parole, Xorg, Logrotate etc.), because of a lot of "DENIED" entries in
system log
** Changed in: linux (Ubuntu Xenial)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in
** Changed in: linux (Ubuntu Xenial)
Status: Triaged => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
** Tags added: cscc
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix
On 2019-04-03 03:06:09, thighland wrote:
> I encountered this issue on xenial after updating to Azure's 4.15 kernel
> for testing. We started encountering an apparmor deny which doesn't
> happen on the latest 4.4 kernel. I had missed setting the k flag for a
> policy, and everything worked on the
I encountered this issue on xenial after updating to Azure's 4.15 kernel
for testing. We started encountering an apparmor deny which doesn't
happen on the latest 4.4 kernel. I had missed setting the k flag for a
policy, and everything worked on the new kerenl once we fixed the
policy.
Given that
Note: this bug affects more than just lock mediation permissions. It at
a minimum can also affect the mmap executable (m) permission.
Further work is required to resubmit this fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in
** Changed in: linux (Ubuntu Yakkety)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
This bug was fixed in the package linux - 4.8.0-45.48
---
linux (4.8.0-45.48) yakkety; urgency=low
* CVE-2017-7184
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
-- Stefan Bader
Not fixed because we had to revert the commits due to various
regressions.
** Changed in: linux (Ubuntu Xenial)
Status: Fix Released => Triaged
** Changed in: linux (Ubuntu Yakkety)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of
This bug was fixed in the package linux - 4.8.0-40.43
---
linux (4.8.0-40.43) yakkety; urgency=low
* linux: 4.8.0-40.43 -proposed tracker (LP: #1667066)
[ Andy Whitcroft ]
* NFS client : permission denied when trying to access subshare, since kernel
4.4.0-31 (LP: #1649292)
This bug was fixed in the package linux - 4.4.0-65.86
---
linux (4.4.0-65.86) xenial; urgency=low
* linux: 4.4.0-65.86 -proposed tracker (LP: #1667052)
[ Stefan Bader ]
* Upgrade Redpine RS9113 driver to support AP mode (LP: #1665211)
- SAUCE: Redpine driver to support
4.4.0-65.86-generic fixes this issue on xenial.
** Tags removed: verification-needed-xenial verification-needed-yakkety
** Tags added: verification-done-xenial verification-done-yakkety
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to
4.8.0-40.43-generic fixes this issue on yakkety.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in
4.10.0-8.10-generic has the fix for this bug so marking the zesty task
as released.
** Changed in: linux (Ubuntu)
Status: Incomplete => Fix Released
** Changed in: apparmor
Status: Triaged => In Progress
** Changed in: apparmor
Assignee: (unassigned) => John Johansen
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
yakkety' to 'verification-done-yakkety'. If the problem still exists,
change the tag
** Changed in: linux (Ubuntu Yakkety)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
25 matches
Mail list logo
