Please refer to the SRU process
(https://wiki.ubuntu.com/StableReleaseUpdates) regarding package
upgrades.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1855567
Title:
msmtp extremely out of date -
Public bug reported:
We use apt-cacher-ng configured as apt proxy on every machine and when
trying to upgrade a Xenial machine, I got this:
# do-release-upgrade
Checking for a new Ubuntu release
No new release found.
Running tcpdump showed that do-release-upgrade tried to reach
changelogs.ubunt
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this bug notification because you are a member of Ubuntu
Bugs,
On Bionic, the stock default sources are using HTTPS:
$ gem environment | grep -A1 'REMOTE SOURCES'
- REMOTE SOURCES:
- https://rubygems.org/
So it's no longer required to create a /etc/gemrc or ~/.gemrc file.
** Changed in: ruby1.9.1 (Ubuntu)
Status: Confirmed => Fix Released
--
On 2019-12-11 12:33 p.m., Rafael David Tinoco wrote:
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this bug
On 2019-12-11 12:33 p.m., Rafael David Tinoco wrote:
> For openvpn + systemd-resolve:
>
> With "up / down" openvpn config file commands you can wrap "systemd-
> resolve --set-dns=XXX" and update the given DNS servers.
There's a package for that: openvpn-systemd-resolved
--
You received this bug
I have the server side configured with ipsec.conf:
config setup
charondebug="ike 0, enc 0, net 0"
conn %default
keyexchange=ikev2
mobike=no
dpddelay=60
dpdtimeout=180
conn lp1772705
left=172.24.26.187
leftcert=peerCert.der
leftauth=pubkey
leftsubnet=8.8.8.8/32
right=%any
ri
Public bug reported:
systemd offers to create dynamic (and semi-stable) users for services.
This causes many services using Apparmor profiles to trigger those
denials (even when they don't use the DynamicUser feature):
audit: type=1107 audit(1585076282.591:30): pid=621 uid=103
auid=4294967295 ses
As mentioned in LP: #1796911 by xnox, some abstractions should be
augmented with the corresponding dbus rules. Support for userdb should
also be added IMHO.
Here are the rules that were needed in my tests on an up to date Focal:
# systemd DynamicUser
/run/systemd/userdb/ r,
/run/systemd/use
Comparing strace between Ubuntu and Debian (lxc launch images:debian/10)
showed that Debian's version doesn't try to connect to the tlsmgr socket
for some reason.
Ubuntu 3.4.10-1:
# grep connect /tmp/strace | grep AF_UNIX
connect(3, {sa_family=AF_UNIX, sun_path="private/tlsmgr"}, 110) = -1 ENOENT
On 2020-03-26 2:40 p.m., Scott Kitterman wrote:
> On Thursday, March 26, 2020 12:22:20 PM EDT you wrote:
>> Comparing strace between Ubuntu and Debian (lxc launch images:debian/10)
>> showed that Debian's version doesn't try to connect to the tlsmgr socket
>> for some reason.
>>
>> Ubuntu 3.4.10-1:
On 2020-03-26 3:54 p.m., Scott Kitterman wrote:
> Does applying this change help:
>
> https://salsa.debian.org/postfix-team/postfix-dev/-/commit/
> b8e0b846e34eeaaa2315ead2304824b21b01fe7a
Does not help.
Sion
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
charon's profile includes a local override file that is useful when
using non-default setups. As such, I think the proper solution for you
would be to use this:
echo '/bin/bash rmPUx,' | sudo tee -a
/etc/apparmor.d/local/usr.lib.ipsec.charon
sudo apparmor_parser -rTW /etc/apparmor.d/usr.lib.i
Thanks for the follow-up.
** Changed in: strongswan (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1869710
Title:
charon+apparmor can't run updown scrip
On 2020-03-30 4:54 p.m., Seth Arnold wrote:
> Sadly 'journactl -xe' was useless. (It only showed a thousand unrelated
> lines.) A raw journalctl took forever to run long enough to let me see it
> generated two million lines of output, and started about two years ago, that
> I'm not keen on tryin
https://usn.ubuntu.com/4166-2/ provided the fix for 14.04 ESM so all
supported releases are patched. As such, closing.
** Changed in: php-defaults (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Public bug reported:
Yesterday, when upgrading a client VMs running Xenial and moving to
Bionic, I noticed Apache's mod_php was disabled. I later reproduced this
in a container:
# create a Xenial container
$ lxc launch images:ubuntu/xenial xa
Creating xa
Starting xa
# Install
This is not 19.04->19.10 specific as no later than yesterday it affected
one of my client. I've reported the 16.04->18.04 bug against php-
defaults as it's the provider of mod_php, see LP: #1865218
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Hello Stefan,
According to the status output, NGINX couldn't start because of this
error:
nginx: [emerg]
BIO_new_file("/etc/letsencrypt/live/mail.distict.de/fullchain.pem")
failed (SSL: error:02001002:system library:fopen:No such file or
directory:fopen('/etc/letsencrypt/live/mail.distict.de/full
Public bug reported:
Since the snap upgrade to 80.0.3987.132, chromium keeps complaining
about I/O errors that are apparently due to missing Apparmor rules. Here
is what gets logged by "journalctl -f -o cat" when starting and closing
chromium:
AVC apparmor="DENIED" operation="unlink" profile="sna
Hi Douglas, thanks for digging this down and providing a patch. The 2
profiles don't ship with any flags so you probably added "complain"
before generating your diff.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
Based on Douglas' last comment, I believe that the 2 Strongswan profiles
are missing the "flags=(attach_disconnected)" to make NetworkManager-
l2tp happy. The first patch needs a little cleanup but the bug is valid
IMHO.
--
You received this bug notification because you are a member of Ubuntu
Bug
There is a nice explanation of the bug in the duplicate LP: #1598522.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1580356
Title:
OpenVPN causes reboot failure on Xenial in AWS
To manage notificat
On 2018-04-24 11:29 AM, Colin Ian King wrote:
> Has this problem re-occurred with more recent kernels?
No it has not occurred again, I'll let you know if it does. Thanks for
investigating!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubunt
Having the notify socket rule added to an abstraction makes sense IMHO
so I opened https://gitlab.com/apparmor/apparmor/issues/5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1765652
Title:
app armo
Here's the info collected an machine that experienced the problem on
June 23rd:
# grep -F 2017-06-23 /var/log/dpkg.log
2017-06-23 07:47:29 startup archives unpack
2017-06-23 07:47:29 upgrade openvpn:amd64 2.3.10-1ubuntu2 2.3.10-1ubuntu2.1
2017-06-23 07:47:29 status triggers-pending libc-bin:amd64
Please find a debdiff that backports the Debian fix for this issue.
** Patch added: "lp1610500.debdiff"
https://bugs.launchpad.net/ubuntu/+source/pptpd/+bug/1610500/+attachment/4904843/+files/lp1610500.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, whi
** Description changed:
+ [Impact]
+
+ Users with pptpd will encounter errors when upgrading from 14.04->16.04.
+ After the upgrade process, pptpd won't automatically start on boot.
+
+ [Test case]
+
+ 1. Setup a Trusty container
+ lxc launch ubuntu-daily:trusty foo
+ 2. Install pptpd
+ lxc
Public bug reported:
unity-lens-applications is apparently wrongly shipping
/usr/locale/da/LC_MESSAGES/unity-lens-applications.mo
This is the only translation file (.mo) shipped by unity-lens-applications. It
seems that the other translation files are shipped by
language-pack-gnome-CC-base wher
Hi urbalazs,
Looks like your machine is missing the /etc/nginx/nginx.conf file as
mentioned in the status output:
júl 04 00:04:09 gnomebox nginx[2003]: nginx: [emerg] open()
"/etc/nginx/nginx.conf" failed (2: No such file or directory)
Any idea why that file (or the containing directory) is miss
It works well on Xenial with sudo 1.8.16-0ubuntu1.5, thanks.
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686803
Hi LoOoD, could you explain how this issue is related to the nsd package
that provides a name server daemon? Thank you.
** Changed in: nsd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
Public bug reported:
[Impact]
Xenial users are unable to create vti6 tunnels.
[Test case]
1) Create a vti6 tunnel
sudo ip tunnel add vti0 mode vti6 local :: remote fdd6:bdb4:5614::2 key 54
2) No error should be displayed and "ip link" should show a new device named
"vti0"
The ip tunnel call
Hello Christian,
On 2017-12-11 10:36 AM, ChristianEhrhardt wrote:
> Hi Simon,
> we are currently shuffling around responsibilities for iproute so extra
> latencies might occur :-/.
I have no urgent need for this. I was simply experimenting with an
IPv6-only lab.
> 2. the Xenial kernel has this
On a hypervisor, binding on link local IPs is undesirable IMHO and
that's why I always added a similar ignore to the one you proposed. That
said, NTP works well over link local addresses so some folks are
probably using it.
--
You received this bug notification because you are a member of Ubuntu
2.10.5-1~trusty+1 is from a PPA but AFAICT, the same problem still
affects the latest Debian package.
** Changed in: ganeti (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpa
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734207
Title:
Multiple PSKs with dyndns left/rightids doesn't work
Verified with 5.3.5-1ubuntu3.5 on Xenial. Here is the testing procedure
with east01 as the roadwarrior with IP 169.254.6.1 (foo.bar.org) and
west01 as the concentrator with IP 169.254.6.2.
west01:
root@west01:~# grep foo /etc/hosts
169.254.6.1 foo.bar.org
root@west01:~# cat /etc/ipsec.conf
# LP
I've tested two other scenarios (always on Xenial):
1) IKEv1+XAUTH PSK
2) IKEv2+EAP MSCHAPv2
and both worked so no regression there.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1734207
Title:
Mu
@Colin, sorry for the delay, I just checked and
/sys/module/spl/parameters/spl_taskq_thread_dynamic defaults to 0
already.
That said, the issue happens only occasionally. Since I first reported
it, there was only one other event during which it occurred several
times in a row (between 2018-03-14 a
The machine is named "smb" and the attached logs were extract from
syslog with the pattern '^Mar 1[45] [0-9:]+ smb kernel: '.
** Attachment added: "smb.log"
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1749715/+attachment/5114291/+files/smb.log
--
You received this bug notificati
*** This bug is a duplicate of bug 1723900 ***
https://bugs.launchpad.net/bugs/1723900
** This bug has been marked a duplicate of bug 1723900
unbound systemctl (re)start fails due to Apparmor profile issue
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Public bug reported:
Ubuntu's cron version doesn't support setting MAILFROM to set the
"From:" header of cron generated emails. This feature would be nice to
have and bring parity with RHEL/CentOS which has it since RHEL 6:
$ cat /etc/redhat-release
CentOS release 6.6 (Final)
$ man 5 crontab |
Verified on artful:
$ dpkg -l tor tor-geoipdb | grep ^ii
ii tor0.3.0.13-0ubuntu1~17.10.1 amd64anonymizing overlay
network for TCP
ii tor-geoipdb0.3.0.13-0ubuntu1~17.10.1 all GeoIP database for Tor
$ torsocks wget -qO - https://ifconfig.co
51.15.53.83
** Tags r
** This bug is no longer a duplicate of bug 1723900
unbound systemctl (re)start fails due to Apparmor profile issue
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749931
Title:
unbound-control lo
@Jean-Daniel, sorry, I hastily duped it (now undone). Could you share
your config as well as the apparmor denials. FYI, the Apparmor profile
authorizes the creation of a control socket in /run/unbound.ctl:
# Unix control socket
/{,var/}run/unbound.ctl rw,
** Changed in: unbound (Ubuntu)
Thanks Emily!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1723900
Title:
unbound systemctl (re)start fails due to Apparmor profile issue
To manage notifications about this bug go to:
https://bugs
On 2018-02-23 09:40 AM, ChristianEhrhardt wrote:
> That would need:
> /run/systemd/notify w,
The notify problem was taken care of in LP: #1723900 :)
> /var/lib/sss/mc/initgroups r,
IMHO, this should be in abstractions/nameservice which is already
included in the Unbound profile. Christian, w
"deny capability chown" was initially added for the PID file, see [1].
Failing to chown the PID or the control socket is only logged at higher
log level specifically to not generate noise when the chown capability
isn't available, see [2,3]. The "capability fowner" was removed based on
[4].
Curren
Public bug reported:
From
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1749931/comments/4:
[2794367.925181] apparmor="DENIED" operation="open"
profile="/usr/sbin/unbound" name="/var/lib/sss/mc/initgroups" pid=5111
comm="unbound" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
The unb
Should be fixed by the recent SRU for Xenial (0.2.9.14-1ubuntu1~16.04.1)
and Artful (0.3.0.13-0ubuntu1~17.10.1). With those package, failure to
load the Apparmor profile is considered non-fatal.
** Changed in: tor (Ubuntu)
Status: Expired => Fix Released
--
You received this bug notificat
Should be fixed by the recent SRU for Xenial (0.2.9.14-1ubuntu1~16.04.1)
and Artful (0.3.0.13-0ubuntu1~17.10.1).
** Changed in: tor (Ubuntu)
Status: Confirmed => New
** Changed in: tor (Ubuntu)
Status: New => Fix Committed
** Changed in: tor (Ubuntu)
Status: Fix Committed =>
On 2018-02-26 01:58 PM, Jamie Strandboge wrote:
> +1 to add 'capability chown' to the profile, and also for
> '/var/lib/sss/mc/initgroups r,' (since it may or may not make it into
> apparmor SRU in a timely manner.
OK, I'll do that but just to be clear, 'capability fowner' is also
needed and I'll
** Description changed:
+ http://www.php.net/ChangeLog-5.php#5.6.35
http://www.php.net/ChangeLog-5.php#5.6.36
+ http://www.php.net/ChangeLog-7.php#7.0.29
http://www.php.net/ChangeLog-7.php#7.0.30
+ http://www.php.net/ChangeLog-7.php#7.1.16
http://www.php.net/ChangeLog-7.php#7.1.17
+ http://w
@Daniel, it looks like there was some changes to the sandboxing of
Firefox. I needed to add the following rules to make FF 60 work again:
# new with FF 60
capability sys_admin,
capability sys_chroot,
capability sys_ptrace,
owner @{PROC}/@{pid}/{u,g}id_map w,
owner @{PROC}/@{pid}/setgro
The sandboxing improvements are explained in more details here:
https://www.morbo.org/2018/05/linux-sandboxing-improvements-in_10.html
Since I see no setuid binaries, presumably the additional capabilities
are used in the unprivileged user namespace.
--
You received this bug notification because
@Lonnie, it is already released, see the security announcement:
https://usn.ubuntu.com/3645-1/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770600
Title:
Firefox v60: does not work after updating,
Hi Daniel,
On 2018-05-11 04:46 PM, daniel CURTIS wrote:
> Thank You very much for an informations. Yes, there was some changes to
> the Sandbox (vide 'about:support'), because after update there was one
> new option with 'false' value (I have had similar issue in the past but
> it's not important
NGINX couldn't start because one of the TLS cert files referred in the
config isn't accessible:
may 14 19:56:54 birb-pc nginx[6931]: nginx: [emerg]
BIO_new_file("/etc/wok/wok-cert.pem") failed (SSL: error:02001002:system
library:fopen:No such file or directory:fopen('/etc/wok/wok-
cert.pem','r') e
I was too quick in marking this as fix released as I noticed that
Bionic's version has duplicated code in nginx-core.postinst. This seems
to be Ubuntu specific as Debian doesn't have the "-core" flavor.
** Changed in: nginx (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug
@chest069, nginx cannot bind TCP/80 because it is already bonded by
another process:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
This could happen if you have another web server (like apache2) running
** Summary changed:
- Fatal server error: (EE) xf86OpenConsole: Cannot open virtual console 1
(Permission denied)
+ mounting /proc with hidepid causes: Fatal server error: (EE) xf86OpenConsole:
Cannot open virtual console 1 (Permission denied)
--
You received this bug notification because you
Finally found what changed. I updated /etc/fstab to have /proc mounted
with hidepid=2,gid=sudo for added security. This works perfectly on
16.04 but totally breaks on 17.10.
To recap: mounting /proc with "nodev,noexec,nosuid" works but adding
"hidepid=2,gid=sudo" breaks.
** Tags added: regression
@ljbade, this update is currently in QA and you can help test it by
enabling this PPA: https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs
I added a link to the upstream bug, thanks for the guidance Daniel.
** Bug watch added: freedesktop.org Bugzilla #105508
https://bugs.freedesktop.org/show_bug.cgi?id=105508
** Also affects: xorg-server via
https://bugs.freedesktop.org/show_bug.cgi?id=105508
Importance: Unknown
Sta
** Summary changed:
- [MRE] Please update to latest upstream release 7.0.27
+ [MRE] Please update to latest upstream release 7.0.28
** Description changed:
PHP 7.0.25 was tentatively SRU'ed to Xenial (LP: #1724896). During the
process, upstream put out 2 more microversions addressing securit
** Summary changed:
- [MRE] Please update to latest upstream release 7.0.28
+ [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3
** Description changed:
- PHP 7.0.25 was tentatively SRU'ed to Xenial (LP: #1724896). During the
- process, upstream put out 2 more microversions a
Public bug reported:
Found one of my VMs with dmesg many such traces:
general protection fault: [#1] SMP
Modules linked in: ip6table_filter ip6_tables xt_tcpudp xt_conntrack
iptable_filter ip_tables x_tables zfs(PO) zunicode(PO) zcommon(PO) znvpair(PO)
spl(O) zavl(PO) input_leds sch_fq_co
So far, the intel-microcode package has been kept in sync between all
the supported releases. They all get the "stable" version at the same
time. If you'd like to help testing, there is version 3.20180312.0 that
is currently in QA and available from https://launchpad.net/~ubuntu-
security-proposed/
I looked at the patch (didn't test it) and I think the fprintf call is
missing an argument to format as a string. It should read like this
IMHO:
- fprintf(mail, "From: root (Cron Daemon)\n");
+ fprintf(mail, "From: %s\n", mailfrom);
--
You received this bug notification because you a
Public bug reported:
Upstream has put out many more microversions addressing security issues
and other bug fixes. Here is a list of the CVEs addressed by those:
PHP 7.0.29 / 7.1.16 / 7.2.4 (29 Mar 2018):
* https://bugs.php.net/bug.php?id=75605 / https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CV
On Bionic, the package heirloom-mailx is not available so apt picks bsd-
mailx instead so marking as fix released.
** Changed in: drbd-utils (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
h
The "/upper" dir in the apparmor denial message makes me suspect that
unbound was installed in the livecd environment. @Tore, is that what you
tried to do? Setting to incomplete while waiting for a confirmation on
the livecd env.
** Changed in: unbound (Ubuntu)
Status: New => Incomplete
--
** Changed in: unbound (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
AppArmor breaks the default Unbound installation
To manage notifi
Thanks. The live environment being a special one, I'm not sure how to
deal with this at the Apparmor level. Maybe an alias rule ("alias
/upper/ -> /,") would do? Or possibly skip loading the Apparmor profile
when inside a live session?
--
You received this bug notification because you are a membe
That's a valid bug so thanks for reporting! I'll try to do a follow-up
with the relevant folks @Ubuntu regarding possible ways to improve the
experience in the live session. Good luck with your research on DNSSEC!
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
** Summary changed:
- AppArmor breaks the default Unbound installation
+ AppArmor breaks the default Unbound installation in a live session
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title
Would you mind testing the alias rule I suggested in comment #3? If it
works, it would in theory fix not only Unbound but every applications
shipping with an Apparmor profile.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
As root:
echo 'alias /upper/ -> /,' >> /etc/apparmor.d/tunables/alias
rm -f /etc/apparmor.d/force-complain/usr.sbin.unbound
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.unbound
service unbound restart
Then you should hopefully see no more Apparmor denials.
--
You received this bug noti
Hi Peter,
If you don't see the value of applying an Apparmor profile to msmtp
please disable it. The package should remember this decision on upgrades
and not re-enable it behind your back.
I do agree that it kinds of defeat the -C option but the Apparmor
profile was designed to accommodate the m
I use the alias feature in reverse (doh!). That one did the trick:
# /etc/apparmor.d/tunables/alias
alias / -> /upper/,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
Title:
AppArmor bre
Yeah, this GetDynamicUsers denial is probably unrelated and should/will
be addressed in another bug. Thanks for double checking the alias trick!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841364
T
I found your 5.0.0-29 *v2* kernel and gave it a try and I'm happy to
report that you've fixed the problem!
Bionic/5.0 v2:
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-29-generic #31+v2lp1844186 SMP Wed Oct 2
18:47:25 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
*result*: works
--
You received this
I'm hitting the same problem when using a Bionic host with a Bionic
container when using the 5.0 HWE kernel.
@paelzer, I'd appreciate if this could be SRU'ed to Bionic, please :)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
Public bug reported:
Running Chromium's snap result in a lot of Apparmor noise like this:
audit: type=1400 audit(0): apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/mount/utab" pid=0 comm="chrome"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit: type=14
Hi Peter,
The failure to read your msmtp's config is probably because it's a
symlink that points to a non-standard location that is not authorized by
default in the Apparmor profile. The Apparmor profile allows the
following locations:
/etc/msmtprcr,
owner @{HOME}/.msmtp* r,
o
** Description changed:
+ [Description]
+
Nginx logs an error when started on a machine with a single CPU:
systemctl start nginx
systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
-Loaded: loaded (/lib/systemd/system/nginx.service; ena
I tested the PPA build for Bionic (1.14.0-0ubuntu1.3) and it does not
work:
# start nginx in background (as it hangs):
$ sudo systemctl start nginx &
# the parent PID is written to the PIDFile:
$ cat /run/nginx.pid
807
# eventually systemctl start fails and status:
$ systemctl status nginx
● ng
@ahasenack, yes the only problem is the error message due to the bad
ordering in PID handling. I think the plan is to test TJ's patch via PPA
build to get the green light for upstream submission.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
I tested the PPA build for Bionic (1.14.0-0ubuntu1.3p1) and it works!
systemd never looses track of the main daemon even through 'service
nginx upgrade' cycles.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
I tested the PPA build for Eoan (1.16.0-0ubuntu2p1) and it works as
well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581864
Title:
nginx.service: Failed to read PID from file /run/nginx.pid: Inv
@mdeslaur, I've deployed your testing PPA more widely (including prod)
and tested various scenarios. I'm happy to report that we found no
problem with your backport. Can't wait for an official package :)
Thanks again!
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Bug watch added: Debian Bug tracker #933771
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933771
** Also affects: msmtp (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933771
Importance: Unknown
Status: Unknown
--
You received this bug notification because y
@amitk, would you mind sharing the Apparmor denials you are getting? If
you could include your current profile (and local override) as well
that'd be nice, thanks!
** Changed in: msmtp (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubu
I don't see the patch queued up in Xenial/Bionic for the 4.4.0-170.199
and 4.15.0-72.81 kernels. If I can do anything to help those land (like
test more versions), please let me know.
Thank you!
Simon
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
Verified to be working on Bionic using the provided test case and
another simpler one (simply stopping haproxy resulted in the error/143
status).
Preparing to unpack .../haproxy_1.8.8-1ubuntu0.8_amd64.deb ...
Unpacking haproxy (1.8.8-1ubuntu0.8) over (1.8.8-1ubuntu0.7) ...
Setting up haproxy (1.8.
I pulled the various .deb packages from https://launchpad.net
/~canonical-kernel-team/+archive/ubuntu/ppa/+build/17945283 and
installed them on my Bionic host.
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.0.0-33-generic #35-Ubuntu SMP Tue Oct 22 01:48:40
UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
With
I pulled the various .deb packages from https://launchpad.net
/~canonical-kernel-team/+archive/ubuntu/ppa/+build/17953251/+files/ and
installed them on my Bionic host.
$ uname -a
Linux c2d.mgmt.sdeziel.info 5.3.0-20-generic #21-Ubuntu SMP Wed Oct 23 16:20:37
UTC 2019 x86_64 x86_64 x86_64 GNU/Linu
Thanks Łukasz and Christian. I find the block-proposed-* tags idea
interesting if that's not too much work on your side.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1827253
Title:
[apparmor] missi
I feel really bad now :/
The initial commit that went in doesn't even fix the problem due to a
typo/confusion. The proposed manual workaround was OK but the merge
proposal was not.
"/usr/sbin/rsyslog mr," != "/usr/sbin/rsyslogd mr,"
I'm failing the verification and have proposed a new MP. Sorry
201 - 300 of 2179 matches
Mail list logo
