[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick)
This seems to have regressed in karmic recently (it still worked in
alpha-5 at least). Now we ship quite a fair bunch of apparmor profiles,
and none work on the live system:
[ 315.217585] type=1503 audit(1253718188.795:69): operation=open pid=4505
parent=4504 profile=/usr/sbin/cupsd requested_mask=r:: denied_mask=r::
fsuid=0 ouid=0 name=/rofs/usr/lib/libcups.so.2
[ 420.625182] __ratelimit: 9 callbacks suppressed
[ 420.625187] type=1503 audit(1253718294.203:73): operation=open pid=4611
parent=2801 profile=/sbin/dhclient3 requested_mask=r:: denied_mask=r::
fsuid=0 ouid=0 name=/cow/etc/ld.so.cache
[ 420.625242] type=1503 audit(1253718294.203:74): operation=open pid=4611
parent=2801 profile=/sbin/dhclient3 requested_mask=r:: denied_mask=r::
fsuid=0 ouid=0 name=/rofs/lib/libc-2.10.1.so
to give some examples. In other words, you can't even get on the network
due to those.
So we either need a workaround again (like telling casper to disable
apparmor on the live system), or a workaround in some generic apparmor
rules to allow /cow/ and /rofs/ (this can be set by casper as well), or
a fix in apparmor to not expose the underlying file system.
Is it possible that this change
apparmor (2.3.1+1403-0ubuntu21) karmic; urgency=low
* debian/apparmor.{init-bottom,functions,initramfs}: perform initial
apparmor rule loading in initramfs.
-- Kees Cook k...@ubuntu.com Mon, 21 Sep 2009 14:16:26 -0700
somehow triggered this regression? I really doubt that a breakage this
large (not being able to get online) would have gone unnoticed in
alpha-6, and I tested both i386/amd64 alpha-6 myself (dhcp worked just
fine, I didn't test cups). Now I get it with the current amd64 live
system on real iron, and with the i386 one in kvm.
** Changed in: apparmor (Ubuntu)
Importance: Wishlist = High
** Summary changed:
- fails to start: cannot apply additional memory protection after relocation -
apparmor doesn't work on stacked file system (livecd - usb stick)
+ apparmor doesn't work on stacked file system (livecd) -- DHCP/cups/others
fail to start
** Also affects: apparmor (Ubuntu Karmic)
Importance: High
Status: Triaged
** Also affects: casper (Ubuntu Karmic)
Importance: High
Assignee: Martin Pitt (pitti)
Status: Fix Released
--
apparmor doesn't work on stacked file system (livecd) -- DHCP/cups/others fail
to start
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick)
crakarjax [2008-05-18 1:54 -]: setting to complain worked but I noticed that the bug was marked as fixed in casper, so I thought I'd chime in. Thanks. However, casper only affects the live CD system, and casper's workaround is to disable AppArmor on it. The actual bug in AA is still open. -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick)
I think that I just ran into this problem when upgrading to 8.04 to 7.10 on my usb stick... Preconfiguring packages ... Setting up cupsys (1.3.2-1ubuntu7.7) ... Reloading AppArmor profiles Skipping profile /etc/apparmor.d/usr.sbin.cupsd.dpkg-old : Warning. * Starting Common Unix Printing System: cupsd /usr/sbin/cupsd: error while loading shared libraries: /lib/libc.so.6: cannot apply additional memory protection after relocation: Permission denied invoke-rc.d: initscript cupsys, action start failed. dpkg: error processing cupsys (--configure): subprocess post-installation script returned error exit status 127 Errors were encountered while processing: cupsys E: Sub-process /usr/bin/dpkg returned an error code (1) setting to complain worked but I noticed that the bug was marked as fixed in casper, so I thought I'd chime in. -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick)
** Summary changed: - fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) + fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick) -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd - usb stick) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
Vincent can you attach your /var/log/messages if present /var/log/audit/audit.log -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
Hmm, I think I got a similar problem: === Setting up mysql-server-5.0 (5.0.51a-1ubuntu1) ... * Stopping MySQL database server mysqld /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied [ OK ] Reloading AppArmor profiles : done. /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied * Starting MySQL database server mysqld /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied /usr/sbin/mysqld: error while loading shared libraries: /lib/tls/i686/cmov/libc.so.6: cannot apply additional memory protection after relocation: Permission denied [fail] invoke-rc.d: initscript mysql, action start failed. dpkg: error processing mysql-server-5.0 (--configure): subprocess post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of mysql-server: mysql-server depends on mysql-server-5.0; however: Package mysql-server-5.0 is not configured yet. dpkg: error processing mysql-server (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: mysql-server-5.0 mysql-server E: Sub-process /usr/bin/dpkg returned an error code (1) === I'm on a persistent LiveUSB of Xubuntu 8.04 Alpha 5. 'sudo aa-complain /usr/sbin/cupsd/' did nothing, 'sudo aa-complain /usr/sbin/cupsd' didn't work. Though I'd very much like a fix or workaround, this is peanuts compared to the hassle it was to get a Feisty LiveUSB persistent ;-) -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
** Tags added: qa-hardy-desktop ** Tags removed: qa-hardy-list -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
** Tags added: qa-hardy-list -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
sudo aa-complain /usr/sbin/cupsd/ sort of fixes the problem, but I suspect only partially. The error: There was a problem committing changes. Possibly there was a problem downloading some packages or the commit would break packages. goes away, but if I look in the log, I still get: Setting up cupsys (1.3.2-1ubuntu7.1) ... Reloading AppArmor profiles : done. * Starting Common Unix Printing System: cupsd /usr/sbin/cupsd: error while loading shared libraries: /lib/libc.so.6: cannot apply additional memory protection after relocation: Permission denied invoke-rc.d: initscript cupsys, action start failed. dpkg: error processing cupsys (--configure): subprocess post-installation script returned error exit status 127 and near the end: Errors were encountered while processing: cupsys and at the very end: Reloading AppArmor profiles : done. * Starting Common Unix Printing System: cupsd . . . . . . . . dpkg run finished! Thus, I think there is still a problem, though not enough to bother me as far as I can tell right now. -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
Just wanted to thank Christopher Barth - this fix worked flawlessly. Except that final slash was not needed for me. This issue was a real pain for me... Cheers to persistent USB community :) -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
Thanks for the welcome, as bittersweet as it is. Just to confirm, 'sudo aa-complain cupsd' fixed my problem, so thanks for that as well. On on unrelated note be sure to pin your upstart at edgy. I looked into this issue from this suggestion, but it doesn't seem that I'm having this problem. I couldn't tell you why or why not though. Here's hoping persistency gets more unbroken (or at least less broken) as Ubuntu progresses. -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
@aselya1 Welcome to the world of persistent USB where when things get rebroken noone notices. 'sudo aa-complain /usr/sbin/cupsd/' will fix your problem super fast. On on unrelated note be sure to pin your upstart at edgy. -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
I was really happy to see that someone else had this problem and that its being worked on. Can I ask, what would be the workaround in the meantime to get apt-get/synaptic to work? Mathias' update-rc.d suggestion above didn't seem to solve the problem... It appears apt just starts AppArmor anyway when it tries to install a package. I'm getting this error on persistent LiveUSB Xubuntu 7.10 if that changes anything. -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
** Changed in: apparmor (Ubuntu) Importance: Medium = Wishlist -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd)
** Summary changed: - fails to start: cannot apply additional memory protection after relocation + fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) -- fails to start: cannot apply additional memory protection after relocation - apparmor doesn't work on stacked file system (livecd) https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
casper (1.102) gutsy; urgency=low * Rename 42disable_cups_apparmor to 42disable_apparmor and remove AppArmor's rc.d startup links instead of just disabling the cups profile. AA profiles will not generally work on the live system, so disabling it completely allows us to ship more profiles without worrying any further. (LP: #131976) -- Martin Pitt [EMAIL PROTECTED] Fri, 14 Sep 2007 08:37:50 +0200 ** Changed in: casper (Ubuntu) Status: In Progress = Fix Released -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
Mathias, good idea. Then we should also able to deliver the profile for dhclient. ** Changed in: casper (Ubuntu) Status: Fix Released = In Progress -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
This will be a problem for every profiles that would be shipped by packages on the livecd. Why not completly disabling apparmor on the live cd with update-rc.d -f apparmor remove ? -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
casper (1.101) gutsy; urgency=low * Add scripts/casper-bottom/42disable_cups_apparmor: Disable AppArmor protection for cups on the live CD by switching the profiles to complain mode. This is necessary until AppArmor works properly on stacked file systems. (LP: #131976) -- Martin Pitt [EMAIL PROTECTED] Wed, 12 Sep 2007 16:44:02 +0200 ** Changed in: casper (Ubuntu) Status: In Progress = Fix Released -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
Feasible yes, but too clumsy IMHO. Instead I'll just set the profiles to complain mode on the live CD, that's a good enough workaround IMHO. -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
I just played around with this a bit. It is not enough to add just two or three prefixes here and there to work around the problem, it needs dozens. So it would be utterly preferable to get this fixed in apparmor proper. -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
I'll create a casper hook with:
sed -i '/{/ s/{/flags=(complain) {/' /etc/apparmor.d/usr.sbin.cupsd
** Changed in: casper (Ubuntu)
Sourcepackagename: cupsys = casper
Status: Triaged = In Progress
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
While I agree this is something needs to address with mount rules, I can't give an eta for when it will happen. In the mean time is it feasible to use variables so the prefixes can be all added in one place? -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
For both of these cases, if you look in /var/log/messages you can see
that AppArmor is rejecting access to
/rofs/lib/tls/i686/cmov/libc-2.6.1.so
A simple fix is to update the profiles to use
{/rofs,/cow,}/lib/tls/i686/cmov/*.so
AppArmor can block access to stacked filesystem paths depending on how the
stacked fs is implemented.
The quickest solution at the moment is to modify the profiles, so that
permissions are given for the given prefix.
I would probably setup a variable in global
@{LIB}={/ros,/cow,}/lib
and modify profiles to use the variable.
@{LIB}/tls/i686/cmov/*.so
The other possible solution I can suggest is further modification of the
unionfs patch for unionfs 2.x under AppArmor 2.1 code base. It is possible to
further patch unionfs so that it passes the lower filesystem requests so that
AppArmor doesn't mediate them. This would get rid of the need to update
profiles as suggested above.
--
fails to start: cannot apply additional memory protection after relocation
https://bugs.launchpad.net/bugs/131976
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
** Tags added: iso-testing -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
Printing does not work with the Gutsy Tribe 5 live CD fully updated. 'sudo cupsd -f' and 'sudo /etc/init.d/cupsys start' both crashes. In folder /var/log/cups there is only one empty file cups-pdf_log, no error_log. -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
Jonathan gets that, too. ** Summary changed: - package cupsys 1.2.12-3ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 127 + fails to start: cannot apply additional memory protection after relocation ** Changed in: cupsys (Ubuntu) Importance: Undecided = High ** Changed in: cupsys (Ubuntu) Assignee: (unassigned) = Martin Pitt Target: None = ubuntu-7.10-beta -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
Ah, this only happens on the live system. Apparmor seems to stuble over the /rofs and /cow prefixes. ** Changed in: cupsys (Ubuntu) Status: Incomplete = Triaged -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 131976] Re: fails to start: cannot apply additional memory protection after relocation
Preferably this should be fixed in apparmor itself, layered file systems like unionfs and squashfs with underlying different prefixes shouldn't break AppArmor rules. A shy workaround in cups itself would be to install a casper hook to disable cups' apparmor protection on the live CD. ** Changed in: apparmor (Ubuntu) Importance: Undecided = Medium Status: New = Triaged -- fails to start: cannot apply additional memory protection after relocation https://bugs.launchpad.net/bugs/131976 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
