This bug was fixed in the package linux - 5.3.0-24.26
---
linux (5.3.0-24.26) eoan; urgency=medium
* eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)
* Eoan update: 5.3.9 upstream stable release (LP: #1851550)
- io_uring: fix up O_NONBLOCK handling for sockets
-
Based on a suggestion from sarnold in #ubuntu-kernel, I re-ran the tests
of the 4.15, 5.0 and 5.3 kernels in combination with a snap (lxd's snap
specifically) and found no problem.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in
I don't see the patch queued up in Xenial/Bionic for the 4.4.0-170.199
and 4.15.0-72.81 kernels. If I can do anything to help those land (like
test more versions), please let me know.
Thank you!
Simon
--
You received this bug notification because you are a member of Kernel
Packages, which is
This bug was fixed in the package linux - 5.0.0-35.38
---
linux (5.0.0-35.38) disco; urgency=medium
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
This bug was fixed in the package linux - 5.3.0-22.24
---
linux (5.3.0-22.24) eoan; urgency=medium
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
@jjohansen, I see that you've included the fix in most of the kernels
currently in -proposed, thanks for that! Although, I'm not seeing those
for 4.4 and 4.15 and I'd like to make sure they don't fall through the
cracks ;)
--
You received this bug notification because you are a member of Kernel
I pulled the various .deb packages from https://launchpad.net
/~canonical-kernel-team/+archive/ubuntu/ppa/+build/17953251/+files/ and
installed them on my Bionic host.
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.3.0-20-generic #21-Ubuntu SMP Wed Oct 23 16:20:37
UTC 2019 x86_64 x86_64 x86_64
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
eoan' to 'verification-done-eoan'. If the problem still exists, change
the tag
I pulled the various .deb packages from https://launchpad.net
/~canonical-kernel-team/+archive/ubuntu/ppa/+build/17945283 and
installed them on my Bionic host.
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-33-generic #35-Ubuntu SMP Tue Oct 22 01:48:40
UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
With
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
disco' to 'verification-done-disco'. If the problem still exists, change
the tag
** Changed in: linux (Ubuntu Disco)
Status: Confirmed => Fix Committed
** Changed in: linux (Ubuntu Eoan)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Eoan)
Importance: Undecided
Status: Confirmed
** Also affects: linux (Ubuntu Bionic)
sorry it appears I added the comments about the v2 patch to the wrong
bug
thanks for testing. I will get the request sent out to the kt.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
I found your 5.0.0-29 *v2* kernel and gave it a try and I'm happy to
report that you've fixed the problem!
Bionic/5.0 v2:
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-29-generic #31+v2lp1844186 SMP Wed Oct 2
18:47:25 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
*result*: works
--
You received
Bionic/5.0:
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-29-generic #31+lp1844186 SMP Sat Sep 28
18:11:18 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
*result*: doesn't work
Same behavior as with the official/unpatched 5.0.0-29 (and 5.0.0-30)
kernel, either NNP or Apparmor needs to be disabled
updated to the 5.0.0-29 kernel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
Title:
[regression] NoNewPrivileges incompatible with Apparmor
Status in linux package in Ubuntu:
ha, its by mistake. I fetched the new kernel but missed doing the
rebase. I'll get a new 5.0 up asap
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
Title:
[regression]
I was surprised to get such an old 5.0 (5.0.0-8 was released in Mar
2019) kernel while all the others were very current. I'm sure you have
you reasons but I'd want to be sure it was not a simple mistake :)
--
You received this bug notification because you are a member of Kernel
Packages, which
okay, thanks for testing. I'll submit the patch for 4.4 and 4.15 kernels
and look into why the 5.0 kernel is blocking policy loads
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
Tests results on Xenial:
Xenial/4.4:
# uname -a | sed 's/lxd01\.[^ ]\+/lxd01/'
Linux lxd01 4.4.0-164-generic #192+lp1844186 SMP Thu Sep 26 15:17:42 UTC 2019
x86_64 x86_64 x86_64 GNU/Linux
*result*: works
Xenial/4.15:
# uname -a | sed 's/lxd01\.[^ ]\+/lxd01/'
Linux lxd01 4.15.0-64-generic
Tests results on Bionic:
Bionic/4.15:
$ uname -a
Linux c2d.mgmt.sdeziel.info 4.15.0-64-generic #73+lp1844186 SMP Thu Sep 26
15:17:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
*result*: works!
Bionic/5.0:
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-8-generic #9+lp1844186 SMP Thu Sep 26
There are some test kernels at
https://people.canonical.com/~jj/lp1844186/
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
Title:
[regression] NoNewPrivileges incompatible with
Thanks for working on this. I'll be happy to test whatever you come up
with on Xenial/Bionic (4.4, 4.15 and 5.0 kernels) machines.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
I am testing a fix for this that won't require reverting the patch. I
will put up a test kernel if it passes.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
Title:
[regression]
In the above regression we have
lxd-ns0_//&:root//lxd-ns0_://unconfined
transitioning to
lxd-ns0_//&:lxd-ns0_:/usr/sbin/nsd//&:root//lxd-ns0_:///usr/sbin/nsd
this is not a strict subset of profiles, however the unconfined
exception needs to be taken into account when nnp is set.
There is a
I should add that bug 1839037 is a bug in the subset test introduced in
kernel 4.13 (and earlier Ubuntu 4.4 Xenial kernels). Some subsets will
properly transition some won't it all depends on what is in the stack
being transitioned. The patch fixes it so the all transitions
combinations pass
The LSMs respecting the nnp flag was actually mandated by Linus. So yes
it breaks apparmor.
Kernel 3.5: Tasks that have nnp block apparmor policy transitions except
for unconfined, as transitions in that case always result in reduced
permissions.
Kernel 4.13: Loosened these restrictions around
Yes, that's also what I suspected. I haven't been able to catch John
Johansen on IRC to discuss with him about it.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1844186
Title:
Apparently this seems to be introduced by bug 1839037,
which is related to nnp and the only mention to it in
the changelog of linux 4.15.0-60.67 [1] if read right.
[1] https://launchpad.net/ubuntu/+source/linux/4.15.0-60.67
--
You received this bug notification because you are a member of
** Description changed:
Description:
Host: Bionic 64 bit with GA kernel (4.15)
Container: Bionic 64 bit
The container runs a binary (/usr/sbin/nsd) locked by an Apparmor
profile. The systemd service is configured with NoNewPrivileges=yes.
# systemctl show nsd | grep ^NoNew
** Description changed:
Description:
Host: Bionic 64 bit with GA kernel (4.15)
Container: Bionic 64 bit
The container runs a binary (/usr/sbin/nsd) locked by an Apparmor
profile. The systemd service is configured with NoNewPrivileges=yes.
- # systemctl show nsd | grep ^NoNew
31 matches
Mail list logo
