[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

** Changed in: apparmor (Ubuntu) Status: Confirmed => Invalid ** No longer affects: apparmor (Ubuntu Xenial) ** No longer affects: apparmor (Ubuntu Yakkety) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug was fixed in the package linux - 4.8.0-49.52 --- linux (4.8.0-49.52) yakkety; urgency=low * linux: 4.8.0-49.52 -proposed tracker (LP: #1684427) * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself (LP: #1682561) - Drivers: hv: util: move

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug was fixed in the package linux - 4.4.0-75.96 --- linux (4.4.0-75.96) xenial; urgency=low * linux: 4.4.0-75.96 -proposed tracker (LP: #1684441) * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself (LP: #1682561) - Drivers: hv: util: move

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

** Changed in: linux (Ubuntu Xenial) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1648143 Title: tor in lxd: apparmor="DENIED"

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

The entire apparmor patch series was reverted regardless of whether the patch had any link to a regression, or security fix. The majority of the patches will be reapplied and go through the SRU cycle again. -- You received this bug notification because you are a member of Kernel Packages, which

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

00:27 smb: is https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1648143/comments/26 correct? Wrong bug? 00:28 yeah, looked odd to me to, I don't see the link between that security fix and this bug 00:29 Let's reopen for now. If it's wrong, smb can re-close it perhaps? ** Changed in:

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug was fixed in the package linux - 4.8.0-45.48 --- linux (4.8.0-45.48) yakkety; urgency=low * CVE-2017-7184 - xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window - xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder -- Stefan Bader

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug was fixed in the package linux - 4.8.0-42.45 --- linux (4.8.0-42.45) yakkety; urgency=low * linux: 4.8.0-42.45 -proposed tracker (LP: #1671176) * Regression in 4.4.0-65-generic causes very frequent system crashes (LP: #1669611) - Revert "UBUNTU: SAUCE: apparmor:

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

I filed bug 1670408 to track the further issues in tor's AppArmor profile that stop it from starting on Zesty. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1648143 Title: tor in lxd:

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

So this particular bug is Invalid for the tor package in Ubuntu, since the bug was in the kernel and we've verified that with fixes in proposed. tor still doesn't work on Zesty, but I'll file a separate bug for that. ** Changed in: tor (Ubuntu) Status: New => Invalid ** Changed in: tor

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

Sorry, you're right. "systemctl status tor@default" still shows the service as not running, but now the reason is different. ** Changed in: linux (Ubuntu) Status: Confirmed => Fix Released ** Changed in: linux (Ubuntu Yakkety) Status: Confirmed => Fix Committed ** Tags removed:

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

Please describe the failure, including the logs so I can analyze. Just because the container fails to start does not mean that the fix is bad. There can be other issues that result in the failure. Specifically this bug is for the denial message seen in comment #5 and not the denied messages

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

I tried running tor in a Zesty container on a Yakkety VM. With 4.8.0.39.50 it fails as described (tor@default fails to start). With 4.8.0.40.51 (following a reboot) it *still* fails as described. AFAICT, 4.8.0.40.51 does not fix the problem on Yakkety. ** Tags removed:

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

I tried running tor in a Zesty container on a Zesty VM. With the current 4.10.0.8.10 it fails as described (tor@default fails to start). AFAICT, the bug still exists on Zesty. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Yakkety)

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

I tried running tor in a Zesty container on a Xenial VM. With 4.4.0.64.68 it fails as described (tor@default fails to start). With 4.4.0.65.69 (following a reboot) it works correctly. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug was fixed in the package linux - 4.4.0-65.86 --- linux (4.4.0-65.86) xenial; urgency=low * linux: 4.4.0-65.86 -proposed tracker (LP: #1667052) [ Stefan Bader ] * Upgrade Redpine RS9113 driver to support AP mode (LP: #1665211) - SAUCE: Redpine driver to support

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug was fixed in the package linux - 4.8.0-40.43 --- linux (4.8.0-40.43) yakkety; urgency=low * linux: 4.8.0-40.43 -proposed tracker (LP: #1667066) [ Andy Whitcroft ] * NFS client : permission denied when trying to access subshare, since kernel 4.4.0-31 (LP: #1649292)

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- xenial' to 'verification-done-xenial'. If the problem still exists, change the tag

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

** Also affects: tor (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: tor (Ubuntu Xenial)

[Kernel-packages] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

** Changed in: linux (Ubuntu Yakkety) Status: New => Fix Committed ** Changed in: linux (Ubuntu Xenial) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.