** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: apparmor (Ubuntu)
Status: New => Fix Committed
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => In Progress
--
You received this bug notification because
I'd like to note that I tested all packages that are currently failing
in the update excuses page and fuseiso is not failing because of the
fusermount3 profile. The following test still fails when the profile is
removed.
autopkgtest fuseiso -U --shell-fail --setup-commands="sudo
apparmor_parser -R
Created a MR upstream with a tentative fix in
https://gitlab.com/apparmor/apparmor/-/merge_requests/1716
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111845
Title:
autopkgtests failing with fuse3
Hi Sofie.
I'm sorry this has been happening. Could you check your system logs for any
apparmor DENIED messages?
You can run this command in your terminal:
journalctl -b | grep DENIED | grep fusermount
or
sudo dmesg | grep DENIED | grep fusermount
--
You received this bug notification because y
Hi Khairul,
Could you check your system logs for apparmor DENIED messages? The
relevant ones likely have profile=“fusermount3” in them.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2098993
Title:
Since noble there are unconfined profiles which are part of the
unprivileged user namespace restriction. There is a CIS Level 2 rule
that requires all AppArmor profiles to be in enforce mode, which at the
moment includes the unconfined profiles. There is ongoing discussion
with the CIS community [1
Hi Christian. The patch looks good to me. Do you mind submitting it to
the apparmor project upstream? https://gitlab.com/apparmor/apparmor
under profiles/apparmor.d/lsblk
If possible, please include a link to this bug in the commit message
--
You received this bug notification because you are a
Verification completed successfully with domain being created as
expected:
root@sec2-jammy-amd64:~# apt install qemu qemu-kvm qemu-system-arm
libvirt-clients libvirt-daemon-system virtinst bridge-utils
Reading package lists... Done
Building dependency tree... Done
Reading state information... Don
ned) => Georgia Garcia (georgiag)
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2105986
Title:
Apparmor parser 2.12 doesn'
I could reproduce this issue on linux 6.12 but plucky is soon moving to
6.14 in which this is no longer reproducible.
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
Hi The Owl, my apologies. I updated the description containing the SRU
justification with the thorough testing steps.
Here's the correct verification:
root@sec-oracular-amd64:~# lxc launch ubuntu:24.10 test -c security.nesting=true
Launching test
root@sec-oracular-amd64:~# lxc exec test bash
root
Verification completed in oracular linux/6.11.0-21.21. Works as
expected.
georgia@sec-oracular-amd64:~$ uname -a
Linux sec-oracular-amd64 6.11.0-21-generic #21-Ubuntu SMP PREEMPT_DYNAMIC Wed
Feb 19 16:50:40 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-oracular-amd64:~$ sudo lxc launch ubu
Verification completed on oracular linux/6.11.0-21.21
georgia@sec-oracular-amd64:~$ uname -a
Linux sec-oracular-amd64 6.11.0-21-generic #21-Ubuntu SMP PREEMPT_DYNAMIC Wed
Feb 19 16:50:40 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-oracular-amd64:~$ journalctl -b | grep systemd | grep -i
Hi Bryce, yes I'm able to help with testing. I was able to reproduce the
issue on a virtualized jammy using my tpm device as passthrough (I had
to manually add apparmor permission to access /dev/tpm* rw, though...
another bug). And I was also able to verify that the version from
Sergio's PPA works
Hi Heinrich. Did you try rebooting after upgrading to 4.1.0~beta5-0ubuntu5?
The profile could still be loaded in the kernel thus enforcing restrictions
unless rebooting or manually unloading the profile.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subs
Hi Dave
There's a new apparmor_4.1.0~beta5-0ubuntu5 available in plucky-proposed that
should remove the wpa_supplicant apparmor profile. We decided to disable it by
default for now in Ubuntu
I added a comment in the upstream MR for the profile fix, feel free to add more
details there if you wish
Hi Thomas, thanks for the report
AppArmor resolves the symbolic link on mediation, so to allow mbsync to
access those files, you can add the following permission to
/etc/apparmor.d/local/mbsync
@{HOME}/dotfiles/isync/.mbsyncrc r,
It can be done by the following command:
sudo bash -c "echo '@{HO
Hi Khairul.
Unfortunately the fix was not complete and there's a 4.1.0~beta5-0ubuntu5 on
the way. What you can do now is unload the profile and remove it.
# apparmor_parser --remove /etc/apparmor.d/wpa_supplicant
# rm /etc/apparmor.d/wpa_supplicant
--
You received this bug notification because
hi Thomas
To allow access to these files, you can add the following rule to
/etc/apparmor.d/local/openvpn:
@{HOME}/Documents/canonical/vpn/canonical_ta.key r,
It can be done by the following command:
sudo bash -c "echo '@{HOME}/Documents/canonical/vpn/canonical_ta.key r,'
>> /etc/apparmor.d/loc
Verification completed on noble kernel 6.8.0-56.58:
$ journalctl -b | grep systemd | grep -i apparmor
...
Feb 20 09:50:03 sec3-noble-amd64 kernel: audit: type=1400
audit(1740055803.156:9): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="busybox" pid=1 comm="systemd"
Feb 20
Hi Fred, I'm sorry to hear that things are not working as you expect. If
you can, could you open a new bug here on launchpad or in the upstream
apparmor repo https://gitlab.com/apparmor/apparmor/-/issues containing
the details of what's not working for you? It would be very helpful if
you could inc
hi Lukas. Yes, I was reproducing it on my host with real hardware.
Unfortunately I have since upgraded to noble, so I'm unable to test unless I
downgrade the packages (let me know if you'd like me to)
Regarding TPM, I'm not sure what to look for, but here's what I got
$ cat /sys/class/tpm/tpm0/t
Hi Fred,
What is the output of "realpath /usr/bin/google-chrome" in our machine?
Here I have
$ realpath /usr/bin/google-chrome
/opt/google/chrome/google-chrome
which is already covered by the rule
/opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} Cx
-> sanitized_helper,
App
Since rsyslog ships its own apparmor profile, I'm adding rsyslog as the
affected package and marking apparmor as invalid.
** Also affects: rsyslog (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor
Status: New => Invalid
--
You received this bug notification bec
** Description changed:
+ SRU Justification:
+
+ [Impact]
+
+ The commit being reverted allows the use of runtime information on
+ AppArmor features, usually located under
+ /sys/kernel/security/apparmor/features/
+
+ The set of features is used to calculate the features' hash, used by
+ AppArm
The bug was caused by a commit [1] in the Ubuntu kernel that would
change the kernel features hash based on the status of the userns and
io_uring restriction. When the policy cache was generated, userns
restriction would be available and the hash under
/etc/apparmor/earlypolicy/ would match the set
Hi Eugenio. I'm relieved to hear that you are using Desktop Icons NG. That bug
is being tracked in
https://bugs.launchpad.net/ubuntu/+source/gnome-shell-extension-desktop-icons-ng/+bug/2064849
as
kanschat shared in #41
Good news is that there's already a fix on the way
https://salsa.debian.org
Hi Eugenio. I appreciate your patience, but we haven't been able to
reproduce the issue so we depend on our logs to draw out any conclusion.
Is there any change you are using a different software or extension to
display your thumbnails other than nautilus directly? Something like
gnome-shell-exten
This profile bypasses the restriction of unprivileged user namespaces,
therefore Ubuntu cannot ship it, and we recommend you don't use it as
well. If an application calls bwrap with a valid use of unpriv userns,
then a profile for that app should be created instead. Let me know if
you need any help
This is the fix upstream:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1237/diffs?commit_id=1f4bba0448563b7d1fe4d86c230556ebf8d3805b
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2079019
Tit
Eugenio, do you see any apparmor messages in your system logs? They could be in
/var/log/syslog or /var/log/kern.log, or if you have auditd installed
/var/log/audit/audit.log
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
You will need to create an AppArmor profile for the AppImage to work
using unprivileged user namespaces with privileged operations. Here's a
more detailed explanation in a different bug:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/comments/4
--
You received this bug notificati
If after running the following command thumbnails still won't load, then
it is not related to this bug report. If that's the case, please open a
new bug.
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Note that this makes your setup vulnerable, so I recommend turning back on
afte
Hi Ondra. Could you share what the apparmor profile looks like? Spaces
should work when surrounded by double quotes in the profile. In
4.0.1really4.0.1-0ubuntu0.24.04.3 there's an example of that in
/etc/apparmor.d/MongoDB_Compass.
profile "MongoDB Compass" "/usr/lib/mongodb-compass/MongoDB Compas
Hi Janne, thanks for reporting. Adding attach_disconnected to the profile flags
is the correct course of action at this point.
I submitted a MR upstream with the information you provided:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1395
--
You received this bug notification because y
Hi! Thank you for reporting this issue. It was already fixed by upstream
AppArmor but the fix still needs to be applied in the apparmor package:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1218
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
** Attachment added: "docker-default"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2039294/+attachment/5824926/+files/docker-default
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2039294
Hi, mihalicyn, sorry for the delay answering.
That's unfortunately right. Ubuntu 12.04 ships apparmor 2.7 which didn't
have support for ABIs yet, so dc757a645cfa82f6ac252365df20a36a9ff82760
causes a regression on those early versions. I talked to @jjohansen and
we have agreed that this patch needs
I agree that if /etc/ipa/ca.crt is a standard location for that package
(which appears to be
https://pagure.io/freeipa/blob/master/f/ipaplatform/base/paths.py#_69)
then we could add it to the ssl_certs abstraction
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: apparmor (Ubuntu)
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Oracular)
Importance: Undecided
Status: New
--
You r
It does seem to be an issue with their snap apparmor policy, which they
manage directly. Feel free to report the issue to them directly
https://github.com/NordSecurity/nordvpn-linux
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you a
From the comments in the forum, it seems that the AppImage was
corrupted. Since it doesn't seem apparmor related, I'm setting this bug
as Invalid. Feel free to change back it if you don't agree.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notific
Hi! Could you add some logs so we can determine if it's apparmor
related? You can run the following command to get them automatically.
apport-collect -p apparmor 2074277
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a mem
Sorry for the delay. The fix had landed but it was reverted due to a
regression. We have a 4.0.1really4.0.1-0ubuntu0.24.04.3 update but
it is still sitting in noble-proposed
https://people.canonical.com/~ubuntu-archive/pending-sru.html
--
You received this bug notification because you are a
Ah, I tested only in jammy amd64. Here's my setup:
georgia@georgia:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 22.04.4 LTS
Release:22.04
Codename: jammy
georgia@georgia:~$ uname -a
Linux georgia 5.15.0-119-generic #129-Ubuntu SMP Fri
Hi Sergio
The version from the PPA fixes it for me. Thank you for working on this!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077336
Title:
Creation of armv7l vm fails due to tpm-tis
To manage
Hi appe!
There's a new version of apparmor in the noble-proposed pocket that should fix
this issue:
https://launchpad.net/ubuntu/+source/apparmor/4.0.1really4.0.1-0ubuntu0.24.04.3
https://wiki.ubuntu.com/Testing/EnableProposed
--
You received this bug notification because you are a member of U
@lazka: you can use this profile:
https://pastebin.canonical.com/p/VbmH97Rhqp/
I grabbed it from upstream:
https://github.com/moby/moby/blob/master/profiles/apparmor/template.go
Note that for the rule "signal (receive) peer={{.DaemonProfile}}," in the
template I assumed the DaemonProfile is unco
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
Ah, so it's not the same issue as the original bug report, it's
something else. Since it's not related to apparmor, I recommend you open
a new bug here in launchpad or upstream
https://gitlab.gnome.org/GNOME/nautilus/-/issues so other people can
help you debug and hopefully fix this issue.
--
You
Verification completed on apparmor noble-proposed
$ apt policy apparmor
apparmor:
Installed: 4.0.1really4.0.1-0ubuntu0.24.04.3
Candidate: 4.0.1really4.0.1-0ubuntu0.24.04.3
Version table:
*** 4.0.1really4.0.1-0ubuntu0.24.04.3 100
100 http://archive.ubuntu.com/ubuntu noble-proposed/ma
I have noticed that a lot of AppArmor policies use peer=unconfined when
they meant *any* peer. I believe this is also the case for bug 2040483.
I see little difference in allowing "signal (receive) peer=unconfined,"
vs "signal (receive)," in abstractions/base, so I proposed
https://gitlab.com/appa
** Description changed:
I downloaded an armhf cloud image on jammy and tried to create a vm but
- I got an error saying that tpm-this is not supported
+ I got an error saying that tpm-tis is not supported
$ wget
https://cloud-images.ubuntu.com/oracular/current/oracular-server-cloudimg-armh
Public bug reported:
I downloaded an armhf cloud image on jammy and tried to create a vm but
I got an error saying that tpm-this is not supported
$ wget
https://cloud-images.ubuntu.com/oracular/current/oracular-server-cloudimg-armhf.img
$ sudo virt-install -n oracular-arm --os-variant=generic
Since the profile is not shipped by the apparmor package, I'm marking it
as invalid and adding the correct package passt
** Also affects: passt (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notificati
The main issue is that I still wasn't able to reproduce it locally.
Dan, could you check if this issue still happens with the unprivileged user
namespace restriction disabled?
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Please note that this makes your setup vulnerable, so I r
I have updated the description with the information of the SRU version
4.0.1really4.0.1-0ubuntu0.24.04.3
The Test Plan is updated with detailed instructions and I also added an
analysis of why the regression happened for the previous SRU. Note that since
we have removed the enablement by default
As I understand these changes are only waiting to be sponsored to
proposed, correct?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065915
Title:
[SRU] Add multiarch lines for each architecture we w
Here's my proposed fix for oracular. It disables the bwrap profile so we can do
further tests. As was done on noble, it does require a reboot.
It's also available on this ppa:
https://launchpad.net/~georgiag/+archive/ubuntu/4.0.1-0ubuntu2
** Patch added: "apparmor_4.0.1-0ubuntu2.debdiff"
ht
@Robie Basak:
I ran QRT and the tests passed:
georgia@ubuntu:~/qrt-test-apparmor$ sudo ./install-packages test-apparmor.py
georgia@ubuntu:~/qrt-test-apparmor$ sudo ./test-apparmor.py
...
--
Ran 62 tests in 1974.585s
OK (skippe
Hi Scarlett,
No worries, that log should be enough to understand what's going on. That is a
bug in the snapd interface because the AppArmor policy specified the peer_label
as unconfined, but that's no longer the case for plasmashell. I'll reach out to
the snapd team and report the issue.
Thank
Hi Changqing Li,
Thanks for your report. Unfortunately, as John has stated in this comment:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/comments/3
We are not able to ship a profile for bitbake running in a writable location of
an unprivileged user because it could be used to b
As per the discussion in
https://irclogs.ubuntu.com/2024/07/09/%23ubuntu-security.txt
The recommendation from the security team is to not revert to the
"flags=(unconfined)" profile if the profile is already confined. That means
that we should only fix the multiarch issue.
Scarlett, you're right
Added to QRT in MR https://code.launchpad.net/~georgiag/qa-regression-
testing/+git/qa-regression-testing/+merge/468941
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062138
Title:
test-logprof.py f
** Tags removed: verification-needed-jammy-linux-lowlatency-hwe-6.8
** Tags added: verification-done-jammy-linux-lowlatency-hwe-6.8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2032602
Title:
[FFe]
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification becau
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Thanks for the verification, John. I updated the tags based on the
results of your tests.
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
Thanks for reviewing, Chris. I have updated the test plan with your
suggestions, and I also updated the ppa containing a new version of the
package with the wike profile location fixed. I'll also make sure to
comment on the bugs in the changelog that verification is not required.
** Description ch
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
** Tags removed: verification-needed-noble-linux-oracle
** Tags added: verification-done-noble-linux-oracle
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2032602
Title:
[FFe] apparmor-4.0.0-alpha2 f
Fix committed in
https://gitlab.com/apparmor/apparmor/-/merge_requests/1251
** Changed in: apparmor (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061113
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056696
Title:
All Snaps are denied the ability to use DBus for notifications and
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2057927
Title:
lxd vga console throws "Operation not permitted" error
To manage no
This is probably happening because before 24.04 plasmashell was not
confined, therefore it had the "unconfined" label. But now that it is
confined, we need a rule to allow peer_label="plasmashell"
** Also affects: snapd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bu
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-noble-linux-gke
** Tags added: verification-done-noble-linux-gke
** Tags removed: verification-needed-noble-linux-gcp
** Tags added: verification-done-noble-linux-gcp
** Tags removed: verification-needed-noble-linux-azure
** Tags added: verification-done-noble
** Tags removed: verification-needed-noble-linux-lowlatency
** Tags added: verification-done-noble-linux-lowlatency
** Tags removed: verification-needed-noble-linux-ibm
** Tags added: verification-done-noble-linux-ibm
--
You received this bug notification because you are a member of Ubuntu
Bugs,
This bug corresponds to the userspace components of AppArmor but it was
added in some kernel patches along with Bug 2028253. Verification should
be completed in Bug 2028253
** Tags removed: verification-needed-jammy-linux-aws-6.5
verification-needed-jammy-linux-azure-6.5
verification-needed-jamm
Hi Simon,
The use of --unshare=network does not cause a regression with the bwrap profile.
This is the full profile:
https://gitlab.com/apparmor/apparmor/-/blob/aa74b9b12d9ed55909489403a0c2514b9ea6a95f/profiles/apparmor/profiles/extras/bwrap-userns-restrict
If you look at the bwrap profile itsel
** Package changed: apparmor (Ubuntu) => snapd (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067564
Title:
Syslog is flooded with messages when watching videos on Youtube
To manage notifi
*** This bug is a duplicate of bug 2064144 ***
https://bugs.launchpad.net/bugs/2064144
Hi Mikko. Thanks for the report. This seems to be a duplicate of Bug
2064144, which has the fix on its way to noble.
** This bug has been marked a duplicate of bug 2064144
lxc ships apparmor config that
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
Thanks. That version should have the nautilus profile that makes the
thumbnails appear, so we will need to dig a bit deeper.
Could you paste the results of the following command? This will show us if
there is a profile for nautilus loaded and it should look something like this
$ sudo aa-status --
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Hello! Thanks for tagging apparmor. Yes, this is a duplicate of bug
2046844. We are working on an update that introduces a profile for bwrap
which would allow setzer (and several other applications) to work
If you're still running into this issue, do you mind sharing which AppArmor
version are you running? For that you can run
apt-cache policy apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/204725
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
I added the suggested patch to QRT:
https://code.launchpad.net/~georgiag/qa-regression-testing/+git/qa-regression-testing/+merge/465526
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062138
Title:
t
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
Public bug reported:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with translation, failing
The mqueue patches are present in jammy-linux-gcp-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-gcp-fips
** Tags added: verification-done-jammy-linux-gcp-fips
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
1 - 100 of 134 matches
Mail list logo
