Public bug reported:
Upgrading from a fresh 18.04 LTS install to focal unexpectedly prompts
for how to handle a change to /etc/ssh/sshd_config
To reproduce the issue:
lxc launch ubuntu:18.04 u18
lxc exec u18 -- bash
# within container
do-release-upgrade -d
# select restart services when prompted
Public bug reported:
Hello, on focal I ran 'ubuntu-bug linux' to report a kernel issue. The
issue was filed against linux-signed-5.4 (Ubuntu) rather than linux
(Ubuntu), and none of the logs usually included with kernel bug reports
were included.
After the bug was changed from linux-signed-5.4 to
Public bug reported:
Hello, I had problems with subiquity in the focal live server install
image. I tried to use 'ubuntu-bug subiquity' to report the bug, but
ubuntu-bug apparently cannot file bug reports against snaps.
This is frustrating that users need to know which portions of Ubuntu are
deli
** Tags added: champagne
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1860826
Title:
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or
directory
Status i
Public bug reported:
Hello, after upgrading to focal I found the following in my journalctl
output:
Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open
/etc/securetty: No such file or directory
Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open
/etc/
My machine did not reboot successfully; because I followed The Guide, my
system has a root password, and I was prompted for it at the systemd
emergency shell. (Which is super-confusing, because I forgot I had set a
password.)
The error message appeared to be along the lines of "bpool failed to
imp
I was able to fix this error:
E: mkinitramfs failure cpio 141 lz4 -9 -l 24
by deleting the snapshots that sanoid made *during* the installation
process:
sarnold@millbarge:/boot$ sudo zfs destroy
bpool@autosnap_2020-01-24_04:00:05_hourly%autosnap_2020-01-24_08:45:05_frequently
[sudo] password f
I'm surprised the snapshots showed up, I've got the snapdirs hidden:
$ zfs list -oname,snapdir
NAME SNAPDIR
bpool hidden
bpool/BOOT hidden
bpool/BOOT/ubuntu hidden
rpool hidden
rpool/RO
Hello Mitch, excellent report, thanks.
This is working as intended.
The Unix process model is complicated, and Linux has added a few
additional complications on top; I'll try to summarize it but it's just
not going to be easy.
When a parent process exits, child processes are not notified by
defa
** Information type changed from Private Security to Public
** Changed in: bash (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1857210
T
I thought we were going to some effort to reduce the number of systems
where resolveconf was going to be used, or even remove it from the
distro entirely.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubun
Maciej, that looks like javascript polkit and I believe we're staying on
the pre-javascript version of polkit.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1850
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Hello Douglas, thanks for the report. AppArmor is one of several tools
the snap packaging system uses to enforce confinement on packages. The
AppArmor project doesn't supply the policy though, just the enforcement
mechanism. I believe you'll need to talk to whoever wrote the snap
package, as they r
I've selected the most likely packages to be involved, based on a guess.
Without knowing how the user attempted to set their password though,
this is going to be pretty impossible to track down.
/etc/passwd hasn't had passwords stored in it by default for something
like 25 years. My best guess at
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Seems to work fine on disco:
sarnold@millbarge:~$ sudo apt install libssl1.1 openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-image-5.0.0-20-generic linux-
Seems to work fine from disco:
sarnold@millbarge:~$ sudo apt install libssl1.1 openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-image-5.0.0-20-generic linu
Hello Federico,
Wietse is correct. You will not get security benefits from your proposed
changes.
Public key authentication, combined with a 2FA mechanism such as TOTP
for interactive users, is the current best practice.
IP filtering is a useful tool; you can already have good benefits from
allo
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tcp-wrappers in Ubuntu.
https://bugs.launchpad.net/bugs/1839598
Title:
tcp_wrappers does not whitelisting of domain
Hello,
It appears the source.codeaurora.org site has not correctly configured
their TLS certificate chain:
https://www.ssllabs.com/ssltest/analyze.html?d=source.codeaurora.org
"Chain issues Incomplete, Extra certs"
If you can contact the admins for this site, please ask them to include
all ne
*** This bug is a duplicate of bug 1836236 ***
https://bugs.launchpad.net/bugs/1836236
** Information type changed from Private Security to Public
** This bug has been marked a duplicate of bug 1836236
9.4ubuntu4.9: Broken package because of missing "#" @
/var/lib/dpkg/info/base-files.pos
I read through Bionic's systemd-random-seed.service source (src/random-
seed/random-seed.c) and didn't see any references to RNDADDTOENTCNT or
RNDADDENTROPY, the ioctl(2)s that are used to indicate to the kernel
that added entropy should be used for the random(4) device. Maybe
they're hidden behind
** Changed in: libpgm (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpgm in Ubuntu.
https://bugs.launchpad.net/bugs/1820203
Title:
[MIR] lib
** Also affects: lubuntu-meta (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd ima
*** This bug is a duplicate of bug 1835095 ***
https://bugs.launchpad.net/bugs/1835095
** Information type changed from Private Security to Public Security
** This bug has been marked a duplicate of bug 1835095
Lubuntu initrd images leaking cryptographic secret when disk encryption is
use
*** This bug is a duplicate of bug 1832919 ***
https://bugs.launchpad.net/bugs/1832919
** This bug has been marked a duplicate of bug 1832919
installed libssl1.1:amd64 package post-installation script subprocess
returned error exit status 10
--
You received this bug notification because
*** This bug is a duplicate of bug 1832919 ***
https://bugs.launchpad.net/bugs/1832919
** This bug is no longer a duplicate of bug 1495302
subprocess installed post-installation script returned error exit status 10
** This bug has been marked a duplicate of bug 1832919
installed libssl1.
*** This bug is a duplicate of bug 1832919 ***
https://bugs.launchpad.net/bugs/1832919
** This bug is no longer a duplicate of bug 1495302
subprocess installed post-installation script returned error exit status 10
** This bug has been marked a duplicate of bug 1832919
installed libssl1.
I'm not sure how to do SRU verification on this update. I don't know a
set of steps to take to see the update notification when running X11.
Upgrading and downgrading among several packages did NOT show the update
notification:
sarnold@hunt:/tmp$ sudo dpkg -i
~/Downloads/libssl1.1_1.1.1-1ubuntu2.
Stephen, AMD invented the 64 bit extensions to the x86 instruction set
and brought their processors to market well before Intel brought theirs
to market. Thus AMD won a huge amount of name recognition. Debian
standardized on "amd64" to name packages for the architecture many years
ago.
Thanks
--
** Attachment added: "Coverity results"
https://bugs.launchpad.net/ubuntu/+source/libpgm/+bug/1820203/+attachment/5270475/+files/coverity.txt
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpgm in Ubuntu.
https://bugs.l
Public bug reported:
Hello, the openssl library postinst file is using pidof /usr/bin/X, but
that doesn't appear to be the path to the X11 server any more:
debian/libssl1.1.postinst:
# Only issue the reboot notification for servers; we proxy this by
# testing that the X server is
Hello Robert, thanks for this; could you please file this bug against
the man-db package, and mention that this needs to be adjusted similar
to https://usn.ubuntu.com/4008-2/ ?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscr
Can you run apport-collect 1831490 on this machine to collect additional
logs and data?
Thanks
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to appar
** Package changed: alsa-driver (Ubuntu) => linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1831301
Title:
sound doesn't works in both kernel. no one car
Hi Michael, thanks for reporting back the solution -- we're fine here,
nothing needs doing.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1713435
Title:
package o
** Description changed:
- I want to do some SRU testing but I have to look up how to add the
- -proposed lines to apt sources every time I want to do this task. The
- wiki page for it is pretty verbose and includes text like: "Replace
- "xenial" with "trusty", "vivid", "utopic", "precise", or "luc
The wiki page does have the software properties method documented:
https://wiki.ubuntu.com/Testing/EnableProposed
I don't have software-properties-gtk installed (and until now didn't
know the name of the command to launch it), so apt-add-repository was my
first attempt.
Thanks
--
You received t
pito, it'd probably be best to head to https://askubuntu.com/ or #ubuntu
on irc.freenode.net to try to figure out where exactly your slow
performance is coming from.
Install the systemd-bootchart package, then at grub's kernel command
line, add init=/lib/systemd/systemd-bootchart
Attach the strip
Hello, can you please provide the output of:
head -1 /usr/bin/pyclean
ls -l /usr/bin/python
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1829857
Title:
Probably this represents an LVM2 or hardware error instead of something
specific to certificates.
Thanks
** Package changed: ca-certificates (Ubuntu) => ubuntu
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates
The error message from the terminal log:
(Reading database ... 1522438 files and directories currently installed.)
Preparing to unpack .../python-django_1.6.11-0ubuntu1.3_all.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError: in
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privile
Public bug reported:
I want to do some SRU testing but I have to look up how to add the
-proposed lines to apt sources every time I want to do this task. The
wiki page for it is pretty verbose and includes text like: "Replace
"xenial" with "trusty", "vivid", "utopic", "precise", or "lucid"
dependi
Use CVE-2018-20839.
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20839
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1803993
Title:
Password
Vibhu, please see https://usn.ubuntu.com/3943-1/ for information on the
most recent wget security update we performed.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wget in Ubuntu.
https://bugs.launchpad.net/bugs/182
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to evolution-data-server in
Ubuntu.
https://bugs.launchpad.net/bugs/1828124
Title:
org.gnome.evolution.datase
Incidentally, there's nothing for the AppArmor project to do here -- any
confined program will include or not include the fingerprint data as
specified in the profile.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ap
I'll include as a comment my reply to an email from the reporter:
Hello,
Note that the Ubuntu security team considers fingerprints to be akin to
usernames, rather than passwords. They cannot be changed, they are left on
thousands of objects daily, and repeated demonstrations of sensors being
'foo
Probably related:
https://bugzilla.redhat.com/show_bug.cgi?id=1336308
and probably related:
https://sourceware.org/git/?p=glibc.git;a=commit;h=b11643c21c5c9d67a69c8ae952e5231ce002e7f1
Thanks
** Bug watch added: Red Hat Bugzilla #1336308
https://bugzilla.redhat.com/show_bug.cgi?id=1336308
--
Hello, this is pretty confusing: coreutils in both 18.10 and 19.04 have
mv -Z support, so regardless of which coreutils package was unpacked at
the time, the command should have succeeded.
Could you do some investigation?
which mv
mv --help | grep Z
ls -l `which mv`
dpkg -S `which mv`
debsums -as
Thanks Jann
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1814596
Title:
DynamicUser can create setu
** Also affects: language-pack-de-base (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to language-pack-de in
Ubuntu.
https://bugs.launchpad.net/bugs/1824724
Title:
aa-logpr
Hello German translators, what's involved in fixing translations and
pushing an updated translation package to users? The new strings have
broken some AppArmor utilities.
I believe the lines that need fixing:
language-pack-de_18.04+20190117/data/de/LC_MESSAGES/apparmor-utils.po:msgid
"(V)iew Pro
It looks like only the German translations broke the hotkeys. All the
others in the apparmor-utils.po files I've got on my local Ubuntu mirror
are either:
- empty
- translated
I've prepared a small table for each string you selected to show which
languages use empty strings, which languages use t
** Also affects: ubuntu-translations
Importance: Undecided
Status: New
** Changed in: ubuntu-translations
Assignee: (unassigned) => Ubuntu German Translators (ubuntu-l10n-de)
** Also affects: language-pack-de (Ubuntu)
Importance: Undecided
Status: New
--
You received th
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1812316
Title:
systemd: lack of seat verification in PA
On Wed, Apr 10, 2019 at 08:34:47AM -, Lars wrote:
> [root@myhost:~]↥ 1 # namei -l /test/var/lib/dhcp/dhcpd.leases
> f: /test/var/lib/dhcp/dhcpd.leases
> drwxr-xr-x root root /
> drwxr-xr-x dhcpd dhcpd test
> drwxr-xr-x dhcpd dhcpd var
> drwxr-xr-x dhcpd dhcpd lib
> drwxr-xr-x dhcpd dhcpd dhcp
On Tue, Apr 09, 2019 at 03:15:26PM -, Lars wrote:
> I set a custom leases file in the dhcpd.conf:
> lease-file-name "/test/var/lib/dhcp/dhcpd.leases";
>
> and created a custom apparmor profile for that in
> /etc/apparmor.d/local/usr.sbin.dhcpd:
> /test/var/lib/dhcp/dhcpd{,6}.leases* lrw,
>
Vital, just scanning version banners is what leads to this problem.
Inspecting the package database would be far more reliable.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.
Root, that script is suitable for timing attacks against ssh. This issue
is easier to use to enumerate users, but does require a different
approach. There was a tool posted to oss-security for this:
https://www.openwall.com/lists/oss-security/2018/08/16/1
Thanks
--
You received this bug notifica
Hmm, also ugly:
test-normalize.c: In function ‘main’:
test-normalize.c:159:49: warning: ‘__builtin___snprintf_chk’ output may be
truncated before the last format character [-Wformat-truncation=]
snprintf(longname, sizeof(longname), "%s/%s", srcdir, filename);
Root, aha! We've finally uncovered the root of the problem. (Sorry. I
can't help myself. It's Friday afternoon.)
While Qualys' TLS scanner is a top-notch tool that I use regularly,
their "security scanner" is sadly not. They have built a tool that
checks version numbers. This is not ideal, because
You should use sudo -i to get a clean root login without your local user
configuration seeping into the shell.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1823202
Ti
This appears to be the missing context:
╭─rkm@Khadas ~
╰─➤ sudo -s
[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x 11 rkm rkm 4096 Mar 30 19:19 /home/rkm/.oh-my-zsh
drwxr-xr-x 266 rkm rkm 12288 Mar 30 19:19 /home/rkm/.oh-my-zsh/plugins
drwxr-xr-x 2 rkm rkm 4096 M
Steve Langasek has pointed out that I missed the point of the bug.
I'm not comfortable with OPENSSL_TLS_SECURITY_LEVEL=0 in bionic. (Or,
indeed, in cosmic either.)
We shipped 18.04 LTS with OPENSSL_TLS_SECURITY_LEVEL=1, correct? I don't
recall seeing more than a handful of complaints about securi
I'm slightly concerned about raising the TLS minimums in our next LTS
release without some exposure to it in the 19.10 release. But this plan
sounds better than waiting until 20.10 to raise the minimums -- and
19.10 may be too soon to take the step.
But we don't have to decide on 19.10 defaults ju
Root, version 1:7.6p1-4ubuntu0.1 included the fix for CVE-2018-15473.
Version 1:7.6p1-4ubuntu0.2 is included in the disc image ubuntu-18.04.2
-server-amd64:
$ sha256sum ubuntu-18.04.2-server-amd64.iso
a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5
ubuntu-18.04.2-server-amd64.
Hello,
Are there any messages in dmesg that look related? Can you ping those
hosts? Do you get ssh banners if you run:
echo "" | nc x.x.x.x 22
?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
htt
root, version 1:7.6p1-4ubuntu0.1 was published to the archive on
November 6th 2018:
https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1
https://lists.ubuntu.com/archives/bionic-changes/2018-November/017000.html
https://usn.ubuntu.com/3809-1/
A default configuration of Ubuntu 18.04 LTS
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1822335
Title:
test general
Status in xorg package in Ubuntu:
Ne
root: sudo apt update && sudo apt upgrade
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1794629
Title:
CVE-2018-15473 - User enumeration vulnerability
Status in
I added apport for the python2 -> python3 bug.
Thanks
** Also affects: apport (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/
I'm sorry Riccardo, I didn't notice the two separate BASH_CMDS issues when
I filed the request. The only mention in the changelog is:
> This document details the changes between this version, bash-4.4-beta2,
> and the previous version, bash-4.4-rc1.
>$
> [...]
>$
> d. Fixed a bug that allowed as
Public bug reported:
I have apt configured to load a wide variety of sources; my apt is using
a local squid-deb-proxy on the same system, and the source that is
failing is hosted on an archive mirror on my LAN.
Today I noticed unexpected results from apt-get update:
# apt-get update
Hit:1 http:/
CVE-2019-9924
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9924
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1803441
Title:
BASH_CMDS is writa
** Package changed: dbus (Ubuntu) => xfce4 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1821364
Title:
xfce4 install on Ubuntu 18.04 has no polkit agent
Status in
Use CVE-2019-9923.
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9923
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1810241
Title:
NULL dereferen
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyboard in Ubuntu.
https://bugs.launchpad.net/bugs/1594863
Title:
OSK consideration for life cycle
On Wed, Mar 20, 2019 at 07:25:35PM -, Edhelharn wrote:
> My sources.list file (updated) :
>
> #deb http://fr.archive.ubuntu.com/ubuntu/ bionic main restricted
> #deb http://fr.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
> #deb http://fr.archive.ubuntu.com/ubuntu/ bionic universe
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1821052
Title:
No connexion with mobile broadba
Hello,
dpkg: ошибка при обработке пакета libselinux1:amd64 (--configure):
пакет libselinux1:amd64 2.7-2build2 не может быть настроен, так как
libselinux1:i386 другой версии (2.2.2-1ubuntu0.1)
You have an i386 version of 14.04's libselinux1 installed and the
upgrade tool tried to install the amd
On Tue, Mar 12, 2019 at 04:05:45PM -, Dimitri John Ledkov wrote:
> defaults. And all of them however have committed to drop support for
> those in 2020. My expectation is to follow suit, and set default
> security level to 2, and require TLS1.2 shortly after 19.10 release.
Can you expand upon
Hello, can you please run this command and report back the results?
ls -ld /
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1818679
Title:
package openssh-server
Hello, can you please run this command and report back the results?
ls -ld /
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1818691
Title:
package openssh-server
Public bug reported:
Hello, we've received a surprising number of bug reports that include
lines from ufw's sanity checks on / permissions are incorrect; it's been
a recurring feature of systemd-tmpfiles bug reports as well.
I think apport should include a similar report if / /etc /lib /usr /tmp
Public bug reported:
Hello, namei -l gives incorrect error messages if a directory is not
readable:
$ namei -l /etc/ssl/private/ssl-cert-snakeoil.key
f: /etc/ssl/private/ssl-cert-snakeoil.key
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
drwx--x--- root ssl-
On Thu, Feb 28, 2019 at 04:08:09AM -, Edson José dos Santos wrote:
> edson@edson-p6540br:~$ dmesg | grep DENIED
> [ 58.334359] audit: type=1400 audit(1551326278.953:59): apparmor="DENIED"
> operation="open" profile="/usr/lib/snapd/snap-confine"
> name="/opt/eset/esets/lib/libesets_pac.so" p
On Thu, Feb 28, 2019 at 03:04:00AM -, Edson José dos Santos wrote:
> Hello Arnold
> unix, (connect, send, receive) peer =
(addr="@2F746D702F65736574732E736F636B00*"),
Excellent, here's the mistake. Remove everything after the comma:
unix,
Then try the reboot again.
--
You received thi
On Wed, Feb 27, 2019 at 12:59:14PM -, Edson José dos Santos wrote:
> Hi, Arnold
>
> At startup the error message is appearing in apparmor and I would like
> to know how to generate a log to introduce them to you or just the boot
> boot log. In the absence of this I got this other log, where it
Hello snapd friends, Edson has an antivirus tool that requires all
processes have write access to a unix domain socket. Adding a rule to
/etc/apparmor.d/abstractions/base addressed many profiles but not
snapd's snap-confine profile.
What's the mechanism for admins to add local rules to this file?
Hi Edson.. so, the last idea I've got is:
unix,
in /etc/apparmor.d/abstractions/base
Do the usual reload, and reboot if it worked, dance.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https:/
On Mon, Feb 18, 2019 at 02:45:16PM -, Edson José dos Santos wrote:
> Line replaced successfully:
>
> From: unix (connect, send, receive)
> peer=(addr="@2F746D702F65736574732E736F636B00*"),
>
> To: unix (connect, send, receive) peer = (addr = "@
> 2F746D702F65736574732E736F636B00 *"),
Ah, s
On Mon, Feb 18, 2019 at 01:26:02PM -, Edson José dos Santos wrote:
> Is it the same correct procedure?
>
> /etc/apparmor.d/abstractions/base file:
>
> unix (connect, send, receive) peer = (addr = "@
> 2F746D702F65736574732E736F636B00 *")
>
> Then sudo /etc/init.d/apparmor reload
> If that ap
Alright, I don't know why that line didn't work. Replace it with this
one:
unix,
it's a lot more open than I'd like, but I don't know why the more
specific rule didn't work. So, lets try this.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packag
Hello Edson,
Are all those messages after adding this rule to your abstractions/base?
unix (connect, send, receive)
peer=(addr="@2F746D702F65736574732E736F636B00*"),
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ap
Hello Edson, thanks for the reply; can you re-run this command and paste
back the results?
dmesg | grep DENIED
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/157153
Hello Edson,
Please add these lines to your /etc/apparmor.d/abstractions/base file:
/etc/opt/eset/ r,
/etc/opt/eset/** r,
/opt/eset/esets/lib/** mr,
unix (connect, send, receive)
peer=(addr="@2F746D702F65736574732E736F636B00*"),
Then sudo /etc/init.d/apparmor reload
If that appeared to
Hello Edson, what's the output of:
dmesg | grep DENIED
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1571531
Title:
cupsd cause apparmor denials for /etc/ld.so.
301 - 400 of 1548 matches
Mail list logo
