** Patch added: "1-1814301-kinetic.debdiff" https://bugs.launchpad.net/ubuntu/jammy/+source/quassel/+bug/1814302/+attachment/5596890/+files/1-1814301-kinetic.debdiff
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Confirmed Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Confirmed Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_<var-snap-lxd-common-lxd>" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=1000000 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp