[Touch-packages] [Bug 2067900] Re: apparmor unconfined profile blocks pivot_root
Hi all, what is the latest on this? It appears to not have been fixed in Ubuntu 24.04.1 https://github.com/canonical/lxd/issues/13389#issuecomment-2319129052 ** Bug watch added: github.com/canonical/lxd/issues #13389 https://github.com/canonical/lxd/issues/13389 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2067900 Title: apparmor unconfined profile blocks pivot_root Status in AppArmor: Confirmed Status in apparmor package in Ubuntu: Confirmed Bug description: LXD team have got a report (https://github.com/canonical/lxd/issues/13389) from our user that on the Ubuntu Noble host it's not possible to run Docker containers inside a LXC container. After some investigation, it was discovered that problem connected with AppArmor profile which is shipped by default /etc/apparmor.d/runc (comes from https://git.launchpad.net/ubuntu/+source/apparmor/commit/profiles/apparmor.d/runc?h=ubuntu/noble- devel&id=997aea8111bfa1e03960ae3a40321da73f0a6d96 ) This profile is unconfined and should give all permissions to the runc daemon. But it does not work. Manual adding of "pivot_root," line and executing "systemctl reload apparmor.service" makes it work. After some further investigation it was found that on upstream Linux kernel problem is not reproducible. Our team was able to find a problematic commit: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=dc757a645cfa82f6ac252365df20a36a9ff82760 The following (partial) revert helps to solve the issue on Ubuntu kernel: diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index 74b7293ab971..b12e6bdfefb2 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -678,7 +678,7 @@ static struct aa_label *build_pivotroot(const struct cred *subj_cred, AA_BUG(!new_path); AA_BUG(!old_path); - if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT)) + if (profile_unconfined(profile) || !RULE_MEDIATES(rules, AA_CLASS_MOUNT)) return aa_get_newest_label(&profile->label); error = aa_path_name(old_path, path_flags(profile, old_path), System info: # uname -a Linux ubuntu 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/os-release PRETTY_NAME="Ubuntu 24.04 LTS" To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2067900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
We are rolling out fixes to 5.21/stable for this now (snap refresh lxd --channel=5.21/stable --cohort="+" will get it by bypassing progressive rollout). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8) man:journald.conf(5) Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=243/CREDENTIALS) Main PID: 124 (code=exited, status=243/CREDENTIALS) FD Store: 0 (limit: 4224) × systemd-sysctl.service - Apply Kernel Variables Loaded: loaded (/u
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
Apparmor fixes for running Oracular unprivileged containers from `ubuntu-daily:24.10` are being progressively rolled out to the `latest/stable` channel now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8) man:journald.conf(5) Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=243/CREDENTIALS) Main PID: 124 (code=exited, status=243/CREDENTIALS) FD Store: 0 (limit: 4224) × systemd-sysctl.service - Apply Kernel Variables Loaded: loaded
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
Oracular unprivileged containers should now be working OK in latest/candidate channel. In latest/edge and latest/candidate we have added a vendored version of the apparmor parser (v4.0.2). If our tests pass OK then will proceed to deploy latest/candidate to latest/stable on Monday. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8) man:journald.conf(5) Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=243/CREDENTIALS) Main PID: 124 (code=exited, s
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
OK excellent, so as discussed we'll need to vendor the upstream version of apparmor into the LXD snap (so we don't have to prematurely rush the core24 switch) along with the cherry-picks you identified in the GH issue. I'll work on landing that in latest/edge first and then we can perform an interim release into latest/candidate and latest/stable after that. If there are no issues with that then we can perform the same approach for 5.21/stable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8)
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
As for when it hits stable channels, im assuming the most important ones are latest/stable and 5.21/stable (which is the current lts series). Ill need to check with mihalicyn if the fix relies on a thr lxd snap switching base to core24. If so we've got some more issues to resolve first, but if not it can go into 6.2 and 5.21.3 and i can do an interim cherry pick sooner. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8) man:journald.conf(5) Process: 124 ExecStart=/usr/lib/systemd/
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
I mention it only for the purposes of testing and for keeping this ticket informed, i was not suggesting you run production on latest/edge naturally. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8) man:journald.conf(5) Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=243/CREDENTIALS) Main PID: 124 (code=exited, status=243/CREDENTIALS) FD Store: 0 (limit: 4224) × systemd-sysctl.service - Apply Kernel Variables Loaded: loaded (/usr/
[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers
This is fixed now in latest/edge of lxd for unprivileged containers. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers Status in cloud-images: Confirmed Status in lxd: New Status in lxd package in Ubuntu: Fix Committed Status in samba package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Triaged Bug description: Many units shipped by systemd use credentials in some way by default now (in v256). So this issue is now about much more than the original test case failure. For example, root@oracular:~# apt policy systemd systemd: Installed: 256-1ubuntu1 Candidate: 256-1ubuntu1 Version table: *** 256-1ubuntu1 100 100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 255.4-1ubuntu8 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 -name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo "$service"; done /usr/lib/systemd/system/systemd-sysusers.service /usr/lib/systemd/system/systemd-resolved.service /usr/lib/systemd/system/systemd-firstboot.service /usr/lib/systemd/system/systemd-network-generator.service /usr/lib/systemd/system/systemd-journald.service /usr/lib/systemd/system/systemd-sysctl.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service /usr/lib/systemd/system/systemd-tmpfiles-setup.service /usr/lib/systemd/system/systemd-udev-load-credentials.service /usr/lib/systemd/system/systemd-tmpfiles-clean.service /usr/lib/systemd/system/systemd-networkd.service root@oracular:~# systemctl status systemd-sysusers.service systemd-resolved.service systemd-firstboot.service systemd-network-generator.service systemd-journald.service systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service systemd-udev-load-credentials.service systemd-tmpfiles-clean.service systemd-networkd.service ○ systemd-sysusers.service - Create System Users Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago ├─ ConditionNeedsUpdate=|/etc was not met └─ ConditionCredential=|sysusers.extra was not met Docs: man:sysusers.d(5) man:systemd-sysusers.service(8) × systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 59s ago Invocation: b1aaa662750f48868fe3388e4524c462 Docs: man:systemd-resolved.service(8) man:org.freedesktop.resolve1(5) https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS https://systemd.io/WRITING_RESOLVER_CLIENTS Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, status=243/CREDENTIALS) Main PID: 258 (code=exited, status=243/CREDENTIALS) ○ systemd-firstboot.service - First Boot Wizard Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; static) Active: inactive (dead) Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago └─ ConditionFirstBoot=yes was not met Docs: man:systemd-firstboot(1) ○ systemd-network-generator.service - Generate network units from Kernel command line Loaded: loaded (/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:systemd-network-generator.service(8) × systemd-journald.service - Journal Service Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static) Drop-In: /usr/lib/systemd/system/systemd-journald.service.d └─nice.conf Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 1min 0s ago Invocation: 7caace7a15c749f3a86fb15fcfb94dff TriggeredBy: × systemd-journald-dev-log.socket × systemd-journald.socket ○ systemd-journald-audit.socket Docs: man:systemd-journald.service(8) man:journald.conf(5) Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=243/CREDENTIALS) Main PID: 124 (code=exited, status=243/CREDENTIALS) FD Store: 0 (limit: 4224) × systemd-sysctl.service - Apply Kernel Variables Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static) Active: failed (Result:
[Touch-packages] [Bug 2057927] Re: lxd vga console throws "Operation not permitted" error
Please can you confirm if still an issue on lxd 5.21/stable as this is the current supported version. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2057927 Title: lxd vga console throws "Operation not permitted" error Status in apparmor package in Ubuntu: Confirmed Status in lxd package in Ubuntu: Confirmed Bug description: Since I upgraded to Noble the lxd vga console doesn't work anymore. I am using the lxd latest/stable snap (5.20-f3dd836). When trying to attach a vga console to an lxd vm I get: unshare: write failed /proc/self/uid_map: Operation not permitted It seems to be related to apparmor, I can see a matching DENIAL message in dmesg: [ 4735.233989] audit: type=1400 audit(1710419600.517:300): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=13157 comm="unshare" capability=21 capname="sys_admin" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2057927/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases
I agree with Stéphane, it would be better to get the LXC_DEVEL issue fixed quickly and then deal with the packaging refresh separately. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2039873 Title: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases Status in lxc package in Ubuntu: Confirmed Bug description: [ Impact ] LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release build we should have LXC_DEVEL=0. LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h and then can be (and actually it is) used by other projects to detect if liblxc-dev is a development build or stable. Having LXC_DEVEL=1 makes problems for the users who want to build projects those are depend on liblxc from source (for example, LXD, go-lxc: https://github.com/canonical/lxd/pull/12420). Q: Why it was not a problem for so long? A: Because LXC API was stable for a long time, but recently we have extended liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc was updated too (https://github.com/lxc/go-lxc/pull/166). This change was developed properly to be backward compatible with the old versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro check VERSION_AT_LEAST (https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7) is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release build of LXC. [ Test Plan ] Install liblxc-dev package and check /usr/include/lxc/version.h file LXC_DEVEL should be 0 [ Where problems could occur ] Theoretically, build of a software which depends on liblxc-dev may start to fail if it assumes that LXC_DEVEL is 1. [ Other Info ] - To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I just tried this now on a freshly installed Ubuntu 20.04 with kernel 5.8.0-41-generic and it works great in both Gnome and in Chromium. Happy to mark this resolved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: Confirmed Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I'm running latest HWE kernel on 20.04 (5.4.0-65). If I connect a microphone via USB or the headphone socket then it works (in chromium too). But if I disconnect the microphone then Gnome doesn't detect any built- in microphone. As I've made some changes to my modules settings, I think I'll wipe the system and try it with a fresh install. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: Confirmed Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1893958] Re: [FFe] Please accept iptables 1.8.4-3ubuntu3 switching to nftables backend
LXD depends on the nft tool when iptables-legacy rules are not in use (as the iptables-nft tools do not provide all the functionality it depends on). However the nft tool is bundled in the snap package so this should be fine. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1893958 Title: [FFe] Please accept iptables 1.8.4-3ubuntu3 switching to nftables backend Status in iptables package in Ubuntu: New Bug description: The change is a planned change for this development cycle and the fix has been tested as described in LP: #1887186 and https://lists.ubuntu.com/archives/ubuntu-devel/2020-August/041142.html . Changes: iptables (1.8.4-3ubuntu3) groovy; urgency=medium . * Swap alternative priority and prefer nftables backend over legacy (LP: #1887186) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1893958/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
Ah yeah that could be the issue, is there a legacy package one can install to provide the old API perhaps? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: New Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I tried installing that kernel and rebooting but I get a grub error "cant find command hwmatch" and cannot boot into that kernel. linux-headers-5.6.0-050600rc6_5.6.0-050600rc6.202003200818_all.deb linux-headers-5.6.0-050600rc6-generic_5.6.0-050600rc6.202003200818_amd64.deb linux-image-unsigned-5.6.0-050600rc6-generic_5.6.0-050600rc6.202003200818_amd64.deb linux-modules-5.6.0-050600rc6-generic_5.6.0-050600rc6.202003200818_amd64.deb dpkg -i *.deb Thanks Tom -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: New Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
Thanks Hui, for the quick response. I've installed that package, and indeed, the microphone now works in apps like Audacity. Great. However it still does not work in Chromium in Google Meet, the microphone appears as a device to use, but it shows as "disabled" and so when I unmute in Google Meet it then re-mutes after 2s. In syslog it shows still each time I unmute: Mar 21 18:57:22 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[4806]: [4806:4806:0321/185722.248501:ERROR:pulse_util.cc(300)] pa_operation is nullptr. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: New Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I've tried audacity and firefox too and no sound can be recorded. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: New Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1868330] [NEW] Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
Public bug reported: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work Status in alsa-driver package in Ubuntu: New Bug description: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dm
[Touch-packages] [Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec
I've been able to re-create this using fresh install of Ubuntu 18.04 without using LXC or LXD, but just using network namespaces. Setup 2 namespaces with IPVLAN: ip netns add ns1 ip link add name ipv1 link enp0s3 type ipvlan mode l3s ip link set dev ipv1 netns ns1 ip netns exec ns1 ip addr add 10.1.20.252/32 dev ipv1 ip netns exec ns1 ip link set ipv1 up ip netns exec ns1 ip link set lo up ip netns exec ns1 ip -4 r add default dev ipv1 ip netns add ns2 ip link add name ipv2 link enp0s3 type ipvlan mode l3s ip link set dev ipv2 netns ns2 ip netns exec ns2 ip addr add 10.1.20.253/32 dev ipv2 ip netns exec ns2 ip link set ipv2 up ip netns exec ns2 ip link set lo up ip netns exec ns2 ip -4 r add default dev ipv2 Enter namespace 1 and start a ping to other namespace: sudo ip netns exec ns1 ping 10.1.20.253 Then run tcpdump in namespace 2 listening for all packets without DNS resolution: sudo ip netns exec ns2 tcpdump -i any -nn This doesn't output any captured packets. However running tcpdump with -l (Make stdout line buffered) does help: sudo ip netns exec ns2 tcpdump -i any -nn -l -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1641236 Title: Confined processes inside container cannot fully access host pty device passed in by lxc exec Status in apparmor package in Ubuntu: Confirmed Status in lxd package in Ubuntu: Invalid Bug description: Now that AppArmor policy namespaces and profile stacking is in place, I noticed odd stdout buffering behavior when running confined processes via lxc exec. Much more data stdout data is buffered before getting flushed when the program is confined by an AppArmor profile inside of the container. I see that lxd is calling openpty(3) in the host environment, using the returned fd as stdout, and then executing the command inside of the container. This results in an AppArmor denial because the file descriptor returned by openpty(3) originates outside of the namespace used by the container. The denial is likely from glibc calling fstat(), from inside the container, on the file descriptor associated with stdout to make a decision on how much buffering to use. The fstat() is denied by AppArmor and glibc ends up handling the buffering differently than it would if the fstat() would have been successful. Steps to reproduce (using an up-to-date 16.04 amd64 VM): Create a 16.04 container $ lxc launch ubuntu-daily:16.04 x Run tcpdump in one terminal and generate traffic in another terminal (wget google.com) $ lxc exec x -- tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 47 packets captured 48 packets received by filter 1 packet dropped by kernel Note that everything above was printed immediately because it was printed to stderr. , which is printed to stdout, was not printed until you pressed ctrl-c and the buffers were flushed thanks to the program terminating. Also, this AppArmor denial shows up in the logs: audit: type=1400 audit(1478902710.025:440): apparmor="DENIED" operation="getattr" info="Failed name lookup - disconnected path" error=-13 namespace="root//lxd-x_" profile="/usr/sbin/tcpdump" name="dev/pts/12" pid=15530 comm="tcpdump" requested_mask="r" denied_mask="r" fsuid=165536 ouid=165536 Now run tcpdump unconfined and take note that is printed immediately, before you terminate tcpdump. Also, there are no AppArmor denials. $ lxc exec x -- aa-exec -p unconfined -- tcpdump -i eth0 ... Now run tcpdump confined but in lxc exec's non-interactive mode and note that is printed immediately and no AppArmor denials are present. (Looking at the lxd code in lxd/container_exec.go, openpty(3) is only called in interactive mode) $ lxc exec x --mode=non-interactive -- tcpdump -i eth0 ... Applications that manually call fflush(stdout) are not affected by this as manually flushing stdout works fine. The problem seems to be caused by glibc not being able to fstat() the /dev/pts/12 fd from the host's namespace. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1641236/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
