date:20170328

[Group.of.nepali.translators] [Bug 1676328] Re: sssd_be is leaking memory

2017-03-28 Thread Robie Basak

Thank you for taking the time to report this bug and helping to make
Ubuntu better.

Presumably this exists only in Xenial and Yakkety, since Zesty has
1.15.0-3ubuntu4? Marking Fix Released for Zesty accordingly, and
creating tasks for Xenial and Yakkety.

To have Xenial updated, please first read
https://wiki.ubuntu.com/StableReleaseUpdates. We'll either need a
backport of the fix or we'll need to ensure that all changes in updating
to 1.13.5 are acceptable to automatically update users under the policy.

If you could check and document this by following as much of
https://wiki.ubuntu.com/StableReleaseUpdates#Procedure as you can, this
would be most helpful.

** Also affects: sssd (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: sssd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: sssd (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1676328

Title:
  sssd_be is leaking memory

Status in sssd package in Ubuntu:
  Fix Released
Status in sssd source package in Xenial:
  New
Status in sssd source package in Yakkety:
  New

Bug description:
  The bug is described here:

  https://pagure.io/SSSD/sssd/issue/3176

  Please consider to upgrade from 1.13.4 to 1.13.5.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1676328/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1674635] Re: Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v 2012r2 Gen2 VM

2017-03-28 Thread Joseph Salisbury

** No longer affects: linux (Ubuntu Vivid)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1674635

Title:
  Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft
  Hyper-v 2012r2 Gen2 VM

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Yakkety:
  In Progress
Status in linux source package in Zesty:
  In Progress

Bug description:
  After updating the kernel inside the virtual machine to the version 
4.4.0-67-generic, at the next boot the vm will stuck in a black screen at every 
try. An hard reset is required.
  The only workaround is to set the default in grub to the previous version.
  The virtual machine hardware is a Gen2.
  We are experiencing this issue on all our vps with the same kernel (around 
300-400 vms).
  --- 
  AlsaDevices:
   total 0
   crw-rw 1 root audio 116,  1 Mar 20 10:30 seq
   crw-rw 1 root audio 116, 33 Mar 20 10:30 timer
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  DistroRelease: Ubuntu 16.04
  HibernationDevice: RESUME=/dev/mapper/vg01--vg-swap_1
  InstallationDate: Installed on 2017-03-13 (7 days ago)
  InstallationMedia:
   
  IwConfig: Error: [Errno 2] No such file or directory
  Lspci:
   
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: Microsoft Corporation Virtual Machine
  Package: linux (not installed)
  PciMultimedia:
   
  ProcFB: 0 hyperv_fb
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-66-generic.efi.signed 
root=/dev/mapper/vg01--vg-root ro nomodeset
  ProcVersionSignature: Ubuntu 4.4.0-66.87-generic 4.4.44
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-66-generic N/A
   linux-backports-modules-4.4.0-66-generic  N/A
   linux-firmware1.157.8
  RfKill: Error: [Errno 2] No such file or directory
  Tags:  xenial
  Uname: Linux 4.4.0-66-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  _MarkForUpload: True
  dmi.bios.date: 11/26/2012
  dmi.bios.vendor: Microsoft Corporation
  dmi.bios.version: Hyper-V UEFI Release v1.0
  dmi.board.asset.tag: None
  dmi.board.name: Virtual Machine
  dmi.board.vendor: Microsoft Corporation
  dmi.board.version: Hyper-V UEFI Release v1.0
  dmi.chassis.asset.tag: 4898-1213-1192-4801-7611-1594-99
  dmi.chassis.type: 3
  dmi.chassis.vendor: Microsoft Corporation
  dmi.chassis.version: Hyper-V UEFI Release v1.0
  dmi.modalias: 
dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev1.0:bd11/26/2012:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev1.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev1.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev1.0:
  dmi.product.name: Virtual Machine
  dmi.product.version: Hyper-V UEFI Release v1.0
  dmi.sys.vendor: Microsoft Corporation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1674635/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1673579] Re: Corosync/Pacemaker: Error when enabling Pacemaker service, Error when starting the cluster

2017-03-28 Thread Robie Basak

** Also affects: pcs (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1673579

Title:
  Corosync/Pacemaker: Error when enabling Pacemaker service,Error when
  starting the cluster

Status in pcs package in Ubuntu:
  Fix Released
Status in pcs source package in Xenial:
  New

Bug description:
  [Impact]

   * Low, requires users to change the config pcs just generated for them 
because the logging paths aren't correct on Debian/Ubuntu.
   * While easy to workaround it its broken by default.

  [Test Case]

  Install Pacemaker packages:
  sudo apt-get install pcs

  Set the password for the default user:
  sudo passwd hacluster

  #To clear files
  sudo pcs cluster destroy

  Enable and start pcsd/pacemaker:
  #this is not needed on yakkety/zesty, why?
  sudo systemctl start pcsd

  sudo pcs cluster auth pacemaker-1 pacemaker-2 -u hacluster -p
  haclusterpassword

  #this is not needed on yakkety/zesty, why?
  sudo systemctl enable pacemaker

  sudo pcs cluster setup --name hacluster pacemaker-1 pacemaker-2
  sudo pcs cluster start
  **FAILS***
  Starting Cluster...
  Job for corosync.service failed because the control process exited with error 
code. See "systemctl status corosync.service" and "journalctl -xe" for details.

  Error: unable to start corosync

  (Then to actually bring the cluster up you need to sudo systemctl
  start pacemaker)

  __
  Workaround
  On both nodes, Replace the line:
  logfile: /var/log/cluster/corosync.log
  with
  logfile: /var/log/corosync/corosync.log

  [Regression Potential]

   * Seems unlikely this changes is only in the setup cluster function.  This 
exact same fix is now in the Debian package, we just make the logging directory 
the right one.
   * The only potential I see is if someone has scripted creating a cluster 
using pcs and worked around this bug by making the corosync directory instead 
of changing the config file.

  [Other Info]

   * This is already fixed in 16.10 and 17.04.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcs/+bug/1673579/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1573062] Re: memory_stress_ng failing for Power architecture for 16.04

2017-03-28 Thread Mike Rushton

** Changed in: plainbox-provider-checkbox
   Status: Fix Released => Confirmed

** Changed in: plainbox-provider-checkbox
 Assignee: Mike Rushton (leftyfb) => (unassigned)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1573062

Title:
  memory_stress_ng failing for Power architecture for 16.04

Status in Provider for Plainbox - Checkbox:
  Confirmed
Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Xenial:
  Incomplete
Status in linux source package in Yakkety:
  Incomplete

Bug description:
  memory_stress_ng, as part of server certification is failing for IBM
  Power S812LC(TN71-BP012) in bare metal mode. Failing in this case is
  defined by the test locking up the server in an unrecoverable state
  which only a reboot will fix.

  I will be attaching screen and kern logs for the failures and a
  successful run on 14.04 on the same server.

To manage notifications about this bug go to:
https://bugs.launchpad.net/plainbox-provider-checkbox/+bug/1573062/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1656112] Re: Power S822LC (8335-GTB) fails KVM guest cert test with kvm_init_vcpu failed: Invalid argument

2017-03-28 Thread Mike Rushton

** Changed in: qemu (Ubuntu)
   Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1656112

Title:
  Power S822LC (8335-GTB) fails KVM guest cert test with kvm_init_vcpu
  failed: Invalid argument

Status in linux package in Ubuntu:
  Confirmed
Status in qemu package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  Confirmed
Status in qemu source package in Xenial:
  Incomplete

Bug description:
  [Impact]

   * Some newer Power8 derivates fail to work correctly e.g. Power S822LC 
(8335-GTB) 

   * This is a toleration change (no exploitation) for those HW releases 
 following the SRU policy of "For Long Term Support releases we 
 regularly want to enable new hardware. Such changes are appropriate 
 provided that we can ensure not to affect upgrades on existing 
 hardware."

   * Without the Fix that hardware won't run Xenial guests under current 
 Xenials Qemu version

   * The fix lets processors that support it run in PowerISA 2.07 
 compatibility mode (plus a few no-op changes as backport 
 dependencies)

  
  [Test Case]

   * Run a Xenial Guest in KVM on one of the specific HW revisions being 
 affected.

  [Regression Potential]

   * Changes are PPC only, so fallout should be contained to that
   * Patches were created by IBM and in Upstream qemu since 2.7
   * The effective change is rather small, only allow different compat 
 level on this other cpu class
   * There are a few refactoring changes needed to get the backport done, 
 while they should be a no-op that is a regression potential (still 
 limited to ppc64el)

  [Other Info]
   
   * Needed for certifying this Hardware for Ubuntu


  
  Upon running the virtualization test from the certification test suite, the 
kvm guest test fails with the following error:

  kvm_init_vcpu failed: Invalid argument

  This same test works on multiple other IBM Power 8 and Openpower
  servers. kvm-ok tells us that kvm virtualization is supported. I have
  tried with SMT enabled and disabled. I have tried the latest cloud
  image as well as previous onces we had saved. I have tried running the
  qemu-system-ppc64 command found below manually with the same error.

  The full output from the test is as follows:

  Executing KVM Test
  DEBUG:root:Starting KVM Test
  DEBUG:root:Cloud image location specified: 
http://10.1.10.2/cloud/xenial-server-cloudimg-ppc64el-disk1.img.
  DEBUG:root:Downloading xenial-server-cloudimg-ppc64el-disk1.img, from 
http://10.1.10.2
  DEBUG:root:Creating cloud user-data
  DEBUG:root:Creating cloud meta-data
  I: -input-charset not specified, using utf-8 (detected in locale settings)
  Total translation table size: 0
  Total rockridge attributes bytes: 331
  Total directory bytes: 0
  Path table size(bytes): 10
  Max brk space used 0
  183 extents written (0 MB)
  DEBUG:root:Attempting boot for:xenial-server-cloudimg-ppc64el-disk1.img
  DEBUG:root:Attaching Cloud config disk
  DEBUG:root:Using params:qemu-system-ppc64 -m 1024 -display none -nographic 
-net nic -net user,net=10.0.0.0/8,host=10.0.0.1,hostfwd=tcp::-:22 
-enable-kvm -machine pseries,usb=off -cpu POWER8 -drive 
file=xenial-server-cloudimg-ppc64el-disk1.img,if=virtio -drive 
file=seed.iso,if=virtio
  INFO:root:Storing VM console output in 
/home/ubuntu/.cache/plainbox/sessions/canonical-certification-server-2017-01-12T22.19.34.session/CHECKBOX_DATA/virt_debug

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-59-generic 4.4.0-59.80
  ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35
  Uname: Linux 4.4.0-59-generic ppc64le
  AlsaDevices:
   total 0
   crw-rw 1 root audio 116,  1 Jan 12 22:18 seq
   crw-rw 1 root audio 116, 33 Jan 12 22:18 timer
  AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
  ApportVersion: 2.20.1-0ubuntu2.4
  Architecture: ppc64el
  ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  Date: Thu Jan 12 22:45:34 2017
  IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
  Lsusb:
   Bus 002 Device 002: ID 125f:312b A-DATA Technology Co., Ltd. Superior S102 
Pro
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
   Bus 001 Device 003: ID 046b:ff10 American Megatrends, Inc. Virtual Keyboard 
and Mouse
   Bus 001 Device 002: ID 046b:ff01 American Megatrends, Inc.
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  PciMultimedia:

  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 astdrmfb
  ProcKernelCmdLine: root=UUID=a7ce18b4-4614-485f-9346-b19b0415db3a ro fips=1
  ProcLoadAvg: 0.03 0.02 0.08 1/1288 11017

[Group.of.nepali.translators] [Bug 1673092] Re: systemd doesn't wait until the tentative flag isn't removed before firing units depending on network-online.target

2017-03-28 Thread Dimitri John Ledkov

** Also affects: systemd (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: systemd (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1673092

Title:
  systemd doesn't wait until the tentative flag isn't removed before
  firing units depending on network-online.target

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  New
Status in systemd source package in Yakkety:
  New

Bug description:
  [Impact]

  See this issue for details
  https://github.com/systemd/systemd/issues/2037

  Basically, while DAD is running checks on a ipv6 address, no service can
  bind the interface, which could provoke units to fail. Disabling DAD is
  a workaround as explained here [1], but ideally systemd should wait until
  the tentative flag is removed. v232 doesn't have this issue. Can the relevant
  patches be backported to LTS releases?

  [Test Case]

  1. Configure ipv6 address on one interface
  2. Create unit with After=network-online.target that pings a host over
     ipv6
  3. Restart the system

  [Regression Potential]

  * Unknown

  [Other Info]

  * Seems to have been fixed on v232.
  * Using ifupdown or networkd to create the interface seems to be irrelevant
    (upstream bug report uses networkd, while I use ifupdown)

  [1]:
  https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1673092/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1590799] Re: nfs-kernel-server does not start because of dependency failure

2017-03-28 Thread Launchpad Bug Tracker

This bug was fixed in the package nfs-utils - 1:1.2.8-9.2ubuntu2

---
nfs-utils (1:1.2.8-9.2ubuntu2) zesty; urgency=medium

  * Fixing nfs-mountd dependency on rpcbind (race condition) (LP: #1590799)
by adding "rpcbind.socket" to "nfs-mountd.service"  as a dependency
to avoid race conditions:
- Add systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch
- Add systemd-unit-files-fix-up-dependencies-on-rpcbind.patch

 -- Rafael David Tinoco   Fri, 17 Mar 2017
12:19:53 +0100

** Changed in: nfs-utils (Ubuntu Zesty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1590799

Title:
  nfs-kernel-server does not start because of dependency failure

Status in nfs-utils package in Ubuntu:
  Fix Released
Status in nfs-utils source package in Xenial:
  In Progress
Status in nfs-utils source package in Yakkety:
  In Progress
Status in nfs-utils source package in Zesty:
  Fix Released

Bug description:
  [Impact]

   * nfs-mountd doesn't get started because of a race condition happening when 
rpcbind.socket is not specified as a needed service for it to start.
   * nfs-server using rpcbind.target instead of using rpcbind.socket. Target 
should not be used (Comment #24)

  [Test Case]

   * Install nfs-kernel-server inside a xenial lxc guest and restart it until 
nfs-mountd doesn't start complaining on rpc error.
   * Comment #25

  [Regression Potential]

   * Cons: Systemd dependencies could brake for nfs-server and nfs-mountd.
   * Pros: Patches have been accepted upstream (and tested).

  [Other Info]
   
  # Original Bug Description

  Immediately after boot:

  root@feynmann:~# systemctl status nfs-kernel-server
  ● nfs-server.service - NFS server and services
     Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor 
preset: enabled)
     Active: inactive (dead)

  Jun 09 14:35:47 feynmann systemd[1]: Dependency failed for NFS server and 
services.
  Jun 09 14:35:47 feynmann systemd[1]: nfs-server.service: Job 
nfs-server.service/start failed

  root@feynmann:~# systemctl status nfs-mountd.service
  ● nfs-mountd.service - NFS Mount Daemon
     Loaded: loaded (/lib/systemd/system/nfs-mountd.service; static; vendor 
preset: enabled)
     Active: failed (Result: exit-code) since Thu 2016-06-09 14:35:47 BST; 7min 
ago
    Process: 1321 ExecStart=/usr/sbin/rpc.mountd $RPCMOUNTDARGS (code=exited, 
status=1/FAILURE)

  Jun 09 14:35:47 feynmann systemd[1]: Starting NFS Mount Daemon...
  Jun 09 14:35:47 feynmann rpc.mountd[1321]: mountd: could not create listeners
  Jun 09 14:35:47 feynmann systemd[1]: nfs-mountd.service: Control process 
exited, code=exited
  Jun 09 14:35:47 feynmann systemd[1]: Failed to start NFS Mount Daemon.
  Jun 09 14:35:47 feynmann systemd[1]: nfs-mountd.service: Unit entered failed 
state.
  Jun 09 14:35:47 feynmann systemd[1]: nfs-mountd.service: Failed with result 
'exit-code'.

  root@feynmann:~# systemctl list-dependencies nfs-kernel-server
  nfs-kernel-server.service
  ● ├─auth-rpcgss-module.service
  ● ├─nfs-config.service
  ● ├─nfs-idmapd.service
  ● ├─nfs-mountd.service
  ● ├─proc-fs-nfsd.mount
  ● ├─rpc-svcgssd.service
  ● ├─system.slice
  ● ├─network.target
  ● └─rpcbind.target
  ●   └─rpcbind.service

  root@feynmann:~# systemctl list-dependencies nfs-mountd.service
  nfs-mountd.service
  ● ├─nfs-config.service
  ● ├─nfs-server.service
  ● ├─proc-fs-nfsd.mount
  ● └─system.slice
  root@feynmann:~#

  root@feynmann:~# lsb_release -rd
  Description:  Ubuntu 16.04 LTS
  Release:  16.04

  root@feynmann:~# apt-cache policy nfs-kernel-server
  nfs-kernel-server:
    Installed: 1:1.2.8-9ubuntu12
    Candidate: 1:1.2.8-9ubuntu12
    Version table:
   *** 1:1.2.8-9ubuntu12 500
  500 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  100 /var/lib/dpkg/status

  Additional comments:

  1. There seems to be a circular dependency between nfs-mountd and 
nfs-kernel-server
  2. I can get it working by changing the AFter,Requires in 
/lib/ssystemd/system/nfs-{mountd|server}.service files. I have managed to get 
nfs-kernel-server to start but not nfs-mountd.
  3. /usr/lib/systemd/scripts/nfs-utils_env.sh references 
/etc/sysconfig/nfs which is Centos/RedHat location of this file. Also 
/etc/default/nfs does not exist. (possibly unrelated to this bug)
  4. A file "/lib/systemd/system/-.slice" exists. this file prevents 
execution of 'ls *' or 'grep xxx *' commands in that directory. I am unsure 
whether this is intended by the systemd developers but it is unfriendly when 
investigating this bug.

  Attempted solution:

  1. Edit /lib/systemd/system/nfs-server.service (original lines are
  commented out:

  [Unit]
  Description=NFS server and services
  DefaultDependencies=no

[Group.of.nepali.translators] [Bug 1676845] Re: libgles1-mesa is being removed, don't depend on it

2017-03-28 Thread Timo Aaltonen

fixed in zesty

** Changed in: vlc (Ubuntu)
   Status: New => Fix Released

** Also affects: opentk (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1676845

Title:
  libgles1-mesa is being removed, don't depend on it

Status in opentk package in Ubuntu:
  Fix Released
Status in vlc package in Ubuntu:
  Fix Released
Status in opentk source package in Xenial:
  New
Status in vlc source package in Xenial:
  New
Status in opentk source package in Yakkety:
  New
Status in vlc source package in Yakkety:
  New

Bug description:
  Mesa in zesty has dropped libgles1-mesa, slightly ahead of upstream.
  Backporting mesa to xenial & yakkety requires packages that depend on
  it to stop doing that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opentk/+bug/1676845/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1676845] Re: libgles1-mesa is being removed, don't depend on it

2017-03-28 Thread Timo Aaltonen

opentk fixed in zesty

** Changed in: opentk (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1676845

Title:
  libgles1-mesa is being removed, don't depend on it

Status in opentk package in Ubuntu:
  Fix Released
Status in vlc package in Ubuntu:
  Fix Released
Status in opentk source package in Xenial:
  New
Status in vlc source package in Xenial:
  New
Status in opentk source package in Yakkety:
  New
Status in vlc source package in Yakkety:
  New

Bug description:
  Mesa in zesty has dropped libgles1-mesa, slightly ahead of upstream.
  Backporting mesa to xenial & yakkety requires packages that depend on
  it to stop doing that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opentk/+bug/1676845/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

2017-03-28 Thread James Page

This bug was fixed in the package neutron-lbaas - 2:8.3.0-0ubuntu2~cloud0
---

 neutron-lbaas (2:8.3.0-0ubuntu2~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 neutron-lbaas (2:8.3.0-0ubuntu2) xenial; urgency=medium
 .
   * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: 
#1664203)
 - d/p/ensure_namespace_deleted_with_pool.patch


** Changed in: cloud-archive/mitaka
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664203

Title:
  [SRU] v1 driver does not delete namespace when pool deleted

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive liberty series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in neutron-lbaas package in Ubuntu:
  Invalid
Status in neutron-lbaas source package in Trusty:
  New
Status in neutron-lbaas source package in Xenial:
  Fix Committed
Status in neutron-lbaas source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]

  The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a
  bug in that it deletes the haproxy state directory for a pool when
  it's vip is deleted. This means that when the pool itself is deleted,
  its associated namespace is never deleted since the delete is
  predicated on the state path being extant.

  The v1 driver is deprecated as of the Liberty release and was totally
  removed from the codebase in the Newton release. However, Openstack
  Kilo and Mitaka are still supported in Ubuntu, the former requiring
  the v1 driver and the latter still capable of using it so while
  upstream will not accept a patch we will still patch the neutron-
  lbaas-agent Ubuntu package to fix this issue.

  [Test Case]

  Please see http://pastebin.ubuntu.com/24058957/

  [Regression Potential]

  None

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

2017-03-28 Thread James Page

This bug was fixed in the package neutron-lbaas - 1:2015.1.4-0ubuntu3
---

 neutron-lbaas (1:2015.1.4-0ubuntu3) trusty-kilo; urgency=medium
 .
   * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: 
#1664203)
 - d/p/ensure_namespace_deleted_with_pool.patch


** Changed in: cloud-archive/kilo
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664203

Title:
  [SRU] v1 driver does not delete namespace when pool deleted

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive liberty series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in neutron-lbaas package in Ubuntu:
  Invalid
Status in neutron-lbaas source package in Trusty:
  New
Status in neutron-lbaas source package in Xenial:
  Fix Committed
Status in neutron-lbaas source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]

  The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a
  bug in that it deletes the haproxy state directory for a pool when
  it's vip is deleted. This means that when the pool itself is deleted,
  its associated namespace is never deleted since the delete is
  predicated on the state path being extant.

  The v1 driver is deprecated as of the Liberty release and was totally
  removed from the codebase in the Newton release. However, Openstack
  Kilo and Mitaka are still supported in Ubuntu, the former requiring
  the v1 driver and the latter still capable of using it so while
  upstream will not accept a patch we will still patch the neutron-
  lbaas-agent Ubuntu package to fix this issue.

  [Test Case]

  Please see http://pastebin.ubuntu.com/24058957/

  [Regression Potential]

  None

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

2017-03-28 Thread James Page

This bug was fixed in the package neutron-lbaas - 2:7.1.1-0ubuntu1~cloud1
---

 neutron-lbaas (2:7.1.1-0ubuntu1~cloud1) trusty-liberty; urgency=medium
 .
   * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: 
#1664203)
 - d/p/ensure_namespace_deleted_with_pool.patch


** Changed in: cloud-archive/liberty
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664203

Title:
  [SRU] v1 driver does not delete namespace when pool deleted

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive liberty series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in neutron-lbaas package in Ubuntu:
  Invalid
Status in neutron-lbaas source package in Trusty:
  New
Status in neutron-lbaas source package in Xenial:
  Fix Committed
Status in neutron-lbaas source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]

  The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a
  bug in that it deletes the haproxy state directory for a pool when
  it's vip is deleted. This means that when the pool itself is deleted,
  its associated namespace is never deleted since the delete is
  predicated on the state path being extant.

  The v1 driver is deprecated as of the Liberty release and was totally
  removed from the codebase in the Newton release. However, Openstack
  Kilo and Mitaka are still supported in Ubuntu, the former requiring
  the v1 driver and the latter still capable of using it so while
  upstream will not accept a patch we will still patch the neutron-
  lbaas-agent Ubuntu package to fix this issue.

  [Test Case]

  Please see http://pastebin.ubuntu.com/24058957/

  [Regression Potential]

  None

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1638996

Title:
  apparmor's raw_data file in securityfs is sometimes truncated

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  Hi,

  It looks like sometimes apparmor's securityfs output is sometimes
  truncated,

  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1#
 ls -al
  total 0
  drwxr-xr-x  3 root root 0 Nov  3 16:45 .
  drwxr-xr-x 13 root root 0 Nov  3 16:44 ..
  -r--r--r--  1 root root 0 Nov  3 16:45 attach
  -r--r--r--  1 root root 0 Nov  3 16:45 mode
  -r--r--r--  1 root root 0 Nov  3 16:45 name
  drwxr-xr-x  3 root root 0 Nov  3 16:45 profiles
  -r--r--r--  1 root root 0 Nov  3 16:45 raw_abi
  -r--r--r--  1 root root 46234 Nov  3 16:45 raw_data
  -r--r--r--  1 root root 0 Nov  3 16:45 raw_hash
  -r--r--r--  1 root root 0 Nov  3 16:45 sha1
  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1#
 cat raw_data > /tmp/out
  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1#
 ls -al /tmp/out 
  -rw-r--r-- 1 root root 4009 Nov  3 16:55 /tmp/out

  and

  2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/
  2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size 
of the policy
  2016-11-03 10:59:20 @jjohansen  tych0: hrmm interesting, can you zip up the 
/tmp/out file so I can see it looks like a complete policy file?
  2016-11-03 11:00:03 @jjohansen  something is definitely not right there. hrmmm
  2016-11-03 11:00:26 @jjohansen  the size is set by the input buffer size
  2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out
  2016-11-03 11:00:36 tych0 yeah, i assume
  2016-11-03 11:01:15 @jjohansen  my guess is something is messing up in the 
seq_file walk of the policy
  2016-11-03 11:02:38 @jjohansen  tych0: yep the file is truncated, can you 
open a bug and I will start looking for it
  2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux?
  2016-11-03 11:03:35 @jjohansen  tych0: yeah for now, just linux
  2016-11-03 11:03:43 @jjohansen  we can add others if needed later
  2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue 
sometimes it works and sometimes it doesn't

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660833] Re: apparmor reference count bug in label_merge_insert()

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660833

Title:
  apparmor reference count bug in label_merge_insert()

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  @new does not have a reference taken locally and should not have its  
  
  reference put locally either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660833/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660834] Re: apparmor label leak when new label is unused

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660834

Title:
  apparmor label leak when new label is unused

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When a new label is created, it is created with a proxy in a circular 
  
  ref count that is broken by replacement. However if the label is not  
  
  used it will never be replaced and the circular ref count will never  
  
  be broken resulting in a leak.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660834/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660836] Re: apparmor auditing denied access of special apparmor .null fi\ le

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660836

Title:
  apparmor  auditing denied access of special apparmor .null fi\ le

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When an fd is disallowed from being inherited during exec, instead of 
  
  closed it is duped to a special apparmor/.null file. This prevents the
  
  fd from being reused by another file in case the application expects  
  
  the original file on a give fd (eg stdin/stdout etc). This results in 
  
  a denial message like 
  
  [32375.561535] audit: type=1400 audit(1478825963.441:358): apparmor="DENIED" 
op\
  eration="file_inherit" namespace="root//lxd-t_" 
profile="/sbin/dhc\
  lient" name="/dev/pts/1" pid=16795 comm="dhclient" requested_mask="wr" 
denied_m\
  ask="wr" fsuid=165536 ouid=165536 
  

  
  Further access to the fd is resultin in the rather useless denial message 
  
  of
  
  [32375.566820] audit: type=1400 audit(1478825963.445:359): apparmor="DENIED" 
op\
  eration="file_perm" namespace="root//lxd-t_" 
profile="/sbin/dhclie\
  nt" name="/apparmor/.null" pid=16795 comm="dhclient" requested_mask="w" 
denied_\
  mask="w" fsuid=165536 ouid=0  
  

  
  since we have the original denial, the noisy and useless .null based  
  
  denials can be skipped.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660836/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1636322] Re: upstart: ceph-all service starts before networks up

2017-03-28 Thread Edward Hope-Morley

** Changed in: ceph (Ubuntu Xenial)
   Status: Invalid => New

** Changed in: ceph (Ubuntu Yakkety)
   Status: Invalid => New

** Summary changed:

- upstart: ceph-all service starts before networks up
+ [SRU] upstart: ceph-all service starts before networks up

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1636322

Title:
  [SRU] upstart: ceph-all service starts before networks up

Status in Ubuntu Cloud Archive:
  Triaged
Status in Ubuntu Cloud Archive icehouse series:
  Triaged
Status in Ubuntu Cloud Archive kilo series:
  Triaged
Status in Ubuntu Cloud Archive liberty series:
  Triaged
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in ceph package in Ubuntu:
  Fix Released
Status in ceph source package in Trusty:
  New
Status in ceph source package in Xenial:
  New
Status in ceph source package in Yakkety:
  New
Status in ceph source package in Zesty:
  Fix Released

Bug description:
  As reported in upstream bug http://tracker.ceph.com/issues/17689, the
  ceph-all service starts at runlevels [2345] and introduces a race
  condition which allows the ceph service (e.g. ceph-mon) to start prior
  to the network the service binds to is up on the server. This causes
  the service to fail on start because it was unable to bind to the
  specific network the service is configured to listen on.

  A work around is to provide a post-up directive to the network stanza
  configuring the network device in the /etc/network/interfaces file
  which restarts the necessary ceph service.

  [Impact]

   * Ceph service fails to start on reboot of machine/container when
  networking takes some time to come up.

   * The provided patch to the upstart service configuration adds the
  static-network-up event as a dependency for the start on service
  directive. The static-network-up event is started after all the
  network stanzas have been processed in the necessary config files.

  [Test Case]

  * Configure multiple network interfaces and have the ceph service bind
  to one of the last configured network devices to introduce a delayed
  start of the network interface.

  [Regression Potential]

  * Upstream previously had the directive to start the service after any
  network-device-up for a network which is not the loopback interface.
  This caused some "weirdness" to be seen when the multiple network
  interfaces were configured. This was likely due the events that it
  keyed on being the local filesystems being available and a single
  network interface being available. This would add the change to start
  only after all the network interface stanzas are processed in the
  /e/n/i configuration files.

  * Additionally, this will cause some ceph services to start later than
  they previously would have since this change causes additional start
  dependencies. However, the results should be that the interfaces have
  always had a chance to be started prior to the attempt to start the
  ceph service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1636322/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660849] Re: apparmor refcount leak of profile namespace when removing profiles

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660849

Title:
  apparmor refcount leak of profile namespace when removing profiles

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When doing profile removal, the parent ns of the profiles is taken,
  but the reference isn't being put, resulting in the ns never being
  freed even after it is removed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660849/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1656121] Re: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1656121

Title:
  unexpected errno=13 and disconnected path when trying to open
  /proc/1/ns/mnt from a unshared mount namespace

Status in AppArmor:
  Confirmed
Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  This bug is based on a discussion with jjohansen on IRC.

  While working on a feature for snapd
  (https://github.com/snapcore/snapd/pull/2624) we came across an
  unexpected EACCES that only seems to happen when apparmor is in the
  loop.

  The kernel log shows something interesting. The full log is available
  here: http://paste.ubuntu.com/23789099/

  Jan 12 23:16:43 autopkgtest kernel: [  498.616822] audit: type=1400
  audit(1484259403.009:67): apparmor="ALLOWED" operation="open"
  info="Failed name lookup - disconnected path" error=-13 profile="snap
  .test-snapd-tools.cmd//null-/usr/bin/snap//null-/usr/lib/snapd/snap-
  confine" name="" pid=25299 comm="snap-confine" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  The code that triggers this is reproduced below (also visible here
  https://github.com/snapcore/snapd/pull/2624/files)

  +void sc_reassociate_with_pid1_mount_ns()
   +{
   +int init_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1;
   +int self_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1;
   +
   +debug("checking if the current process shares mount namespace"
   +  "with the init process");
   +
   +init_mnt_fd = open("/proc/1/ns/mnt",
   +   O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH);
   +if (init_mnt_fd < 0) {
   +die("cannot open mount namespace of the init process (O_PATH)");
   +}
   +self_mnt_fd = open("/proc/self/ns/mnt",
   +   O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH);
   +if (self_mnt_fd < 0) {
   +die("cannot open mount namespace of the current process 
(O_PATH)");
   +}
   +char init_buf[128], self_buf[128];
   +memset(init_buf, 0, sizeof init_buf);
   +if (readlinkat(init_mnt_fd, "", init_buf, sizeof init_buf) < 0) {
   +die("cannot perform readlinkat() on the mount namespace file "
   +"descriptor of the init process");
   +}
   +memset(self_buf, 0, sizeof self_buf);
   +if (readlinkat(self_mnt_fd, "", self_buf, sizeof self_buf) < 0) {
   +die("cannot perform readlinkat() on the mount namespace file "
   +"descriptor of the current process");
   +}
   +if (memcmp(init_buf, self_buf, sizeof init_buf) != 0) {
   +debug("the current process does not share mount namespace with "
   +  "the init process, re-association required");
   +// NOTE: we cannot use O_NOFOLLOW here because that file will 
always be a
   +// symbolic link. We actually want to open it this way.
   +int init_mnt_fd_real
   +__attribute__ ((cleanup(sc_cleanup_close))) = -1;
   +init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC);
   +if (init_mnt_fd_real < 0) {
   +die("cannot open mount namespace of the init process");
   +}
   +if (setns(init_mnt_fd_real, CLONE_NEWNS) < 0) {
   +die("cannot re-associate the mount namespace with the 
init process");
   +}
   +} else {
   +debug("re-associating is not required");
   +}
   +}

  The specific part that causes the error is:

   +  init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY |
  O_CLOEXEC);

  The call to open returns -1 and errno set to 13 (EACCES) despite using
  attach_disconnected.

  The code in question is executed from a seguid root executable that
  runs under a complain-mode profile (it is started from a process that
  is already confined with such a profile). All of the profiles are
  using attach_disconnected.

  I can reproduce this issue each time by running:

  spread -debug -v qemu:ubuntu-16.04-64:tests/regression/lp-1644439

  Against the code in this pull request:

  https://github.com/snapcore/snapd/pull/2624

  Which is git://github.com/zyga/snapd in the "reassociate-fix" branch

  Appropriate qemu images can be made using instructions from:

  https://github.com/zyga/spread-qemu-images

  I'm also happy to try any test kernels as I can easily run those.

To manage notifications about this bug go to:

[Group.of.nepali.translators] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648143

Title:
  tor in lxd: apparmor="DENIED" operation="change_onexec"
  namespace="root//CONTAINERNAME_" profile="unconfined"
  name="system_tor"

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in tor package in Ubuntu:
  Invalid
Status in apparmor source package in Xenial:
  New
Status in linux source package in Xenial:
  Triaged
Status in tor source package in Xenial:
  Invalid
Status in apparmor source package in Yakkety:
  New
Status in linux source package in Yakkety:
  Triaged
Status in tor source package in Yakkety:
  Invalid

Bug description:
  Environment:
  

  Distribution: ubuntu
  Distribution version: 16.10
  lxc info:
  apiextensions:

  storage_zfs_remove_snapshots
  container_host_shutdown_timeout
  container_syscall_filtering
  auth_pki
  container_last_used_at
  etag
  patch
  usb_devices
  https_allowed_credentials
  image_compression_algorithm
  directory_manipulation
  container_cpu_time
  storage_zfs_use_refquota
  storage_lvm_mount_options
  network
  profile_usedby
  container_push
  apistatus: stable
  apiversion: "1.0"
  auth: trusted
  environment:
  addresses:
  163.172.48.149:8443
  172.20.10.1:8443
  172.20.11.1:8443
  172.20.12.1:8443
  172.20.22.1:8443
  172.20.21.1:8443
  10.8.0.1:8443
  architectures:
  x86_64
  i686
  certificate: |
  -BEGIN CERTIFICATE-
  -END CERTIFICATE-
  certificatefingerprint: 
3048baa9f20d316f60a6c602452b58409a6d9e2c3218897e8de7c7c72af0179b
  driver: lxc
  driverversion: 2.0.5
  kernel: Linux
  kernelarchitecture: x86_64
  kernelversion: 4.8.0-27-generic
  server: lxd
  serverpid: 32694
  serverversion: 2.4.1
  storage: btrfs
  storageversion: 4.7.3
  config:
  core.https_address: '[::]:8443'
  core.trust_password: true

  Container: ubuntu 16.10

  
  Issue description
  --

  
  tor can't start in a non privileged container

  
  Logs from the container:
  -

  Dec 7 15:03:00 anonymous tor[302]: Configuration was valid
  Dec 7 15:03:00 anonymous systemd[303]: tor@default.service: Failed at step 
APPARMOR spawning /usr/bin/tor: No such file or directory
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Main process 
exited, code=exited, status=231/APPARMOR
  Dec 7 15:03:00 anonymous systemd[1]: Failed to start Anonymizing overlay 
network for TCP.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Unit entered failed 
state.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Failed with result 
'exit-code'.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Service hold-off 
time over, scheduling restart.
  Dec 7 15:03:00 anonymous systemd[1]: Stopped Anonymizing overlay network for 
TCP.
  Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Failed to reset 
devices.list: Operation not permitted
  Dec 7 15:03:00 anonymous systemd[1]: Failed to set devices.allow on 
/system.slice/system-tor.slice/tor@default.service: Operation not permitted
  Dec 7 15:03:00 anonymous systemd[1]: message repeated 6 times: [ Failed to 
set devices.allow on /system.slice/system-tor.slice/tor@default.service: 
Operation not permitted]
  Dec 7 15:03:00 anonymous systemd[1]: Couldn't stat device 
/run/systemd/inaccessible/chr
  Dec 7 15:03:00 anonymous systemd[1]: Couldn't stat device 
/run/systemd/inaccessible/blk
  Dec 7 15:03:00 anonymous systemd[1]: Failed to set devices.allow on 
/system.slice/system-tor.slice/tor@default.service: Operation not permitted


  Logs from the host
  

  audit: type=1400 audit(1481119378.856:6950): apparmor="DENIED" 
operation="change_onexec" info="label not found" error=-2 
namespace="root//lxd-anonymous_" profile="unconfined" name="system_tor" 
  pid=12164 comm="(tor)"

  
  Steps to reproduce
  -

  install ubuntu container 16.10 on a ubuntu 16.10 host
  install tor in the container
  Launch tor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1648143/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to :

[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1645037

Title:
  apparmor_parser hangs indefinitely when called by multiple threads

Status in apparmor package in Ubuntu:
  Triaged
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  This bug surfaced when starting ~50 LXC container with LXD in parallel
  multiple times:

  # Create the containers
  for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done

  # Exectute this loop multiple times until you observe errors.
  for c in c foo{1..50}; do lxc restart $c & done

  After this you can

  ps aux | grep apparmor

  and you should see output similar to:

  root 19774  0.0  0.0  12524  1116 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19775  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19776  0.0  0.0  13592  3224 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19778  0.0  0.0  13592  3384 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19780  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19782  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19783  0.0  0.0  13592  3388 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19784  0.0  0.0  13592  3252 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19794  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25
  root 19795  0.0  0.0  13592  3256 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25

  apparmor_parser remains stuck even after all LXC/LXD commands have
  exited.

  dmesg output yields lines like:

  [41902.815174] audit: type=1400 audit(1480191089.678:43):
  apparmor="STATUS" operation="profile_load" profile="unconfined" name
  ="lxd-foo30_" pid=12545 comm="apparmor_parser"

  and cat /proc/12545/stack shows:

  [] aa_remove_profiles+0x88/0x270
  21:19   brauner  [] profile_remove+0x144/0x2e0
  21:19   brauner  [] __vfs_write+0x18/0x40
  21:19   brauner  [] vfs_write+0xb8/0x1b0
  21:19   brauner  [] SyS_write+0x55/0xc0
  21:19   brauner  [] entry_SYSCALL_64_fastpath+0x1e/0xa8
  21:19   brauner  [] 0x

  This looks like a potential kernel bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1645037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1658219] Re: flock not mediated by 'k'

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1658219

Title:
  flock not mediated by 'k'

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  $ cat ./apparmor.profile 
  #include 

  profile test {
#include 

/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,

  }

  $ sudo apparmor_parser -r ./apparmor.profile

  $ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
  yes

  $ ls -l /tmp/test.lock 
  -rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock

  The flock command uses flock(LOCK_EX) and I expected it to be blocked
  due to the lack of 'k'.

  apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
  kernel on amd64.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660846] Re: apparmor leaking securityfs pin count

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660846

Title:
  apparmor leaking securityfs pin count

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  apparmor is leaking pinfs refcoutn when inode setup fails.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660846/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648903

Title:
  Permission denied and inconsistent behavior in complain mode with 'ip
  netns list' command

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30

  With this profile:

  #include 

  profile test (attach_disconnected,complain) {
  #include 

  /{,usr/}{,s}bin/ip ixr,  # COMMENT OUT THIS RULE TO SEE WEIRDNESS

  capability sys_admin,
  capability net_admin,
  capability sys_ptrace,

  network netlink raw,

  ptrace (trace),

  / r,
  /run/netns/ rw,
  /run/netns/* rw,

  mount options=(rw, rshared) -> /run/netns/,
  mount options=(rw, bind) /run/netns/ -> /run/netns/,
  mount options=(rw, bind) / -> /run/netns/*,
  mount options=(rw, rslave) /,
  mount options=(rw, rslave), # LP: #1648245
  umount /sys/,
  umount /,

  
  /bin/dash ixr,
  }

  Everything is fine when I do:
  $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p 
test -- sh -c 'ip netns list'
  $

  and there are no ALLOWED entries in syslog.

  
  However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a 
permission denied and a bunch of ALLOWED entries:

  $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p 
test -- sh -c 'ip netns list'
  open("/proc/self/ns/net"): Permission denied
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400 
audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace" 
profile="unconfined" name="test" pid=4314 comm="apparmor_parser"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400 
audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test" 
name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 
ouid=0 target="test//null-/bin/ip"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400 
audit(1481324889.790:471): apparmor="ALLOWED" operation="open" 
profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400 
audit(1481324889.790:472): apparmor="ALLOWED" operation="open" 
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so" 
pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400 
audit(1481324889.790:473): apparmor="ALLOWED" operation="open" 
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317 
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400 
audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect" 
profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400 
audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect" 
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317 
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400 
audit(1481324889.790:476): apparmor="ALLOWED" operation="create" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400 
audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400 
audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400 
audit(1481324889.790:479): apparmor="ALLOWED" operation="bind" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400 
audit(1481324889.794:480): apparmor="ALLOWED"

[Group.of.nepali.translators] [Bug 1660840] Re: apparmor oops in bind_mnt when dev_path lookup fails

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660840

Title:
  apparmor oops in bind_mnt when dev_path lookup fails

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  Bind mounts can oops when devname lookup fails because the devname is 
  
  unintialized and used in auditing the denial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660840/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660845] Re: apparmor reference count leak when securityfs_setup_d_inode\ () fails

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660845

Title:
  apparmor reference count leak when securityfs_setup_d_inode\ () fails

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  apparmor is leaking the parent ns ref count, by directly returning the
  error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660845/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660842] Re: apparmor not checking error if security_pin_fs() fails

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660842

Title:
  apparmor not checking error if security_pin_fs() fails

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  The error condition of security_pin_fs() was not being checked which
  will result can result in an oops or use after free, due to the fs pin
  count not being incremented.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660842/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1661030] Re: regession tests failing after stackprofile test is run

2017-03-28 Thread Stefan Bader

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1661030

Title:
  regession tests failing after stackprofile test is run

Status in apparmor package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Incomplete
Status in apparmor source package in Xenial:
  Fix Committed
Status in linux source package in Xenial:
  Triaged
Status in apparmor source package in Yakkety:
  Fix Committed
Status in linux source package in Yakkety:
  Triaged
Status in apparmor source package in Zesty:
  Fix Released
Status in linux source package in Zesty:
  Incomplete

Bug description:
  from source, I'm running the tests and the makefile fails at the end
  with:

  running stackprofile
  Makefile:303: recipe for target 'tests' failed
  make: *** [tests] Error 1

  No idea why that is happening. It's breaking on our kernel team
  regression tests runs, so can this be investigated?  The source was
  fetched using "apt-get source apparmor".

  A full run is below:

  king@ubuntu:~/apparmor-2.10.95/tests/regression/apparmor$ sudo make
  USE_SYSTEM=1 tests

  running aa_exec

  running access
  xfail: ACCESS file rx (r)
  xfail: ACCESS file rwx (r)
  xfail: ACCESS file r (wx)
  xfail: ACCESS file rx (wx)
  xfail: ACCESS file rwx (wx)
  xfail: ACCESS dir rwx (r)
  xfail: ACCESS dir r (wx)
  xfail: ACCESS dir rx (wx)
  xfail: ACCESS dir rwx (wx)

  running at_secure

  running introspect

  running capabilities
  (ptrace)
  (sethostname)
  (setdomainname)
  (setpriority)
  (setscheduler)
  (reboot)
  (chroot)
  (mlockall)
  (net_raw)
  (ioperm)
  (iopl)

  running changeprofile

  running onexec

  running changehat

  running changehat_fork

  running changehat_misc

  *** A 'Killed' message from bash is expected for the following test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12503 Killed  $testexec "$@" > $outfile 2>&1

  *** A 'Killed' message from bash is expected for the following test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12537 Killed  $testexec "$@" > $outfile 2>&1

  running chdir

  running clone

  running coredump
  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12803 Segmentation fault  (core dumped) $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12833 Segmentation fault  $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12869 Segmentation fault  $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12905 Segmentation fault  $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12941 Segmentation fault  $testexec "$@" > $outfile 2>&1
  XFAIL: Error: corefile present when not expected -- COREDUMP (ix confinement)

  running deleted

  running environ
  Fatal Error (environ): Unable to run test sub-executable

  running exec

  running exec_qual

  running fchdir

  running fd_inheritance

  running fork

  running i18n

  running link

  running link_subset

  running mkdir

  running mmap

  running mount
  using mount rules ...

  running mult_mount

  running named_pipe

  running namespaces

  running net_raw

  running open

  running openat

  running pipe

  running pivot_root

  running ptrace
 using ptrace v6 tests ...

  running pwrite

  running query_label
  Alert: query_label passed. Test 'QUERY file (all base perms #1)' was marked 
as expected pass but known problem (xpass)
  xpass: QUERY file (all base perms #1)
  Alert: query_label passed. Test 'QUERY file (all base perms #2)' was marked 
as expected pass but known problem (xpass)
  xpass: QUERY file (all base perms #2)

  running regex

  running rename

  running readdir

  running rw

  running socketpair

  running swap
  mkswap: /tmp/sdtest.21272-20356-eRXvtR/swapfile: insecure permissions 0644, 
0600 suggested.
  swapon:

[Group.of.nepali.translators] [Bug 1669611] Re: Regression in 4.4.0-65-generic causes very frequent system crashes

2017-03-28 Thread Stefan Bader

This bug was fixed in Ubuntu-4.8.0-44.47.

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Yakkety)
   Importance: Undecided => Critical

** Changed in: linux (Ubuntu Yakkety)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1669611

Title:
  Regression in 4.4.0-65-generic causes very frequent system crashes

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released
Status in linux source package in Zesty:
  Fix Released

Bug description:
  After upgrading to 4.4.0-65-generic all of our Jenkins test runners
  are dying every 10 minutes or so. They don't answer on the network, on
  the console or through serial console.

  The kernel backtraces we got are:
  ```
  buildd04 login: [ 1443.707658] BUG: unable to handle kernel paging request at 
2d5e501d
  [ 1443.707969] IP: [] mntget+0xf/0x20
  [ 1443.708086] *pdpt = 24056001 *pde = 
  [ 1443.708237] Oops: 0002 [#1] SMP
  [ 1443.708325] Modules linked in: ip6t_REJECT nf_reject_ipv6 ipt_REJECT 
nf_reject_ipv4 ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat 
nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables 
xt_comment veth ebtable_filter ebtables dm_snapshot dm_thin_pool 
dm_persistent_data dm_bio_prison dm_bufio libcrc32c binfmt_misc xt_CHECKSUM 
iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp 
iptable_filter ip_tables x_tables zram lz4_compress bridge stp llc kvm_intel 
ppdev kvm irqbypass crc32_pclmul aesni_intel aes_i586 xts lrw gf128mul 
ablk_helper cryptd joydev input_leds serio_raw parport_pc 8250_fintek i2c_piix4 
mac_hid lp parport autofs4 btrfs xor raid6_pq psmouse virtio_scsi pata_acpi 
floppy
  [ 1443.710365] CPU: 1 PID: 14167 Comm: apparmor_parser Not tainted 
4.4.0-65-generic #86-Ubuntu
  [ 1443.710505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
Bochs 01/01/2011
  [ 1443.710651] task: f5920a00 ti: e63f2000 task.ti: e63f2000
  [ 1443.710776] EIP: 0060:[] EFLAGS: 00010286 CPU: 1
  [ 1443.710875] EIP is at mntget+0xf/0x20
  [ 1443.710946] EAX: f57e4d90 EBX:  ECX: c1d333cc EDX: 0002801d
  [ 1443.711088] ESI: c1d36404 EDI: c1d36408 EBP: e63f3de8 ESP: e63f3de8
  [ 1443.711228]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
  [ 1443.711334] CR0: 80050033 CR2: 2d5e501d CR3: 35072440 CR4: 001406f0
  [ 1443.711471] Stack:
  [ 1443.711593]  e63f3e04 c1203752 c13b7f71 c1d333cc eebb5980 e59d71e0 
41ed e63f3e30
  [ 1443.711822]  c130546b e59d7230 1a628dcf 0003  e63f3e58 
6c0a010a e53b6800
  [ 1443.712044]  00de eebb5980 e63f3e44 c13055be   
 e63f3e6c
  [ 1443.712264] Call Trace:
  [ 1443.712314]  [] simple_pin_fs+0x32/0xa0
  [ 1443.712421]  [] ? vsnprintf+0x321/0x420
  [ 1443.712516]  [] securityfs_create_dentry+0x5b/0x150
  [ 1443.712632]  [] securityfs_create_dir+0x2e/0x30
  [ 1443.712729]  [] __aa_fs_profile_mkdir+0x46/0x3c0
  [ 1443.712826]  [] aa_replace_profiles+0x4c0/0xbc0
  [ 1443.712927]  [] ? ns_capable_common+0x55/0x80
  [ 1443.713022]  [] policy_update+0x97/0x230
  [ 1443.713122]  [] ? security_file_permission+0x39/0xc0
  [ 1443.713247]  [] profile_replace+0x98/0xe0
  [ 1443.713346]  [] ? policy_update+0x230/0x230
  [ 1443.713445]  [] __vfs_write+0x1f/0x50
  [ 1443.713535]  [] vfs_write+0x8c/0x1b0
  [ 1443.713633]  [] SyS_write+0x51/0xb0
  [ 1443.713738]  [] do_fast_syscall_32+0x8d/0x150
  [ 1443.713838]  [] sysenter_past_esp+0x3d/0x61
  [ 1443.713938] Code: c0 74 09 83 42 10 01 89 d0 5b 5d c3 3b 5b 10 b8 fe ff ff 
ff 75 e3 eb eb 8d 74 26 00 55 89 e5 3e 8d 74 26 00 85 c0 74 06 8b 50 14 <64> ff 
02 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00 55 89 e5 3e
  [ 1443.715713] EIP: [] mntget+0xf/0x20 SS:ESP 0068:e63f3de8
  [ 1443.715852] CR2: 2d5e501d
  ```

  ```
  buildd07 login: [ 1262.522071] BUG: unable to handle kernel NULL pointer 
dereference at 0008
  [ 1262.522339] IP: [] mntput_no_expire+0x68/0x180
  [ 1262.522464] PGD 439912067 PUD 43997f067 PMD 0
  [ 1262.522556] Oops: 0002 [#1] SMP
  [ 1262.522760] Modules linked in: ip6t_REJECT nf_reject_ipv6 ipt_REJECT 
nf_reject_ipv4 ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat 
nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables 
xt_comment veth ebtable_filter ebtables dm_snapshot dm_thin_pool 
dm_persistent_data dm_bio_prison dm_bufio libcrc32c binfmt_misc xt_CHECKSUM 
iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp 
iptable_filter ip_tables x_tables bridge stp llc zram lz4_compress zfs(PO) 
zunicode(PO)

[Group.of.nepali.translators] [Bug 1673350] Re: dm-queue-length module is not included in installer/initramfs

2017-03-28 Thread Launchpad Bug Tracker

This bug was fixed in the package hw-detect - 1.117ubuntu4

---
hw-detect (1.117ubuntu4) zesty; urgency=medium

  * disk-detect.sh: unconditionally modprobe dm-service-time and
dm-queue-length multipath path selector modules alongside dm-round-robin.
(LP: #1673350)

 -- Mathieu Trudel-Lapierre   Mon, 27 Mar 2017
21:23:41 -0400

** Changed in: hw-detect (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1673350

Title:
  dm-queue-length module is not included in installer/initramfs

Status in hw-detect package in Ubuntu:
  Fix Released
Status in initramfs-tools package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Released
Status in multipath-tools package in Ubuntu:
  Fix Released
Status in hw-detect source package in Xenial:
  New
Status in initramfs-tools source package in Xenial:
  Invalid
Status in linux source package in Xenial:
  In Progress
Status in multipath-tools source package in Xenial:
  New
Status in hw-detect source package in Yakkety:
  New
Status in initramfs-tools source package in Yakkety:
  Invalid
Status in linux source package in Yakkety:
  New
Status in multipath-tools source package in Yakkety:
  New

Bug description:
  [Impact]
  Multipath users using EMC XtremIO storage as boot device or at install time 
may run into this issue. With the module unavailable the device is more often 
than not unavailable. Any users changing path selector to 'queue-length' with 
other storage devices may also be affected.

  [Test case]
  1) Install on multipath system using EMC XtremIO storage / OR:
   a) Start d-i install on qemu with multipath enabled
   b) exit to d-i menu
   c) modify /etc/multipath.conf to define path selector as 'queue-length' for 
the local qemu device.
   d) restart multipathd if necessary.
  2) Try to complete the install, setting up storage as multipath and using the 
multipath device as boot disk.
  3) Reboot to disk.

  In a success case, the install should complete successfully without
  requiring manual configuration from the user to support the multipath
  storage past the normal detection of multipath and partitioning.

  In a failure case, the install may not complete, or rebooting may fail
  or lead to a system booted on a single path of the multipath device
  (ie. / on /dev/sda2 rather than /dev/mpatha2).

  [Regression Potential]
  The inclusion of a new multipath path selector driver should not cause any 
regressions, but any failure to detect, configure or boot on multipath devices 
following this change on XtremIO hardware or otherwise would constitute a 
regression potentially caused by this change.

  ---

  ---Problem Description---
  dm-queue-length module is not included in installer/initramfs

  On Ubuntu, multipath devices using the 'queue-length' path selector
  are non-functional on both the installer and initramfs environments;
  because the 'dm-queue-length' kernel module is not included in them.

  The multipath-modules.udeb (src:linux) does not include it in the installer,
  nor multipath-tools-boot (src:multipath-tools) installs it in the initramfs.

  One example is the EMC XtremIO storage, which has 'queue-length' defined as
  its path selector in the default multipath configuration, at least on 16.04.

  Other products may be affected if they are manually configured to use that
  path selector (e.g., via /etc/multipath.conf), and the mere switch of that
  might render the system _unbootable_ if booting from multipath, since the
  initramfs is affected.

  More recently this and another storage changed default path selectors out
  of 'queue-length', however, it's virtually possible for any storage system
  to be affected, with the described manual configuration change.  So, this
  change is also desired on for the next stable release, 17.04, and later.

  Patches are provided for 16.04 and 17.04.

  Error logs in LP comment #6.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/hw-detect/+bug/1673350/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1676328] Re: sssd_be is leaking memory

[Group.of.nepali.translators] [Bug 1674635] Re: Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v 2012r2 Gen2 VM

[Group.of.nepali.translators] [Bug 1673579] Re: Corosync/Pacemaker: Error when enabling Pacemaker service, Error when starting the cluster

[Group.of.nepali.translators] [Bug 1573062] Re: memory_stress_ng failing for Power architecture for 16.04

[Group.of.nepali.translators] [Bug 1656112] Re: Power S822LC (8335-GTB) fails KVM guest cert test with kvm_init_vcpu failed: Invalid argument

[Group.of.nepali.translators] [Bug 1673092] Re: systemd doesn't wait until the tentative flag isn't removed before firing units depending on network-online.target

[Group.of.nepali.translators] [Bug 1590799] Re: nfs-kernel-server does not start because of dependency failure

[Group.of.nepali.translators] [Bug 1676845] Re: libgles1-mesa is being removed, don't depend on it

[Group.of.nepali.translators] [Bug 1676845] Re: libgles1-mesa is being removed, don't depend on it

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

[Group.of.nepali.translators] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated

[Group.of.nepali.translators] [Bug 1660833] Re: apparmor reference count bug in label_merge_insert()

[Group.of.nepali.translators] [Bug 1660834] Re: apparmor label leak when new label is unused

[Group.of.nepali.translators] [Bug 1660836] Re: apparmor auditing denied access of special apparmor .null fi\ le

[Group.of.nepali.translators] [Bug 1636322] Re: upstart: ceph-all service starts before networks up

[Group.of.nepali.translators] [Bug 1660849] Re: apparmor refcount leak of profile namespace when removing profiles

[Group.of.nepali.translators] [Bug 1656121] Re: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace

[Group.of.nepali.translators] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"

[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

[Group.of.nepali.translators] [Bug 1658219] Re: flock not mediated by 'k'

[Group.of.nepali.translators] [Bug 1660846] Re: apparmor leaking securityfs pin count

[Group.of.nepali.translators] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command

[Group.of.nepali.translators] [Bug 1660840] Re: apparmor oops in bind_mnt when dev_path lookup fails

[Group.of.nepali.translators] [Bug 1660845] Re: apparmor reference count leak when securityfs_setup_d_inode\ () fails

[Group.of.nepali.translators] [Bug 1660842] Re: apparmor not checking error if security_pin_fs() fails

[Group.of.nepali.translators] [Bug 1661030] Re: regession tests failing after stackprofile test is run

[Group.of.nepali.translators] [Bug 1669611] Re: Regression in 4.4.0-65-generic causes very frequent system crashes

[Group.of.nepali.translators] [Bug 1673350] Re: dm-queue-length module is not included in installer/initramfs

30 matches

Site Navigation

Mail list logo

Footer information