[Bug 2046486] Re: units with credentials fail in LXD containers
Oracular unprivileged containers should now be working OK in latest/candidate channel. In latest/edge and latest/candidate we have added a vendored version of the apparmor parser (v4.0.2). If our tests pass OK then will proceed to deploy latest/candidate to latest/stable on Monday. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2046486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046486] Re: units with credentials fail in LXD containers
OK excellent, so as discussed we'll need to vendor the upstream version of apparmor into the LXD snap (so we don't have to prematurely rush the core24 switch) along with the cherry-picks you identified in the GH issue. I'll work on landing that in latest/edge first and then we can perform an interim release into latest/candidate and latest/stable after that. If there are no issues with that then we can perform the same approach for 5.21/stable. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2046486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046486] Re: units with credentials fail in LXD containers
As for when it hits stable channels, im assuming the most important ones are latest/stable and 5.21/stable (which is the current lts series). Ill need to check with mihalicyn if the fix relies on a thr lxd snap switching base to core24. If so we've got some more issues to resolve first, but if not it can go into 6.2 and 5.21.3 and i can do an interim cherry pick sooner. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2046486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046486] Re: units with credentials fail in LXD containers
I mention it only for the purposes of testing and for keeping this ticket informed, i was not suggesting you run production on latest/edge naturally. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2046486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046486] Re: units with credentials fail in LXD containers
This is fixed now in latest/edge of lxd for unprivileged containers. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046486 Title: units with credentials fail in LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2046486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073973] Re: Add eBPF support to ubuntu:22.04 -kvm variant kernel
Yes, if you could bring them as close as possible to the generic options that would be great. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073973 Title: Add eBPF support to ubuntu:22.04 -kvm variant kernel To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2073973/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067900] Re: apparmor unconfined profile blocks pivot_root
This issue is now occuring in lxd latest/edge builds after we merged initial support for restricted user namespaces. Is there an eta on a fix? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067900 Title: apparmor unconfined profile blocks pivot_root To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2067900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2057927] Re: lxd vga console throws "Operation not permitted" error
Please can you confirm if still an issue on lxd 5.21/stable as this is the current supported version. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2057927 Title: lxd vga console throws "Operation not permitted" error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2057927/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I just tried this now on a freshly installed Ubuntu 20.04 with kernel 5.8.0-41-generic and it works great in both Gnome and in Chromium. Happy to mark this resolved. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I'm running latest HWE kernel on 20.04 (5.4.0-65). If I connect a microphone via USB or the headphone socket then it works (in chromium too). But if I disconnect the microphone then Gnome doesn't detect any built- in microphone. As I've made some changes to my modules settings, I think I'll wipe the system and try it with a fresh install. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1896938] Re: strange IPv6 NDP behaviour with OVN on Focal
** Description changed: [Impact] The issue I'm seeing is that if I have multiple OVN routers connected to the same external OVS uplink switch (which in turn is connected via veth to a native linux bridge), when NDP solicit packets are sent from the native linux bridge into the logical OVN switch, for some reason every OVN router that is connected to the OVN switch retransmits the NDP packet from its own MAC address. Which in turn causes them all to receive another NDP packet, which are then all retransmitted (a flood then ensues until OVS rate limiting takes effect). This occurs even for IPs that do not exist on the network that the OVN routers dont know anything about. It doesn't happen for ARP, nor does it occur in Groovy. [Test Case] - test + Setup single node LXD with and OVN network and then ping a non-existant IP in the uplink network from the LXD host and watch for the OVN gateway to retransmit the IPv6 NS packet from lxdbr0 back into the uplink network. + + # Install OVN and setup. + sudo apt install ovn-host ovn-central tcpdump -y + + sudo ovs-vsctl set open_vswitch . \ + external_ids:ovn-encap-type=geneve \ + external_ids:ovn-remote="unix:/var/run/ovn/ovnsb_db.sock" \ + external_ids:ovn-encap-ip=127.0.0.1 + + # Install LXD and get lxdbr0 address and subnet. + snap install lxd + lxd init --auto + lxc network show lxdbr0 + config: + ipv4.address: 10.154.225.1/24 + ipv4.nat: "true" + ipv6.address: fd42:37a6:2a0:c014::1/64 + ipv6.nat: "true" + + # Configure lxdbr0 as compatible OVN uplink network. + lxc network set lxdbr0 ipv4.dhcp.ranges=10.154.225.2-10.154.225.10 ipv4.ovn.ranges=10.154.225.11-10.154.225.20 + + # Create OVN network. + lxc network create ovn1 --type=ovn network=lxdbr0 + + # In separate window run tcpdump on lxsbr0. + sudo tcpdump -i lxdbr0 -n -e ip6 + + Now ping a non-existant IP in the subnet of lxdbr0 from the LXD host, + e.g. fd42:37a6:2a0:c014::2 + + ping fd42:37a6:2a0:c014::2 + + # Check tcpdump window showing duplicate IPv6 NS (from from lxdbr0 MAC address and one from the OVN network's external router port's MAC addres): + 12:46:27.123496 00:16:3e:b5:3d:5e > 33:33:ff:00:00:02, ethertype IPv6 (0x86dd), length 86: fd42:37a6:2a0:c014::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has fd42:37a6:2a0:c014::2, length 32 + 12:46:27.124320 00:16:3e:ab:cc:5a > 33:33:ff:00:00:02, ethertype IPv6 (0x86dd), length 86: fd42:37a6:2a0:c014::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has fd42:37a6:2a0:c014::2, length 32 + + + # Create another OVN network. + lxc network create ovn2 --type=ovn network=lxdbr0 + + + # Check tcpdump window showing a duplicate IPv6 NS storm, now from 3 MACs + 12:48:30.025836 00:16:3e:b5:3d:5e > 33:33:ff:00:00:02, ethertype IPv6 (0x86dd), length 86: fd42:37a6:2a0:c014::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has fd42:37a6:2a0:c014::2, length 32 + 12:48:30.028238 00:16:3e:ab:cc:5a > 33:33:ff:00:00:02, ethertype IPv6 (0x86dd), length 86: fd42:37a6:2a0:c014::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has fd42:37a6:2a0:c014::2, length 32 + 12:48:30.028239 00:16:3e:31:9a:ff > 33:33:ff:00:00:02, ethertype IPv6 (0x86dd), length 86: fd42:37a6:2a0:c014::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has fd42:37a6:2a0:c014::2, length 32 + [Regression Potential] [Other Info] ** Description changed: [Impact] The issue I'm seeing is that if I have multiple OVN routers connected to the same external OVS uplink switch (which in turn is connected via veth to a native linux bridge), when NDP solicit packets are sent from the native linux bridge into the logical OVN switch, for some reason every OVN router that is connected to the OVN switch retransmits the NDP packet from its own MAC address. Which in turn causes them all to receive another NDP packet, which are then all retransmitted (a flood then ensues until OVS rate limiting takes effect). This occurs even for IPs that do not exist on the network that the OVN routers dont know anything about. It doesn't happen for ARP, nor does it occur in Groovy. [Test Case] Setup single node LXD with and OVN network and then ping a non-existant IP in the uplink network from the LXD host and watch for the OVN gateway to retransmit the IPv6 NS packet from lxdbr0 back into the uplink network. # Install OVN and setup. sudo apt install ovn-host ovn-central tcpdump -y sudo ovs-vsctl set open_vswitch . \ - external_ids:ovn-encap-type=geneve \ - external_ids:ovn-remote="unix:/var/run/ovn/ovnsb_db.sock" \ - external_ids:ovn-encap-ip=127.0.0.1 + external_ids:ovn-encap-type=geneve \ + external_ids:ovn-remote="unix:/var/run/ovn/ovnsb_db.sock" \ + external_ids:ovn-encap-ip=127.0.0.1 # Install LXD and get lxdbr0 address and subnet. snap install lxd lxd init --auto lxc network show lxdbr0 - config: - ipv4.address:
[Bug 1896938] Re: strange IPv6 NDP behaviour with OVN on Focal
** Description changed: [Impact] The issue I'm seeing is that if I have multiple OVN routers connected to the same external OVS uplink switch (which in turn is connected via veth to a native linux bridge), when NDP solicit packets are sent from the native linux bridge into the logical OVN switch, for some reason every OVN router that is connected to the OVN switch retransmits the NDP packet from its own MAC address. Which in turn causes them all to receive another NDP packet, which are then all retransmitted (a flood then ensues until OVS rate limiting takes effect). This occurs even for IPs that do not exist on the network that the OVN routers dont know anything about. It doesn't happen for ARP, nor does it occur in Groovy. + [Test Case] + test [Regression Potential] [Other Info] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896938 Title: strange IPv6 NDP behaviour with OVN on Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1896938/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893958] Re: [FFe] Please accept iptables 1.8.4-3ubuntu3 switching to nftables backend
LXD depends on the nft tool when iptables-legacy rules are not in use (as the iptables-nft tools do not provide all the functionality it depends on). However the nft tool is bundled in the snap package so this should be fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893958 Title: [FFe] Please accept iptables 1.8.4-3ubuntu3 switching to nftables backend To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1893958/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
Ah yeah that could be the issue, is there a legacy package one can install to provide the old API perhaps? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I tried installing that kernel and rebooting but I get a grub error "cant find command hwmatch" and cannot boot into that kernel. linux-headers-5.6.0-050600rc6_5.6.0-050600rc6.202003200818_all.deb linux-headers-5.6.0-050600rc6-generic_5.6.0-050600rc6.202003200818_amd64.deb linux-image-unsigned-5.6.0-050600rc6-generic_5.6.0-050600rc6.202003200818_amd64.deb linux-modules-5.6.0-050600rc6-generic_5.6.0-050600rc6.202003200818_amd64.deb dpkg -i *.deb Thanks Tom -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
Thanks Hui, for the quick response. I've installed that package, and indeed, the microphone now works in apps like Audacity. Great. However it still does not work in Chromium in Google Meet, the microphone appears as a device to use, but it shows as "disabled" and so when I unmute in Google Meet it then re-mutes after 2s. In syslog it shows still each time I unmute: Mar 21 18:57:22 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[4806]: [4806:4806:0321/185722.248501:ERROR:pulse_util.cc(300)] pa_operation is nullptr. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] Re: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
I've tried audacity and firefox too and no sound can be recorded. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1868330] [NEW] Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work
Public bug reported: On Focal Fossa the microphone is recognised but doesn't work. Chromium shows the microphone as present but off, and if it is renabled it goes off again after a couple of seconds. Chromium logs this error: [ 2149.047888] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2149.177469] sof-audio-pci :00:1f.3: firmware boot complete [ 2160.561825] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2160.656755] sof-audio-pci :00:1f.3: firmware boot complete [ 2414.391790] sof-audio-pci :00:1f.3: error: no reply expected, received 0x0 [ 2414.487256] sof-audio-pci :00:1f.3: firmware boot complete Mar 20 23:09:24 user-ThinkPad-X1-Carbon-7th chromium_chromium.desktop[9531]: [9531:9531:0320/230924.861503:ERROR:pulse_util.cc(300)] pa_operation is nullptr. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-18.22-generic 5.4.24 Uname: Linux 5.4.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: user 1687 F pulseaudio /dev/snd/pcmC0D0p: user 1687 F...m pulseaudio CurrentDesktop: ubuntu:GNOME Date: Fri Mar 20 23:03:01 2020 InstallationDate: Installed on 2020-03-11 (9 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Alpha amd64 (20200309) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_Jack: Black Mic, Right Symptom_Type: None of the above Title: [20R1000RUS, Realtek ALC285, Black Mic, Right] Recording problem UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/15/2020 dmi.bios.vendor: LENOVO dmi.bios.version: N2QET19W (1.13 ) dmi.board.asset.tag: Not Available dmi.board.name: 20R1000RUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN2QET19W(1.13):bd01/15/2020:svnLENOVO:pn20R1000RUS:pvrThinkPadX1Carbon7th:rvnLENOVO:rn20R1000RUS:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 7th dmi.product.name: 20R1000RUS dmi.product.sku: LENOVO_MT_20R1_BU_Think_FM_ThinkPad X1 Carbon 7th dmi.product.version: ThinkPad X1 Carbon 7th dmi.sys.vendor: LENOVO mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-03-12T15:40:19.308712 ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868330 Title: Lenovo ThinkPad-X1-Carbon-7th Gen microphone doesnt work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1868330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec
I've been able to re-create this using fresh install of Ubuntu 18.04 without using LXC or LXD, but just using network namespaces. Setup 2 namespaces with IPVLAN: ip netns add ns1 ip link add name ipv1 link enp0s3 type ipvlan mode l3s ip link set dev ipv1 netns ns1 ip netns exec ns1 ip addr add 10.1.20.252/32 dev ipv1 ip netns exec ns1 ip link set ipv1 up ip netns exec ns1 ip link set lo up ip netns exec ns1 ip -4 r add default dev ipv1 ip netns add ns2 ip link add name ipv2 link enp0s3 type ipvlan mode l3s ip link set dev ipv2 netns ns2 ip netns exec ns2 ip addr add 10.1.20.253/32 dev ipv2 ip netns exec ns2 ip link set ipv2 up ip netns exec ns2 ip link set lo up ip netns exec ns2 ip -4 r add default dev ipv2 Enter namespace 1 and start a ping to other namespace: sudo ip netns exec ns1 ping 10.1.20.253 Then run tcpdump in namespace 2 listening for all packets without DNS resolution: sudo ip netns exec ns2 tcpdump -i any -nn This doesn't output any captured packets. However running tcpdump with -l (Make stdout line buffered) does help: sudo ip netns exec ns2 tcpdump -i any -nn -l -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1641236 Title: Confined processes inside container cannot fully access host pty device passed in by lxc exec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1641236/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs