[Bug 1932537] Re: CUPS + SSSD: cannot access local CUPS web interface with domain user (apparmor problem)
Hi everyone, It would be really nice to have any kind of feedback on this bug report. Is there anything else I can do? Do You need more info? Thanks, Robert -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932537 Title: CUPS + SSSD: cannot access local CUPS web interface with domain user (apparmor problem) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1932537/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
I have successfully tested the libvirt/6.0.0-0ubuntu8.10 packages from focal-proposed as requested. The following packages where upgraded to 6.0.0-0ubuntu8.10: libvirt-clients libvirt-daemon libvirt-daemon-driver-qemu libvirt-daemon-driver-storage-rbd libvirt-daemon-system libvirt-daemon-system-systemd libvirt0 Afterwards I was able to connect to libvirtd with my domain user as expected. FYI: I have opened a separate bug report for cups, since the crashing issue is fixed by this as well: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1932537 Thanks to everyone involved for the quick resolution! ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932537] [NEW] CUPS + SSSD: cannot access local CUPS web interface with domain user (apparmor problem)
Public bug reported: [Summary] My domain user can not access the local CUPS web interface due to apparmor denials. Adding the following two lines to /etc/apparmor.d/local/usr.sbin.cupsd fixes it: /var/lib/sss/pipes/private/pam rw, unix (bind) type=dgram addr=@userdb-*, [Details] I have a (relatively) clean install of Ubuntu 20.04 (no upgrade), which is joined to a Windows AD-domain via sssd, but currently used off site with cached credentials. When I try to log in with my domain user (who is in the lpadmingroup) at the local cups web interface (localhost:631 ...> Add Printer) with the default apparmor config for cupsd I get a: AVC apparmor="DENIED" operation="connect" profile="/usr/sbin/cupsd" name="/var/lib/sss/pipes/private/pam" pid=189759 comm="cupsd" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 This already existed in Bionic and my workaround was to add '/var/lib/sss/pipes/private/pam rw,' to /etc/apparmor.d/local/usr.sbin.cupsd and reload the profile: # echo '/var/lib/sss/pipes/private/pam rw,' > /etc/apparmor.d/local/usr.sbin.cupsd # apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.cupsd This worked in Bionic, but leads to a crash of cupsd in Focal when I try to log in as domain user with a the following log message nearby: AVC apparmor="DENIED" operation="bind" profile="/usr/sbin/cupsd" pid=189759 comm="cupsd" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr="@userdb-7625b1ef65396344ef05f0a8aeda870e" This looks very similar to https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858 , so I applied the same fix and added 'unix (bind) type=dgram addr=@userdb-*,' to /etc/apparmor.d/local/usr.sbin.cupsd: # echo 'unix (bind) type=dgram addr=@userdb-*,' >> /etc/apparmor.d/local/usr.sbin.cupsd # apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.cupsd Which fixed my problem. I am not an expert on apparmor, so I have no idea, if the first line gives too broad permissions. I think that there are two unrelated issues: 1) Cupsd cannot access sssd at all. This already existed in Bionic (but I failed to report the issue -- sorry for that). 2) Once the login succeeds, cups tries to resolve a uid/gid as it isn't known locally. To resolve it it needs to bind a unix socket. See: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/comments/37 I will attach a full log with added comments on what I did. [Infos] 1) lsb_release -rd Description:Ubuntu 20.04.2 LTS Release:20.04 2) apt-cache policy cups-daemon cups-daemon: Installiert: 2.3.1-9ubuntu1.1 Installationskandidat: 2.3.1-9ubuntu1.1 Versionstabelle: *** 2.3.1-9ubuntu1.1 500 500 http://ftp.uni-hannover.de/ubuntu focal-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 100 /var/lib/dpkg/status 2.3.1-9ubuntu1 500 500 http://ftp.uni-hannover.de/ubuntu focal/main amd64 Packages 3) What you expected to happen: Be able to log in at the local cups web interface with my domain user, which is in the lpadmin group 4) What happened instead: Access was denied (asked again for my credentials) ** Affects: cups (Ubuntu) Importance: Undecided Status: New ** Tags: apparmor sssd ** Attachment added: "Syslog of denial, crash and successful login with added comments" https://bugs.launchpad.net/bugs/1932537/+attachment/5505509/+files/journalctl-cleaned-with-comments.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932537 Title: CUPS + SSSD: cannot access local CUPS web interface with domain user (apparmor problem) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1932537/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
Thanks to both of You for figuring out the core of the problem. While I understand the reasoning for preferring solution (b) I would like to examine a strange somehow similar behaviour in cupsd with sssd. (Which - shame on me - I haven't reported yet): We had similar access problems with domain users trying to connect to the CUPS web interface (localhost:631) which was denied by apparmor. I added an exception to allow this, which worked in Bionic, but now in Focal cupsd crashes while trying to enumerate groups, which is disabled in SSSD for our Domain. I hadn't bothered reporting this, since nobody actually uses the cups web interface on a desktop and it's going away in the future anyway (CUPS 2.4 or 3.0 if I remember correctly). I will now examine this, probably open a different bug and report back here shortly. @Christian: Sorry for not replying earlier (I had typed in my reply, but got distracted, so forgot to actually post it). I had tested the package from the PPA and it worked like expected. But that doesn't really matter any more, since we have a better solution now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
Hi Christian, thanks for Your quick reply! This has been lingering for so long and a workaround is available, so no need to hurry. I am just very curious about the real cause for this issue and would prefer a proper solution. :) For now we are using this little drop in /etc/apparmor.d/local/usr.sbin.libvirtd: network unix dgram, followed by 'apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.libvirtd'. All wrapped up in a little Deb-package: https://ubuntu.repo.uni-hannover.de/ubuntu/pool/pub/l/luh-sssd-libvirtd-fix/ Just in case somebody else needs this workaround. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
Hi Christian, thanks for Your quick reply! This has been lingering for so long and a workaround is available, so no need to hurry. I am just very curious about the real cause for this issue and would prefer a proper solution. :) For now we are using this little drop in /etc/apparmor.d/local/usr.sbin.libvirtd: network unix dgram, followed by 'apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.libvirtd' All wrapped up in a nice little Deb-package: https://ubuntu.repo.uni-hannover.de/ubuntu/pool/pub/l/luh-sssd-libvirtd-fix/luh-sssd-libvirtd-fix_0.4_all.deb Just in case somebody else needs this workaround. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "surrounding area from syslog" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503156/+files/syslog-error ** Attachment removed: "systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_before" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503149/+files/systemctl_status_before -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "10) strace -p 11051 2>&1 | tee -a strace_domain_user_network_unix_dgram_success" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503155/+files/strace_domain_user_network_unix_dgram_success -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "8) systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_after_failure" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503154/+files/systemctl_status_after_failure -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "6) strace -p 1246 2>&1 | tee -a strace_domain_user_fail" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503153/+files/strace_domain_user_fail -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "5) systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_after_success" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503152/+files/systemctl_status_after_success -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "3) strace -p 1246 2>&1 | tee -a strace_local_user_success" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503151/+files/strace_local_user_success -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
** Attachment added: "systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_before" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503150/+files/systemctl_status_before -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected
Hi Christian, we noticed this problem on several of our machines, so I would like to give this bug report another try. ;) I have a (relatively) clean install of Ubuntu 20.04 (no upgrade), which is joined to a Windows AD-domain via sssd, but currently used off site with cached credentials. My domain user experiences the problem, but any local user doesn't. I have checked with three different local users: the admin created during install, a new ordinary user, and another new one with the nonstandard HOME directory /home/TEST/tester1. All users were members of the libvirt group, the domain user is also in adm sudo users lpadmin. The 'network unix dgram' entry "fixes" the problem for my domain user. The problem was also reproduceable on a fresh install after domain join with a domain user. Here is what I did: 1) normal startup with default profile 2) get sockets status: - systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_before 3) run strace in the pid of libvirtd: - systemctl status libvirtd - strace -p 1246 2>&1 | tee -a strace_local_user_success 4) try to connect al local user -> success: - virsh list Id Name State 5) get sockets status: - systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_after_success 6) stop strace and restart for next try: - strace -p 1246 2>&1 | tee -a strace_domain_user_fail 7) try to connect as domain user -> failure: - virsh list error: failed to connect to the hypervisor error: End of file while reading data: Eingabe-/Ausgabefehler 8) get sockets status: - systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_after_failure 9) add 'network unix dgram,' to /etc/apparmor.d/usr.sbin.libvirtd and apply changes: - vim /etc/apparmor.d/usr.sbin.libvirtd - diff /etc/apparmor.d/usr.sbin.libvirtd{,.orig} 42d4 < network unix dgram, 10) run strace on the new process: - systemctl status libvirtd - strace -p 11051 2>&1 | tee -a strace_domain_user_network_unix_dgram_success 11) try again as domain user -> success: - virsh list Id Name State 12) get surrounding area from syslog: - grep 'Jun 8 14:5\(7\|8\|9\)' /var/log/syslog > syslog-error I will upload all of the mentioned log files. If You need enything else, please let me know. I am really curious about the reason and the real fix for this issue. ** Attachment added: "systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_before" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+attachment/5503149/+files/systemctl_status_before -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890858 Title: AppArmor profile causes QEMU/KVM - Not Connected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1073138] Re: Unattended-Upgrade::Allowed-Origins should be replaced by Unattended-Upgrade::Origins-Pattern
Please change this config for the next ubuntu release! ** Changed in: unattended-upgrades (Ubuntu) Status: Triaged => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1073138 Title: Unattended-Upgrade::Allowed-Origins should be replaced by Unattended- Upgrade::Origins-Pattern To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1073138/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1073138] Re: Unattended-Upgrade::Allowed-Origins should be replaced by Unattended-Upgrade::Origins-Pattern
Hi all, especially Michael Vogt, while I can understand that You don't want do change the config during a release, I can not see any reason why it is still not changed for *new releases* of ubuntu. The bug report is 8 years old by now. There is no advantage of keeping "Allowed-Origin", but many problems have been pointed out. One more: i think it's impossible to configure "just upgrade everything without asking". So please change this config for the next ubuntu release! Thanks and regards, Robert -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1073138 Title: Unattended-Upgrade::Allowed-Origins should be replaced by Unattended- Upgrade::Origins-Pattern To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1073138/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731628] Re: Cannot add caldav calendar
This is really sad. This app is completely broken and nobody cares. This is supposed to be a Long Time *Support* release and the problem was not fixed, even though in was known in the alpha stage. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731628 Title: Cannot add caldav calendar To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-calendar/+bug/1731628/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1644428] Re: Unable to log in with AD account after update
Thanks for the quick action! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644428 Title: Unable to log in with AD account after update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1644428/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
The xenial package for libpam-winbind from -proposed is broken as well. So I recommend stopping it before it gets to -updates (or whatever). I will not check the package for yaketty, but I don't see why it should be working when trusty and xenial are broken. Is there anything I can do to help debugging the problem? Reverting the patch 'fixes' my problem, but does not really solve the original issue. Regards, Robert Euhus -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/var/log/samba/log.wb-MYAD" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783094/+files/log.wb-MYAD -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/var/log/samba/log.winbindd" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783093/+files/log.winbindd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
Here is the relevant part from auth.log, which imho has a misleading error message. ** Attachment added: "/var/log/auth.log" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783092/+files/auth.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/etc/nsswitch.conf" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783062/+files/nsswitch.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
Our setup is the following: - The ubuntu client is joined to a MS-AD-Domain (called 'MYAD' here) - Users from the domain can log via winbind using their domain credentials - Winbind is set up to use cached logins (which I think is irrelevant here) - nsswitch uses compat first, winbind then I will attach the corresponding config files. Yours, Robert Euhus ** Attachment added: "Samba/Winbind config file /etc/samba/smb.conf" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783042/+files/smb.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/etc/pam.d/common-password" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783048/+files/common-password -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/etc/pam.d/common-session" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783046/+files/common-session -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/etc/pam.d/common-auth" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783044/+files/common-auth -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/etc/pam.d/common-account" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783045/+files/common-account -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
** Attachment added: "/etc/security/pam_winbind.conf" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4783043/+files/pam_winbind.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
I have not had the time yet to check the libpam-winbind module in xenial. But since the patch looks identical from the first look, You might want to delay it's migration from -proposed until someone has checked that the module is still working. I'll try to find time for this tomorrow, but it's not my highest priority, since we have migrated to sssd for xenial. Regards, Robert Euhus -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1644428] Re: Unable to log in with AD account after update
Is there any way I can help debugging this problem? I have no idea how to find out, what exactly is missing from the pam_winbind.so module. But I'm willing to learn! :) I have no problem rebuilding packages to try out patches, or reinstalling from scratch. Please also let me know if You need any other info or logfiles. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644428 Title: Unable to log in with AD account after update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1644428/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
Hello, this change breaks PAM authentification via libpam-winbind completely in trusty. I have just checked it with a fresh install. https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1644428 Have you tried using libpam-winbind after making this change? Regards, Robert Euhus -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1644428] Re: Unable to log in with AD account after update
I think the error message in the log is misleading. the problem is definitely not that /lib/security/pam_winbind.so is missing, since this file did not exist in 4.3.11+dfsg-0ubuntu0.14.04.1 which worked. The module is in the same place as before: /lib/x86_64-linux- gnu/security/pam_winbind.so But instead I think that something went wrong with the statically linking patch which was the only change introduced there: http://launchpadlibrarian.net/294673937/samba_2%3A4.3.11+dfsg-0ubuntu0.14.04.1_2%3A4.3.11+dfsg-0ubuntu0.14.04.2.diff.gz Regards, Robert Euhus -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644428 Title: Unable to log in with AD account after update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1644428/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1644428] Re: Unable to log in with AD account after update
Sorry, forgot the link to the bug which caused this change: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1644428 Title: Unable to log in with AD account after update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1644428/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
This is unbelieveable: - Ubuntu Xenial is shipping new broken kernels with a known REGRESSION ! - For more than two weeks a fix is known and "InProgress" (whatever this means). That does however not prevent new broken kernels from being released (4.4.0-42 and 4.4.0-43). - Moreover all of these broken kernels have never gone through -proposed. Isn't this what -proposed is supposed to be for?!? - For about a day a fixed and approved kernel (4.4.0-44) has finally made it to -proposed. But this again does not prevent another broken kernel (4.4.0-45) to be released directly, without going through -proposed. - And to top it all, the git repo does not seem to be up to date. git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git I am really pissed! Robert -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629204 Title: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
The -proposed kernel works for me and fixes the problem. Thanks! Robert -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629204 Title: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
I really don't understand what's going on here. It's been another 6 days now. There has been another (broken) kernel update for xenial (4.4.0-43) which did not include this fix, and which also did not go through -proposed. Instead xenial-proposed is still at at 4.4.0-41, which is broken as well. Two "stable" kernel updates with a known regression and a simple fix. How is this possible? And how does this fit with xenial being an LTS-Release? This really ain't funny any more! For now I have build the packages with the fix applied for amd64 and I'll try to keep up with new broken kernels. In case anybody else needs them: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 89C9B5AE sudo apt-add-repository -u 'http://ubuntu.repo.uni-hannover.de/ubuntu xenial pub' Or get the key from here: http://ubuntu.repo.uni-hannover.de/ubuntu/luh-deb-repo.gpg.key Regards, Robert -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629204 Title: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
I am very disappointed that another broken "stable" kernel (4.4.0-42.62) was just released for xenial, even though this problem and the fix have been known for about a week! Why? What can I do to speed up the progress? I really need a working kernel on xenial! Or do I have to build it myself and roll it out to our systems? Thanks, Robert. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629204 Title: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
Just a note: 4.4.0-41.61 from xenial-proposed is still broken. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629204 Title: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
I can confirm that the 0001-autofs4-Use-real_cred-for-uid-gid-in- packets.patch fixes the problem. I have tried the kernel located here: http://people.canonical.com/~sforshee/lp1629204/ And I have also applied the patch an top of the 4.4.0-38 kernel (commit be687e48ba9778ab2f28513bd50e1b274ba31f68) this fixes the problem there as well. Please release a fixed kernel for xenial asap! Thanks to everyone involved. Regards Robert. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629204 Title: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
*** This bug is a duplicate of bug 1629204 *** https://bugs.launchpad.net/bugs/1629204 This bug seems like a duplicate of this one filed moments beforem mine: http://bugs.launchpad.net/bugs/1629204 The came to the same conclusion. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
Tim - thanks for that advice! Now I'm finally there: git bisect good ca6fe3344554d31ac9c0f7e2e6be490c2d5d501f is the first bad commit commit ca6fe3344554d31ac9c0f7e2e6be490c2d5d501f Author: Eric W. BiedermanDate: Tue Sep 6 09:32:01 2016 -0500 fs: Call d_automount with the filesystems creds BugLink: http://bugs.launchpad.net/bugs/1612135 Seth Forshee reported a mount regression in nfs autmounts with "fs: Add user namespace member to struct super_block". It turns out that the assumption that current->cred is something reasonable during mount while necessary to improve support of unprivileged mounts is wrong in the automount path. To fix the existing filesystems override current->cred with the init_cred before calling d_automount and restore current->cred after d_automount completes. To support unprivileged mounts would require a more nuanced cred selection, so fail on unprivileged mounts for the time being. As none of the filesystems that currently set FS_USERNS_MOUNT implement d_automount this check is only good for preventing future problems. Fixes: 6e4eab577a0c ("fs: Add user namespace member to struct super_block") Tested-by: Seth Forshee Signed-off-by: "Eric W. Biederman" (backported from commit aeaa4a79ff6a5ed912b7362f206cf8576fca538b) Signed-off-by: Seth Forshee Acked-by: Stefan Bader Acked-by: Colin King Acked-by: Brad Figg Signed-off-by: Tim Gardner :04 04 3b16a342088c0cfead081f63bc7fe9bed93bcf00 2634a48c59a1c6b313be2d8406644fd9d0e18a60 M fs ** Attachment added: "Git bisect log showing leading to the first bad commit." https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+attachment/4756633/+files/git_bisect_log_final -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
Thanks for the offer Joseph! I have read your answer a bit late, so I am already on my 9th kernel (all good so far). The docs were quite good and I have wanted to try out "that bisect thing" for quite a while :) (It's just a bit annoying that it takes about half an hour to compile on a i5-6500 with 16G RAM. I had expected a bit less.) But now I have run into the problem, that I cannot build the current bisect point. I have cloned the kernel repo via git clone git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git I have attached the git bisect log up to the current point. When the compile is just about to be finished it fails with: EE: 36 symbols changed hash and weren't ignored II: Module hash change summary... vmlinux : 36 II: Done debian/rules.d/4-checks.mk:3: die Regel für Ziel „abi-check-generic“ scheiterte make: *** [abi-check-generic] Fehler 1 Sorry it's in German, I can redo it in english. I will attach a longer trace. I have always compiled doing a clean first: fakeroot debian/rules clean && fakeroot debian/rules binary-headers binary-generic So how do I go on from here? ** Attachment added: "git bisect log" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+attachment/4755113/+files/git_bisect_log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
** Attachment added: "The current git status" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+attachment/4755115/+files/git_status -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
** Attachment added: "longer trace of the build error" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+attachment/4755114/+files/build-error.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
** Tags added: kernel-bug-exists-upstream ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] Re: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
Hi Joseph, yes, the problem started directly after the recent upgrade to linux- image-4.4.0-38-generic. I have never encountered this bug before, I know for certain that 4.4.0-36 works fine (as I have said before). Versions 4.4.0-34 and 4.4.0-22 are also without a problem. The mainline kernel shows the same problem; I have tried: linux-image-4.8.0-040800-generic_4.8.0-040800.201610022031_amd64.deb v4.8 (c8d2bc9bc39ebea8437fd974fdbc21847bb897a3) To me it looks like this bug was introduced between 4.4.0-36 and 4.4.0-38. I will try bisecting these versions following the instructions in the Wiki. Regards, Robert -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1629205] [NEW] regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user
Public bug reported: Running with linux-image-4.4.0-38-generic autofs is not working properly anymore: when I try to access a autofs-monitored folder as normal user "joe" the environment variable $AUTOFS_USER inside the auto mounter map script is set to "root" instead of the user "joe". A little background information: in our setup the autofs master map /etc/auto.master contains a line: /mnt/cifs /etc/auto.cifs-shares --timeout=300 --verbose The script /etc/auto.cifs-shares contains for debugging purposes the lines: DEBUG=true $DEBUG && logger -p debug -- "$0: running 'env|grep AUTOFS':" $DEBUG && logger -p debug -- "$(env|grep AUTOFS)" and if test "$1" = "$AUTOFS_USER" ; then ## First generate automount map [..] else logger -p debug -- "$0: Error: User '$AUTOFS_USER' tried to access wrong directory '$1'" fi Which yields to the following errors in the logs: Sep 29 17:03:20 pcXX root[7613]: AUTOFS_SHOST=pc203re3 AUTOFS_HOME=/root AUTOFS_GID=0 AUTOFS_UID=0 AUTOFS_GROUP=root AUTOFS_USER=root Sep 29 17:03:20 pcXX root[7614]: /etc/auto.cifs-shares: Error: User 'root' tried to access wrong directory 'joe' Sep 29 17:03:20 pcXX automount[7557]: lookup(program): lookup for joe failed Sep 29 17:03:20 pcXX automount[7557]: failed to mount /mnt/cifs/joe So for some reason autofs with this kernel gets the environment variables wrong. Running an older Kernel like linux-image-4.4.0-36-generic does not show this problem and the cifs shares work as expected. other Info: lsb_release -rd Description:Ubuntu 16.04.1 LTS Release:16.04 uname -r 4.4.0-38-generic If you need any further info or testing, please let me know. Thanks, Robert Euhus ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-38-generic 4.4.0-38.57 ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 Uname: Linux 4.4.0-38-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: euhus 1711 F pulseaudio CurrentDesktop: GNOME Date: Fri Sep 30 09:36:31 2016 HibernationDevice: RESUME=UUID=1aae5293-ed3d-4dae-a8b5-54d831262f4a IwConfig: lono wireless extensions. enp0s31f6 no wireless extensions. MachineType: Dell Inc. OptiPlex 5040 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-38-generic root=UUID=adae86bf-dc79-4962-aa5f-41a1a037c8ec ro quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-38-generic N/A linux-backports-modules-4.4.0-38-generic N/A linux-firmware1.157.3 RfKill: 0: hci0: Bluetooth Soft blocked: no Hard blocked: no SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2016 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.2.7 dmi.board.name: 0R790T dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 3 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.2.7:bd01/15/2016:svnDellInc.:pnOptiPlex5040:pvr:rvnDellInc.:rn0R790T:rvrA00:cvnDellInc.:ct3:cvr: dmi.product.name: OptiPlex 5040 dmi.sys.vendor: Dell Inc. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1629205 Title: regression: with linux-image-4.4.0-38-generic autofs tries to acess folders as root instead of the user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1629205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1440608] Re: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one
Jarno Suni, thanks for the reply. First I would like to stress, that I still don't think that running all the KERNELS postINSTALL hooks while REMOVING the -extra package is the right thing todo. The only thing I can see that is really needed is the recreation of the initrd on installation and revmoval of that package (please correct me if I'm wrong!). So I think this is the only thing that should be done. Even recreating the GRUB config is unnessecary and a waste of time. So working around this in the /etc/kernel/postinst.d/apt-auto-removal script is imho not the right way to do this. That being said, this seems like the only available option right now. I have taken a closer look at your "Fixed again" script and made some adjustments (comparing with apt 1.0.1ubuntu2.10 from 14.04): - The version you have uploaded does not run properly, because some backslash-escapes for line breaks are missing (leading to "broken pipe" error). - In the check if the kernel given in argument is desired to be removed the "exit" from the awk statement causes another broken pipe if the match is not the last kernel. It is not needed, so I removed it. - The awk regex for creating the "list" of installed kernel versions is wrong ( only ' ' instead of '[ ]+' ), so the list is always empty. I don't see the advantage of using DPKG_QUERY here compared to the original which just uses DPKG. So to keep changes minimal I have reverted it to the old version. - The shortened check if we have more than two kernels to keep already may lead to keeping one more kernel (3 in total) than in the original, which is fine by me. - Again to keep changes (diff) minimal I have reordered the versions for the "kernel" variable like they are in the original. - The use of dpkg-query looks somehow awkward to me (but maybe it's just me). I'll attach my updated version of the /etc/kernel/postinst.d/apt-auto- removal script I have just run a few tests and it seems to work better than the original for now. I'll do some more testing right now. Regards, Robert. ** Attachment added: "updated /etc/kernel/postinst.d/apt-auto-removal script" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1440608/+attachment/4551868/+files/apt-auto-removal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1440608 Title: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1440608/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1440608] Re: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one
Hi all, sorry, the apt-auto-removal script attached above contained some debug echo statements. Which were harmless, but unnessecary. Testing and thinking a bit more about the problem I have come to the conclusion, that upon removal of a linux-image-extra package the only right thing to do is not to touch the list of kernels not for auto- remove (/etc/apt/apt.conf.d/01autoremove-kernels) at all. We should just leave it the way it is. Reasoning: consider the following example: - We have linux-image{,-extra}-1, linux-image{,-extra}-2 and linux-image{,-extra}-3 installed. - We now remove linux-image-extra-2 ; now we have two possible cases: - a) linux-image-2 is not going to be removed, so we should not remove it from the list - b) linux-image-2 is removed afterwards, in which case it would not matter, if we had removed it from the list. Either way we have no way of knowing what will happen to the linux-image-2 package, while we are removing the linux-image-extra-2 package. So the only sensible thing is imho not touching the list in this case at all. This is what the updated script in my attachment does now. Moreover, looking at this case from another perspective, it looks like it would be a good thing to recreate the list at the time of the removal of the linux-image-2 package! At this point it would be nice to prevent linux-image-3 AND linux-image-1 from being auto-removed later on. but this would be another bug report, I guess. Even even updating this list upon installation of an linux-image-extra package is questionable, since again we have no way of knowing, what the user had in mind. Of course, the linux-image needs to be installed (since it is a dependency), but maybe we are just installing all the -extra packages for all the installed kernels? It probably doesn't do too much harm in this case, but it is not very useful either. I think, that this shows again, that executing all of the kernel-post- install hooks while acting on the rather unrelated -extra package is not the best way. Since recreating the initrd is the only thing we need, this is the only thing we should do on installation and removal of the -extra package! So I see the updated /etc/kernel/postinst.d/apt-auto-removal script in the attachment not really as a solution to this problem, but more as a workaround for the broken linux-image-extra package install- and remove- hooks. Regards, Robert. ** Attachment added: "updated /etc/kernel/postinst.d/apt-auto-removal script to exit on removal of image-extra package" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1440608/+attachment/4551880/+files/apt-auto-removal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1440608 Title: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1440608/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1375310] Re: Removing linux-image-extra-X-generic deletes initramfs
@ Andy Whitcroft: - in the commit d7235802d7735e53936c5ccfbe9e071021b394fb you write regarding linux-image-extra: "As it also depends on linux-image we know that linux-image will have been installed before it, and will be removed after it." The last part is not correct. We have no way of knowing, if the linux-image will be removed as well. Please see https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1440608/comments/37 for a more detailed reasoning. Since all we need on installation and removal of linux-image-extras is a rebuild of the corresponding version of the initrd, I would say this is all we should do. And not abuse and run all of the kernel post-install hooks on both occasions. At least on my systems I don't see any good reason to run any of the other hooks. Please see the attached patch for the postinst and postrm hooks for the -extra package. Regards, Robert. ** Patch added: "Updated postinst and postrm hooks for -extra package to only recreate the initrd" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1375310/+attachment/4551893/+files/update-only-initrd-for-extra-package.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1375310 Title: Removing linux-image-extra-X-generic deletes initramfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1375310/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1440608] Re: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one
** Also affects: linux-meta (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1440608 Title: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1440608/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1440608] Re: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one
The problem is that on purge/removal the linux-image-extra package runs all the kernel post-*install*-hooks in /etc/kernel/postinst.d (as its postrm hook), including the /etc/kernel/postinst.d/apt-auto-removal hook. The 'to-be-removed'-version of the kernel is given as an argument and thereby added to the list /etc/apt/apt.conf.d/01autoremove-kernels of kernels which shall not be autoremoved. Which at this point is clearly wrong, since we are probably just right now removing the respective kernel (linux-image) version as well. This bug was introduced as a fix to #1375310 (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1375310). A fix is not so obvious for me, as running some /etc/kernel/postinst.d/ hooks might be required upon removal of a specific version of the linux- extra-image, if the corresponding linux-image package is not going to be removed. But just running blindly all kernel-postinst hooks on removal of a package does not really seem like a good idea to me. Regards, Robert. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1440608 Title: /etc/kernel/postinst.d/apt-auto-removal wants to remove all kernels except the latest one To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1440608/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1375310] Re: Removing linux-image-extra-X-generic deletes initramfs
The fix of running all the kernel-post-install hooks on removal of a linux-image-extra package causes another bug (#1440608) with the autoremoval feature. Please see my comment on https://bugs.launchpad.net/bugs/1440608 . -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1375310 Title: Removing linux-image-extra-X-generic deletes initramfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1375310/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
Hi Chris and everyone involved, I can confirm, that this new package from trusty-proposed fixes the problem. Users with a higher UID (e.g. 101125 here) are shown and 'nobody' is hidden. I have just tested this on a fresh install of trusty Xubuntu with the proposed repository enabled as described in https://wiki.ubuntu.com/Testing/EnableProposed Just for completeness, here is a list of the installed package versions from apt-cache policy: accountsservice: Installiert: 0.6.35-0ubuntu7.1 Installationskandidat: 0.6.35-0ubuntu7.1 Versionstabelle: *** 0.6.35-0ubuntu7.1 0 400 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ trusty-proposed/main amd64 Packages 100 /var/lib/dpkg/status 0.6.35-0ubuntu7 0 500 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ trusty/main amd64 Packages libaccountsservice0: Installiert: 0.6.35-0ubuntu7.1 Installationskandidat: 0.6.35-0ubuntu7.1 Versionstabelle: *** 0.6.35-0ubuntu7.1 0 400 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ trusty-proposed/main amd64 Packages 100 /var/lib/dpkg/status 0.6.35-0ubuntu7 0 500 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ trusty/main amd64 Packages Thanks a lot to everyone involved! I just hope this arrives in trusty- updates soon :-) Yours, Robert ** Tags removed: verification-needed ** Tags added: trusty verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
Robert, if I found the correct sources, then I Ithink something went very wrong with your patch for trusty: I found sources for version 0.6.35-0ubuntu7.1 here: https://launchpad.net/ubuntu/trusty/+queue?queue_state=1 , namely: http://launchpadlibrarian.net/179519600/accountsservice_0.6.35-0ubuntu7.1.dsc http://launchpadlibrarian.net/179519599/accountsservice_0.6.35-0ubuntu7.1.debian.tar.xz http://launchpadlibrarian.net/179519598/accountsservice_0.6.35.orig.tar.gz and the diff: http://launchpadlibrarian.net/179519604/accountsservice_0.6.35-0ubuntu7_0.6.35-0ubuntu7.1.diff.gz As one can already guess from the diff, this is not only the patch mentioned above, but quite a lot of aclocal/m4 files were simply removed from the sources. This leads to build errors as you can see from the attached log excerpt from a pbuilder run. The old version accountsservice_0.6.35-0ubuntu7 compiles without any problems, but the new one just doesn't. compile at all. Please correct this. ** Attachment added: accountsservice_0.6.35-0ubuntu7.1 compile error log from pbuilder run https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+attachment/4149529/+files/accountsservice-0.6.35-0ubuntu7.1_pbuilder-error.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
After some more search I found that the original gzipped tar archive that is referenced in your new version accountsservice_0.6.35-0ubuntu7.1.dsc differs a lot from the xz-compressed original tar used by the old trusty version: https://launchpad.net/ubuntu/+archive/primary/+files/accountsservice_0.6.35.orig.tar.xz This is exactly the difference seen in the diff mentioned above. In the attached accountsservice_0.6.35-0ubuntu7.1.dsc I have just replaced all references to the dubios accountsservice_0.6.35.orig.tar.gz by the corresponding lines for accountsservice_0.6.35.orig.tar.xz as found in https://launchpadlibrarian.net/162749972/accountsservice_0.6.35-0ubuntu7.dsc (and removed the pgp signature). With this change the packag compiles cleanly and works as expected. @Robert: please use the working original tar.xz from the old package and repost the patch. Thanks. ** Attachment added: accountsservice_0.6.35-0ubuntu7.1.dsc with corrected accountsservice_0.6.35.orig.tar.xz https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+attachment/4149542/+files/accountsservice_0.6.35-0ubuntu7.1.dsc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
I have attached the backported patch of the changes from the above mentioned 0.6.37-1ubuntu4 and 0.6.37-1ubuntu5 to trusty's 0.6.35-0ubuntu5 accountsservice. This needs to be put into the debian/patches/ directory and added to debian/patches/series and debian/patches/ubuntu.series I have successfully built and tested packages with this using pbuilder. btw: I think the 2003-dont-use-max_uid-from-login.defs.patch should be removed from the debian/patches/ directory in trusty, since it is not used there. @Robert: would You please build and upload an official package for trusty? ** Patch added: backport of MAX_UID and nobody patches to trusty https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+attachment/4144540/+files/2003-dont-use-max_uid-from-login.defs.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
This seems to lead into the right direction - my user account ist classified as 'SystemAccount': root@pc220hh2:~# for i in 1000 101265 101125 101139; do gdbus call --system --dest org.freedesktop.Accounts --object-path /org/freedesktop/Accounts/User$i --method org.freedesktop.DBus.Properties.GetAll org.freedesktop.Accounts.User|sed -e 's/),/),\n/g;s/,/,\n/g'|grep SystemAccount; done 'SystemAccount': false, 'SystemAccount': false, 'SystemAccount': true, 'SystemAccount': false, But why? I will attach the full info for this user. ** Attachment added: accounts-daemon info for user 101125 https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+attachment/4143755/+files/accountsservice-user101125 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
Thanks to the hint from Robert, I finally found a solution for my user to be listed again: There actually seems to be a method for setting the account type in the interface of org.freedesktop.Accounts.User, namely 'SetAccountType(in i accountType);' but I could not find a list of valid values for accountType. So I just uncached and then (re-)cached the user: gdbus call --system --dest org.freedesktop.Accounts --object-path /org/freedesktop/Accounts --method org.freedesktop.Accounts.UncacheUser euhus () gdbus call --system --dest org.freedesktop.Accounts --object-path /org/freedesktop/Accounts --method org.freedesktop.Accounts.CacheUser euhus (objectpath '/org/freedesktop/Accounts/User101125',) Now the 'SystemAccount' property is set to false and the user is shown in the login window. But I still have no idea, why this account was ever marked as system account. What stil remains to be done is release a fix for the currently stable (and even LTS-) release. P.S.: to find out about the available methods etc. I used: gdbus introspect --system --dest org.freedesktop.Accounts --object-path /org/freedesktop/Accounts --recurse | less -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
Poking around a bit further it seems like the 'SetAccountType(in i accountType);' method mentioned above can take only values of 0 and 1 (which I would rather regard as boolean, than integer) and changes only the 'AccountType' property of that user. This property seems different from the SystemAccount property. I have no idea what the AccountType means, but i noticed that it is set to 1 for my local user and to 0 for the domain/winbind users. On the other hand, there is another special boolean property called LocalAccount ... oh well, who needs docs anyway? So to me it looks like there is no way to correct the wrongly detected SystemAccount property for a user, but to Uncache and then Cache this user. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
I have just tried the 0.6.37-1ubuntu5 versions for Utopic and they kinda work as expected.: - I can see users with UID 6 - 'nobody' is not listed anymore BUT: after some fiddling, one user (with uid 101125) is not shown any longer in the Lightdm login window (even after reboot), but when I query the accounts-daemon via dbus the user does show up: # qdbus --system org.freedesktop.Accounts / /org /org/freedesktop /org/freedesktop/Accounts /org/freedesktop/Accounts/User101265 /org/freedesktop/Accounts/User101139 /org/freedesktop/Accounts/User101125 /org/freedesktop/Accounts/User1000 I have previously had the same problem with the normal trusty-Packages and the raised UID_MAX limit. But back then I didn't investigate, but just reinstalled. Is there any other place where usernames are removed from the list shown in lightdm? Could this be the same problem why Jan does not see his user? For now I will not touch this system so I can do some further testing. Some Background info: all users above 10 are domain users mapped by winbind. The only difference I can see between the user not showing up and the others is that the former was added to some local groups. But removing him from theese groups did not help, so I think it's not related. @Robert - thanks for the hints, too bad that such a central component is documented so poorly :-( I just had to figure out that the accounts-daemon seems to take some time to start up: after the killall only the second qdbus query gives results - I tried to backport your changes from /debian/patches/0020-support-login.defs.patch in accountsservice_0.6.37-1ubuntu5 to the /debian/patches/2001-filtering_out_users.patch in trustys accountsservice_0.6.35-0ubuntu7 only to find out that this is not used at all. I found the /debian/patches/ directory quite crowded (messy?). Maybe I'll try again tomorrow. Could you please provide a backport of these patches for trusty? Thanks a lot. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with UID 60000 are invisible in login and Settings-User unless /etc/login.defs updated
I was not yet able to test the fix mentioned above. But I noticed that with my workaround the user nobody (uid 65534) is listed as in lightdm. It is listed by accountsservice if I query it via dbus: root@pc:~/tmp# qdbus --system org.freedesktop.Accounts / /org /org/freedesktop /org/freedesktop/Accounts /org/freedesktop/Accounts/User65534 [..] /org/freedesktop/Accounts/User1000 Hopefully this has been taken care of in the patched version? I'll try to test the utopic version tomorrow. @Robert Ancell: 1. is this the correct way to restart the accountsservice?: /usr/lib/accountsservice/accounts-daemon --replace 2. I couldn't find a lot of documentation for accountsservice could you give me a hint for a good start? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with UID 6 are invisible in login and Settings-User unless /etc/login.defs updated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with big UID are invisible in login and Settings-User
** Also affects: lightdm Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with big UID are invisible in login and Settings-User To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with big UID are invisible in login and Settings-User
** Also affects: gnome-system-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with big UID are invisible in login and Settings-User To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1290785] Re: Users with big UID are invisible in login and Settings-User
I am using fresh install of Xubuntu 14.04 and I have a slightliy different behaviour than what is described above: 1. create a user with uid = 60001 (e.g change uid for an existing user in extended settings from users-admin dialog) - Result: The user is neither shown in the users-admin dialog, nor in lightdm-greeter, but can of course still log in manually. 2. in /etc/login.defs set UID_MAX= - Result: the user *is* shown in users-admin dialog and after *reboot* the user also *reappears* in the lightdm-greeter - Note: a simple 'service lightdm restart' was not enough, I had to do a full reboot! So for me changing the UID_MAX in login.defs is a usable workaround, but it definitely should be documented, at least in the users-admin gui. Also a short note about the dropped users and a hint to the woraround (solution?) should be shown in the lightdm-logs. Warning: I don't know yet, whether this setting in login.defs has some other security implications. I just noticed that there is a couple of new setting files concerning id ranges for subordinate user ids (e.g. /etc/subuid), which use some uids in distances of 65535. Sadly even after searching for quite a while I still don't have a clue what they are for. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290785 Title: Users with big UID are invisible in login and Settings-User To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1290785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1123096] [NEW] k3b should depend on udisks, otherwise: No optical drive found.
Public bug reported: I am using Xubuntu 12.10 and I installed k3b, but when run it only says No optical drive found. K3b did not find any optical device in your system. So it's pretty useless as a CD/DVDD-bruning application. In the terminal I get : QStringList Solid::Backends::UDisks::UDisksManager::allDevicesInternal() error: org.freedesktop.DBus.Error.ServiceUnknown Which led me to install the package udisks and everything ist fine. Further investigation shows: k3b depends on libsolid4 which in turn only recommends udisks. Since libsolid4 was already installed previously without recommends udisks was not installed. Solution: installing udisks fixed the problem. Additional info: 1) lsb_release -rd Description:Ubuntu 12.10 Release:12.10 2) apt-cache policy k3b libsolid4 k3b: Installiert: 2.0.2-5ubuntu1 Kandidat:2.0.2-5ubuntu1 Versionstabelle: *** 2.0.2-5ubuntu1 0 500 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ quantal/universe amd64 Packages 100 /var/lib/dpkg/status 3) What you expected to happen: have k3b find the optical drives so that I can burn a CD. 4) What happened instead: k3b did not find any optical drives. Instead it showed a System Configuration Problem: No optical drive found. K3b did not find any optical device in your system. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: k3b 2.0.2-5ubuntu1 ProcVersionSignature: Ubuntu 3.5.0-23.35-generic 3.5.7.2 Uname: Linux 3.5.0-23-generic x86_64 ApportVersion: 2.6.1-0ubuntu10 Architecture: amd64 Date: Tue Feb 12 14:54:19 2013 MarkForUpload: True SourcePackage: k3b UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: k3b (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug quantal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1123096 Title: k3b should depend on udisks, otherwise: No optical drive found. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/k3b/+bug/1123096/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1123096] Re: k3b should depend on udisks, otherwise: No optical drive found.
** Description changed: - I am using Xubuntu 12.10 and I installed k3b, but when run it only says No optical drive found. K3b did not find any optical device in your system. So it's pretty useless as a CD/DVDD-bruning application. + I am using Xubuntu 12.10 and I installed k3b, but when run it only says No optical drive found. K3b did not find any optical device in your system. So it's pretty useless as a CD/DVD-burning application. In the terminal I get : QStringList Solid::Backends::UDisks::UDisksManager::allDevicesInternal() error: org.freedesktop.DBus.Error.ServiceUnknown - Which led me to install the package udisks and everything ist fine. + Which led me to install the package udisks and everything is fine. Further investigation shows: k3b depends on libsolid4 which in turn only recommends udisks. Since libsolid4 was already installed previously without recommends udisks was not installed. Solution: installing udisks fixed the problem. Additional info: 1) lsb_release -rd Description:Ubuntu 12.10 Release:12.10 2) apt-cache policy k3b libsolid4 k3b: - Installiert: 2.0.2-5ubuntu1 - Kandidat:2.0.2-5ubuntu1 - Versionstabelle: - *** 2.0.2-5ubuntu1 0 - 500 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ quantal/universe amd64 Packages - 100 /var/lib/dpkg/status + Installiert: 2.0.2-5ubuntu1 + Kandidat:2.0.2-5ubuntu1 + Versionstabelle: + *** 2.0.2-5ubuntu1 0 + 500 ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu/ quantal/universe amd64 Packages + 100 /var/lib/dpkg/status 3) What you expected to happen: have k3b find the optical drives so that I can burn a CD. 4) What happened instead: k3b did not find any optical drives. Instead it showed a System Configuration Problem: No optical drive found. K3b did not find any optical device in your system. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: k3b 2.0.2-5ubuntu1 ProcVersionSignature: Ubuntu 3.5.0-23.35-generic 3.5.7.2 Uname: Linux 3.5.0-23-generic x86_64 ApportVersion: 2.6.1-0ubuntu10 Architecture: amd64 Date: Tue Feb 12 14:54:19 2013 MarkForUpload: True SourcePackage: k3b UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to k3b in Ubuntu. https://bugs.launchpad.net/bugs/1123096 Title: k3b should depend on udisks, otherwise: No optical drive found. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/k3b/+bug/1123096/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 575191] Re: simple-scan doesn't scan from HP M1522nf (MFP), while xsane works
Hi, the requested output of ltrace scanimage 21 | grep sane_ is in the attaced file (I didn't dare copypasting it here) It's from my Karmic-System. Some adittional information: when doing the first tests on a Lucid Live-CD-System even scanimage would cancel about every third try somewhere in the middle. But right now in the installed Lucid-system on the same hardware (Asus Eee Box) I can not reproduce this. Whereas simple-scan still doesn't work. Hope this helps. P.S.: sorry for taking so long to resond, I was on vacation :-) ** Attachment added: Output of ltrace scanimage 21 | grep sane_ http://launchpadlibrarian.net/49500162/ltrace_scanimage.grep_sane_ -- simple-scan doesn't scan from HP M1522nf (MFP), while xsane works https://bugs.launchpad.net/bugs/575191 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 575191] [NEW] simple-scan doesn't scan from HP M1522nf (MFP), while xsane works
Public bug reported: Binary package hint: simple-scan 1) lsb_release -rd Description:Ubuntu 9.10 Release:9.10 2) apt-cache policy simple-scan simple-scan: Installiert: 1.0.3-0ubuntu1 Kandidat: 1.0.3-0ubuntu1 Versions-Tabelle: *** 1.0.3-0ubuntu1 0 500 http://ppa.launchpad.net karmic/main Packages 100 /var/lib/dpkg/status 3) scan a page from hpaio:/usb/HP_LaserJet_M1522nf_MFP... 4) did not scan, in more detail: It looks like simple-scan does not wait long enough for the scanner: just when it sounds like calibration has finished and the scanner will start to send the data the program seems to cancel the scan. At least that's what the following snippet from 'simple-scan -d' -output suggests: ---8 ** (simple-scan:5083): DEBUG: sane_control_option (13, SANE_ACTION_SET_VALUE, 296,925995) - (SANE_STATUS_GOOD, 296,925995) ** (simple-scan:5083): DEBUG: sane_start (page=0, pass=0) - SANE_STATUS_GOOD ** (simple-scan:5083): DEBUG: sane_get_parameters () - SANE_STATUS_GOOD ** (simple-scan:5083): DEBUG: Parameters: format=SANE_FRAME_RGB last_frame=SANE_TRUE bytes_per_line=7647 pixels_per_line=2549 lines=3506 depth=8 ** (simple-scan:5083): DEBUG: sane_read (7648) - (SANE_STATUS_CANCELLED, 1804678464) ** (simple-scan:5083): WARNING **: Unable to read frame from device: Operation was cancelled ---8 [The full output is in the attached file (serial number removed).] A very few times some data was really transferred and I could see the first bit of the scan displayed, but then it would suddenly stop with the same error-message. Xsane worked without any problems, so the scanner+driver are okay. I had the same bug on Lucid (10.04) with the included simple-scan version 1.0.2. If you need any further information, please let me know. ** Affects: simple-scan (Ubuntu) Importance: Undecided Status: New -- simple-scan doesn't scan from HP M1522nf (MFP), while xsane works https://bugs.launchpad.net/bugs/575191 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 575191] Re: simple-scan doesn't scan from HP M1522nf (MFP), while xsane works
** Attachment added: Output from running 'simple-scan -d' http://launchpadlibrarian.net/47796899/simple-scan_-d.log -- simple-scan doesn't scan from HP M1522nf (MFP), while xsane works https://bugs.launchpad.net/bugs/575191 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs