eports to track workarounds on top of #1050256 that's
tracking the root cause, or something.
Cheers,
--
intrigeri
workarounds such as disabling
PrivateNetwork=yes for autopkgtests
Cheers,
--
intrigeri
/hypermail/linux/kernel/2104.3/01302.html
Ubuntu 22.04 LTS has this setting enabled by default.
KSPP recommends enabling it:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
Thanks for your attention,
cheers!
--
intrigeri
Hi Debian Kernel Team,
intrigeri (2014-12-11):
> Ben Hutchings wrote (09 Dec 2014 19:55:10 GMT) :
>> Please try the Linux 3.18 packages from experimental (they're not there
>> yet, but should be soon) and check that overlayfs does what you need.
>
> Thanks. I'll test i
.
Thanks!
Cheers,
--
intrigeri
Control: reassign -1 linux-image-4.14.0-2-amd64
Control: found -1 4.14.7-1
Laszlo KERTESZ:
> So it happened again with no apparmor loaded.Twice.
Thanks for reporting! I'm therefore reassigning this bug to the
affected Linux kernel package.
Cheers,
--
intrigeri
/security
trade-off for Debian?
If it helps making a decision I could hunt for benchmark results (the
KSPP people tend to attach these to their pull requests when it
matters).
[0] https://outflux.net/blog/archives/2017/11/14/security-things-in-linux-v4-14/
Cheers,
--
intrigeri
Ben Hutchings:
> Yes, I now understand this. I'll add a Recommends: apparmor for the
> next upload so this broken configuration is less likely to occur.
Thanks!
Cheers,
--
intrigeri
e inspiration to whoever wants to fix this bug in
LXC :)
If these bugs are not tracked upstream yet: Felix, you seem to be the
one of us with the best understanding of the problem and you know
AppArmor pretty well, so perhaps you would be the best person to
report them?
Cheers,
--
intrigeri
not ready for prime time.
Adding AppArmor confinement where we had none previously can
come later.
Cheers,
--
intrigeri
asons behind it clarified. What do
you think?
Cheers,
--
intrigeri
Hi Laurent & everyone else who's listening!
Laurent Bigonville:
> Le 03/09/17 à 13:01, intrigeri a écrit :
>> Laurent Bigonville:
>>> IMVHO, in regard to the recent proposal of enabling apparmor in debian
>>> by default, this needs to be addressed first.
>>
pArmor by
default and can apparently live with this bug.
Can you please make it explicit, e.g. describing what exact use cases
would be harmed by enabling AppArmor by default without fixing this
bug first?
Thanks in advance!
Cheers,
--
intrigeri
Hi,
intrigeri:
> I might try to come up with a hackish PoC for Tails soon
Here we go! Installing the four following files (slightly adapted to
drop a couple Tails-specific bits) on a Stretch system seems to do the
job. I hope it can allow interested people to validate this appro
/Software/systemd/RootStorageDaemons/
* systemd-shutdown(8)
Cheers,
--
intrigeri
't ensure that busybox is installed when the cryptsetup hook
needs it though. But that's another problem, and as Guilhem pointed
out it's well tracked elsewhere already.
Cheers,
--
intrigeri
the severity and
> merging the bugs for the time being.
Makes sense to me!
Cheers,
--
intrigeri
his point, I suggest this bug is reassigned to cryptsetup, and
option 3 is implemented there. But downgrading to non-RC and leaving
things as-is seems acceptable to me as well.
Thoughts?
Cheers,
--
intrigeri
seems to have useful information about this.
Cheers,
--
intrigeri
Ilya Guterman:
> which means there is no such file in /lib/firmware/nvidia/
> you can add it by installing 'apt-get install firmware-linux-nonfree'
I cannot confirm this.
> intrigeri:
> it seems the firmwares are in debian,
In which package/version, exactly?
o keep #827579 open.
Cheers,
--
intrigeri
Package: src:linux
Version: 3.16.7-ckt9-2
Severity: normal
In a level 1 KVM guest, starting a level 2 KVM guest with QEMU fails and
triggers soft lockup messages on the serial console. Then the level 1 KVM
guest becomes unresponsive.
That's a regression since Wheezy: this does not happen
-based MAC such
as AppArmor.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85h9tpxn41@boum.org
this issue:
https://bugs.launchpad.net/apparmor/+bug/1408106
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85a8zi1cxa@boum.org
Hi,
Ben Hutchings wrote (21 Dec 2014 23:20:15 GMT) :
On Sun, 2014-12-21 at 21:53 +0100, intrigeri wrote:
1. Due to overlayfs' stack depth limit of 2, until support more than
one read-only lower layer is completed, overlayfs breaks
live-boot's SquashFS stacking feature; Tails automatic
Hi,
intrigeri wrote (11 Dec 2014 13:13:43 GMT) :
Ben Hutchings wrote (09 Dec 2014 19:55:10 GMT) :
Please try the Linux 3.18 packages from experimental (they're not there
yet, but should be soon) and check that overlayfs does what you need.
Thanks. I'll test it for Tails' usecases (that use
, e.g. our incremental upgrades features
uses it) once I find the time to.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85oara5ny0@boum.org
trivial bug triaging.)
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble
it myself, if I were sure what exact version fixes it.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
time to answer this request for additional
information sent by Ben a bit more than two months ago?
Also, it might be useful to try and reproduce this with Linux 3.13.x
from Debian unstable, if possible.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri
the functionality we've asked for in this
bug report. I wouldn't mind if the maintainers closed it.
Thanks for caring!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE
,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
Index: debian/config/config
===
--- debian/config/config (revision
.
The beginning of the Jessie development cycle seems like a good time
to bring such changes in, so I suggest Yama is enabled in our 3.8+
kernels once the kernel team is done with their last Wheezy-related
urgent tasks :)
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri
Hi,
berta...@ptitcanardnoir.org wrote (27 Jun 2012 11:00:22 GMT) :
On Wed, Jun 27, 2012 at 04:32:31AM +0100, Ben Hutchings wrote:
Yes, but I think it would make more sense to emulate a USB storage
device in qemu rather than the host kernel.
I do agree.
bertagaz and I have spent a bit more
Package: linux-2.6
Severity: wishlist
X-Debbugs-CC: tails-...@boum.org
User: tails-...@boum.org
Usertags: testing
Hi!
Please build dummy_hcd and g_mass_storage modules.
The USB dummy HCD and Mass Storage Gadget would be very useful to
implement automated testing of Live systems such as Tails
Hi Ben,
Ben Hutchings wrote (24 Jun 2012 22:12:00 GMT) :
Couldn't you also use usbip for this?
Thank you for mentionning usbip, I did not know about it!
After a quick look at it, I must say I'm happy to learn about it, and
I may use it for unrelated tasks, but it does not really seem to be
fit
maximilian attems wrote (18 May 2011 16:29:43 GMT) :
tags 468115 + pending
What happened to this patch / bug report (Support for mount failure
hooks)?
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Michael Prokop wrote (23 Nov 2011 11:45:14 GMT) :
maximilian: i've scheduled the patch for inclusion via
mika/user_permissions.
Was this included eventually?
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Hi,
maximilian attems wrote (27 Jun 2011 10:13:07 GMT) :
tags 627547 + pending
Was this fixed eventually?
Year-old pending tag makes me doubtful, but I did not find any
reference to this bug in the changelog, so, I'm wondering.
--
To UNSUBSCRIBE, email to
think you'll manage to prepare at least the easy fix it in time
for the Wheezy freeze?
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian
Hi,
Ben Hutchings wrote (23 Jun 2012 19:02:06 GMT) :
What is it that you think will happen at the freeze? We stop fixing
all bugs and do nothing for the next few months?
Of course, and we'll lazily eat lots of icecream while you work hard
to release many shiny new Linux 3.2.x :)
Irony set
question, I will have to dig into it.
John, have you had a chance to?
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-kernel-requ
Hi,
Michal Suchanek wrote (05 Aug 2011 12:08:37 GMT) :
At the very least the libc nss modules are required in intramfs to
get dns lookup for netbooting. Splashscreen solutions like plymouth
might need some of the graphics rendering modules.
I think it would be useful to mark as blocked by
Package: linux-2.6
Severity: normal
Version: 3.2.19-1
Tags: patch
X-Debbugs-CC: john.johan...@canonical.com, k...@debian.org, mi...@riseup.net
Hi,
the AppArmor compatibility patch applied to fix #661151
totally breaks AppArmor support; this is a regression.
Details:
intrigeri wrote (31 May 2012 13:14:13 GMT) :
Looking back over the bug log, I see that wasn't requested, so I'm
only applying 'AppArmor: compatibility patch for v5 interface' now.
Unfortunately, the resulting kernel (linux-image-3.2.0-2-amd64
3.2.19-1), combined with the AppArmor userspace
wonderful if you could apply the part of the
compatibility patch that deals with network too (FTR, this would bring
Wheezy on par with what Ubuntu shipped before Precise).
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https
Regards,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
' patches got recently reverted
in Precise's kernel tree, right?
Though those will require a more recent userspace.
John: that will be called 2.8, right?
Regards,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https
that have not been, so that we can
get a rough idea of where things are at.
Kees, others, what do you think?
Regards,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| The impossible
won't complain ;). The purpose of this bug
report is rather to allow us to mark other bugs, reported against the
AppArmor userspace tools, as blocked by the lack of kernel support.
[1] http://lists.debian.org/debian-derivatives/2012/02/msg9.html
Cheers,
--
intrigeri
--
To UNSUBSCRIBE
/ directory of the apparmor 2.7.x tarball?
Or have you got updated patches, e.g. for Linux 3.2.x, published
somewhere to be found?
Thanks,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
.
OTOH, I have since asked for memtest to be enabled for totally
different reasons, see #646361.
Cheers,
--
intrigeri intrig...@boum.org
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| So what
users of Debian (and
derivatives) who need it can easily enable this feature.
What do you think?
Bye,
--
intrigeri intrig...@boum.org
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http
it anywhere; could it be expressed here please?
It seems to me another LSM (Tomoyo) has been included since 2.6.32-13
without satisfying these conditions, hence my wondering.
P.S.: please Cc me or the bug - I don't read debian-kernel.
Bye,
--
intrigeri intrig...@boum.org
| GnuPG key @ https
don't work.
Bye,
--
intrigeri intrig...@boum.org
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @
https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| Then we'll come from the shadows.
--
To UNSUBSCRIBE, email to debian-kernel
,
--
intrigeri intrig...@boum.org
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @
https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| Did you exchange a walk on part in the war
| for a lead role in the cage?
** Version:
Linux version
at all. Should I?
Bye,
--
intrigeri intrig...@boum.org
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @
https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| Did you exchange a walk on part in the war
| for a lead role in the cage
Hi,
Alex Deucher wrote (13 Aug 2010 16:06:17 GMT) :
Can you try a newer kernel? 2.6.35.x preferably?
Already done, see message #56.
Did hibernate ever work with kms for you?
No.
Bye,
--
intrigeri intrig...@boum.org
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
58 matches
Mail list logo