[Bug 1971034] Re: Several security issues in libpod 3.4.x
I wonder if it really makes sense to keep podman in the Ubuntu repositories, at least if it's going to stay in universe? It's the sort of software that people who use it are going rely on being secure and up-to-date, and so far at least it has been quite a fast-moving target. I'm not normally a big fan of static binaries, but in this instance an 'installer' package which just grabs the latest binaries from github and keeps them up-to-date might make more sense. Alternatively, I wonder whether a snap could be generated? I'm not a fan of the format myself, but I manage to use podman nested with a systemd- nspawn container here, so it seems conceivable that it might also be made to work in a privileged snap (with the assumption that podman itself will protect the host system from the containers it runs.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971034 Title: Several security issues in libpod 3.4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1971034/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865642] Re: package dma 0.11-2 failed to install/upgrade: installed dma package post-installation script subprocess returned error exit status 128
Ah, looks like upstream bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=940219 is the answer to my problem.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865642 Title: package dma 0.11-2 failed to install/upgrade: installed dma package post-installation script subprocess returned error exit status 128 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dma/+bug/1865642/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865642] Re: package dma 0.11-2 failed to install/upgrade: installed dma package post-installation script subprocess returned error exit status 128
I'm dealing with a very similar bug building containers with jammy beta. If there's an existing /etc/dma/dma.conf, I get the above error message. Oddly, attempting to strace or add too much debug to the .postinst or .config scripts makes the problem go away, which makes it seem like some sort of weird debconf bug/race? ** Bug watch added: Debian Bug tracker #940219 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940219 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865642 Title: package dma 0.11-2 failed to install/upgrade: installed dma package post-installation script subprocess returned error exit status 128 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dma/+bug/1865642/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938088] Re: acpi-support prevents Groovy and Hirsute booting in LXC
Hit the same thing trying to upgrade a bionic container to jammy in systemd-nspawn :( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938088 Title: acpi-support prevents Groovy and Hirsute booting in LXC To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-identity-provider/+bug/1938088/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1878076] Re: GTK save-dialogs input-focus moves from filename to file search if a folder is selected
The bug has been periodically tripping me up for years, but recently I
discovered that it has basically stopped my elderly uncle from using
Libreoffice (which defaults to GTK file picker on Xubuntu at least) on
bionic. Priority really needs to be higher, at least if the intent is
for Ubuntu to be usable by non-power users. To be honest, I felt
actually embarrassed when I realized that the standard process for
saving a file in a non-default folder ("Save As..", click folder, type
filename) is broken. Particularly as, as mentioned above, the highlight
in the text entry is misleading.
At the risk of sounding like I'm sulking, going to have to seriously
consider moving my - and all my family's - machines to a non-gtk based
desktop environment if upstream's attitude to a significant usability
bug like this is to just ignore it for years. An ubuntu-specific patch
would at least reduce the urgency somewhat! I'd settle for an option
(gtk.ini or whatever) to disable the search functionality if that would
help.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1878076
Title:
GTK save-dialogs input-focus moves from filename to file search if a
folder is selected
To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1878076/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932305] Re: fstrim doesn't trim my /home separate partition
This is due to "ProtectHome=yes" in the .service file; the workaround is to add: [Service] ProtectHome=no In e.g. /etc/systemd/system/fstrim.service.d/allow-home.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932305 Title: fstrim doesn't trim my /home separate partition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1932305/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency
The other option in u-a might be to split Unattended-Upgrade::Allowed- Origins into "Automatic origins" and "permitted origins", so only packages in the former will be automatically installed, but upgraded dependencies could be pulled from the latter if required? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1963751 Title: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1963751/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency
I suppose there's an argument to be made that if the user is prepared to periodically manually install non-security updates, then they should be prepared to check for held back security updates too. I tend to work from the command-line so don't know what the GUI interface(s) allow and indicate in this scenario. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1963751 Title: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1963751/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency
Digging a bit further - this machine was manually dist-upgraded on 30-May-2021 (it has -updates enabled, but is set to install only security updates automatically.) That update pulled in libglvnd 1.3.2-1~ubuntu0.20.04.1 (source for libegl1, libglvnd0, etc.) To upgrade to webkit2gtk 2.34.6-0ubuntu0.20.04.1, u-a must install libopengl0, either 1.3.1-1 from the main archive or 1.3.2-1~ubuntu0.20.04.1 from -updates. However, -updates is not a trusted source for u-a when configured like this, so the only candidate is 1.3.1-1. Unfortunately libopengl0 1.3.1-1 depends on libglvnd0=1.3.1-1, but 1.3.2-1~ubuntu0.20.04.1 is already installed, so u-a would have to downgrade it which is I guess a decision well beyond its pay-grade. I suppose the solution is to find a way to lose the new dependency, obvious answer would be to backport the fixes in webkit2gtk 2.34.6 to 2.34.4? I assume there is some sort of policy on adding new dependencies in security updates? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1963751 Title: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1963751/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency
OK, have manually rolled back the system to previous state (the old
versions of the packages were still available on my apt-cacher-ng
server), and run unattended-upgrades in debug mode - file attached. I
guess the key lines are:
sanity check failed for:
{'libjavascriptcoregtk-4.0-18=2.34.6-0ubuntu0.20.04.1',
'libopengl0=1.3.2-1~ubuntu0.20.04.1',
'libwebkit2gtk-4.0-37=2.34.6-0ubuntu0.20.04.1'} : pkg libopengl0 is not in an
allowed origin
falling back to adjusting libjavascriptcoregtk-4.0-18's dependencies
sanity check failed for: {'nautilus-share=0.7.3-2ubuntu3',
'libjavascriptcoregtk-4.0-18=2.34.6-0ubuntu0.20.04.1',
'gnome-session-flashback=1:3.36.5-0ubuntu1', 'atril=1.24.0-1',
'gnome-todo=3.28.1-5', 'gnucash=1:3.8b-1ubuntu1',
'gnome-calendar=3.36.2-0ubuntu1', 'xubuntu-desktop=2.233',
'ubuntu-unity-desktop=0.2', 'evolution-data-server=3.36.4-0ubuntu1',
'metacity=1:3.36.1-1', 'update-manager=1:20.04.10.7',
'indicator-bluetooth=0.0.6+17.10.20170605-0ubuntu3', 'libfolks-eds25=0.13.2-1',
'gdm3=3.36.3-0ubuntu0.20.04.3', 'update-notifier=3.192.30.7',
'mutter=3.36.9-0ubuntu0.20.04.1',
'gnome-user-docs=3.36.2+git20200704-0ubuntu0.1', 'yelp=3.36.0-1',
'rhythmbox-plugins=3.4.4-1ubuntu2', 'libedataserverui-1.2-2=3.36.4-0ubuntu1',
'libgoa-backend-1.0-1=3.36.0-1ubuntu1', 'ubuntu-session=3.36.0-2ubuntu1',
'ubuntu-docs=20.04.3', 'gir1.2-webkit2-4.0=2.34.6-0ubuntu0.20.04.1',
'libatrilview3=1.24.0-1',
'unity-control-center=15.04.0+19.10.20190921-0ubuntu3',
'gnome-control-center=1:3.36.5-0ubuntu1', 'zenity=3.32.0-5',
'gnome-online-accounts=3.36.0-1ubuntu1',
'ubuntu-release-upgrader-gtk=1:20.04.33',
'gnome-shell=3.36.7-0ubuntu0.20.04.1', 'apturl=0.5.2ubuntu19',
'shotwell=0.30.10-0ubuntu0.1', 'geary=3.36.1-1', 'libyelp0=3.36.0-1',
'libwebkit2gtk-4.0-37=2.34.6-0ubuntu0.20.04.1'} : pkg libgoa-backend-1.0-1 is
marked to be deleted
I'm unclear on exactly how u-a is supposed to work, it's possible this
is an algorithmic bug there I suppose?
** Attachment added: "ua.log"
https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1963751/+attachment/559/+files/ua.log
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1963751
Title:
focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically
installed due to new dependency
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1963751/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency
OK, here is dpkg.log section from one machine: 2022-03-05 14:45:14 startup archives unpack 2022-03-05 14:45:14 install libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:14 status triggers-pending libc-bin:amd64 2.31-0ubuntu9.2 2022-03-05 14:45:14 status half-installed libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:14 status unpacked libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:14 upgrade libwebkit2gtk-4.0-37:amd64 2.34.4-0ubuntu0.20.04.1 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:14 status half-configured libwebkit2gtk-4.0-37:amd64 2.34.4-0ubuntu0.20.04.1 2022-03-05 14:45:14 status unpacked libwebkit2gtk-4.0-37:amd64 2.34.4-0ubuntu0.20.04.1 2022-03-05 14:45:14 status half-installed libwebkit2gtk-4.0-37:amd64 2.34.4-0ubuntu0.20.04.1 2022-03-05 14:45:17 status unpacked libwebkit2gtk-4.0-37:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:18 upgrade libjavascriptcoregtk-4.0-18:amd64 2.34.4-0ubuntu0.20.04.1 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:18 status half-configured libjavascriptcoregtk-4.0-18:amd64 2.34.4-0ubuntu0.20.04.1 2022-03-05 14:45:18 status unpacked libjavascriptcoregtk-4.0-18:amd64 2.34.4-0ubuntu0.20.04.1 2022-03-05 14:45:18 status half-installed libjavascriptcoregtk-4.0-18:amd64 2.34.4-0ubuntu0.20.04.1 2022-03-05 14:45:19 status unpacked libjavascriptcoregtk-4.0-18:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 startup packages configure 2022-03-05 14:45:19 configure libjavascriptcoregtk-4.0-18:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 status unpacked libjavascriptcoregtk-4.0-18:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 status half-configured libjavascriptcoregtk-4.0-18:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 status installed libjavascriptcoregtk-4.0-18:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 configure libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:19 status unpacked libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:19 status half-configured libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:19 status installed libopengl0:amd64 1.3.2-1~ubuntu0.20.04.1 2022-03-05 14:45:19 configure libwebkit2gtk-4.0-37:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 status unpacked libwebkit2gtk-4.0-37:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 status half-configured libwebkit2gtk-4.0-37:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 status installed libwebkit2gtk-4.0-37:amd64 2.34.6-0ubuntu0.20.04.1 2022-03-05 14:45:19 trigproc libc-bin:amd64 2.31-0ubuntu9.2 2022-03-05 14:45:19 status half-configured libc-bin:amd64 2.31-0ubuntu9.2 2022-03-05 14:45:19 status installed libc-bin:amd64 2.31-0ubuntu9.2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1963751 Title: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1963751/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency
Unfortunately I've already done that on the two affected machines and didn't make a note of the output. I will try to dig out the dpkg logs. As I said, the extra dependency on libopengl0 seemed to be the issue. It's also just possible I took a snapshot or backup so I can roll back and retry - I will have a look. I seem to recall one machine had had non-security updates disabled after they had previously been enabled, and I initially suspected that had caused the problem, but then it occurred on another machine where that wasn't true. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1963751 Title: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1963751/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892108] Re: ping prints ip address octets backwards on host redirect
Fixed by https://github.com/iputils/iputils/commit/e2e9a2dd4639924614bdbee43907a49134e8da19 it seems. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892108 Title: ping prints ip address octets backwards on host redirect To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1892108/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1878601] Re: Merge nfs-utils from Debian experimental for 22.04 - version in Ubuntu is *very* old
I've rebuilt my 'LAN services' container with the packages linked here, and nothing seems to have exploded over the last hour or so. Not sure if that constitutes extensive testing :) As it seems stable I'll leave it running indefinitely to catch any wrinkles.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878601 Title: Merge nfs-utils from Debian experimental for 22.04 - version in Ubuntu is *very* old To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1878601/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1768340] Re: fscrypt does not work for home directory encryption
Note that lightdm in focal seems to have problems with v1 policies too, at least in some cases: https://github.com/google/fscrypt/issues/203 . ** Bug watch added: github.com/google/fscrypt/issues #203 https://github.com/google/fscrypt/issues/203 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1768340 Title: fscrypt does not work for home directory encryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1768340/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882993] Re: Package needs newer version with v2 encryption policy
Note that in particular, lightdm seems have to problems when using v1 policies, see https://github.com/google/fscrypt/issues/203. I had to upgrade one focal laptop to v2 policies to get lightdm to work - although oddly I had no problems on another, and I can't see the difference between them. I would have thought a backport for at least focal might have been justified, as home directory encryption must be one of the major use cases for fscrypt. ** Bug watch added: github.com/google/fscrypt/issues #203 https://github.com/google/fscrypt/issues/203 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882993 Title: Package needs newer version with v2 encryption policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1882993/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1878601] Re: Merge nfs-utils from Debian experimental for 22.04 - version in Ubuntu is *very* old
Bug #1901709 should be fixed by a resync, too. I don't know how many people other than me are mad enough to be running nfs servers in containers .. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878601 Title: Merge nfs-utils from Debian experimental for 22.04 - version in Ubuntu is *very* old To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1878601/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1451797] Re: rc.local should require network-online.target
This commit actually didn't reliably fix this bug, but given the length of time here, I've opened a new bug #1950906 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451797 Title: rc.local should require network-online.target To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1451797/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950906] [NEW] etc/rc.local should Want or Require network-online.target
Public bug reported: The fix for bug #1451797 introduced /lib/systemd/system/rc- local.service.d/debian.conf with the intent that rc.local would always run after the network was fully online. However, it only has an After= line, without actually pulling in network-online.target. Systemd docs say: "Units that strictly require a configured network connection should pull in network-online.target (via a Wants= type dependency) and order themselves after it. ... Note the distinction between this unit and network.target. This unit is an active unit (i.e. pulled in by the consumer rather than the provider of this functionality) ... Usually, network.target is part of the boot of most systems, while network-online.target is not ..." TL;DR - need to add "Wants=network-online.target" to /lib/systemd/system/rc-local.service.d/debian.conf :) ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: systemd 245.4-4ubuntu3.13 ProcVersionSignature: Ubuntu 5.4.0-90.101-generic 5.4.148 Uname: Linux 5.4.0-90-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: Xpra CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read kernel buffer failed: Operation not permitted Date: Sun Nov 14 17:22:54 2021 InstallationDate: Installed on 2017-01-08 (1771 days ago) InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 10c4:ea60 Silicon Labs CP210x UART Bridge Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Lsusb-t: /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/10p, 480M |__ Port 9: Dev 3, If 0, Class=Vendor Specific Class, Driver=cp210x, 12M MachineType: Dell Inc. OptiPlex 3040 ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.4.0-90-generic root=/dev/mapper/lvg2-host ro rootflags=subvol=rootfs rw drm.edid_firmware=edid/toguard2.bin video=HDMI-A-1:1024x768@60D SourcePackage: systemd UpgradeStatus: Upgraded to focal on 2021-09-02 (73 days ago) acpidump: dmi.bios.date: 06/30/2016 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.4.6 dmi.board.name: 0TTDMJ dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 3 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.4.6:bd06/30/2016:svnDellInc.:pnOptiPlex3040:pvr:rvnDellInc.:rn0TTDMJ:rvrA00:cvnDellInc.:ct3:cvr: dmi.product.name: OptiPlex 3040 dmi.product.sku: 06BB dmi.sys.vendor: Dell Inc. mtime.conffile..etc.systemd.logind.conf: 2019-03-03T09:57:30.814201 ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950906 Title: etc/rc.local should Want or Require network-online.target To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1950906/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1943049] Re: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
The long-term solution to all of this tediousness is probably for seccomp to be able to give some indication if a syscall is "new": https://github.com/seccomp/libseccomp/issues/286 ** Bug watch added: github.com/seccomp/libseccomp/issues #286 https://github.com/seccomp/libseccomp/issues/286 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943049 Title: Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true' To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1943049/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944436] Re: Please backport support for "close_range" syscall
I think the long test case in #5 now works. Note that later versions of crun have worked around the problem: https://github.com/containers/crun/pull/672 Still worth fixing, though, I think, as it is likely to cause further problems as more code starts to use close_range. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944436 Title: Please backport support for "close_range" syscall To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944436] Re: Please backport support for "close_range" syscall
Still working out kinks in the above, but here's a simpler one. Needs
running in an nspawn container again (steps 1-2 above); should either
succeed (no output) or print "function not implemented", but without
seccomp support nspawn will block it and it will print "not permitted"
#include
#include
#include
int main()
{
if(syscall(436, 0, 0, 0)) {
perror("close_range");
exit(1);
}
exit(0);
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944436
Title:
Please backport support for "close_range" syscall
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944436] Re: Please backport support for "close_range" syscall
It's not going to be simple I'm afraid, at least for the original
problem! "scmp_sys_resolver close_range" will quickly test whether
current seccomp has support for close_range (prints "-1" if not
supported, "436" otherwise - at least on x86_64.) Ubuntu seccomp
maintainers have been pretty happy SRUing this sort of thing before -
it's a running problem, and the changes are trivial.
Outline of a reproducer for my original problem would be something like:
1. download and unpack
https://partner-images.canonical.com/core/focal/current/ubuntu-focal-core-cloudimg-amd64-root.tar.gz
2. cd to the rootfs directory and start a container with "systemd-nspawn"
3. Add podman/buildah PPA:
. /etc/os-release
echo "deb
https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/
/" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
curl -L
"https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key";
| sudo apt-key add -
sudo apt-get update
sudo apt-get -y upgrade
4. apt-get -y install buildah
5. create scratch container and copy in busybox
ctr=$(buildah from scratch)
buildah copy $ctr /bin/busybox
6. check EOF handling
echo foo | buildah run $ctr /busybox cat
Without the patch, this should fail to return to the prompt, as the missing
syscall seems to interfere with buildah's ability to to process EOF; with the
patch it should return to the prompt.
In the event of failure there should also be messages logged about
"close_range" being unsupported.
Above is untested - I'll double-check it and flesh it out when
time/health permits, but hopefully it has some utility. There are
probably simpler test cases involving docker, but that's not my area...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1944436
Title:
Please backport support for "close_range" syscall
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944436] Re: Please backport support for "close_range" syscall
Can confirm rebuilding seccomp in focal with the relevant bits of the above two commits allows me to whitelist close_range in systemd-nspawn, solving my problem. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944436 Title: Please backport support for "close_range" syscall To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944436] Re: Please backport support for "close_range" syscall
https://github.com/seccomp/libseccomp/pull/322/ (or at least parts of it) probably required too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944436 Title: Please backport support for "close_range" syscall To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944436] [NEW] Please backport support for "close_range" syscall
Public bug reported: Please backport support for the "close_range" syscall .. may be as simple as cherrypicking https://github.com/seccomp/libseccomp/commit/01e5750e7c84bb14e5a5410c924bed519209db06 from upstream. I've hit problems running buildah in a systemd-nspawn container, but this will probably affect people trying to run modern code in other container systems as well, e.g. docker. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libseccomp2 2.5.1-1ubuntu1~20.04.1 ProcVersionSignature: Ubuntu 5.4.0-84.94-generic 5.4.133 Uname: Linux 5.4.0-84-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.20 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: Xpra Date: Tue Sep 21 15:10:54 2021 InstallationDate: Installed on 2017-01-08 (1717 days ago) InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) SourcePackage: libseccomp UpgradeStatus: Upgraded to focal on 2021-09-02 (19 days ago) ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944436 Title: Please backport support for "close_range" syscall To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1810565] Re: Ubuntu 16.04 to Ubuntu18.04 upgrade fails on snap debug connectivity without logging any useful logs
Bug #1926267 is related. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1810565 Title: Ubuntu 16.04 to Ubuntu18.04 upgrade fails on snap debug connectivity without logging any useful logs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1810565/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1810565] Re: Ubuntu 16.04 to Ubuntu18.04 upgrade fails on snap debug connectivity without logging any useful logs
This hit me trying to run a container upgrade in an environment where snapd wasn't running. Not a supported situation I'm sure but the extra logging would be good - just capturing the "snap debug connectivity" output and dumping to log would be fine.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1810565 Title: Ubuntu 16.04 to Ubuntu18.04 upgrade fails on snap debug connectivity without logging any useful logs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1810565/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926267] Re: do-release-upgrade failed silently after failed to connect to snap service
Bug #1810565 related. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926267 Title: do-release-upgrade failed silently after failed to connect to snap service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1926267/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
I'm seeing something similar to this (messages more like those in underlying debian bug report) - in this case triggered by a script which sshs in (invoking unison) twice in quick succession. Underlying hardware is an ARM board which may a little slow, don't know if that helps to trigger race? I'm also a little confused as to whether socket activation is the default under Ubuntu or not. My etckeeper history suggests it's been enabled here since 2014, when records began .. so no idea if it was something I enabled or not! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1871336] Re: blueman-tray crashed with FileNotFoundError in check_single_instance():[Errno 2]
Upstream bug, I assume: https://github.com/blueman- project/blueman/issues/1210 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871336 Title: blueman-tray crashed with FileNotFoundError in check_single_instance():[Errno 2] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1871336/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1871336] Re: blueman-tray crashed with FileNotFoundError in check_single_instance():[Errno 2]
I guess this is a race condition? Lockfile being removed by previous instance between the file being read and the is_running check or remove call? ** Bug watch added: github.com/blueman-project/blueman/issues #1210 https://github.com/blueman-project/blueman/issues/1210 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871336 Title: blueman-tray crashed with FileNotFoundError in check_single_instance():[Errno 2] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1871336/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841378] Re: MACVLAN= in .nspawn file vs command line results in /sys/class/net showing host interfaces
It's just possible that the commit linked may fix https://github.com/systemd/systemd/issues/12313 as well .. ** Bug watch added: github.com/systemd/systemd/issues #12313 https://github.com/systemd/systemd/issues/12313 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841378 Title: MACVLAN= in .nspawn file vs command line results in /sys/class/net showing host interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1841378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883447] Re: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers
LGTM! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883447 Title: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1883447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1915205] Re: CVE-2020-9366
Ah, my apologies - hadn't spotted that it was a recently introduced bug! On Tue, 9 Feb 2021, 22:20 Steve Beattie, <1915...@bugs.launchpad.net> wrote: > Hello Steve, > > Thanks for reporting this issue. In this case, it is believed that the > vulnerability was introduced in screen 4.7.0 (via > > https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 > ), and then fixed in 4.8.0. Ubuntu 18.04 and older versions of screen > pre-date the introduction of the vulnerability and thus are not > affected. Ubuntu 20.04 and newer as you point out alredy have 4.8.0 and > thus are also not-affected. > > This information is also represented at > https://ubuntu.com/security/CVE-2020-9366 . > > Also, if there were versions of screen affected, the Ubuntu Security > team would not normally pull back a complete new version to older > releases, as that would likely introduce behavioral changes that could > be considered regressions for users; instead we backport targeted fixes > to minimize the risk of regression. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1915205 > > Title: > CVE-2020-9366 > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915205 Title: CVE-2020-9366 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1915205] Re: CVE-2020-9366
Marking public as this is already known; might as well avoid dupes.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915205 Title: CVE-2020-9366 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1915205] [NEW] CVE-2020-9366
*** This bug is a security vulnerability *** Public security bug reported: screen <4.8.0 has a buffer overflow that can be triggered by program output. It doesn't seem to be clear yet how exploitable it is: https://nvd.nist.gov/vuln/detail/CVE-2020-9366 https://lists.gnu.org/archive/html/screen-devel/2020-02/msg7.html 4.8.0 seems to have made its way into focal but not bionic. ** Affects: screen (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915205 Title: CVE-2020-9366 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
Ah, looks like I don't need to do anything for focal's systemd-nspawn other than add openat2 to SyscallFilters= in the .nspawn file. With that, and the seccomp from the PPA, everything seems OK - thank you! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
OK, this is getting complicated. seccomp 2.5.0 and systemd-nspawn both have bugs which when combined cause most/all syscall filters to actually be disabled! See https://github.com/seccomp/libseccomp/issues/273#issuecomment-668458070 So I think your new packages are probably OK, but as they pull in 2.5.1 my system is breaking because the version of systemd-nspawn I'm using (default version from focal) is apparently still old enough not to include openat2() (Yes, reading upthread it seems I knew all of this in August and have managed to forget it over the last few months!) I will backport/patch systemd-nspawn and re-test these packages when time permits.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
Attached is a trivial test case, needs to be run in a container by a container manager that uses seccomp for syscall filtering (e.g. nspawn.) It should either silently succeed or print "openat2: Function not implemented" ; if seccomp combined with the container manager (e.g. nspawn) blocks the openat2 call, it will instead print "openat2: Operation not permitted." ** Attachment added: "Trivial test case" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5454861/+files/openat.c -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
Hmm, I tested with libseccomp2_2.5.1-0ubuntu0.20.04.1_test4_amd64.deb from the PPA and it doesn't seem to fix the openat2 problem - just realised I should have added I'm now using focal not bionic for my container host.. will try to investigate why once I'm back on my desktop machine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
Any progress on this? I've just run into it again, and due to my appalling memory have spent two hours debugging and now discovered my own bug report again :/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1910815] Re: race on boot between multiple invocations of grub-editenv
Fix might well be as simple as adding "After=grub-common.service" to /lib/systemd/system/grub-initrd-fallback.service - it's worked for one boot so far, which is obviously not a great test of a race condition :) It does seem to lead to sequential ordering of the two jobs, though: Jan 08 20:31:26 asr-host systemd[1]: Starting LSB: Record successful boot for GRUB... Jan 08 20:31:26 asr-host grub-common[1816]: * Recording successful boot for GRUB Jan 08 20:31:27 asr-host grub-common[1816]:...done. Jan 08 20:31:27 asr-host systemd[1]: Started LSB: Record successful boot for GRUB. Jan 08 20:31:27 asr-host systemd[1]: Starting GRUB failed boot detection... Jan 08 20:31:27 asr-host systemd[1]: grub-initrd-fallback.service: Succeeded. Jan 08 20:31:27 asr-host systemd[1]: Finished GRUB failed boot detection. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1910815 Title: race on boot between multiple invocations of grub-editenv To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1910815/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1910815] [NEW] race on boot between multiple invocations of grub-editenv
Public bug reported: On focal, it appears systemd can run /etc/init.d/grub-common in parallel with /lib/systemd/system/grub-initrd-fallback.service. Both of these invoke grub-editenv for different reasons, apparently resulting in race conditions that generate messages like this: Jan 08 18:07:15 asr-host systemd[1]: Starting LSB: Record successful boot for GRUB... Jan 08 18:07:15 asr-host systemd[1]: Starting GRUB failed boot detection... [..] Jan 08 18:07:15 asr-host grub-common[1822]: * Recording successful boot for GRUB [..] Jan 08 18:07:16 asr-host grub-editenv[1886]: /usr/bin/grub-editenv: error: cannot rename the file /boot/grub/grubenv.new to /boot/grub/grubenv. Jan 08 18:07:16 asr-host systemd[1]: grub-initrd-fallback.service: Main process exited, code=exited, status=1/FAILURE Jan 08 18:07:16 asr-host systemd[1]: grub-initrd-fallback.service: Failed with result 'exit-code'. Jan 08 18:07:16 asr-host systemd[1]: Failed to start GRUB failed boot detection. Jan 08 18:07:16 asr-host grub-common[1822]:...done. Jan 08 18:07:16 asr-host systemd[1]: Started LSB: Record successful boot for GRUB. Google search for "Failed to start GRUB failed boot detection" throws up a few hits, which suggests this isn't necessarily something to weird about the machine I'm running on: https://www.google.co.uk/search?q=%22Failed+to+start+GRUB+failed+boot+detection.%22 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: grub-common 2.04-1ubuntu26.7 ProcVersionSignature: Ubuntu 5.4.0-59.65-generic 5.4.78 Uname: Linux 5.4.0-59-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.14 Architecture: amd64 CasperMD5CheckResult: skip Date: Fri Jan 8 20:19:42 2021 ProcEnviron: TERM=screen.xterm-256color PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: grub2 UpgradeStatus: Upgraded to focal on 2020-12-23 (15 days ago) ** Affects: grub2 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1910815 Title: race on boot between multiple invocations of grub-editenv To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1910815/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1848180] Re: LVM initrd fails to activate btrfs multidevice root
** Attachment added: "/etc/initramfs-tools/scripts/local-top/btrfs-lvm" https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1848180/+attachment/5447426/+files/local-top.script -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848180 Title: LVM initrd fails to activate btrfs multidevice root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1848180/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1848180] Re: LVM initrd fails to activate btrfs multidevice root
OK, attached are some initramfs scripts: local-top.hook -> /etc/initramfs-tools/hooks/btrfs-lvm local-top.script -> /etc/initramfs-tools/scripts/local-top/btrfs-lvm I've tried to make them reasonably generic, the root fs is examined on initramfs creation, component btrfs devices extracted and tested to see if they are LVM LVs, and if so added to a config file inside them initramfs. Then on boot all those LVs are activated before attempting to mount root. ** Attachment added: "/etc/initramfs-tools/hooks/btrfs-lvm" https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1848180/+attachment/5447425/+files/local-top.hook -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848180 Title: LVM initrd fails to activate btrfs multidevice root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1848180/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1848180] Re: LVM initrd fails to activate btrfs multidevice root
I'm seeing this on focal as well. Running vgchange when the initramfs crashes to shell no longer seems to work - it just hangs. I have to add break=mount to kernel command line and do it there. Now working on hacking something into /etc/initramfs-tools/scripts/local-top/ - @Gabriele, that should allow you to make your changes permanent. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848180 Title: LVM initrd fails to activate btrfs multidevice root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1848180/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1909149] [NEW] package lxd 3.0.3-0ubuntu1~18.04.1 failed to install/upgrade: new lxd package pre-installation script subprocess returned error exit status 1
Public bug reported: Not sure what happened here, this line might be key: - Run install hook of "lxd" snap if present (run hook "install": cannot perform operation: mount --rbind /home /tmp/snap.rootfs_FrMoDy//home: Permission denied) If I remember correctly, /home is a symlink on this machine.. ProblemType: Package DistroRelease: Ubuntu 20.04 Package: lxd 3.0.3-0ubuntu1~18.04.1 ProcVersionSignature: Ubuntu 5.4.0-58.64~18.04.1-generic 5.4.73 Uname: Linux 5.4.0-58-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.14 Architecture: amd64 CasperMD5CheckResult: skip Date: Wed Dec 23 21:14:02 2020 ErrorMessage: new lxd package pre-installation script subprocess returned error exit status 1 Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4 RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.2ubuntu0.2 SourcePackage: lxd Title: package lxd 3.0.3-0ubuntu1~18.04.1 failed to install/upgrade: new lxd package pre-installation script subprocess returned error exit status 1 UpgradeStatus: Upgraded to focal on 2020-12-23 (0 days ago) ** Affects: lxd (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package focal third-party-packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1909149 Title: package lxd 3.0.3-0ubuntu1~18.04.1 failed to install/upgrade: new lxd package pre-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1909149/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1877844] Re: [SRU] data corruption issue in all versions before 1.1.11
I've gone through the upstream bug https://github.com/borgbackup/borg/issues/4829 and not found any data which could be used as a test case. While the description of the bug there is quite detailed, I think one would have to be incredibly familiar with borg internals & code to create a reproducer. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877844 Title: [SRU] data corruption issue in all versions before 1.1.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1877844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1877844] Re: [SRU] data corruption issue in all versions before 1.1.11
Given this is a *known data corrupting bug* declared by upstream, it would seem really odd to hold up the release for bionic and focal, where the solution is just an upgrade to the upstream version containing the fix! (I can possibly see the argument for being more careful with cherrypicked patches.) Unless upstream has published a detailed test case there may not be one accessible to us. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877844 Title: [SRU] data corruption issue in all versions before 1.1.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1877844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901709] [NEW] build nfsdcld to avoid grace period in containers
Public bug reported: Trying to use kernel nfs server in containers generally works, but generates dmesg warnings as follows: [ 23.392559] NFSD: attempt to initialize umh client tracking in a container ignored. [ 23.395065] NFSD: attempt to initialize legacy client tracking in a container ignored. [ 23.395085] NFSD: Unable to initialize client recovery tracking! (-22) [ 23.395106] NFSD: starting 90-second grace period (net f5fd) On reboot clients do indeed hang for the grace period. >From the description here .. https://man7.org/linux/man-pages/man8/nfsdcld.8.html .. it seems that modern kernels in combination with nfsdcld from modern nfs-utils can avoid this problem - is there any chance we could build and install it? It looks like it might have a sqlite dependency so possibly needs splitting off into a separate package. ** Affects: nfs-utils (Ubuntu) Importance: Undecided Status: New ** Description changed: - Trying to use kernel nfs server in containers generally workers, but + Trying to use kernel nfs server in containers generally works, but generates dmesg warnings as follows: [ 23.392559] NFSD: attempt to initialize umh client tracking in a container ignored. [ 23.395065] NFSD: attempt to initialize legacy client tracking in a container ignored. [ 23.395085] NFSD: Unable to initialize client recovery tracking! (-22) [ 23.395106] NFSD: starting 90-second grace period (net f5fd) On reboot clients do indeed hang for the grace period. From the description here .. https://man7.org/linux/man-pages/man8/nfsdcld.8.html .. it seems that modern kernels in combination with nfsdcld from modern nfs-utils can avoid this problem - is there any chance we could build and install it? It looks like it might have a sqlite dependency so possibly needs splitting off into a separate package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901709 Title: build nfsdcld to avoid grace period in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1901709/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 882878] Re: With IPv6 disabled, openssh will not forward X connections
Still broken in bionic in 2020! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/882878 Title: With IPv6 disabled, openssh will not forward X connections To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/882878/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1859829] Re: server will not boot after updating lvm2 package
This has just happened on yet another machine. It seems to occur if there's a snapshot of root volume in existence? Any chance of a fix? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1859829 Title: server will not boot after updating lvm2 package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1859829/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
Actually, I recommend not looking at 2.5.0 or master until https://github.com/seccomp/libseccomp/issues/273 is fixed! Definitely a security issue. ** Bug watch added: github.com/seccomp/libseccomp/issues #273 https://github.com/seccomp/libseccomp/issues/273 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1891810] [NEW] Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers
Public bug reported: The version of libseccomp2 in bionic does not know about the openat2 syscall. In my particular usecase, I was trying to run podman/buildah in an nspawn container, using fuse-overlayfs. This leads to peculiar failure modes as described in this issue: https://github.com/containers/fuse-overlayfs/issues/220 This could well cause other problems, previously issues like that have affected snapd, etc. Backporting the master branch of libseccomp fixed this for me, but for an SRU a cherrypick of https://github.com/seccomp/libseccomp/commit/b3206ad5645dceda89538ea8acc984078ab697ab might be sufficient... ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: libseccomp2 2.4.3-1ubuntu3.18.04.3 ProcVersionSignature: Ubuntu 5.4.0-42.46~18.04.1-generic 5.4.44 Uname: Linux 5.4.0-42-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.16 Architecture: amd64 Date: Sun Aug 16 17:35:09 2020 Dependencies: gcc-8-base 8.4.0-1ubuntu1~18.04 libc6 2.27-3ubuntu1.2 libgcc1 1:8.4.0-1ubuntu1~18.04 ProcEnviron: TERM=screen.xterm-256color PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: libseccomp UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891810 Title: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883447] Re: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers
This bug also seems to generate "Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at src/basic /time-util.c:55, function now(). Aborting" in various places if you try to boot an existing 20.04 container on bionic with systemd-nspawn. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883447 Title: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1883447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883447] Re: nspawn on arm blocks _time64 syscalls, breaks upgrade to focal in containers
Thinking about it, it probably only applies to arm, or at least to 32 bit archs (I think 64bit archs use 64-bit time already.) I'll try and find a reference for that .. ** Summary changed: - nspawn blocks _time64 syscalls, breaks upgrade to focal in containers + nspawn on arm blocks _time64 syscalls, breaks upgrade to focal in containers -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883447 Title: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1883447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883447] Re: nspawn on arm blocks _time64 syscalls, breaks upgrade to focal in containers
https://patchwork.kernel.org/patch/10756415/ is the upstream kernel patch it seems. ** Summary changed: - nspawn on arm blocks _time64 syscalls, breaks upgrade to focal in containers + nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers ** Description changed: - This may only affect armhf, but I can't see why it should. - Recent Linux kernels introduced a number of new syscalls ending in - _time64 to fix Y2038 problem; it appears recent glibc, including the - version in focal, test for the existence of these. systemd-nspawn in - bionic (237-3ubuntu10.38) doesn't know about these so blocks them by - default. It seems however glibc isn't expecting an EPERM, causing - numerous programs to fail. + Recent Linux kernels introduced a number of new syscalls ending in _time64 to fix Y2038 problem; it appears recent glibc, including the version in focal, test for the existence of these. systemd-nspawn in bionic (237-3ubuntu10.38) doesn't know about these so blocks them by default. It seems however glibc isn't expecting an EPERM, causing numerous programs to fail. In particular, running do-release-upgrade to focal in an nspawn container hosted on bionic will break as soon as the new libc has been unpacked. Solution (tested here) is to cherrypick upstream commit https://github.com/systemd/systemd/commit/6ca677106992321326427c89a40e1c9673a499b2 A newer libseccomp is also needed but this is already being worked on, see bug #1876055. It's a pretty trivial fix one the new libseccomp lands, and there is precedent for SRU-ing for a similar issue in bug #1840640. + + https://patchwork.kernel.org/patch/10756415/ is apparently the upstream + kernel patch, which should give a clearer idea of which architectures + are likely to be affected - I noticed it on armhf. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883447 Title: nspawn on some 32-bit archs blocks _time64 syscalls, breaks upgrade to focal in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1883447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1883447] [NEW] nspawn blocks _time64 syscalls, breaks upgrade to focal in containers
Public bug reported: This may only affect armhf, but I can't see why it should. Recent Linux kernels introduced a number of new syscalls ending in _time64 to fix Y2038 problem; it appears recent glibc, including the version in focal, test for the existence of these. systemd-nspawn in bionic (237-3ubuntu10.38) doesn't know about these so blocks them by default. It seems however glibc isn't expecting an EPERM, causing numerous programs to fail. In particular, running do-release-upgrade to focal in an nspawn container hosted on bionic will break as soon as the new libc has been unpacked. Solution (tested here) is to cherrypick upstream commit https://github.com/systemd/systemd/commit/6ca677106992321326427c89a40e1c9673a499b2 A newer libseccomp is also needed but this is already being worked on, see bug #1876055. It's a pretty trivial fix one the new libseccomp lands, and there is precedent for SRU-ing for a similar issue in bug #1840640. ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883447 Title: nspawn blocks _time64 syscalls, breaks upgrade to focal in containers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1883447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882973] [NEW] Versions >=20190125 build-depend on meson >=0.47
Public bug reported: The following upstream commit https://github.com/systemd/casync/commit/8d30d6d8ebe4b12e251fe4b72d1a2e6f3121b994 makes the build require meson >= 0.47, but the package in 20.04 still build-depends on 0.40. Just hit this trying to backport to bionic, which generates error "ERROR: Unknown type feature." " ** Affects: casync (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882973 Title: Versions >=20190125 build-depend on meson >=0.47 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/casync/+bug/1882973/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1859829] Re: server will not boot after updating lvm2 package
This has just bitten me again on yet another machine - is it ever going to be fixed? If it helps I suspect it's something to do with having snapshots kicking around .. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1859829 Title: server will not boot after updating lvm2 package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1859829/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1877844] [NEW] data corruption issue in all versions before 1.1.11
Public bug reported: Per the "important notes" section of the borg docs: https://borgbackup.readthedocs.io/en/stable/changes.html "Pre-1.1.11 potential index corruption / data loss issue A bug was discovered in our hashtable code, see issue #4829. The code is used for the client-side chunks cache and the server-side repo index. Although borg uses the hashtables very heavily, the index corruption did not happen too frequently, because it needed specific conditions to happen. Data loss required even more specific conditions, so it should be rare (and also detectable via borg check). [..]" Theoretically affects all Ubuntu releases before 20.04 (focal.) I know this is a universe package, but if anyone was up for an SRU that would be fantastic.. ** Affects: borgbackup (Ubuntu) Importance: Undecided Status: New ** Bug watch added: github.com/borgbackup/borg/issues #4829 https://github.com/borgbackup/borg/issues/4829 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877844 Title: data corruption issue in all versions before 1.1.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1877844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1877844] Re: data corruption issue in all versions before 1.1.11
Upstream bug: https://github.com/borgbackup/borg/issues/4829 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877844 Title: data corruption issue in all versions before 1.1.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1877844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1859829] Re: server will not boot after updating lvm2 package
Just reported my own bug #1870783 - my server appears to hang (without above message), but eventually successfully boots after ~ 180 secs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1859829 Title: server will not boot after updating lvm2 package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1859829/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1863919] Re: [regression] lingering pvscan during boot
Do you also see slow shutdowns? One of my servers which has other problems with this patch (bug #1870783) has been seen to get stuck shutting down / rebooting showing a message about (I think) lvmetad (hard to tell due to very small server console truncating message) .. systemd eventually times it out (after, a bit randomly, 105 secs) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863919 Title: [regression] lingering pvscan during boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1863919/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1870783] [NEW] 2.02.176-4.1ubuntu3.18.04.2 causes 3 min boot hang
Public bug reported: 2.02.176-4.1ubuntu3.18.04.2 causes at least one of my servers to hang on boot for ~ 3 minutes. adding debug=y to kernel command line seems to show the last script was init-top/udev. Downgrading to 2.02.176-4.1ubuntu3 resolves the problem. Possibly related to bug #1859829 and bug #1863919. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: lvm2 2.02.176-4.1ubuntu3.18.04.2 ProcVersionSignature: Ubuntu 5.3.0-45.37~18.04.1-generic 5.3.18 Uname: Linux 5.3.0-45-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.14 Architecture: amd64 Date: Sat Apr 4 13:59:05 2020 ProcEnviron: TERM=screen.xterm-256color PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: lvm2 UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.lvm.lvm.conf: 2018-11-09T14:30:02.719390 ** Affects: lvm2 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic ** Description changed: 2.02.176-4.1ubuntu3.18.04.2 causes at least one of my servers to hang on boot for ~ 3 minutes. adding debug=y to kernel command line seems to show the last script was init-top/udev. Downgrading to 2.02.176-4.1ubuntu3 resolves the problem. - Possibly related to #1859829 and #1863919. + Possibly related to bug #1859829 and bug #1863919. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: lvm2 2.02.176-4.1ubuntu3.18.04.2 ProcVersionSignature: Ubuntu 5.3.0-45.37~18.04.1-generic 5.3.18 Uname: Linux 5.3.0-45-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.14 Architecture: amd64 Date: Sat Apr 4 13:59:05 2020 ProcEnviron: - TERM=screen.xterm-256color - PATH=(custom, no user) - LANG=en_GB.UTF-8 - SHELL=/bin/bash + TERM=screen.xterm-256color + PATH=(custom, no user) + LANG=en_GB.UTF-8 + SHELL=/bin/bash SourcePackage: lvm2 UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.lvm.lvm.conf: 2018-11-09T14:30:02.719390 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1870783 Title: 2.02.176-4.1ubuntu3.18.04.2 causes 3 min boot hang To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1870783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1776447] Re: Indirect GLX (LIBGL_ALWAYS_INDIRECT=1) causes opengl programms to crash
That would be excellent - thanks! IGLX is one of those things probably not many people use, but those of us who do kind of really need it. It also seems to be a thing in HPC / research circles: https://www.phoronix.com/scan.php?page=news_item&px=Xorg-IGLX-Potential- Bye-Bye FWIW, I'm now (finally) using bionic everywhere.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776447 Title: Indirect GLX (LIBGL_ALWAYS_INDIRECT=1) causes opengl programms to crash To manage notifications about this bug go to: https://bugs.launchpad.net/xorg-server/+bug/1776447/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 656675] Re: Two saned processes and "bind failed: Address already in use"
OK, I think this is not a (huge) bug .. looking at saned code, it tries to bind v6 and v4 sockets separately. If /proc/sys/net/ipv6/bindv6only isn't set, binding v6 will also bind v4, making the later explicit v4 bind fail. The second process is probably the one responsible for avahi advertisements. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/656675 Title: Two saned processes and "bind failed: Address already in use" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/656675/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 656675] Re: Two saned processes and "bind failed: Address already in use"
Still seeing this in 18.04! Gave up, disabled /etc/init.d/saned, and used the systemd socket service - but this doesn't seem to advertise the saned server. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/656675 Title: Two saned processes and "bind failed: Address already in use" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/656675/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1785383] Re: missing EDNS0 record confuses systemd-resolved
Any news on this? Recent upgrade has removed my patches to dnsmasq, and I'm hitting this again. Still convinced the Ubuntu-specific patch to systemd-resolved is flawed as well. I will try to get brain back into gear to have at look at this all again. If nothing else, would be good to SRU the dnsmasq upstream fix? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785383 Title: missing EDNS0 record confuses systemd-resolved To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1785383/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840640] Re: sync_file_range fails in nspawn containers on arm, ppc
Just tested on bionic, looks good - thanks everyone! ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840640 Title: sync_file_range fails in nspawn containers on arm, ppc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840640] Re: sync_file_range fails in nspawn containers on arm, ppc
OK, so my kernel didn't have seccomp support compiled in and systemd just silently fails to set seccomp filters in that case. Have now reproduced the bug on an armhf disco VM, and verified that the package in proposed, 240-6ubuntu5.8 fixes it. ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840640 Title: sync_file_range fails in nspawn containers on arm, ppc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840640] Re: sync_file_range fails in nspawn containers on arm, ppc
OK, I've had a go, but oddly I can't reproduce this in a disco VM at the moment, which makes testing the fix tricky.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840640 Title: sync_file_range fails in nspawn containers on arm, ppc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840640] Re: sync_file_range fails in nspawn containers on arm, ppc
@vorlon, will do my best to test the disco version, but I don't currently have an ARM disco environment, and usual health battles mean it'll probably be a struggle to set one up - I'll have a go though! The bionic version I will of course be all over :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840640 Title: sync_file_range fails in nspawn containers on arm, ppc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1840640] Re: sync_file_range fails in nspawn containers on arm, ppc
Can't check at the moment, but details should have been added by apport. Is it possible arm64 abi is different from armhf (32bit?) On Thu, 3 Oct 2019, 22:41 Dan Streetman, wrote: > I'm having trouble reproducing this on a Bionic nspawn container on > arm64; what host release, and container release, are you using? Are you > using the latest glibc and systemd? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1840640 > > Title: > sync_file_range fails in nspawn containers on arm, ppc > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840640 Title: sync_file_range fails in nspawn containers on arm, ppc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1539934] Re: Load thin Kernel Modules in initramfs for support on boot
Looks like this may finally have been fixed in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774560 ** Bug watch added: Debian Bug tracker #774560 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774560 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1539934 Title: Load thin Kernel Modules in initramfs for support on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1539934/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841918] Re: wakeonlan no longer works with r8169 after upgrade to 5.0 kernel
Aha .. https://github.com/systemd/systemd/blob/master/src/shared/ethtool- util.c#L279 Reads current WOL settings and doesn't set them again if not necessary - we're back the r8169 driver or the BIOS possibly not quite initializing something correctly on start-up, which an explicit ioctl to set WOL corrects :( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841918 Title: wakeonlan no longer works with r8169 after upgrade to 5.0 kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe/+bug/1841918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841918] Re: wakeonlan no longer works with r8169 after upgrade to 5.0 kernel
Interestingly, if I enable WOL by hand with ethtool (even though ethtool is showing it as already enabled), it works. /sys/class/net/laneth0/device/power/wakeup shows "disabled" if I let systemd enable WOL via the .link file, but after doing it manually with ethtool it shows "enabled." Note that all I have done is switch to the HWE kernel - I am using exactly the same verison of systemd, ethtool, etc. Has something in the kernel stopped implicitly configuring the system power management, either generically or for r8169? Is ethtool doing it explicitly? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841918 Title: wakeonlan no longer works with r8169 after upgrade to 5.0 kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe/+bug/1841918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841918] [NEW] wakeonlan no longer works with r8169 after upgrade to 5.0 kernel
Public bug reported: Latest in the eternal saga of WOL problems with r8169 on certain platforms. 4.15.0-58 (bionic) worked; installing the latest HWE (5.0.0-25) stops wakeonlan working. lspci output: 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor DRAM Controller (rev 09) 00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller (rev 09) 00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04) 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 05) 00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 05) 00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b5) 00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4 (rev b5) 00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 05) 00:1f.0 ISA bridge: Intel Corporation H61 Express Chipset LPC Controller (rev 05) 00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family 6 port Desktop SATA AHCI Controller (rev 05) 00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 05) 01:00.0 USB controller: Renesas Technology Corp. uPD720201 USB 3.0 Host Controller (rev 03) 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06) 5.0.x r8169 related kernel output: Aug 29 10:35:02 asr-host kernel: r8169 :02:00.0: can't disable ASPM; OS doesn't have ASPM control Aug 29 10:35:02 asr-host kernel: libphy: r8169: probed Aug 29 10:35:02 asr-host kernel: r8169 :02:00.0 eth0: RTL8168evl/8111evl, bc:5f:f4:b6:4b:e6, XID 2c9, IRQ 28 Aug 29 10:35:02 asr-host kernel: r8169 :02:00.0 eth0: jumbo features [frames: 9200 bytes, tx checksumming: ko] Aug 29 10:35:02 asr-host kernel: r8169 :02:00.0 laneth0: renamed from eth0 Aug 29 10:35:10 asr-host kernel: RTL8211E Gigabit Ethernet r8169-200:00: attached PHY driver [RTL8211E Gigabit Ethernet] (mii_bus:phy_addr=r8169-200:00, irq=IGNORE) Aug 29 10:35:11 asr-host kernel: r8169 :02:00.0 laneth0: Link is Down Aug 29 10:35:13 asr-host kernel: r8169 :02:00.0 laneth0: Link is Up - 1Gbps/Full - flow control off Aug 29 10:54:03 asr-host kernel: r8169 :02:00.0 laneth0: Link is Down Aug 29 10:54:03 asr-host kernel: r8169 :02:00.0 laneth0: Link is Down Aug 29 10:54:05 asr-host kernel: r8169 :02:00.0 laneth0: Link is Up - 1Gbps/Full - flow control off 4.15.x output: Aug 29 11:03:24 asr-host kernel: r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded Aug 29 11:03:24 asr-host kernel: r8169 :02:00.0: can't disable ASPM; OS doesn't have ASPM control Aug 29 11:03:24 asr-host kernel: r8169 :02:00.0 eth0: RTL8168evl/8111evl at 0x(ptrval), bc:5f:f4:b6:4b:e6, XID 0c900800 IRQ 27 Aug 29 11:03:24 asr-host kernel: r8169 :02:00.0 eth0: jumbo features [frames: 9200 bytes, tx checksumming: ko] Aug 29 11:03:24 asr-host kernel: r8169 :02:00.0 laneth0: renamed from eth0 Aug 29 11:03:32 asr-host kernel: r8169 :02:00.0 laneth0: link down Aug 29 11:03:35 asr-host kernel: r8169 :02:00.0 laneth0: link up Aug 29 11:06:01 asr-host kernel: r8169 :02:00.0 laneth0: link down Aug 29 11:06:03 asr-host kernel: r8169 :02:00.0 laneth0: link up Aug 29 11:18:40 asr-host kernel: r8169 :02:00.0 laneth0: link down Aug 29 11:18:42 asr-host kernel: r8169 :02:00.0 laneth0: link up ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-5.0.0-25-generic 5.0.0-25.26~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18 Uname: Linux 4.15.0-58-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.7 Architecture: amd64 Date: Thu Aug 29 11:41:17 2019 ProcEnviron: TERM=screen PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-hwe UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: linux-signed-hwe (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841918 Title: wakeonlan no longer works with r8169 after upgrade to 5.0 kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe/+bug/1841918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1102906] Re: Cannot broadcast both on global and link address on same interface
Would it be possible to add a flag to AvahiPublishFlags to allow the application to request the required behaviour on a per-service basis? I can't see any options for Pidgin that don't require pretty radical restructuring of its codebase (more discussion at https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/comments/10) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1102906 Title: Cannot broadcast both on global and link address on same interface To manage notifications about this bug go to: https://bugs.launchpad.net/avahi/+bug/1102906/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
Thanks for the explanation. Pidgin probably needs to keep the source address matching partly for security, and also possibly to disambiguate users. Binding to the advertised address probably wouldn't work in this case, as the target wouldn't have a route back for the global address prefix. I guess it would have to enumerate all interfaces, then process each one at a time, retrieving the link local address and adding it to a new text record in the advertised service description. This also means monitoring for new and deleted interfaces with rtnetlink .. that's a pretty invasive change to the codebase. At the very least, if Pidgin could raise a visible error with a pointer to an FAQ when this happens, that would be a start! Would it be possible to add a flag to AvahiPublishFlags to allow the application to request the required behaviour on a per-service basis? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1102906] Re: Cannot broadcast both on global and link address on same interface
** Bug watch added: github.com/lathiat/avahi/issues #243 https://github.com/lathiat/avahi/issues/243 ** Also affects: avahi via https://github.com/lathiat/avahi/issues/243 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1102906 Title: Cannot broadcast both on global and link address on same interface To manage notifications about this bug go to: https://bugs.launchpad.net/avahi/+bug/1102906/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1102906] Re: Cannot broadcast both on global and link address on same interface
I found a mailing list post which mentioned this, but no replies: https://lists.freedesktop.org/archives/avahi/2010-March/001863.html It actually causes problems for Pidgin in certain circumstances, see bug #1841621. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1102906 Title: Cannot broadcast both on global and link address on same interface To manage notifications about this bug go to: https://bugs.launchpad.net/avahi/+bug/1102906/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
Just found bug #1102906 raised against avahi for this behaviour years ago.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
Just realised that the heat had addled my brain - this will get the link local address of target, not the originator. We could enumerate link local addresses on the originator and add a field to the mdns text record, but by definition those addresses are only valid on a particular interface, and the target wouldn't know which was which was which. In reality most LLAs will be formed from the interface MAC address, but unclear how much this should be relied upon. Worst case scenario is a user on one interface could spoof a conversation pretending to be a user on another. Possibly this is all getting too complicated. A setting to disable the IP match code might be simpler, though that seems to happen in multiple places in the codebase and obviously has security implications. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
Proof of concept of getting link local address for a specific ifindex. ** Attachment added: "getif.c" https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+attachment/5285029/+files/getif.c -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
Looking at the source, when browsing/resolving mdns, we get an interface ID passed to the callback. So it should be possible call if_indextoname() on that, then walk getifaddr() output to find the interface and then its link-local address, and that add that to the list of IPs ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
May be a long-standing avahi problem, but Pidgin may need to work around it: https://lists.freedesktop.org/archives/avahi/2010-March/001863.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
https://github.com/lathiat/avahi/blob/1cc2b8e8d62e939b8bd683f795794878863931af /avahi-core/iface.c#L707][1] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] Re: Bonjour messages not received if one party has global ipv6 address and one doesn't
(For those trying to work around this, just disabling IPv6 through sysctl doesn't necessarily help - some combination of Network Manager and avahi seems to manage to advertise a link-local address even in this instance. v6 support can be turned off separately in avahi-daemon.conf) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841621] [NEW] Bonjour messages not received if one party has global ipv6 address and one doesn't
Public bug reported: Something in the stack - Pidgin or avahi - gets confused if one machine has a global IPv6 address and the other only has a link-local address. Pidgin sees the global address advertised by mDNS, but connections come from the link-local address, and it rejects them because of the address mismatch: (16:48:32) bonjour: _resolve_callback - name:User@beelink account:0x55f7906b8070 bb:(nil) (16:48:32) bonjour: _resolve_callback - name:User@beelink ip:IPv6:addr:ess:obsc:ured:5a15 prev_ip:(null) (16:48:32) blist: Updating buddy status for User@beelink (Bonjour) (16:48:32) bonjour: _resolve_callback - name:User@beelink account:0x55f7906b8070 bb:0x55f79140a040 (16:48:32) bonjour: _resolve_callback - name:User@beelink ip:192.168.X.Y prev_ip:(null) [..] (16:48:41) bonjour: Received incoming connection from fe80::link:locl:addr:hddn%4. (16:48:41) bonjour: We don't like invisible buddies, this is not a superheroes comic ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: pidgin 1:2.12.0-1ubuntu4 ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18 Uname: Linux 4.15.0-58-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.7 Architecture: amd64 Date: Tue Aug 27 16:56:14 2019 InstallationDate: Installed on 2018-05-31 (453 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=screen.xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: pidgin UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: pidgin (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841621 Title: Bonjour messages not received if one party has global ipv6 address and one doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1841621/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841378] Re: MACVLAN= in .nspawn file vs command line results in /sys/class/net showing host interfaces
The "obvious fix" (attached) does indeed solve the problem - haven't done enough testing as of yet to be sure there are no weird consequences. ** Description changed: I have machine with the following nspawn file: -- [Network] MACVLAN=laneth0 [Exec] PrivateUsers=false -- if I start it with systemctl start systemd-nspawn@name, all works as expected. If I start manually with systemd-nspawn -M name -b, I seem to correctly get a new network namespace (ip link output in container is correct), but ls /sys/class/net shows the host's interfaces. The difference turns out to be that starting with systemctl uses a default command line which includes --private-network; the MACVLAN= in the config file should imply this, but instead it seems I'm getting "half" a private network, with the namespace correctly set but /sys not. Having a quick poke around, I suspect https://github.com/systemd/systemd/commit/60f1ec13ed059e412c2a2ee4cc3093e2d520673c may have 'accidentally' fixed this - it moves -if (arg_private_network) - arg_mount_settings |= MOUNT_APPLY_APIVFS_NETNS; + if (arg_private_network) + arg_mount_settings |= MOUNT_APPLY_APIVFS_NETNS; from parse_argv to verify_arguments which is called later. This bug causes netplan to fail as well as it rummages around in /sys/class/net. If the planets ever align appropriately, I will try to come up with a - patch to 237 for bionic, but I don't recommend anyone hold's their + patch to 237 for bionic, but I don't recommend anyone holds their breath.. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: systemd-container 237-3ubuntu10.25 Uname: Linux 4.19.13-041913-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: XFCE Date: Sun Aug 25 17:54:50 2019 InstallationDate: Installed on 2018-03-22 (521 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: systemd UpgradeStatus: No upgrade log present (probably fresh install) ** Patch added: "nspawn-fix.diff" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1841378/+attachment/5284741/+files/nspawn-fix.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841378 Title: MACVLAN= in .nspawn file vs command line results in /sys/class/net showing host interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1841378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841378] [NEW] MACVLAN= in .nspawn file vs command line results in /sys/class/net showing host interfaces
Public bug reported: I have machine with the following nspawn file: -- [Network] MACVLAN=laneth0 [Exec] PrivateUsers=false -- if I start it with systemctl start systemd-nspawn@name, all works as expected. If I start manually with systemd-nspawn -M name -b, I seem to correctly get a new network namespace (ip link output in container is correct), but ls /sys/class/net shows the host's interfaces. The difference turns out to be that starting with systemctl uses a default command line which includes --private-network; the MACVLAN= in the config file should imply this, but instead it seems I'm getting "half" a private network, with the namespace correctly set but /sys not. Having a quick poke around, I suspect https://github.com/systemd/systemd/commit/60f1ec13ed059e412c2a2ee4cc3093e2d520673c may have 'accidentally' fixed this - it moves if (arg_private_network) arg_mount_settings |= MOUNT_APPLY_APIVFS_NETNS; from parse_argv to verify_arguments which is called later. This bug causes netplan to fail as well as it rummages around in /sys/class/net. If the planets ever align appropriately, I will try to come up with a patch to 237 for bionic, but I don't recommend anyone hold's their breath.. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: systemd-container 237-3ubuntu10.25 Uname: Linux 4.19.13-041913-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: XFCE Date: Sun Aug 25 17:54:50 2019 InstallationDate: Installed on 2018-03-22 (521 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180306.1) SourcePackage: systemd UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841378 Title: MACVLAN= in .nspawn file vs command line results in /sys/class/net showing host interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1841378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1752379] Re: ubuntu-support-status could more clearly define 'support'
I'm utterly confused about what the support policy actually is .. is "Supported:" in universe still updated/meaningful? Apparently I have 123 unsupported packages on bionic, including things like apcupsd, iftop, fatrace, distcc, systemd-container ..? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1752379 Title: ubuntu-support-status could more clearly define 'support' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1752379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1574670] Re: ubuntu-support-status returns inaccurate information
Just found this, still very confused .. is "Supported:" in universe still updated/meaningful? Apparently I have 123 unsupported packages on bionic, including things like apcupsd, iftop, fatrace, distcc, systemd- container ..? Hard to get a grasp on current support policies. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1574670 Title: ubuntu-support-status returns inaccurate information To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574670/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840640] Re: sync_file_range fails in nspawn containers on arm, ppc
Test packages in case anyone wants them: https://www.dropbox.com/sh/gxuy14k1t2chwbu/AABKX2idDrGu2R3Fwio0DAOTa?dl=0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840640 Title: sync_file_range fails in nspawn containers on arm, ppc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840640] [NEW] sync_file_range fails in nspawn containers on arm, ppc
Public bug reported:
ARM has two sync_file_range syscalls, sync_file_range and
sync_file_range2. The former is apparently not used, and glibc calls the
latter whenever a userspace program calls sync_file_range. I'm guessing
systemd-nspawn doesn't know this, because the follow code consistently
fails in an nspawn container on ARM:
#define _GNU_SOURCE
#include
#include
#include
#include
void main()
{
int f = open("/tmp/syncrange.test",O_CREAT|O_RDWR,0666);
int r=sync_file_range(f, 0, 0, 0);
if (r)
perror("sync_file_range");
close(f);
}
This seems to be causing problems specifically for borg(backup) and
postgres:
https://github.com/borgbackup/borg/issues/4710
https://www.postgresql.org/message-id/flat/CA%2BhUKG%2BydOUT4zjxb6QmJWy8U9WbC-q%2BJWV7wLsEY9Df%3Dmw0Mw%40mail.gmail.com#ac8f14897647dc7eae3c7e7cbed36d93
The solution should be to cherrypick
https://github.com/systemd/systemd/pull/13352, I am currently waiting
for systemd to rebuild on a slow ARM box. Any chance of an SRU?
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: systemd-container 237-3ubuntu10.24
Uname: Linux 4.14.66+ armv7l
NonfreeKernelModules: extcon_usb_gpio
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: armhf
Date: Mon Aug 19 11:10:48 2019
ProcEnviron:
TERM=screen
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
** Affects: systemd (Ubuntu Bionic)
Importance: Undecided
Status: New
** Tags: apport-bug armhf bionic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840640
Title:
sync_file_range fails in nspawn containers on arm, ppc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1840640/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1826405] Re: Repeatedly "storage error [503 Inconsistent file state], last errno: File exists
Well, touch wood, something I've done has made things happier. I moved everything from the cache directory to a subfolder, made it inaccessible, removed apt lists from clients and ran apt-get update, then linked all the original cache files into _import and made acng reimport them. The first time I did this, it didn't seem to help. After the second time, so far, everything is OK. I also reinstalled the package and let it overwrite my config, but looking at the actual uncommented options in each version, they're basically identical. All very odd... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1826405 Title: Repeatedly "storage error [503 Inconsistent file state], last errno: File exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt-cacher-ng/+bug/1826405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1826405] Re: Repeatedly "storage error [503 Inconsistent file state], last errno: File exists
I was seeing the dreaded "503 Inconsistent file state" talking to the canonical (sorry) package repositories. As I said, there are no explicit upstream proxies, but who knows what the ISP is doing (this would be a big argument in favour of running apt-get over https to my mind..) Anyway, at the moment after a cycles of intelligent nuking (trying to retain my cache contents while rebuilding it) things seem OK. I feel bad for not going into full-on debug mode and trying to get to the bottom of it, but I'm got a huge mountain of stuff to do and just needed this working so I could get on :( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1826405 Title: Repeatedly "storage error [503 Inconsistent file state], last errno: File exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt-cacher-ng/+bug/1826405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1826405] Re: Repeatedly "storage error [503 Inconsistent file state], last errno: File exists
acng seems totally broken in bionic. I'm not knowingly behind a proxy - can't completely rule out ISP doing something evil though. Anyone have any pointers on this? Very few google hits, nothing on bugs.debian.org that I can see, very little activity for acng on salsa.debian.org .. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1826405 Title: Repeatedly "storage error [503 Inconsistent file state], last errno: File exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt-cacher-ng/+bug/1826405/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
