Thank you for taking the time to report this bug and helping to make
Ubuntu better.
On upgrading a service this service has to be restarted to pick up the fixes.
Rather rarely a real issue occurs that the newer version does e.g. fail with
the formerly working configuration.
But most of the time w
/etc/ssh/sshd_config: No such file or directory
This file is essential to ssh, if you have deleted it the service won't work.
That means you either have to remove the service or re-fix it's configuration.
To restore that you can find a default in /usr/share/openssh/sshd_config
--
You received t
1. Upgrade from proposed - this is the same for all associated bugs, so
I only documented details in bug 1741390
2. This bug in particular
Running a few restarts and checking
$ systemctl status -l open-vm-tools.service
This checks if the service rules avoid the issue on these systems with older
s
1.190-2 is in cosmic-proposed, but right now some tests still fail for
18.10/Cosmic not being fully open (e.g. no autotest/cloud images or missing
18.10 in postgres common.
So I have to beg your pardon to wait a bit more :-/
--
You received this bug notification because you are a member of Ubun
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/nss/+git/nss/+merge/345213
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1747411
Title:
Change
Corosync is actually a sync for Cosmic, with all Delta dropped:
* Merge with Debian unstable (LP: #1747411). Remaining changes:
* Dropped Changes:
- Properly restart corosync and pacemaker together (LP: #1740892)
d/rules: pass --restart-after-upgrade to dh_installinit.
(th
For corosync the affected components are corosync-qnetd.
I checked and without adaption on install they would be fine as they
initialize a new DB and nowhere does anyone specify the type. But as
with some other tools on an upgrade we have to assume that the old DBM
format will be tried to be read
@Tim - Could you check the ntp apparmor profile if it has the change that was
made in 1:4.2.8p10+dfsg-5ubuntu4 ?
It is a conffile so if depending on your former changes it might have been not
updated by default.
Essentially if /etc/apparmor.d/usr.sbin.ntpd has
flags=(attach_disconnected) ?
--
Per bug 1763427 this is Fix released since 4.15.0-18.19
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.
Fix is now available in [1].
But needs to be picked up for 18.10 (once archive is open in a few days) and
then prepped as 18.04 SRU.
[1]: https://salsa.debian.org/debian/netcat-
openbsd/commit/338b1fa7c3db9bd791095f51325b3287330dac7d
--
You received this bug notification because you are a membe
Debian bug at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897020
** Bug watch added: Debian Bug tracker #897020
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897020
** Also affects: netcat-openbsd (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897020
Importance:
I'm not an expert on netcat but I hope this initial triage helps the
next that will look at it.
I reported to Debian as well as they are also affected.
Especially since the change came from Guilhem - it might be best to think about
a solution together.
--
You received this bug notification beca
In gdb I see it gets to read -s
case 's':
sflag = optarg;
break;
It realizes no more options are there and then ends at
} else if (argv[0] && argv[1]) {
host = argv[0];
uport = &argv[1];
Even the example from the manpage fails:
$ nc -s 10.1.2.3 host.example.com 42
** Changed in: netcat-openbsd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to netcat-openbsd in Ubuntu.
ht
-t in description (typo) mislead me - fixed the description
** Description changed:
Hey,
- netcat shows a usage error if i try to use the "-t" option:
+ netcat shows a usage error if i try to use the "-s" option:
Example in Bionic:
- $ netcat -s 127.0.0.1 127.0.0.1 22 < /dev/null
+
Hi Nataraj,
glad you found the config issue and resolved it yourself.
For the open question how to control the dnsmasq - this is a formatting
question.
Sure if you happen to now how to configure dnsmasq you are fine also to use
very special options.
But the same could be said about controlling d
Hmm, that would be odd and very bad.
I can't immediately think of anything that would do the change.
So for now I tried to recreate:
1. get X system and create some keys
-rw--- 1 root root0 Apr 20 08:44 authorized_keys
-rw--- 1 root root 1679 Apr 24 10:36 id_rsa
-rw-r--r-- 1 root root
This will only "become" an issue for Xenial/Artful with the backport.
But lets do it right for tracking - so I added/modified tasks for these
releases which allows me to refer changes and changelog to here.
That way with the backport it will "be an issue" for the former
releases, but also instant
** Also affects: open-vm-tools (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: systemd (Ubuntu Artful)
Importance: Undecided
Status: New
** No longer affects: systemd (Ubuntu Artful)
** Changed in: open-vm-tools (Ubuntu Xenial)
Status: Invalid => Tri
Fix for chrony (following networkd-dispatcher change in bug 1765152)
uploaded to bionic-unapproved as 3.2-4ubuntu4
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1718227
Title:
Tested on chrony which has a NetworkManager dispatch script that also
works as a hook for networkd-dispatcher.
Works fine by just dropping the links for now.
Changes visible when these hooks are in place
1. when sources get unreachable it detects offlining immediately (instead of
trying all the
TBH - I haven't taken the former comment as a call for further action.
It was more of a summary how docs and output could be better.
Let me answer:
1. document that --bypass-cache would help
Yeah it might be nice, but then it is just such a general thing.
It only affects apparmor users (not all
** Changed in: libvirt (Ubuntu)
Assignee: ChristianEhrhardt (paelzer) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1719579
Title:
[Ubuntu 18
Public bug reported:
Hi,
while debugging bug 1764373 I found this (distracting me at first).
But I realized those are two different issues.
So I'm filing the apparmor issue here.
Testcase:
0. get two LXD containers with Bionic
1. create KVM guest with uvtool
When the guest is spawning it tries
The seed change (to make it only a recommends) is pushed, thanks for the Ack!
Regenerated ubuntu-meta and pushed ubuntu-meta_1.416 to Bionic.
It is waiting in unapproved [1] atm.
https://launchpad.net/ubuntu/bionic/+queue?queue_state=1&queue_text
=ubuntu-meta
--
You received this bug notificati
Tested the interim version from [1]
TL;DR: with that it is working
base: 4.15.0-13
proposed fix: 4.15.0.16.17
## Base ##
$virsh attach-device cpaelzer-bionic hp512.xml
error: Failed to attach device from hp512.xml
error: cannot limit locked memory of process 10121 to 96468992: Permission
denied
Test kernel somewhere that supports PPC64?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679704
Title:
libvirt profile is blocking global setrlimit despite having no rl
Lets break this into use cases in Bionic:
I was not sure who should win in each case.
We might either want the clear "order" chrony > ntp > openntp >
systemd-timesyncd
Or we might want a "last installed" approach, but that is hard as upgrades to
not count here only real "install". What would "--
Nice summary, but wrong bug - sorry for the noise here :-/
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1718227
Title:
replacement of ifupdown with netplan needs integration
Thanks Dan for pointing to the right solution.
Would you make this bug a dup then and add tasks for xenial (this is what this
bug is reported as) if needed to the target bug?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to if
@Steve - just to be sure, in https://bazaar.launchpad.net/~vorlon
/livecd-rootfs/lp.1763182/revision/1662 when removing landscape-common
for minimization, would you need something like an apt autoremove to get
rid of the dependencies it brought in before?
--
You received this bug notification bec
MP for seeds to make it a recommends at
https://code.launchpad.net/~paelzer/ubuntu-seeds/18.04-remove-landscape-
from-min/+merge/343063
If that is agreed&pushed and germinate ran once I can do a follow on
ubuntu-meta bump which will make it the recommends as you need it.
** Branch linked: lp:~pae
** Tags added: bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/857651
Title:
Unable to hide users from login screen / user switcher
Status in accountsservice:
Con
Example Deny:
[ 774.341606] audit: type=1400 audit(1522915593.238:42): apparmor="DENIED"
operation="setrlimit" info="cap_sys_resource" error=-13
profile="/usr/sbin/libvirtd" pid=8376 comm="libvirtd" rlimit=memlock
value=96468992 peer="libvirt-70a586a2-ef34-4954-91ea-9a6ecab52da3"
Source: libvi
FYI: Test case of the mem hotplug in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1755153/comments/7
Only triggers on powerpc as they lock some memory while doing so (x86
does not).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
I heard people talk about it, but realized the tracker is missing a Task for
openvswitch:
/etc/network/if-post-down.d/openvswitch
/etc/network/if-pre-up.d/openvswitch
IIRC all the discussions correctly that was one of the harder cases due
to "Pre" not really being a defined thing anymore.
The qu
Something seems broken on your config, all those basic things should be
allowed IMHO (and they are, or I'd hit them as well).
You could iterate on this with [1] which for this would let you also add
"connect".
But I doubt that will eventually resolve your issue.
The question is why does it break
:-)
Oh I see the line break added by LP in my example lead Jimmy the wrong way.
Obviously for the config to work it needs to be there :-)
@Jimmy - Please retry, and check the file content with e.g. cat after
the echo.
--
You received this bug notification because you are a member of Ubuntu
Touch
On Wed, Apr 4, 2018 at 10:12 AM, Jimmy Olsen wrote:
> It`still giving me same error:
>
> marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' | sudo
> tee
> [sudo] password for marcos:
> apt::sandbox::seccomp::allow { "socket" };
> marcos@marcos:~$ sudo apt update
>
[...]
> S
On Wed, Apr 4, 2018 at 8:29 AM, Jimmy Olsen wrote:
> Hi Christian. I tried to run this command but it didnt work:
>
> marcos@marcos:~$ echo 'apt::sandbox::seccomp::allow { "socket" };' >
> /etc/apt/apt.conf.d/99seccomp
> bash: /etc/apt/apt.conf.d/99seccomp: Permission denied
>
The path this gets
Hmm,
0041 should be sys_socket
With the error present (in your case ppa enabled), could you add this
and retry:
echo 'apt::sandbox::seccomp::allow { "socket" };' >
/etc/apt/apt.conf.d/99seccomp
If it works with that it really was the socket call, and Julian can
consider adding it.
https://bugs.
We have another hit of this by memory hot plug (when locked I assume).
I asked the reporters to chime in here.
But even for the former case we had given the time we wait already I want to
bump the prio.
This is really important to some use cases.
** Changed in: apparmor (Ubuntu)
Importance: H
Setting virt-manager low, until we have a reason to assume that a fix it
would be better than a fix in the Theme (that would also fix anything
else that is affected).
This is too deep in /usr/share/themes/Ambiance for me to spot all the
right and wrong entries.
And sorry, the theme I meant obviou
At least I can confirm the issue with a KVM install of
http://cdimage.ubuntu.com/daily-live/current/bionic-desktop-amd64.iso
Tried virt-manager in there, and see the reported readbility issue.
But I installed gnome-tweaks and ALL themes except ambience work juts fine.
So the default of Adwaita, g
The actual seccomp fail is important.
Eventually it is a sandbox and we want to add exceptions after we know it has a
valid use case.
As the above libvirt nss case which we added.
Trying the ppa you mentioned I can run just fine - so something is
special in your setup.
Please the exact details a
I (for virt-manager) are not GTKxperienced enough to even know what to try :-/
If I understand you correctly it is picking up the change to the font color but
not the background color - is that right?
virt-manager mostly uses gir from "Source: gtk+3.0" for display.
But that should be working.
If
Any update on the integration of networkd-dispatcher or a similar
technology to allow the dependent packages to use that?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1718227
I was looking at the test fail in proposed migration.
I realized it fails on ppc64 since 14th August 2017 (and since then it
always fails, confirmed by a retry and [1] - even in Artful it fails
since then).
It unfortunately fails without any message.
I found in hints-ubuntu/vorlon
# regressed in
Yes andreas, this is the issue I mentioned on IRC.
AFAIK I think foundations is on that.
I'm subscribing the few that I've seen mentioning it for awareness.
So that they can dup it if they have another bug for that already.
--
You received this bug notification because you are a member of Ubuntu
The way the newer versions solve this is to have a native systemd
service and in there there is:
Conflicts=systemd-timesyncd.service openntpd.service
That ensures only one of these can be started.
Xenial has no systemd service at all, it has sysV and uses the systemd
generator.
So there is no "
Note: When we do the Xenial backport of the new version of open-vm-tools
(which we plan to do) this becomes an issue. In the same upload I intend
to fix it right away, so it should never effectively exist in the field
(keep invalid, but there might be a fix-released update to open-vm-tools
here at
AFAIK build time:
sshkey.h:49:#define SSH_RSA_MINIMUM_MODULUS_SIZE1024
And those short keys are really considered insecure, which is the reason
they went from deprecated to no more accepted.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
On the bright side messages are in journal, but not if you use -u to filter.
And if a service looks like this:
service[123]: good
service[123]: good
service[123]:
People wonder, until they look in an unfiltered journal to find the following
it take some time and confusion.
service[123]:
Public bug reported:
This is mostly an FYI and a tracker to link Upstream to Ubuntu.
Background:
I wondered why some of my services are missing just the most interesting "last"
messages before dying.
Unfortunately I found this is a known race and there seems to be no good fix
yet.
But I think
Thanks for the ping on this lnog standing bug @Tronde.
I updated the state accordingly.
If there is a change to be identified since Xenial->Bionic one could try to SRU
fix it in Xenial.
But I took a (quick) look and found nothing obvious.
There are major changes like going from sysV init in /etc/
(untested) debdiff as suggestion.
I think this is trivial and will make the other tests more meaningful as a
flaky test is more or less worth nothing (and consumed time on CI and of
people).
** Patch added: "fix-systemd-flaky-fsck.debdiff"
https://bugs.launchpad.net/ubuntu/+source/systemd/+b
Public bug reported:
The test really seems to be triggered all of the time to resolve a flaky test.
That is just not worth the test.
But it provides goo coverage, so an override in britney would loose all that.
Lets skip the offending test on the arch it is known to be flaky
(s390x).
** Affects:
@Paul - I wondered do we converge onto providing ipv6 on all 4 ubuntu pool
addresses?
For bug 1754358 in chrony it would be really helpful to reach an optimal
default configuration if all ubuntu pools would provide ipv6.
I'm sure you know best what is planned (or could be done), so I'd be
happy
For open-vm-tools this issue will only exist with the planned backport of the
newer version.
Since we will not ship the broken backport as we found it in pre-checks the
correct state for open-vm-tools in xenial is invalid.
** Changed in: open-vm-tools (Ubuntu Xenial)
Status: Triaged => In
ubuntu@b-test:~$ sudo systemd-nspawn -D testmysql --bind /etc/resolv.conf
/bin/bash
Spawning container testmysql on /home/ubuntu/testmysql.
Press ^] three times within 1s to kill container.
Host and machine ids are equal (92544cb0ba5946158c7c4f9b57691fe3): refusing to
link journals
bash: cannot s
With the former update in mind I retried Xenial/Bionic again.
All of it is racy (as we knew), but it never triggered for Bionic.
Xenial (19/33 fails)
Bionic (0/37 fails)
So for now we continue to assume that it is fixed there (by systemd) and
revert our added dependency.
Note: as with the simple
Thanks Scott for your cross check.
I wonder why my former test failed on each of my tests without writing, but
never the less your extended example is great for the systemd issue that
remains.
Although all of this is still a race, for example with the job above on a
Xenial container I could not
I'Ll likely revert the Binonic change tmrw morning as we have discussed.
local-fs.target is actually >> the implicit dependency.
But that does not solve the Xenial issue outlined in the former comment.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages
Installed another Xenial and Bionic in vmware to take a deper look.
- Xenial (with backported open-vm-tools): affected
- Bionic (with the interim fix reverted): no hit in several retries,
explanation below
Systemd fixed it (via our assumed implicit dependency).
In Bionic the PrivateTmp gives it a
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
On upgrading a service this service has to be restarted to pick up the fixes.
Rather rarely a real issue occurs that the newer version does e.g. fail with
the formerly working configuration.
But most of the time w
Hi,
from your log:
SSHDConfig: Error: command ['/usr/sbin/sshd', '-T'] failed with exit code 255:
Missing privilege separation directory: /run/sshd
Log:
Feb 21 18:47:43 turagit01 sshd[3829]: error: Bind to port 22 on 192.168.1.15
failed: Cannot assign requested address.
Feb 21 18:47:43 turagit01
Look at https://askubuntu.com/questions/66533/how-can-i-restore-
configuration-files for an example to restore conffiles - hope that
helps.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launch
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
On upgrading a service this service has to be restarted to pick up the fixes.
Rather rarely a real issue occurs that the newer version does e.g. fail with
the formerly working configuration.
But most of the time w
Hi,
from your logs:
modified.conffile..etc.init.ssh.conf: [deleted]
That will make the server fail to restart.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1750717
Title:
Hi,
Thank you for taking the time to report this bug and helping to make Ubuntu
better.
I also can't see any hack evidence in the data shared.
What I can see in your log is:
Setting up clamav-base (0.99.3+addedllvm-0ubuntu0.14.04.1) ...
Use of uninitialized value $reply in scalar chomp at
/usr/
Xenial as is on ntp restart:
[2618636.253807] audit: type=1400 audit(1519220834.240:5311): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-x_"
profile="/usr/sbin/ntpd" name="/run/systemd/journal/stdout" pid=24452
comm="ntpd" requested_mask="wr" denied_mask="wr" fsuid=100 ouid
- Tested 2.10.95-0ubuntu2.9 from PPA (working as expected
- Added SRU Template
- Uploaded for consideration by the SRU team
** Description changed:
+ [Impact]
+
+ * The base abstraction in xenial misses some ways programs can push
+logs to journald
+
+ * Backport the fix form Artful to:
Thanks Jamie, I'm now testing the fix from https://launchpad.net/~ci-
train-ppa-service/+archive/ubuntu/3169 before pushing as SRU.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net
More or less adirect backport of Jamies changes in Artful.
Only opening up rules slightly, so regression risk low.
But I clearly want a security Team ack/review before sponsoring it.
** Patch added: "Backport of 2.11.0-2ubuntu5 fix to Xenial to fix 1670408"
https://bugs.launchpad.net/ubuntu/+s
This is already fixed as backport in other releases - here apparmor
2.11.0-2ubuntu5 in Artful
apparmor (2.11.0-2ubuntu5) artful; urgency=medium
* debian/patches/base-journa
@jdstrand - I subscribed you and would ask for your review of the
proposed debdiff.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1670408
Title:
apparmor base abstractio
Thanks for the full dmesg.
It seems to me that:
"unable to set AppArmor profile 'libvirt-81b387d9-1dfc-4f55-8b98-0318f1f94442'"
means there is an issue in loading the profile after your change.
That matches:
audit: type=1400 audit(1519028363.683:12417): apparmor="DENIED"
operation="change_profil
Thanks Seth for securities POV on this and essentially confirming what I
assumed.
That said, I think the bug is for now "incomplete" in the sense of breaking the
initial report into two things:
A) I see this on upgrade on one machine, which is unexpected.
B) If this file is generated by each mach
Hi Mark,
the file is installed from the build, not generated on install.
Install is by debian/openssh-client.install
It also is considered a conffile for the sense ot change tracking.
$ dpkg --status openssh-client
[...]
Conffiles:
/etc/ssh/moduli 0075fd4b72a421f909af9809d0dd3bdc
A quick check s
Sorry Sergio, this seems like some total apt breakage on your system and I fail
to see how to resolve :-/
I'll add a bug task for apt and subscribe juliank for his expertise.
** Also affects: apt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because
** Changed in: apparmor (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: tor (Ubuntu)
Status: Invalid => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchp
Ok, this is just at the memcopy above.
I see in this trace that the AC_MEMCPY got mapped to __memmove_ssse3 of
../sysdeps/x86_64/multiarch/memcpy-ssse3.S
Lets assume (for the sake of trying something until you have a simplified
reproducer) that sse3 might be broken in KVM on your system.
I'd exp
Verification of Proposed:
[2020342.769272] audit: type=1400 audit(1518622578.674:4871): apparmor="DENIED"
operation="open" namespace="root//lxd-artful-test_"
profile="/usr/sbin/ntpd" name="/usr/local/sbin/" pid=16638 comm="ntpd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2020342.769282]
Verification of proposed:
xenial/artful as is on restart:
[2020349.483870] audit: type=1400 audit(1518622585.386:4875): apparmor="DENIED"
operation="file_inherit"
namespace="root//lxd-xenial-test_"
profile="/usr/sbin/ntpd" name="/run/lock/ntpdate" pid=16784 comm="ntpd"
requested_mask="w" denied
Bionic - ok
SRU Template - ok
Debdiff for X/T checked - ok
Tested A upload from ppa - ok.
(This issue in particular doesn't apply to Xenial, so dropping this task)
** No longer affects: ntp (Ubuntu Xenial)
** Changed in: ntp (Ubuntu Artful)
Status: Triaged => In Progress
--
You received
fix in SRU queue (Artful) for review by the SRU Team
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1741227
Title:
apparmor denial to several paths to binaries
Status in ntp
** Changed in: ntp (Ubuntu)
Importance: Undecided => High
** Summary changed:
- Missing apparmor rules cause tor to fail to start
+ apparmor base abstraction needs backport of rev 3658 to fix several denies
(tor, ntp, ...)
--
You received this bug notification because you are a member of Ub
fix in SRU queue (Atrful/Xenial) for review by the SRU Team
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1749389
Title:
ntpdate lock apparmor deny
Status in ntp package in
Bionic - ok
SRU Template - ok
Debdiff for X/T checked - ok
Tested X/A upload from ppa - ok.
I Identified another issue in the log as bug 1670408 which needs a fix in
apparmor - not ntp.
That means this is ok to be uploaded (not gated by that finding).
** Description changed:
[Impact]
- *
Correctly added a bug task for ntp to also be affected.
Dropping Artful (EOL)
** Also affects: ntp (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: apparmor (Ubuntu Yakkety)
** Changed in: apparmor (Ubuntu Xenial)
Status: New => Triaged
** Changed in: ntp (Ubunt
Missed the right format in changelog :-/, but this is fixed in Bionic by
https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7
** Changed in: ntp (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded pack
auto profile replace on upgrade - ok
restart without apparmor issues - ok
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1749389
Title:
ntpdate lock apparmor deny
Status in n
Eventually as you already found the question is how did bv_val get 0x0?
If the test can't be passed to me, but is reproducible, could you try to step
live from line 506.
1. is new->bv_val really assigned some pointer (and which one)
2. when does that pointer get lost between 506 and 513
Also the
How reproducible is this - everytime or just once in a number of retry loops?
Could you share the minimal simplified setup+loop code to retrigger this over
here?
** Changed in: qemu (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubun
Setting qemu(Ubuntu) which is the right package for the question of "the
identical test sequence completes without incident when running on the
host OS instead of under kvm".
Although that could just be timing and doesn't "have to be" a kvm memory
clobbering.
--
You received this bug notificatio
slapd is part of the openldap package - assigning this makes more sense
I think.
** Package changed: kvm (Ubuntu) => openldap (Ubuntu)
** Also affects: qemu (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Fix is trivial, but you never know - tetsing the bionic change in
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3144
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/
Note: When we open up a SRU for ntp apparmor we should include the minot
(bot on its own not SRu worthy) fix of bug 1741227
** Description changed:
- On start/restart nto has an error in apparmor due to the locking it
- tries to avoid issues running concurrently with ntpdate.
+ [Impact]
+
+ * A
** Description changed:
+ [Impact]
+
+ * Apparmor denies access to bin directories which the option parsing code
+of ntp touches.
+
+ [Test Case]
+
+ 1. get a container of target release
+ 2. install ntp
+ apt install ntp
+ 3. watch dmesg on container-host
+ dmesg -w
+ 4. rest
Public bug reported:
[Impact]
* Apparmor denies access to lock it shares with ntpdate to ensure no
issues due to concurrent access
[Test Case]
1. get a container of target release
2. install ntp
apt install ntp
3. watch dmesg on container-host
dmesg -w
4. restart ntp in contai
1 - 100 of 864 matches
Mail list logo
