** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
** No longer affects: apparmor (Ubuntu Xenial)
** No longer affects: apparmor (Ubuntu Yakkety)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
This bug was fixed in the package linux - 4.4.0-75.96
---
linux (4.4.0-75.96) xenial; urgency=low
* linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)
* [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
(LP: #1682561)
- Drivers: hv: util: move wai
This bug was fixed in the package linux - 4.8.0-49.52
---
linux (4.8.0-49.52) yakkety; urgency=low
* linux: 4.8.0-49.52 -proposed tracker (LP: #1684427)
* [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
(LP: #1682561)
- Drivers: hv: util: move wa
** Changed in: linux (Ubuntu Xenial)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in lxd: apparmor="DENIED" operation="change_onexec"
na
The entire apparmor patch series was reverted regardless of whether the
patch had any link to a regression, or security fix.
The majority of the patches will be reapplied and go through the SRU
cycle again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
00:27 smb: is
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1648143/comments/26
correct? Wrong bug?
00:28 yeah, looked odd to me to, I don't see the link between that
security fix and this bug
00:29 Let's reopen for now. If it's wrong, smb can re-close it
perhaps?
** Changed in:
This bug was fixed in the package linux - 4.8.0-45.48
---
linux (4.8.0-45.48) yakkety; urgency=low
* CVE-2017-7184
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
-- Stefan Bader Fri, 2
Not fixed because we had to revert the commits due to various
regressions.
** Changed in: linux (Ubuntu Xenial)
Status: Fix Released => Triaged
** Changed in: linux (Ubuntu Yakkety)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of U
This bug was fixed in the package linux - 4.8.0-42.45
---
linux (4.8.0-42.45) yakkety; urgency=low
* linux: 4.8.0-42.45 -proposed tracker (LP: #1671176)
* Regression in 4.4.0-65-generic causes very frequent system crashes
(LP: #1669611)
- Revert "UBUNTU: SAUCE: apparmor:
I filed bug 1670408 to track the further issues in tor's AppArmor
profile that stop it from starting on Zesty.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in lxd: apparmor="DENI
So this particular bug is Invalid for the tor package in Ubuntu, since
the bug was in the kernel and we've verified that with fixes in
proposed. tor still doesn't work on Zesty, but I'll file a separate bug
for that.
** Changed in: tor (Ubuntu)
Status: New => Invalid
** Changed in: tor (Ub
Sorry, you're right. "systemctl status tor@default" still shows the
service as not running, but now the reason is different.
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: linux (Ubuntu Yakkety)
Status: Confirmed => Fix Committed
** Tags removed: ver
Please describe the failure, including the logs so I can analyze. Just
because the container fails to start does not mean that the fix is bad.
There can be other issues that result in the failure.
Specifically this bug is for the denial message seen in comment #5 and
not the denied messages (unlin
I tried running tor in a Zesty container on a Zesty VM.
With the current 4.10.0.8.10 it fails as described (tor@default fails to
start). AFAICT, the bug still exists on Zesty.
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: linux (Ubuntu Yakkety)
Status
I tried running tor in a Zesty container on a Yakkety VM.
With 4.8.0.39.50 it fails as described (tor@default fails to start).
With 4.8.0.40.51 (following a reboot) it *still* fails as described.
AFAICT, 4.8.0.40.51 does not fix the problem on Yakkety.
** Tags removed: verification-needed-yakkety
I tried running tor in a Zesty container on a Xenial VM.
With 4.4.0.64.68 it fails as described (tor@default fails to start).
With 4.4.0.65.69 (following a reboot) it works correctly.
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug no
This bug was fixed in the package linux - 4.4.0-65.86
---
linux (4.4.0-65.86) xenial; urgency=low
* linux: 4.4.0-65.86 -proposed tracker (LP: #1667052)
[ Stefan Bader ]
* Upgrade Redpine RS9113 driver to support AP mode (LP: #1665211)
- SAUCE: Redpine driver to support Host
This bug was fixed in the package linux - 4.8.0-40.43
---
linux (4.8.0-40.43) yakkety; urgency=low
* linux: 4.8.0-40.43 -proposed tracker (LP: #1667066)
[ Andy Whitcroft ]
* NFS client : permission denied when trying to access subshare, since kernel
4.4.0-31 (LP: #1649292)
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
yakkety' to 'verification-done-yakkety'. If the problem still exists,
change the tag 'verifi
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag 'verifica
** Also affects: tor (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: tor (Ubuntu Xenial)
Imp
** Changed in: linux (Ubuntu Yakkety)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
** No longer affects: tor (Ubuntu)
** Also affects: tor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in lxd: apparmor="DENIE
Okay, that looks like the kernel is working for you and you are now past
the original
[103975.623545] audit: type=1400 audit(1481284511.494:2807):
apparmor="DENIED" operation="change_onexec" info="no new privs" error=-1
namespace="root//lxd-tor_" profile="unconfined"
name="system_tor" pid=18593 co
My /etc/apparmor.d/system_tor:
# Last Modified: Sun Jan 1 21:47:33 2017
#include
# vim:syntax=apparmor
profile system_tor flags=(attach_disconnected) {
#include
/run/systemd/journal/stdout rw,
/usr/bin/tor mr,
owner /var/lib/tor/ r,
owner /var/lib/tor/** wk,
/var/lib/tor/** r,
No problem, it is the holiday season.
I get the following errors on 16.04:
[0.511712] audit: initializing netlink subsys (disabled)
[0.511802] audit: type=2000 audit(1483302109.500:1): initialized
[7.355509] audit: type=1400 audit(1483302117.275:2): apparmor="STATUS"
operation="profi
sorry this took longer than expected. I have placed amd64 test kernels at
http://people.canonical.com/~jj/lp1648143/
please let me know if this works for you
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Let me know if I you need somebody else to test your kernel.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in lxd: apparmor="DENIED" operation="change_onexec"
namespace="root//C
This occurs in a stacked policy situation, where there is a system
policy is being applied but within the container namespace, the policy
is unconfined.
The special casing for unconfined with no-new-privs is not properly
detecting this case. I will have a test kernel with a fix for this issue
earl
I have exactly the same issue on 16.04:
[172512.094995] audit: type=1400 audit(1482614869.625:1439):
apparmor="DENIED" operation="change_onexec" info="no new privs" error=-1
namespace="root//lxd-torelay_" profile="unconfined"
name="system_tor" pid=128522 comm="(tor)" target="system_tor"
--
You r
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: tor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
t
To clarify the container is missing the minimum requirements of the
apparmor_parser and the apparmor init service.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648143
Title:
tor in lxd: apparmor="
using
lxc launch images:ubuntu/yakkety torcontainer
to create the container
the installing tor into the container and starting it I can replicate
the error. However this is due to the container not having apparmor
installed. The container is not booting with apparmor or loading the tor
profile.
34 matches
Mail list logo