** Changed in: apparmor
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1658943
Title:
aa-notify blocks desktop with garbage notifications
To manage notifications
There are definitely, several ref count leaks that can lead to memory
leaking during policy replacement. I haven't been able to trace down
every leak yet, but the kernel in
http://people.canonical.com/~jj/lp1656121/
contains several fixes that should help. I need to finish cleaning up
the series
** Changed in: vidalia (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1290107
Title:
Vidalia does not start. AppArmor prevents
To manage notifications
** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
** Changed in: apparmor
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu Xenial)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apparmor
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1592547
Title:
vmalloc failure leads to null ptr dereference in aa_dfa_next
To manage
sudo snap refresh
should refresh the kernel snap. However the suspected fix will not be in
any snap kernel, nor can I atm build you a kernel snap to test with.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Okay, that looks like the kernel is working for you and you are now past
the original
[103975.623545] audit: type=1400 audit(1481284511.494:2807):
apparmor="DENIED" operation="change_onexec" info="no new privs" error=-1
namespace="root//lxd-tor_" profile="unconfined"
name="system_tor" pid=18593
Ignore the request to test the upstream kernel, for the moment.
In this case the apparmor code that is in the trace does not exist upstream.
Instead could you test the kernel in
http://people.canonical.com/~jj/lp1648143/
While listed as being for bug 1648143, it contains several fixes
sorry this took longer than expected. I have placed amd64 test kernels at
http://people.canonical.com/~jj/lp1648143/
please let me know if this works for you
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The denial messages like
target=B00280F4B00280F
are caused by a kernel bug, in reporting the the profile name of the
target of the ptrace.
In general ptrace operations are controlled by both capability and
ptrace rules. This is because within the kernel ptrace calls in to the
capability code,
This occurs in a stacked policy situation, where there is a system
policy is being applied but within the container namespace, the policy
is unconfined.
The special casing for unconfined with no-new-privs is not properly
detecting this case. I will have a test kernel with a fix for this issue
To clarify the container is missing the minimum requirements of the
apparmor_parser and the apparmor init service.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in lxd:
using
lxc launch images:ubuntu/yakkety torcontainer
to create the container
the installing tor into the container and starting it I can replicate
the error. However this is due to the container not having apparmor
installed. The container is not booting with apparmor or loading the tor
profile.
Christian,
could you please try against my test kernel? It has fixed the issue with
my local reproducer
The packages are in
http://people.canonical.com/~jj/linux+jj/
you can probably get away with just installing linux-
image-4.8.0-30-generic_4.8.0-30.32+lp1645037_amd64.deb but the other
I have fully replicated this with just the apparmor_parser, and bash. It
requires using both the fs based namespace mkdir/rmdir namespace
interface and regular profile replacement/removal at the same time.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This should be fixed by add the rule
dbus rw peer=(name=/run/dbus/system_bus_socket),
the /usr/sbin/ntpd profile
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647586
Title:
apparmor errors
I think I may have replicated, in that I got log entries with task
blocked for more than 120 seconds, very similar to the above logs. And
the apparmor_parser could running ps on the system did show several
apparmor_parsers waiting. However it did not crash nor did the
apparmor_parser instances
No, I haven't. I have been using the instructions you provided with no
success. I have started some tests doing lower level direct calls of
replace and reload so that I can have even more concurrency.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
How reliable/repeatable is this for you?
I have been hammering a machine for multiple days and not been able to
trip this once.
I have been using the 4.8 ubuntu kernel the ubuntu-lxc/daily and the
ubuntu-lxc/stable ppas. Any more info you can provide?
--
You received this bug notification
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: linux (Ubuntu Yakkety)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: linux (Ubuntu Zesty)
Assignee: (unassigned) => John Johansen (jjohansen)
*
I have done some light testing on this, trying to develop a none snap
based test to verify it. The test is no where near as reliable as the
snappy test. I haven't been able to trigger the bug on the new kernel
yet, with the caveat that it could just be the test. I am inclined to
declare this
note: that for xenial there are several pieces that must land as
different SRUs. Just using the xenial SRU kernel is not sufficient.
There is an apparmor userspace SRU that is required, and squashfuse sru
...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This appears to be a problem with the test
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification
This appears to be an issue with the test.
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification
Alright I have replicated and there is indeed a problem here. It will
work if the first profile starts with a / but fails when it doesn't
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjo
Yuqiong Sun,
the parser is sensitive to white space. If your profile has white space
in the name you will need to use quotes around it
/root/test/read px -> "readtest1 //& readtest2",
otherwise you will need to remove the white space and specify it as
/root/test/read px -> readtest1//,
I need more information about what else is going on, on the system when
the this triggers
is there profile replacement happening, what kind of load, ...
so far I have been unable to trigger this, and the code looks good
** Changed in: linux (Ubuntu)
Status: In Progress => Incomplete
--
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are
** Changed in: linux (Ubuntu Yakkety)
Status: Triaged => Invalid
** Also affects: linux (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Trusty)
Status: New => Triaged
** Also affects: linux (Ubuntu Precise)
Importance: Undecided
** Also affects: apparmor (Ubuntu Yakkety)
Importance: Critical
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released
** Also affects: linux (Ubuntu Yakkety)
Importance: Critical
Assignee: John Johansen (jjohansen)
Status: Fix Released
** Also affects: lxd (Ubuntu
** Changed in: apparmor
Status: New => Fix Committed
** Changed in: linux (Ubuntu Yakkety)
Status: Incomplete => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630069
I'm not sure what messed up the settings, but there isn't enough of a
trail to say if it was the unity update, compiz update or some other
random change.
So moving to invalid
** Changed in: unity (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a
Got it. It required that I install ccsm and toggle the Desktop Wall
setting
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630354
Title:
can not switch workspaces using keyboard short cuts
To
Public bug reported:
16.04 - fully updated
keyboard short cuts to switch workspaces used to work. After last reboot
they don't. Checked in system settings, keyboard short cuts are set.
Tried resetting them, no go. Tried alternate keys short cuts, no go.
Tried rebooting they still don't work.
but it results in the test breaking
for everyone using upstream releases against pre 4.8 kernels.
** Affects: apparmor
Importance: Undecided
Assignee: John Johansen (jjohansen)
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: John Johansen (jjohansen
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Importance: Undecided => Critical
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (
slight revision
/sys/kernel/security/apparmor/features/domain/ns_stacked contains
yes/no if stacked across policy namespace
/sys/kernel/security/apparmor/features/domain/ns_name contains the
name of the namespace
as long as lxc sets up a detectable namespace ns_name can be used to
In testing I have not been able to reproduce.
But from the oops it looks either like potentially like memory corruption, or
corruption of the cred. The oops reports
invalid opcode: [#1] SMP
however the piece of code triggering this is used all the time, so the
more likely scenario is
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615881
Title:
The label build for onexec when stacking is wrong
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615882
Title:
dfa is missing a bounds check which can cause an
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1593874
Title:
warning stack trace while playing with apparmor
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615878
Title:
__label_update proxy comparison test is wrong
To
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615880
Title:
The inherit check for new to old label comparison
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615889
Title:
label vec reductions can result in reference labels
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615892
Title:
deleted files outside of the namespace are not being
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615895
Title:
apparmor module parameters can be changed after the
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615887
Title:
profiles from different namespaces can block other
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615893
Title:
change_hat is logging failures during expected hat
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
AppArmor profile reloading causes an intermittent
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615890
Title:
stacking to unconfined in a child namespace confuses
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
)
Importance: Critical
Assignee: John Johansen (jjohansen)
Status: Incomplete
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Yakkety)
Status:
I believe I have finally tracked this one down. It only occurs when an
fd is shared between 9 or more separate profile domains and one of those
profiles is removed. The removal part can happen during the apparmor
reload phase, if a profile was renamed which is more likely on touch and
snappy.
*** This bug is a duplicate of bug 1579135 ***
https://bugs.launchpad.net/bugs/1579135
Note: there is a new test kernel using +jj61 at
http://people.canonical.com/~jj/linux+jj/
This should be the final fix for this issue
--
You received this bug notification because you are a member of
could you try reproducing with the kernel in
http://people.canonical.com/~jj/linux+jj/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
can you try the kernel in
http://people.canonical.com/~jj/linux+jj/
yes it is a xenial kernel but it should still work on trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
Title:
The apparmor profile is tailored for the default dovecot install if you
have a custom build or have tweaked the configuration the apparmor
profile may need to be modified.
Can you tell how/where your dovecot came from, apt/snap/custom build
Can you please attach your dovecot configs so we can
possibly. There isn't actually enough information in that bug to be sure
if it is an actual namespacing issue or it is a separate bug to do with
unix domain sockets.
Unfortunately the workaround of attach_disconnect is still required to
deal with these issues.
--
You received this bug
This should be fixed in Xenial, there is a large patchset (30 or so
patches) that can be SRUed to vivids 3.16 kernel
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1378123
Title:
Is the snap removed and then reinstalled?
Has this been triggered just by running the snap?
When was the kernel rebooted since the snap was installed? Since the snap was
removed?
...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have been unable to trigger the first bug reported. Can you attach a
flattened versions of your profile set?
apparmor_parser -p your_profile > flattened_profile
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have been unable to trigger this bug can you please provide more
information?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
To
I have updated the debug kernel at
http://people.canonical.com/~jj/lp1581990/
it adds more debug and fixes the 2nd issue you encountered.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
That sadly was not very helpful, it died in a completely different place
and didn't trip any of the additional debug.
Would it be possible to try it again?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have uploaded a debug kernels to
http://people.canonical.com/~jj/lp1581990/
If you could install that and test, hopefully it has enough debug to
track this issue down
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Are the oops warnings reliable for you? It appears to be a ref count bug
or race and I have not been able to track it down yet. If it is some
what reliable would you be willing to try a debug kernel to help track
the issue down?
--
You received this bug notification because you are a member of
No, which means its a race of some kind
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
To manage notifications about this bug go to:
The deny modifier has been fixed in the 2.11 parser. However, the audit
modifier is not properly supported by the backend permission format and
will result in equality.sh failing
With the above patch to equality.sh, the failures all involve audit
which is being silently dropped in permission
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581202
Title:
CVE-2016-0758
To manage notifications about this bug go to:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581201
Title:
CVE-2016-3713
To manage notifications about this bug go to:
are these custom/modified dovecot profiles?
what other profiles are loaded?
can you provide the output of aa-status?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
Title:
Profile reload
*** This bug is a security vulnerability ***
Private security bug reported:
Placeholder
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu)
*** This bug is a security vulnerability ***
Private security bug reported:
Placeholder
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu)
On 05/11/2016 11:46 AM, Tyler Hicks wrote:
> On 05/11/2016 10:22 AM, Jamie Strandboge wrote:
> ...
>>
>> We then have dbus-session-strict:
>> unix (connect, receive, send)
>>type=stream
>>peer=(addr="@/tmp/dbus-*"),
>>
>> There is a problem with this policy though; that access is
What kernel (full version) did this occur on?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
To manage notifications about this bug
To be clear we are not talking about removing support for
flags=(complain) from the parser or the language. Just defaulting to
using the symlink for aa-complain because of broken packaging systems :P
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Hrmmm, I thought this was fixed in the parser. Maybe its only part 1 or
a 2 part fix that was done, we will have to check but the cached policy
know stores a flag in the header that it was built with complain mode
making it possible to detect this condition without having to parse the
whole cache
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot permit some operations for sssd
To manage
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1534405
Title:
Regression in parser compiling/loading a directory
To manage
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1324608
Title:
when aa-logprof processed file access rules with mask of "c" the
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1540562
Title:
aa-genprof crashes in logparser NoneType has no "replace"
To
It needs to be set in the profile file
/etc/apparmor.d/sbin.dhclient
apply the following change
--- a/sbin.dhclient 2016-02-25 06:32:17.0 -0800
+++ b/sbin.dhclient 2016-04-10 12:41:41.826906424 -0700
@@ -3,7 +3,7 @@
# Author: Jamie Strandboge
#include
For the record it is this commit that made the change
https://gitlab.com/procps-
ng/procps/commit/5da390422d2b58902731655ddd12439126a051da
it was previously terminating the string when it hit the space before
the mode. Now it is using isprint(outbuf[len]) and space is a printable
character.
--
On 04/06/2016 02:32 PM, Dimitri John Ledkov wrote:
> On 6 April 2016 at 22:25, Xen wrote:
>> Bryan Quigley schreef op 06-04-16 22:35:
>>> Hi all,
>>>
>>> The naming scheme of just "Ubuntu 14.04.4 LTS" is no longer
>>> meaningful when it comes to determining what
The apparmor /proc/ interface has always included the mode info, so the
change must be in how ps handles the security label
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1561330
Title:
ps security
@Jamie, I had assumed we would be using --skip-kernel-load. I was just
bringing up that policy versioning is not just about having different
versions of policy for different kernels but also about dealing with
failure cases.
--
You received this bug notification because you are a member of
Versioned policy is needed on touch if the compile is going to be done
before reboot. You do not want to blow away currently enforcing policy
and install the new version and then run into a situation where you
fail, or don't reboot. So at the very least for the failure case we
need to support
Correct.
There are actually several ways to get disconnected paths and this
specific one is being caused by the new file ns. The proper fix for this
is delegating access to the object that would not normally be
accessible, however delegation is not available in the current releases
of apparmor
Alessio,
so from the boot chart I am not able to say what is causing the delay. What I
do see is a large gap in activity for both the cpu and i/o.
That gap lines up roughly with the start of pulse audio, but that doesn't
necessarily make it the culprit. We then get a large gap of little to no
401 - 500 of 8128 matches
Mail list logo