[Bug 2063998] Re: Cannot be found in the menu after installing! Ubuntu 24.04

ufw doesn't have a menu entry when installed as a snap or otherwise. Perhaps gufw or another application is installed? ** Project changed: ufw => ubuntu ** Changed in: ubuntu Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which

[Bug 2062456] Re: bug report in docker imagw download

This bug lacks detail and doesn't look specific to ufw. Closing. ** Information type changed from Private Security to Public ** Project changed: ufw => ubuntu ** Changed in: ubuntu Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 2062455] Re: bug report in docker imagw download

This bug lacks detail and doesn't look specific to ufw. Closing. ** Information type changed from Private Security to Public ** Project changed: ufw => ubuntu ** Changed in: ubuntu Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 2060535] Re: apparmor's is_container_with_internal_policy() does not recognize incus

Note that after this fix, snapd in containers needs to be at >= 2.62 for apparmor policy to load (snapd's snapd-apparmor needs the corresponding fix as this bug). This is currently in the candidate channel. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 2060535] Re: apparmor's is_container_with_internal_policy() does not recognize incus

This is already available in noble. An SRU for jammy and focal (and ideally bionic) would be nice. ** Changed in: apparmor (Ubuntu Bionic) Status: New => Triaged ** Changed in: apparmor (Ubuntu Focal) Status: New => Triaged ** Changed in: apparmor (Ubuntu Jammy) Status: New

[Bug 2060535] Re: apparmor's is_container_with_internal_policy() does not recognize incus

https://gitlab.com/apparmor/apparmor/-/commit/659a187687fc8802045c113da0d12bc4b836d591 was committed upstream for this. It would be nice if this was SRU'd. ** Changed in: apparmor (Ubuntu Noble) Status: New => Fix Released -- You received this bug notification because you are a member of

[Bug 2060535] [NEW] apparmor's is_container_with_internal_policy() does not recognize incus

Public bug reported: apparmor is not loading for Ubuntu containers under incus. This is due to `/lib/apparmor/rc.apparmor.functions` (18.04 uses `/lib/apparmor/functions`): is_container_with_internal_policy() { # this function is sometimes called independently of # is_apparmor_loaded(),

[Bug 337763] Re: virt-manager reboot action is non-functional

** Changed in: virt-manager (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/337763 Title: virt-manager reboot action is non-functional To manage

[Bug 1970731] Re: iptables empty when using firewalld

Reassigning to firewalld as the description mentions that ufw is disabled. This is not a bug though because iptables relies on certain tables/chains being used and it looks like firewalld doesn't use those (which is fine for firewalld to do). You should be able to see all netfilter firewall rules

[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

** Changed in: isc-dhcp (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage

[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

** Changed in: ifupdown (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage

[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

** Also affects: ifupdown (Ubuntu) Importance: Undecided Status: New ** Also affects: isc-dhcp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

I grep'd for 'netif' in /etc and noticed: $ sudo grep -r netif /etc /etc/network/if-down.d/resolved:statedir=/run/systemd/resolve/netif /etc/network/if-up.d/resolved:statedir=/run/systemd/resolve/netif /etc/dhcp/dhclient-exit-hooks.d/resolved:statedir=/run/systemd/resolve/netif

[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

I see this on 22.04 after upgrading from 20.04. $ journalctl |grep 'Failed to save link data' Apr 17 15:25:52 hostname systemd-resolved[19095]: Failed to save link data /run/systemd/resolve/netif/3: Permission denied Apr 17 15:25:52 hostname systemd-resolved[19095]: Failed to save link data

[Bug 1968608] Re: networking/firewall issues after upgrade when using iptables-nft

I filed https://github.com/docker-snap/docker-snap/issues/68 for the docker snap unconditionally using xtables. ** Bug watch added: github.com/docker-snap/docker-snap/issues #68 https://github.com/docker-snap/docker-snap/issues/68 ** Also affects: iptables (Ubuntu) Importance: Undecided

[Bug 1968608] Re: networking/firewall issues after upgrade when using iptables-nft

** Description changed: Filing this issue in the hopes that it will help people who are upgrading from a system that previously used xtables to one that is using netfilter. ufw uses the 'iptables' suite of commands under the hood. As of iptables 1.8, iptables ships with two different

[Bug 1968608] [NEW] networking/firewall issues after upgrade when using iptables-nft

Public bug reported: Filing this issue in the hopes that it will help people who are upgrading from a system that previously used xtables to one that is using netfilter. ufw uses the 'iptables' suite of commands under the hood. As of iptables 1.8, iptables ships with two different backends for

[Bug 1968498] [NEW] Unhandled promise rejection after screenlock/unlock

Public bug reported: After upgrading from focal to jammy, I noticed this in my logs: Apr 10 14:05:40 host ubuntu-appindicat...@ubuntu.com[124051]: unable to update icon for software-update-available Apr 10 14:05:40 host gnome-shell[124051]: Unhandled promise rejection. To suppress this

[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04

The fsetid is actually quite old (at least 3 years; there may have been a Trello card for it). At one point it came in and I did analysis and tweaked the order of the priv dropping in snap-confine to get rid of it. Then some stuff was added to snap-confine and it came back. I always had it as a

[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04

** Summary changed: - several snap-confine denials for capability net_admin on 22.04 + several snap-confine denials for capability net_admin and perfmon on 22.04 ** Description changed: I recently upgraded to 22.04 and started seeing denials like: - Apr 5 08:57:39 localhost kernel: [

[Bug 1967884] [NEW] several snap-confine denials for capability net_admin on 22.04

Public bug reported: I recently upgraded to 22.04 and started seeing denials like: Apr 5 08:57:39 localhost kernel: [ 31.386426] audit: type=1400 audit(1649167059.397:267): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=2333 comm="snap-confine"

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

** Tags removed: block-proposed block-proposed-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

https://launchpad.net/ubuntu/+source/ufw/0.36.1-3ubuntu1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

** Changed in: ufw (Ubuntu) Status: New => Triaged ** Changed in: cloud-init (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

Oh! I missed from the initial report that network-pre was deleted which clears up things considerably on my end (since I wasn't able to reproduce, I didn't see it locally either). :) Preparing an upload now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1956029] Re: ufw remains inactive at boot time

Thanks for the response and glad you got it worked out. It reminds me that I would like to document using fail2ban with ufw more. ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

> This makes me want to understand the cloud-init configuration that is in play. Can you share it? I'm thinking I should upload: DefaultDependencies=no Before=network-pre.target Wants=network-pre.target local-fs.target After=local-fs.target Do you have any objections? This would remove the

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

> I don't believe your reproducer is valid - cloud-init is not installed anymore, as autopkgtest-buildvm-ubuntu-cloud removes it when building the VM, whereas it remains on the cloud images, as it's needed there to actually get the IP address during boot. Note, in

[Bug 1956029] Re: ufw remains inactive at boot time

Thanks for the bug report. A few things: 1. I'm not sure what 'networking stops' means precisely in the context of this bug report. Does 'ufw disable' restore the network? Is the network torn down? Something else (you are using a lot of limit rules instead of allow rules, I wonder if you are

[Bug 1956029] Re: ufw remains inactive at boot time

> How to I ensure that ufw is fully up and initialised BEFORE the fail2ban service starts? This line from your existing fail2ban.service should be sufficient: After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service ufw.service See

[Bug 1956029] Re: ufw remains inactive at boot time

> 4. you didn't mention which distro you are using This would be good to know since some distros are using iptables 1.8.x which has two different backends that are in play. Which distro are you using and what is the output of `iptables --version` -- You received this bug notification because

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

** Attachment added: "plot-2.svg" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+attachment/5550320/+files/plot-2.svg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title:

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

** Attachment added: "plot-3.svg" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+attachment/5550321/+files/plot-3.svg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title:

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

Attached are two 'systemd-analyze plot's for the autopktest jammy system with cloud-init and ufw installed. plot-2.svg is for booting the system with 0.36.1-2 (current jammy) and plot-3.svg is 0.36.1-3 (proposed jammy). Notice how plot-2.svg, ufw and systemd-networkd start quite a bit earlier than

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

@juliank - note I wasn't so much talking about 'blame' as much as understanding, so I apologize if it came across that way. Since I wasn't able to reproduce, I was trying to reason through my thoughts to help the discussion go further since I'm not able to diagnose it myself. In a nutshell, I

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

** Changed in: ufw (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

@juliank - where did you see these errors? I booted with a freshly created autopkgtest jammy vm, installed the package from proposed and it worked fine. Please see my previous comments-- this does not seem to be a bug in ufw since it is using the documented unit setup that systemd recommends for

[Bug 1726856] Re: ufw does not start automatically at boot

@Stefan, I suggest you try the fix that is in Debian. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834#27 @Myron, yours sounds like a different issue. I suggest you file a new bug, downloading https://git.launchpad.net/ufw/tree/tests/check- requirements and including the output of

[Bug 1643706] Re: snap apps need to be able to browse outside of user $HOME dir. for Desktop installs

** Changed in: snapd (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643706 Title: snap apps need to be able to browse outs

[Bug 1951018] Re: No ability to discern IPv4 vs IPv6 rules through Python

** Also affects: ufw Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951018 Title: No ability to discern IPv4 vs IPv6 rules through Python To manage

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

Also, to be clear, when I say I can't look at the ufw portions 'for a while', I mean ~10 days (doing this from my phone). Thinking about this, my thinking is this is less about the Before/Wants on network-pre and the removal of DefaultDependencies and more about Before=network being removed

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

I mention firewalld cause while ufw could be reverted, firewalld users would presumably also hit it, as well as any other software that does it. If the ufw change is reverted, IME someone should audit the archive for other occurrences of this pattern and update the units accordingly). -- You

[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

Fyi, the current configuration is the same as firewalld upstream and what is in Debian, Moreover it is following systemd documentation for firewall software so I wonder if the change simply uncovered a latent bug Fyi, I won't be able to look at this for a while so if you need to back it out,

[Bug 1946804] Re: ufw breaks boot on network root filesystem

Tested 0.36-6ubuntu1 on focal. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I didn't test on an iSCSI system so won't add verification-done-focal at this time, but I think the testing is

[Bug 1946804] Re: ufw breaks boot on network root filesystem

Tested 0.36-0ubuntu0.18.04.2 on bionic. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I didn't test on an iSCSI system so won't add verification-done-focal at this time, but I think the testing

[Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule

Tested 0.36-0ubuntu0.18.04.2 on bionic. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I was able to verify the this bug is fixed via the test steps. ** Tags removed: verification-needed-bionic

[Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule

Tested 0.36-6ubuntu1 on focal. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order. I was able to verify the this bug is fixed via the test steps. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You

[Bug 1726856] Re: ufw does not start automatically at boot

I've looked at this issue again in reference to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834 and while I still cannot reproduce, I plan to change to the following (I won't ship the commented out lines of course): [Unit] Description=Uncomplicated firewall Documentation=man:ufw(8)

[Bug 1946804] Re: ufw breaks boot on network root filesystem

Ah, I hadn't checked that yet. Yes, please feel free to do the Impish SRU and the 0.36.1-2 that I just uploaded to Debian will float into 'J' after it opens. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1946804] Re: ufw breaks boot on network root filesystem

For Impish, lets update debian/master, then I'll upload there and sync to Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network root filesystem To manage

[Bug 1946804] Re: ufw breaks boot on network root filesystem

I merged the changes into master. Thanks Mauricio! ** Changed in: ufw Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network

[Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap

Olivier, yes, I shouldn't be assigned. Ian, you're right the profile is suboptimal (it's also old so likely needs updating). Do note that this is a separate named profile and evince (and if this is put in an abstraction, anything that uses the abstraction) only has the

[Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap

** Changed in: evince (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794064 Title: Clicking a hyperlink in a PDF fails to o

[Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule

** Also affects: ufw (Ubuntu) Importance: Undecided Status: New ** Changed in: ufw (Ubuntu) Status: New => In Progress ** Changed in: ufw (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a

[Bug 1726856] Re: ufw does not start automatically at boot

@cajicas215 - your comment is not helpful. If you look at the other comments in this bug, there has been nothing to fix in ufw. I suggest looking at the comments in this bug and seeing if any of the issues others have seen apply to you. If not, please report a new bug with steps to reproduce. --

[Bug 1726856] Re: ufw does not start automatically at boot

@Fabian - your change both makes the firewall start after networking, brings python into the boot process (which can slow down boot) and changes the intent of 'systemctl stop ufw' from unloading the firewall to disabling the firewall in the moment and forever in the future, which is inappropriate

[Bug 1921350] Re: UFW hangs indefinitely on any action

There is another bug related to ansible in https://bugs.launchpad.net/ufw/+bug/1911637. I suggest following that one. Leaving this one as Expired. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921350

[Bug 1934931] Re: (X)ubuntu 20.04: GUFW and MS-Teams slow down traffic intermittently

It is unclear from the description that this has anything to do with networking. Are there any firewall denials in the logs (eg, /var/log/ufw.log or /var/log/kern.log)? If you disable ufw (sudo ufw disable) does the problem go away? As an aside, IIRC, MS-Teams is not a lightweight application and

[Bug 1909373] Re: package ufw 0.36-0ubuntu0.18.04.1 failed to install/upgrade: installed ufw package post-installation script subprocess returned error exit status 10

There isn't anything in the logs the indicates that there what happened. Do you have any other information? ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1898696] Re: add some deliminiter between ipv4 and ipv6 in ufw status

Thanks you for the report. It is difficult to convey ipv4 vs ipv6 vs both in list form and currently ufw lists any ipv6 rules with '(v6)' as part of the To and From (as seen in your paste). It isn't clear to me how adding an 'IPv6' break would improve this... I'm going to mark this as wishlist

[Bug 1911637] Re: Another app is currently holding the xtables lock

** Changed in: ufw Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1911637 Title: Another app is currently holding the xtables lock To manage notifications about this

[Bug 1911637] Re: Another app is currently holding the xtables lock

Actually, in thinking about this, ufw could use 'iptables -w' under the hood. I recall having troubles with this approach when providing the fix for https://bugs.launchpad.net/ufw/+bug/1204579. I suggest following my advice in my last comment to avoid the issue while using 'iptables -w' is

[Bug 1911637] Re: Another app is currently holding the xtables lock

Thanks for the report. I read the ansible bug but this issue is actually coming from the underlying iptables tool. Something on the system is manipulating the firewall via iptables at the same time that the ufw command is being run. As described, this would happen with any firewall software. If

[Bug 1889137] Re: HWE kernel is missing firmwares

I started seeing the issues that Sergio mentioned lately as well. I think this was caused by the recent automatic move from 5.8 to 5.11. I had the oem kernel installed (20.04 install) but then apt recently moved me to the hwe-5.8 kernel. More recently apt pulled in hwe-5.11 and I believe that is

[Bug 1938005] Re: ufw ignores rules

Recall that ufw uses connection tracking so if you add a deny rule, you may need to expire the connection tracking. One way to do this is to run: `conntrack -D -d ` (see man conntrack for details). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 1939305] [NEW] e2scrub shouldn't run in a container

Public bug reported: This bug is similar to https://bugs.launchpad.net/ubuntu/+source/util- linux/+bug/1589289 (fstrim), but for the e2fsprogs timer e2scrub_all.timer. IME, the container itself shouldn't be running 'ext4 Metadata Checks for All Filesystems...' and that should be left up to the

[Bug 1938005] Re: ufw ignores rules

/etc/default/ufw has: DEFAULT_OUTPUT_POLICY="ACCEPT" This means that all outgoing traffic is allowed. If you would like to change that, you can use: $ sudo ufw deny outgoing This will make it more difficult for you to manage the firewall since you'll have to add rules like: $ sudo ufw allow

[Bug 1938005] Re: ufw ignores rules

Thank you for the bug report. You mentioned that the problem happens after running `iptables -F`. This command removes all the rules from the firewall (see man iptables) so it would be expected that the firewall would not work correctly after running this. I'm going to mark this as Invalid, but

[Bug 1849753] Re: AppArmor profile prohibits classic snap from inheriting file descriptors

FYI, if people need to workaround this to get real work done, you can add something like this to your bashrc: snap_workaround() { fn="/var/lib/snapd/apparmor/snap-confine/lp1849753" test -e "$fn" && return tmpfn=$(mktemp) cat > "$tmpfn"

[Bug 1921350] Re: UFW hangs indefinitely on any action

Thanks you for reporting a bug. Are there other ufw commands running at the same time? Eg, what is the output of: $ ps auxww|grep ufw ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused

Thanks for the additional information! :) ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914816 Title: ufw not logging if it

[Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused

The check is not free, but it is an interesting idea to do this. I've created a wishlist bug for it: https://bugs.launchpad.net/ufw/+bug/1917325 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914816

[Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules

CzBiX, ufw does not yet manage the nat table (though there have been a couple of false starts). However, it does manage the FORWARD chain with 'ufw route' so it is possible for you to create a chain in the nat table in /etc/ufw/before.rules, and then use ufw route for other things. This is

[Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused

Hi. A few things: ufw is capable of logging (see 'man ufw' the part about 'ufw logging' as well as per rule logging with 'ufw ... log' or 'ufw ... log-all'. It is also capable of ipv6 (see /etc/default/ufw. Also, gufw is a different project than ufw, but it sounds like the issue you saw may be

[Bug 1902915] Re: snapd doesn't ensure portals are available even when they are needed

snapd could help with Pawel's idea a bit. A snap could say "I need this and that to function" where "this" and "that" are a list of things snapd knows how to check their availability. snapd could then provide a warning to the user if any of those things aren't there (or expose that information to

[Bug 1897369] Re: apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)

Till, it allows quite a few things (from man capabilities): CAP_SYS_NICE * Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes; * set real-time scheduling policies for calling process, and set scheduling

[Bug 1904192] Re: ebtables can not rename just created chain

FYI, sponsored Alex's upload to hirsute-proposed where it is building. Did the same for groovy-proposed and it is sitting in unapproved waiting for the next steps of the SRU process. ** Changed in: iptables (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: iptables (Ubuntu)

[Bug 1898280] Re: Please unrevert the apparmor audit rule filtering feature

Thanks John! :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898280 Title: Please unrevert the apparmor audit rule filtering feature To manage notifications about this bug go to:

[Bug 1903745] Re: upgrade from 1.1.14-2ubuntu1.8 to 1.1.14-2ubuntu1.9 breaks clusters

Can someone confirm that the affected systems are running systemd- networkd? That would more strongly suggest that https://bugs.launchpad.net/netplan/+bug/1815101 is related. Based on the description and the other bug, the security update doesn't seem to have regressed pacemaker; instead, it's a

[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

FYI, 1.8.5-3ubuntu3 was uploaded to hirsute-proposed yesterday. 1.8.5-3ubuntu2.20.10.1 is in the unapproved queue for groovy-proposed. Alex said he'd do the SRU paperwork. ** Changed in: iptables (Ubuntu Hirsute) Status: Triaged => Fix Committed -- You received this bug notification

[Bug 1899218] Re: Incorrect warning from apparmor_parser on force complained profiles

FYI, this is part of the groovy upload in unapproved. ** Changed in: apparmor (Ubuntu) Status: New => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1899046] Re: /usr/bin/aa-notify:ModuleNotFoundError:/usr/bin/aa-notify@39

This has been uploaded to groovy and is currently in unapproved. ** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Emilia Torino (emitorino) -- You received this bug notification because you are a member

[Bug 1898280] Re: Please unrevert the apparmor audit rule filtering feature

FYI, John refreshed the patchset to v20 and reenabled audit rule filtering and submitted to https://lists.ubuntu.com/archives/kernel- team/2020-October/113932.html. Since this is a significant change, it will be considered for a stable release update (SRU) after groovy release (to allow for peer

[Bug 1726856] Re: ufw does not start automatically at boot

@Muhammad - can you run: $ sudo /usr/share/ufw/check-requirements and paste the results? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726856 Title: ufw does not start automatically at boot To

[Bug 1898280] Re: Please unrevert the apparmor audit rule filtering feature

After more discussion with John, while groovy does have a newer stacking patchset, it doesn't have the latest patchset that resolves the audit subsystem. Unfortunately, as of today, all of those patches haven't been signed-off on yet so there might be future changes. ** Description changed:

[Bug 1898280] [NEW] Please unrevert the apparmor audit rule filtering feature

Public bug reported: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve these issues and groovy now carries the updated LSM stacking

[Bug 1898038] Re: docker-support/multipass-support broken with system apparmor3 (20.10)

"We could use snap-update-ns to hide the host's /etc if those specific interfaces are connected. We could then present the relevant file from the base snap." I think hiding all of /etc would be regression prone for existing snaps. We could start to do this in the future if a snap specifies 'base:

[Bug 1898038] Re: docker-support/multipass-support broken with system apparmor3 (20.10)

** Description changed: The docker-support and multipass-support interfaces allow access to /sbin/apparmor_parser. /sbin/apparmor_parser is supplied by the core, core18 and core20 base snaps. /etc/apparmor* comes from the host, which on groovy has apparmor3. Snaps using

[Bug 1898038] [NEW] docker-support/multipass-support broken with system apparmor3 (20.10)

Public bug reported: The docker-support and multipass-support interfaces allow access to /sbin/apparmor_parser. /sbin/apparmor_parser is supplied by the core, core18 and core20 base snaps. /etc/apparmor* comes from the host, which on groovy has apparmor3. Snaps using docker-support and

[Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)

** Changed in: iptables (Ubuntu) Status: New => Fix Committed ** Changed in: iptables (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1890835] Re: secureboot-db 2020 update

"Yes, ESM will be poked after other series release this." Dimitri - do we plan to respin trusty media with the upgraded grub? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890835 Title:

[Bug 1887577] Re: DEP8: Invalid capability setuid

Removed the update_excuse and update_excuses tags based on Steve and Alex's comments. ** Tags removed: update-excuse update-excuses -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887577 Title:

[Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

FYI, I removed the block-proposed tag since ubuntu6 fixes this bug. ** Tags removed: block-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895967 Title: Apparmor 3.0.0 does not load

[Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

I uploaded 3.0.0~beta1-0ubuntu6 just now that should address this issue. Thanks Christian for your debugging! ** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1871148] Re: services start before apparmor profiles are loaded

This was fixed in snapd in 2.44 via https://github.com/snapcore/snapd/pull/8467 ** Changed in: snapd (Ubuntu) Status: In Progress => Fix Released ** Changed in: snapd (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member

[Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

** Changed in: apparmor (Ubuntu) Status: Confirmed => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1895060] Re: [FFe] apparmor 3 upstream release

FYI, there was a components mismatch where apparmor-notify pulled python3-notify2 (and its Depends) into main. For now, I've demoted apparmor-notify to universe and adjusted the seed (in practical terms, the security team will fix bugs in apparmor-notify regardless of where it lives). We might

[Bug 1895060] Re: [FFe] apparmor 3 upstream release

Thanks! Uploaded: https://launchpad.net/ubuntu/+source/apparmor/3.0.0~beta1-0ubuntu5 ** Changed in: apparmor (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu)

[Bug 1895060] Re: [FFe] apparmor 3 upstream release

FYI, I accidentally violated the FFe process and uploaded (with a subsequent binary copy) to groovy-proposed. None of that migrated, so I deleted what was in groovy-proposed and am now attaching the debdiff, which has patches to pass proposed migration (we believe). Sorry for the snafu. ** Patch

[Bug 1895060] Re: [FFe] apparmor 3 upstream release

FYI, 3.0.0~beta1-0ubuntu3 should address the dbus autopkgtest issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release To manage notifications about

  1   2   3   4   5   6   7   8   9   10   >