[Bug 1928648] Re: expiring trust anchor compatibility issue
Hi Dmitry/Marc, thanks for working on this and the related openssl bug, very appreciated trying avoiding the rapidly upcoming problem. I think this gnutls could get be extra annoying (or very noisy for support) as bionic is both still active LTS and also apt itself uses gnutls backend. ESM maybe even worse (see end of this comment). While Ubuntu repos itself seems to not have Let's Encrypt certificates a couple of 3rd party repos have and some maybe quite common for developers. 2 examples using Let's encrypt a.) apt.postgresql.org To get any still postgresql version for various ubuntu,debian releases Note: They don't specifically use https:// url in their docs b.) deb.nodesource.com To get update node.js via an apt repo. Their setup instructions specifically use https:// url's While not having fix should not prevent apt from installing it (giving canonical repos seems to not be using Let's Encrypt) but: - Lots of support question - Not sure about unattended-upgrades, custom automation for package updates etc.. On top for ESM (i.e. xenial)) https://esm.ubuntu.com seems to be using Let's Encrypt I did not check it specifically if it has the Android compatible chain triggering the openssl/gnutls bug or you are using the alternative chain. If ESM is affected here that could be bigger issue as it prevents people from installing the fix (if they don't get it before 2021-10-01) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928648 Title: expiring trust anchor compatibility issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836329] Re: Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS
Bionic-verification: done and fine Using *** 2.4.29-1ubuntu4.8 100 100 /var/lib/dpkg/status from bionic-proposed i can no longer reproduce any of the bad effects (apache2 processes left with 100% cpu or left-over tcp connections). Also we updated a single production machine to let it soak with real traffic and did not find any other bad behavior so far. Thanks everyone for their work to get this fixed so quickly! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836329 Title: Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1836329/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836329] Re: Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS
@ahasenack: Installing your 2.4.29-1ubuntu4.8~sslreadrc~ppa3 in copy of the server where i initially discovered the issue make it not reproducible anymore. If you need more testing later as you indirectly said in #27 just let me know i keep that testing instance around. @paelzer: Sorry for not replying to your questions yesterday only got back to check on the issue today. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836329 Title: Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1836329/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836329] [NEW] Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS
Public bug reported: With latest apache 2.4.29-1ubuntu4.7 published to 18.04 LTS bionic, when running ssllabs.com/ssltest against it to verify the configuration it leaves 2 apache processes using 100% indefinitely. Downgrading to 2.4.29-1ubuntu4.6 make it not reproducible anymore. So far i do not know if it is easy/likely to hit this case in normal https usage or only triggered by that testing site. But given that this is backported to LTS and allows easy DoS maybe the 4.7 should be backed out? So likely regression in the update to 4.7 having only single fix: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039 Extra info observed when that ssltest is over but processes are still there using up cpu: /server-status shows both processes 25234,25235 here in 'Reading' state: Srv PID Acc M CPU SS Req ConnChild Slot Client ProtocolVHost Request 0-0 25234 0/0/0 W 0.000 0 0.0 0.000.00 127.0.0.1 http/1.1ip-172-30-1-107.eu-west-1.compu GET /server-status HTTP/1.1 0-0 25234 0/0/0 R 0.00641 0 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 0.00505 2 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 0.00501 0 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 0.00500 0 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 0.00494 0 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 0.00604 0 0.0 0.000.00 64.41.200.106 http/1.1 1-0 25235 0/1/1 _ 0.00604 0 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 16.93 596 0 0.0 0.000.00 64.41.200.107 http/1.1 1-0 25235 0/1/1 _ 0.01595 1 0.0 0.000.00 64.41.200.106 http/1.1 1-0 25235 0/0/0 R 0.00679 0 0.0 0.000.00 64.41.200.106 http/1.1 netstat on system: tcp6 1 0 172.30.1.57:443 64.41.200.106:58658 CLOSE_WAIT tcp6 1 0 172.30.1.57:443 64.41.200.107:60842 CLOSE_WAIT with on other connections to 443 port. ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836329 Title: Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1836329/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
This change seems to cause a regression i have reported here: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1836329 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1833039 Title: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1808383] Re: Java 9+ multi-release jars are not supported in ant tasks
Hello, the next upstream release 1.10.6 did still not yet happen after some longer delay. Last talked about end of January here: https://mail-archives.apache.org/mod_mbox/ant-dev/201901.mbox/browser After discussing on #debian-java with doko/tdaitx we propose to backport the single fix mentioned here to add the missing compatibility with openjdk11 to last packaged version. Attached are 2 patches matching the 2 upstream commits to fix the issue: https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=593aff2d2ea52a025cfe7da32155216719029a7d https://gitbox.apache.org/repos/asf?p=ant.git;a=commit;h=69269adced56238dc80297b9ae881442cd56259c Note: First patch is modified to remove the hunk to patch WHATSNEW file adding entry for this fix to 1.10.6 section. Remove as with the backport the whole entry for 1.10.6 is not present being applied as backport on top of 1.10.5 We consider the fix safe as: 1.) Created by upstream planned to be release in next upstream version 2.) Conceptually simple fix: - Detection of Java9 at runtime - if present use newer API from openjdk which implements the real logic - if not use existing API as before The Multi-release awareness itself for the jar-file is coming from Openjdk code (present there since java9) 3.) New feature functionally only modifies behavior when jar file is a 'multi-release jarfile' containing different byte-code targeting different Java versions at runtime. We did the following tests: a.) Based on current version in bionic-proposed: 1.10.5-2~18.04 b.) Quilt imported both patches and rebuilt ant packages. c.) In pristine bionic having bionic-proposed (and dist-upgrade ran) Using our application (3rd party not available in Ubuntu) having custom ant task using log4j2 (upstream multi-release jar file) a.) Unpatched <=1.10.5 ant fails at runtime as it select java<=8 classfile version from jar imcompatible with openjdk11 - Patched 1.10.5 does work correctly without failing b.) Testcase reported in this issue above works fine c.) Run test-case upstream added along with the fix: ant/src/etc/testcases/core$ ant -f antclassloader.xml testMRJar We repeated above tests using both openjdk-11 and openjdk-8 from bionic. ** Patch added: "bz-62952-support-mrjar-part1.diff" https://bugs.launchpad.net/ubuntu/+source/ant/+bug/1808383/+attachment/5245933/+files/bz-62952-support-mrjar-part1.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1808383 Title: Java 9+ multi-release jars are not supported in ant tasks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ant/+bug/1808383/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1808383] Re: Java 9+ multi-release jars are not supported in ant tasks
** Patch added: "bz-62952-support-mrjar-part2.diff" https://bugs.launchpad.net/ubuntu/+source/ant/+bug/1808383/+attachment/5245934/+files/bz-62952-support-mrjar-part2.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1808383 Title: Java 9+ multi-release jars are not supported in ant tasks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ant/+bug/1808383/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1770553] Re: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1)
I just tested 2 scenarios: 1.) install: fresh clean bionic AMI, enable proposed -> install openjdk-11-jdk-headless (So new creation of keystore) => Working fine with the proposed 20180516ubuntu1~18.04.1 2.) update: Existing bionic instance with old 20170930ubuntu1 package version. Enable proposed and update to 20180516ubuntu1~18.04.1 (so conversion of keystore) => also working fine -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770553 Title: [SRU] backport ca-certificates-java from cosmic (20180516ubuntu1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1770553/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1778930] Re: JVM crash with SIGSEGV as tomcat start with 7u181
Hello Guillermo, i don't know of any workaround. In our case it only triggered on application start and not 100% of the time -> so just retrying a few times. Apart there is an developer from RedHat already working on debugging & fixing the problem. I asked him to share an update here when he has new information. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1778930 Title: JVM crash with SIGSEGV as tomcat start with 7u181 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1778930/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1780151] [NEW] Missing libfontconfig1 dependency for openjdk-11-jre-headless (compared to openjdk-8)
Public bug reported: Using openjdk-11-jdk-headless (with -Djava.awt.headless=true) To render a jasperreport to a pdf fails while trying to find font files. Installing libfontconfig1 (which is not pulled in via dependency or listed in recommends) fixes the problem. Comparing dependency for the -jre-headless packages shows that it was present until and including openjdk-8-jre-headless but no longer for 9,10,11 We could probably create a standalone reproducer if that is required. Same topic seems to have been found by different person in March here but apparently not reported to ubuntu nor debian: https://stackoverflow.com/questions/49196022/nullpointerexception-when-running-in-gitlab-ci-cd 2018-07-04 18:59:03,404 [ajp-nio-127.0.0.1-8009-exec-8] ERROR org.openbravo.dal.core.ThreadHandler - Exception thrown java.lang.reflect.InvocationTargetEx org.openbravo.base.exception.OBException: Exception thrown java.lang.reflect.InvocationTargetException at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:63) at org.openbravo.client.kernel.KernelFilter.doFilter(KernelFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:83) at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46) at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:105) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:487) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1460) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:844) Caused by: java.lang.InternalError: java.lang.reflect.InvocationTargetException at java.desktop/sun.font.FontManagerFactory$1.run(FontManagerFactory.java:86) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.desktop/sun.font.FontManagerFactory.getInstance(FontManagerFactory.java:74) at java.desktop/sun.java2d.SunGraphicsEnvironment.getFontManagerForSGE(SunGraphicsEnvironment.java:203) at java.desktop/sun.java2d.SunGraphicsEnvironment.getAvailableFontFamilyNames(SunGraphicsEnvironment.java:237) at java.desktop/sun.java2d.SunGraphicsEnvironment.getAvailableFontFamilyNames(SunGraphicsEnvironment.java:265) at java.desktop/sun.java2d.HeadlessGraphicsEnvironment.getAvailableFontFamilyNames(HeadlessGraphicsEnvironment.java:75) at net.sf.jasperreports.engine.util.JRGraphEnvInitializer.initializeGraphEnv(JRGraphEnvInitializer.java:57) at net.sf.jasperreports.engine.fill.BaseReportFiller.(BaseReportFiller.java:122) at net.sf.jasperreports.engine.fill.JRBaseFiller.(JRBaseFiller.java:229) at net.sf.jasperreports.engine.fill.JRVerticalFiller.(JRVerticalFiller.java:74) at net.sf.jasperreports.engine.fill.JRVerticalFiller.(JRVerticalFiller.java:62) at net.sf.jasperreports.engine.fill.JRFiller.createBandReportFiller(JRFiller.java:187) at net.sf.jasperreports.engine.fill.JRFiller.createReportFiller(JRFiller.java:202) at net.sf.jasperreports.engine.fill.JRFiller.fill(JRFiller.java:83) at net.sf.jasperreports.engine.JasperFillManager.fill(JasperFillManager.java:457) at net.sf.jasperreports.engine.JasperFillManager.fillReport(JasperFillManager.j
[Bug 1778930] Re: JVM crash with SIGSEGV as tomcat start with 7u181
Hell Tiago, on your recommedation on irc i also reported that upstream to icedtea here: https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3604 ** Bug watch added: Iced Tea Bugzilla #3604 http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3604 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1778930 Title: JVM crash with SIGSEGV as tomcat start with 7u181 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1778930/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1778930] [NEW] JVM crash with SIGSEGV as tomcat start with 7u181
Public bug reported: Hello, with latest openjdk update # JRE version: OpenJDK Runtime Environment (7.0_181-b01) (build 1.7.0_181-b01) we are seeing quite frequent crash on starting tomcat with our web application (openbravo). Checking 2 of the created hs_err_pid log they seem to point to same stacktrace for the crash: Excerpt: Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x418d57] V [libjvm.so+0x647253] JVM_FindClassFromClass+0x283 C [libverify.so+0x4a32] C [libverify.so+0x5a99] C [libverify.so+0x99fd] C [libverify.so+0xb742] VerifyClassForMajorVersion+0x15b2 V [libjvm.so+0x94a7cf] V [libjvm.so+0x95961c] V [libjvm.so+0x5b9905] V [libjvm.so+0x5bb243] V [libjvm.so+0x5bb9e1] V [libjvm.so+0x5eea00] j org.hibernate.type.TypeResolver.()V+8 j org.hibernate.cfg.Configuration.(Lorg/hibernate/cfg/SettingsFactory;)V+9 j org.hibernate.cfg.Configuration.()V+8 j org.openbravo.base.session.SessionFactoryController.initialize()V+21 j org.openbravo.base.session.SessionFactoryController.getSessionFactory()Lorg/hibernate/SessionFactory;+1 j org.openbravo.base.model.ModelProvider.initialize()V+23 2* Full hs_errr_pid files will be attached to this issue. System running is: - Ubuntu 14.04 server in 64bit hvm Amazon instance. - OpenJdk package version is: # Distribution: Ubuntu 14.04 LTS, package 7u181-2.6.14-0ubuntu0.1 ** Affects: openjdk-7 (Ubuntu) Importance: Undecided Status: New ** Attachment added: "hs_err_pid2178.log" https://bugs.launchpad.net/bugs/1778930/+attachment/5157085/+files/hs_err_pid2178.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1778930 Title: JVM crash with SIGSEGV as tomcat start with 7u181 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1778930/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1778930] Re: JVM crash with SIGSEGV as tomcat start with 7u181
** Attachment added: "hs_err_pid2287.log" https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1778930/+attachment/5157088/+files/hs_err_pid2287.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1778930 Title: JVM crash with SIGSEGV as tomcat start with 7u181 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1778930/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1706969] Re: JavaDoc reports warning for methods named is*Property*
After some more testing that seems to be an upstream openjdk issue as reported in https://bugs.openjdk.java.net/browse/JDK-8185424 [1]. Reason why it did only show up in debian/ubuntu builds is the patch: disable-doclint-by-default.diff. which defaults javadoc to -Xdoclint:none to avoid warnings. Adding that -Xdoclint:none option manually make the issue easily reproducible in a.) oracle binary jdk 8u151 b.) jdk8u openjdk mercurial checkout c.) not in oracle binary jdk 9.0.1 As i can't directly comment on the openjdk bug i asked in #openjdk to get that issue re-opened there and the info added. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706969 Title: JavaDoc reports warning for methods named is*Property* To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1706969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1548434] Re: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1
Adding regression-update tag as that regression was introduced to trusty via "updates, security (main)" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1548434 Title: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1548434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1548434] Re: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1
Confirmed that jmap -heap was still working fine in version: 7u91-2.6.3-0ubuntu0.14.04.1 ** Tags added: regression-update -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1548434 Title: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1548434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1548434] Re: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1
Only public comment i found looking maybe related is old bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1010786 Talking about missing debug symbols. I tried blindly installing openjdk-7-dbg package as a quick test, but no change still failed. ** Bug watch added: Red Hat Bugzilla #1010786 https://bugzilla.redhat.com/show_bug.cgi?id=1010786 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1548434 Title: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1548434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1548434] [NEW] jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1
Public bug reported: The jmap -heap command is broken since the update to 7u95-2.6.4-0ubuntu0.14.04.1 Given a tomcat process running with openjdk-7 under a non-root user. Before that update sudo jmap -heap gave output about heap configured on top + also the heap usage inside each reason of the java heap (eden, old gen, permgen) etc... Note: running as root is and was required even before to get the '-heap' option to work. Where as running 'jmap -dump:file' only works when running as user the jvm runs under and not root. That just as context as it is strange behavior of jmap since a long time. After the update to the specified version only the intro is shown and instead of the usage the following error: Attaching to process ID 1571, please wait... Debugger attached successfully. Server compiler detected. JVM version is 24.95-b01 using thread-local object allocation. Parallel GC with 2 thread(s) Heap Configuration: MinHeapFreeRatio = 0 MaxHeapFreeRatio = 100 MaxHeapSize = 1363148800 (1300.0MB) NewSize = 1310720 (1.25MB) MaxNewSize = 17592186044415 MB OldSize = 5439488 (5.1875MB) NewRatio = 2 SurvivorRatio= 8 PermSize = 21757952 (20.75MB) MaxPermSize = 268435456 (256.0MB) G1HeapRegionSize = 0 (0.0MB) Heap Usage: Exception in thread "main" java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at sun.tools.jmap.JMap.runTool(JMap.java:197) at sun.tools.jmap.JMap.main(JMap.java:128) Caused by: java.lang.RuntimeException: unknown CollectedHeap type : class sun.jvm.hotspot.gc_interface.CollectedHeap at sun.jvm.hotspot.tools.HeapSummary.run(HeapSummary.java:146) at sun.jvm.hotspot.tools.Tool.start(Tool.java:221) at sun.jvm.hotspot.tools.HeapSummary.main(HeapSummary.java:40) ... 6 more The last version before we noticed that bug was: 7u91-2.6.3-0ubuntu0.14.04.1 Not 100% sure that this exact version still worked but quite sure. We could reproduce the issue in 2 different servers both running 14.04 LTS 64bit ** Affects: openjdk-7 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1548434 Title: jmap -heap broken since update to 7u95-2.6.4-0ubuntu0.14.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1548434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539903] Re: tomcat-8 in main for upcoming 16.04 LTS
Hi Nish, thank you for your reply. Do you have any news on this topic already? Regards, Stefan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539903 Title: tomcat-8 in main for upcoming 16.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1539903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539903] [NEW] tomcat-8 in main for upcoming 16.04 LTS
Public bug reported: Dear Maintainer, current tomcat8 seems to be still targeting universe section only for the upcoming 16.04 LTS and tomcat7 main. As i understand it this also means tomcat8 not being covered by LTS 5 year support but only the older tomcat7. Is it still possible to tomcat8 promoted to main for 16.04? If not what is blocking this decision and/or could be done to help it? Note: I am trying to get info for this question for a while via the 'Answers' system but could not get any answer there. So reporting as a bug now. https://answers.launchpad.net/ubuntu/+source/tomcat8/+question/268290 Regards, Stefan ** Affects: tomcat8 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539903 Title: tomcat-8 in main for upcoming 16.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1539903/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539900] [NEW] openjdk-8 in main for upcoming 16.04 LTS
Public bug reported: Dear maintainer, currently openjdk-8 is still in the universe section only for upcoming 16.04 LTS (xenial) and the older openjdk-7 is in main. As i understand it this also means that openjdk-8 in that next LTS will not be covered by guaranteed updates for 5 years but just the older openjdk-7. Is there are plan to get openjdk-8 into main to be covered by LTS guarantee still in time for 16.04 LTS? If not, could you please explain why or list what is pending to maybe get to this goal? Probably related discussion involving you in debian: https://lists.debian.org/debian-mips/2015/09/msg00011.html Note: I have asked that same question via the 'Answers' section in the package a while ago but did not get a useful answer and was referred to re-ask via a bug. https://answers.launchpad.net/ubuntu/+source/openjdk-8/+question/280443 Regards, Stefan ** Affects: openjdk-8 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539900 Title: openjdk-8 in main for upcoming 16.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-8/+bug/1539900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1504781] Re: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting
We have tested the patch from #39 by applying in manually in on of our affected systems and can confirm that it fixes the regression. With it in place lxc-start works again when having latest precise 3.2 kernel. @Mathieu: Thanks for providing it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1504781 Title: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1504781/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1504781] Re: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting
Hi Marc, please check comment #33 from Serge. He explained that formally lxc in precise is not covered by lts. However a very special case as a LTS update in main in precise (kernel) did break unrelated software (lxc) which is a clear regression. And then not having that other software not in being in main -> skips it from LTS is lets say very annoying. @Robert: using that higher version of lxc is not a perfect drop-up replacement either as usage changed compared to old precise lxc (i.e. no lxc-list anymore but lxc-ls -f) and maybe other changes. We'll probably look into backporting the lxc fix for precise as we have quite a few machines affected. But no ETA, so if anybody else here can pick that up before that would be very welcome. @Serge: Any chance to get some policy statement from Ubuntu here? As i see maybe that example as very special regression caused by lts update should maybe warrant fixing items not in main if broken by it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1504781 Title: lxc-test-ubuntu hangs forever in trusty-proposed with Linux 3.13.0-66: AppArmor denies /dev/ptmx mounting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1504781/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] Re: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")
For info: that apport info above is from system in which we already downgraded running kernel version to -61- to work around the problem ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] WifiSyslog.txt
apport information ** Attachment added: "WifiSyslog.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500935/+files/WifiSyslog.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] UdevLog.txt
apport information ** Attachment added: "UdevLog.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500934/+files/UdevLog.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] ProcModules.txt
apport information ** Attachment added: "ProcModules.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500932/+files/ProcModules.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] ProcInterrupts.txt
apport information ** Attachment added: "ProcInterrupts.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500931/+files/ProcInterrupts.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] UdevDb.txt
apport information ** Attachment added: "UdevDb.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500933/+files/UdevDb.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] Lspci.txt
apport information ** Attachment added: "Lspci.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500927/+files/Lspci.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] Card0.Codecs.codec.0.txt
apport information ** Attachment added: "Card0.Codecs.codec.0.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500925/+files/Card0.Codecs.codec.0.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] BootDmesg.txt
apport information ** Attachment added: "BootDmesg.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500924/+files/BootDmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] Re: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")
apport information
** Tags added: apport-collected precise
** Description changed:
Hello,
The following recent kernel update completely break our lxc-start usage on
precise both with precise original kernel 3.2 + also the trusty-lts-stack using
3.13
After installing those new kernel updates all lxc-start of a container fail
with:
"Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"
with strace pointing to:
13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1
EACCES (Permission denied)
and dmesg showing:
Oct 20 10:59:00 titan226 kernel: [ 663.508664] type=1400
audit(1445331540.807:29): apparmor="DENIED" operation="mount"
info="failed type match" error=-13
profile="/usr/bin/lxc-start"
name="/dev/ptmx" pid=2897 comm="lxc-start"
srcname="/dev/pts/ptmx" flags="rw, bind"
After downgrading kernel version the problem immediately dissappeared
and the lxc-start for containers works again as before.
Bad versions:
ii linux-image-3.13.0-66-generic3.13.0-66.108~precise1Linux
kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-92-generic 3.2.0-92.130 Linux
kernel image for version 3.2.0 on 64 bit x86 SMP
Good versions:
ii linux-image-3.13.0-61-generic3.13.0-61.100~precise1Linux
kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-88-generic 3.2.0-88.126 Linux
kernel image for version 3.2.0 on 64 bit x86 SMP
From kernel changelog maybe this other issue here maybe causing it but not
verified:
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
+ ---
+ AlsaVersion: Advanced Linux Sound Architecture Driver Version
k3.13.0-61-generic.
+ AplayDevices: Error: [Errno 2] No such file or directory
+ ApportVersion: 2.0.1-0ubuntu17.11
+ Architecture: amd64
+ ArecordDevices: Error: [Errno 2] No such file or directory
+ AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path',
'/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D3p', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
+ CRDA: Error: [Errno 2] No such file or directory
+ Card0.Amixer.info: Error: [Errno 2] No such file or directory
+ Card0.Amixer.values: Error: [Errno 2] No such file or directory
+ DistroRelease: Ubuntu 12.04
+ HibernationDevice: RESUME=UUID=ee5d3bc2-531d-4fbf-ba3f-033c27498274
+ IwConfig: Error: [Errno 2] No such file or directory
+ MachineType: FUJITSU PRIMERGY MX130 S1
+ MarkForUpload: True
+ Package: linux (not installed)
+ ProcEnviron:
+ LANGUAGE=en_US
+ TERM=xterm
+ PATH=(custom, no user)
+ LANG=en_US.UTF-8
+ SHELL=/bin/bash
+ ProcFB: 0 radeondrmfb
+ ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-61-generic
root=UUID=8c11de07-6403-46cf-994b-15750a7404ba ro rootdelay=80
+ ProcVersionSignature: Ubuntu 3.13.0-61.100~precise1-generic 3.13.11-ckt22
+ RelatedPackageVersions:
+ linux-restricted-modules-3.13.0-61-generic N/A
+ linux-backports-modules-3.13.0-61-generic N/A
+ linux-firmware 1.79.18
+ RfKill: Error: [Errno 2] No such file or directory
+ Tags: precise
+ Uname: Linux 3.13.0-61-generic x86_64
+ UpgradeStatus: No upgrade log present (probably fresh install)
+ UserGroups:
+
+ dmi.bios.date: 01/18/2011
+ dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd.
+ dmi.bios.version: 6.00 R1.01.2974.A1
+ dmi.board.asset.tag: -
+ dmi.board.name: D2974
+ dmi.board.vendor: FUJITSU
+ dmi.board.version: S26361-D2974-A1
+ dmi.chassis.type: 3
+ dmi.chassis.vendor: FUJITSU
+ dmi.chassis.version: MX130S1F
+ dmi.modalias:
dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr6.00R1.01.2974.A1:bd01/18/2011:svnFUJITSU:pnPRIMERGYMX130S1:pvr:rvnFUJITSU:rnD2974:rvrS26361-D2974-A1:cvnFUJITSU:ct3:cvrMX130S1F:
+ dmi.product.name: PRIMERGY MX130 S1
+ dmi.sys.vendor: FUJITSU
** Attachment added: "AcpiTables.txt"
https://bugs.launchpad.net/bugs/1507959/+attachment/4500922/+files/AcpiTables.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507959
Title:
Regression: Kernel update breaks all lxc-containers lxc-start failing
with (apparmor="DENIED" operation="mount")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] PciMultimedia.txt
apport information ** Attachment added: "PciMultimedia.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500929/+files/PciMultimedia.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] ProcCpuinfo.txt
apport information ** Attachment added: "ProcCpuinfo.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500930/+files/ProcCpuinfo.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] CurrentDmesg.txt
apport information ** Attachment added: "CurrentDmesg.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500926/+files/CurrentDmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] AlsaDevices.txt
apport information ** Attachment added: "AlsaDevices.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500923/+files/AlsaDevices.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] Lsusb.txt
apport information ** Attachment added: "Lsusb.txt" https://bugs.launchpad.net/bugs/1507959/+attachment/4500928/+files/Lsusb.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1507959] [NEW] Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")
Public bug reported:
Hello,
The following recent kernel update completely break our lxc-start usage on
precise both with precise original kernel 3.2 + also the trusty-lts-stack using
3.13
After installing those new kernel updates all lxc-start of a container fail
with:
"Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"
with strace pointing to:
13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1
EACCES (Permission denied)
and dmesg showing:
Oct 20 10:59:00 titan226 kernel: [ 663.508664] type=1400
audit(1445331540.807:29): apparmor="DENIED" operation="mount"
info="failed type match" error=-13 profile="/usr/bin/lxc-start"
name="/dev/ptmx" pid=2897 comm="lxc-start"
srcname="/dev/pts/ptmx" flags="rw, bind"
After downgrading kernel version the problem immediately dissappeared
and the lxc-start for containers works again as before.
Bad versions:
ii linux-image-3.13.0-66-generic3.13.0-66.108~precise1Linux
kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-92-generic 3.2.0-92.130 Linux
kernel image for version 3.2.0 on 64 bit x86 SMP
Good versions:
ii linux-image-3.13.0-61-generic3.13.0-61.100~precise1Linux
kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-88-generic 3.2.0-88.126 Linux
kernel image for version 3.2.0 on 64 bit x86 SMP
>From kernel changelog maybe this other issue here maybe causing it but not
>verified:
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1507959
Title:
Regression: Kernel update breaks all lxc-containers lxc-start failing
with (apparmor="DENIED" operation="mount")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1417962] Re: 6b34 regression: jps as root does not show classname anymore but instead 'process information unavailable' for processes running as non-root user
Antonio,Amir: As another affected user i think downgrade would not be a good idea as it would reopen all the fixed security issues. But as i wrote in my initial description there is a very easy workaround which may even make sense to keep. The problem with jps only happens if a.) A java program is running as non-root user b.) you run jps as root and want data about the running process from a.) Not running jps as root but instead as the same user as the process is running it is enough to not trigger the bug. I did not check any of your charms but at least in our app it was very easy to change our script to not trigger the issue. Maybe you can incoporate the same change into your scripts/charms also -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1417962 Title: 6b34 regression: jps as root does not show classname anymore but instead 'process information unavailable' for processes running as non-root user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1417962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1417962] Re: 6b34 regression: jps as root does not show classname anymore but instead 'process information unavailable' for processes running as non-root user
The same regression can also be observed in openjdk-7-jdk package in trusty/14.04 Good version: 7u71-2.5.3-0ubuntu0.14.04.1 Bad version: 7u75-2.5.4-1~trusty1 ** Also affects: openjdk-7 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1417962 Title: 6b34 regression: jps as root does not show classname anymore but instead 'process information unavailable' for processes running as non-root user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1417962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1417962] [NEW] 6b34 regression: jps as root does not show classname anymore but instead 'process information unavailable' for processes running as non-root user
Public bug reported: I noticed the following behavior change in the jps command line tool when updating from 6b33-1.13.5-1ubuntu0.12.04 -> 6b34-1.13.6-1ubuntu0.12.04.1 on a ubuntu 12.04 64bit system. Staring point is a java process for apache tomcat running as non-root user (username openbravo in below example) with pid 1462. In 6b33 when running jps -l as root it did correctly identify the classname of the running processes as shown here: luna686:~# jps -l 1462 org.apache.catalina.startup.Bootstrap 11610 sun.tools.jps.Jps However after updating the same jps call as root-user does now show: luna686:~# jps -l 12056 sun.tools.jps.Jps 1462 -- process information unavailable Which break some custom monitoring of us trying to find tomcat process via its classname. Note: Problem only occours when running jps as root user and process in question is running non-root. When running jps as same user as the tomcat process is running with then both 6b33 + 6b34 work as expected ** Affects: openjdk-6 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1417962 Title: 6b34 regression: jps as root does not show classname anymore but instead 'process information unavailable' for processes running as non-root user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1417962/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1295987] Re: openjdk6 regression causes finalizers never to be called
Jamie: I can also confirm that those packages do fix the problem for us. I've added your proposed precise package 6b30-1.13.1-1ubuntu2~0.12.04.3 0 to two of our servers which were crashing with the original 1.13.1 packages frequently (twice a day). Both servers have been running now around 25hour without any problems. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1295987 Title: openjdk6 regression causes finalizers never to be called To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1295987/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1144408] Re: libssl upgrade causes failure from old clients
Hello, we've noticed the same problem and i can add some information. The issue happens when connecting with curl using the lucid version of libssl0.9.8 (version: 0.9.8k-7ubuntu8.14) connecting to i.e. a precise server using libssl1.0.0 (version: 1.0.1-4ubuntu5.8). Just a few days ago some posted a patch upstream to the libssl-dev mailaing list [1]. However there's not reply there yet. I just finished tested this patch by applying it on top of the lucid version and doing that i can successfully connect to the precise system using https again. So functionally that fixes the problem for me. As the patch has not been reviewed yet we only compiled a patched libssl and are using it only for the failing curl invocation to avoid system- wide side-effects. In case it is useful for anyone: apt-get build-dep libssl0.9.8 cd openssl-0.9.8 patch -p1 < 0001-Fix-handling-of-warning-level-alerts-in-SSL23-client.patch debuild -us -uc -b can be used to provided a patched libssl0.9.8. Note: patch applies fine with some fuzz ignoring refects for the CHANGES file. I would be very happy to see a pathced libssl packages for lucid when possible to be able to remove the locally patched version again. [1] http://marc.info/?l=openssl-dev&m=136760073921954&w=2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1144408 Title: libssl upgrade causes failure from old clients To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1144408/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
