This bug was fixed in the package linux - 4.10.0-8.10 --------------- linux (4.10.0-8.10) zesty; urgency=low
[ Tim Gardner ] * Release Tracking Bug - LP: #1664217 * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions) (LP: #1663687) - scsi: storvsc: Enable tracking of queue depth - scsi: storvsc: Remove the restriction on max segment size - scsi: storvsc: Enable multi-queue support - scsi: storvsc: use tagged SRB requests if supported by the device - scsi: storvsc: properly handle SRB_ERROR when sense message is present - scsi: storvsc: properly set residual data length on errors * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs caused KVM host hung and all KVM guests down. (LP: #1651248) - KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter - KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends - KVM: PPC: Book 3S: XICS: Implement ICS P/Q states - KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend * overlay: mkdir fails if directory exists in lowerdir in a user namespace (LP: #1531747) - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs * CVE-2016-1575 (LP: #1534961) - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs * CVE-2016-1576 (LP: #1535150) - SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs * Miscellaneous Ubuntu changes - SAUCE: md/raid6 algorithms: scale test duration for speedier boots - SAUCE: Import aufs driver - d-i: Build message-modules udeb for arm64 - rebase to v4.10-rc8 * Miscellaneous upstream changes - Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment" - Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support setattr_prepare()" - Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()" - Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers" - Revert "UBUNTU: SAUCE: Import aufs driver" [ Upstream Kernel Changes ] * rebase to v4.10-rc8 -- Tim Gardner <tim.gard...@canonical.com> Mon, 06 Feb 2017 08:34:24 -0700 ** Changed in: linux (Ubuntu) Status: Incomplete => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1575 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1576 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1638996 Title: apparmor's raw_data file in securityfs is sometimes truncated Status in linux package in Ubuntu: Fix Released Bug description: Hi, It looks like sometimes apparmor's securityfs output is sometimes truncated, root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# ls -al total 0 drwxr-xr-x 3 root root 0 Nov 3 16:45 . drwxr-xr-x 13 root root 0 Nov 3 16:44 .. -r--r--r-- 1 root root 0 Nov 3 16:45 attach -r--r--r-- 1 root root 0 Nov 3 16:45 mode -r--r--r-- 1 root root 0 Nov 3 16:45 name drwxr-xr-x 3 root root 0 Nov 3 16:45 profiles -r--r--r-- 1 root root 0 Nov 3 16:45 raw_abi -r--r--r-- 1 root root 46234 Nov 3 16:45 raw_data -r--r--r-- 1 root root 0 Nov 3 16:45 raw_hash -r--r--r-- 1 root root 0 Nov 3 16:45 sha1 root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# cat raw_data > /tmp/out root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_<var-lib-lxd>/profiles/usr.lib.snapd.snap-confine.1# ls -al /tmp/out -rw-r--r-- 1 root root 4009 Nov 3 16:55 /tmp/out and 2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/ 2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size of the policy 2016-11-03 10:59:20 @jjohansen tych0: hrmm interesting, can you zip up the /tmp/out file so I can see it looks like a complete policy file? 2016-11-03 11:00:03 @jjohansen something is definitely not right there. hrmmm 2016-11-03 11:00:26 @jjohansen the size is set by the input buffer size 2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out 2016-11-03 11:00:36 tych0 yeah, i assume 2016-11-03 11:01:15 @jjohansen my guess is something is messing up in the seq_file walk of the policy 2016-11-03 11:02:38 @jjohansen tych0: yep the file is truncated, can you open a bug and I will start looking for it 2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux? 2016-11-03 11:03:35 @jjohansen tych0: yeah for now, just linux 2016-11-03 11:03:43 @jjohansen we can add others if needed later 2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue sometimes it works and sometimes it doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp