[Group.of.nepali.translators] [Bug 1676328] Re: sssd_be is leaking memory
Thank you for taking the time to report this bug and helping to make Ubuntu better. Presumably this exists only in Xenial and Yakkety, since Zesty has 1.15.0-3ubuntu4? Marking Fix Released for Zesty accordingly, and creating tasks for Xenial and Yakkety. To have Xenial updated, please first read https://wiki.ubuntu.com/StableReleaseUpdates. We'll either need a backport of the fix or we'll need to ensure that all changes in updating to 1.13.5 are acceptable to automatically update users under the policy. If you could check and document this by following as much of https://wiki.ubuntu.com/StableReleaseUpdates#Procedure as you can, this would be most helpful. ** Also affects: sssd (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: sssd (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: sssd (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1676328 Title: sssd_be is leaking memory Status in sssd package in Ubuntu: Fix Released Status in sssd source package in Xenial: New Status in sssd source package in Yakkety: New Bug description: The bug is described here: https://pagure.io/SSSD/sssd/issue/3176 Please consider to upgrade from 1.13.4 to 1.13.5. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1676328/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1674635] Re: Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v 2012r2 Gen2 VM
** No longer affects: linux (Ubuntu Vivid) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1674635 Title: Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v 2012r2 Gen2 VM Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Bug description: After updating the kernel inside the virtual machine to the version 4.4.0-67-generic, at the next boot the vm will stuck in a black screen at every try. An hard reset is required. The only workaround is to set the default in grub to the previous version. The virtual machine hardware is a Gen2. We are experiencing this issue on all our vps with the same kernel (around 300-400 vms). --- AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Mar 20 10:30 seq crw-rw 1 root audio 116, 33 Mar 20 10:30 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: DistroRelease: Ubuntu 16.04 HibernationDevice: RESUME=/dev/mapper/vg01--vg-swap_1 InstallationDate: Installed on 2017-03-13 (7 days ago) InstallationMedia: IwConfig: Error: [Errno 2] No such file or directory Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) PciMultimedia: ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-66-generic.efi.signed root=/dev/mapper/vg01--vg-root ro nomodeset ProcVersionSignature: Ubuntu 4.4.0-66.87-generic 4.4.44 RelatedPackageVersions: linux-restricted-modules-4.4.0-66-generic N/A linux-backports-modules-4.4.0-66-generic N/A linux-firmware1.157.8 RfKill: Error: [Errno 2] No such file or directory Tags: xenial Uname: Linux 4.4.0-66-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: _MarkForUpload: True dmi.bios.date: 11/26/2012 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v1.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v1.0 dmi.chassis.asset.tag: 4898-1213-1192-4801-7611-1594-99 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v1.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev1.0:bd11/26/2012:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev1.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev1.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev1.0: dmi.product.name: Virtual Machine dmi.product.version: Hyper-V UEFI Release v1.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1674635/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1673579] Re: Corosync/Pacemaker: Error when enabling Pacemaker service, Error when starting the cluster
** Also affects: pcs (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673579 Title: Corosync/Pacemaker: Error when enabling Pacemaker service,Error when starting the cluster Status in pcs package in Ubuntu: Fix Released Status in pcs source package in Xenial: New Bug description: [Impact] * Low, requires users to change the config pcs just generated for them because the logging paths aren't correct on Debian/Ubuntu. * While easy to workaround it its broken by default. [Test Case] Install Pacemaker packages: sudo apt-get install pcs Set the password for the default user: sudo passwd hacluster #To clear files sudo pcs cluster destroy Enable and start pcsd/pacemaker: #this is not needed on yakkety/zesty, why? sudo systemctl start pcsd sudo pcs cluster auth pacemaker-1 pacemaker-2 -u hacluster -p haclusterpassword #this is not needed on yakkety/zesty, why? sudo systemctl enable pacemaker sudo pcs cluster setup --name hacluster pacemaker-1 pacemaker-2 sudo pcs cluster start **FAILS*** Starting Cluster... Job for corosync.service failed because the control process exited with error code. See "systemctl status corosync.service" and "journalctl -xe" for details. Error: unable to start corosync (Then to actually bring the cluster up you need to sudo systemctl start pacemaker) __ Workaround On both nodes, Replace the line: logfile: /var/log/cluster/corosync.log with logfile: /var/log/corosync/corosync.log [Regression Potential] * Seems unlikely this changes is only in the setup cluster function. This exact same fix is now in the Debian package, we just make the logging directory the right one. * The only potential I see is if someone has scripted creating a cluster using pcs and worked around this bug by making the corosync directory instead of changing the config file. [Other Info] * This is already fixed in 16.10 and 17.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcs/+bug/1673579/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1573062] Re: memory_stress_ng failing for Power architecture for 16.04
** Changed in: plainbox-provider-checkbox Status: Fix Released => Confirmed ** Changed in: plainbox-provider-checkbox Assignee: Mike Rushton (leftyfb) => (unassigned) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1573062 Title: memory_stress_ng failing for Power architecture for 16.04 Status in Provider for Plainbox - Checkbox: Confirmed Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Incomplete Status in linux source package in Yakkety: Incomplete Bug description: memory_stress_ng, as part of server certification is failing for IBM Power S812LC(TN71-BP012) in bare metal mode. Failing in this case is defined by the test locking up the server in an unrecoverable state which only a reboot will fix. I will be attaching screen and kern logs for the failures and a successful run on 14.04 on the same server. To manage notifications about this bug go to: https://bugs.launchpad.net/plainbox-provider-checkbox/+bug/1573062/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1656112] Re: Power S822LC (8335-GTB) fails KVM guest cert test with kvm_init_vcpu failed: Invalid argument
** Changed in: qemu (Ubuntu) Status: Fix Released => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1656112 Title: Power S822LC (8335-GTB) fails KVM guest cert test with kvm_init_vcpu failed: Invalid argument Status in linux package in Ubuntu: Confirmed Status in qemu package in Ubuntu: In Progress Status in linux source package in Xenial: Confirmed Status in qemu source package in Xenial: Incomplete Bug description: [Impact] * Some newer Power8 derivates fail to work correctly e.g. Power S822LC (8335-GTB) * This is a toleration change (no exploitation) for those HW releases following the SRU policy of "For Long Term Support releases we regularly want to enable new hardware. Such changes are appropriate provided that we can ensure not to affect upgrades on existing hardware." * Without the Fix that hardware won't run Xenial guests under current Xenials Qemu version * The fix lets processors that support it run in PowerISA 2.07 compatibility mode (plus a few no-op changes as backport dependencies) [Test Case] * Run a Xenial Guest in KVM on one of the specific HW revisions being affected. [Regression Potential] * Changes are PPC only, so fallout should be contained to that * Patches were created by IBM and in Upstream qemu since 2.7 * The effective change is rather small, only allow different compat level on this other cpu class * There are a few refactoring changes needed to get the backport done, while they should be a no-op that is a regression potential (still limited to ppc64el) [Other Info] * Needed for certifying this Hardware for Ubuntu Upon running the virtualization test from the certification test suite, the kvm guest test fails with the following error: kvm_init_vcpu failed: Invalid argument This same test works on multiple other IBM Power 8 and Openpower servers. kvm-ok tells us that kvm virtualization is supported. I have tried with SMT enabled and disabled. I have tried the latest cloud image as well as previous onces we had saved. I have tried running the qemu-system-ppc64 command found below manually with the same error. The full output from the test is as follows: Executing KVM Test DEBUG:root:Starting KVM Test DEBUG:root:Cloud image location specified: http://10.1.10.2/cloud/xenial-server-cloudimg-ppc64el-disk1.img. DEBUG:root:Downloading xenial-server-cloudimg-ppc64el-disk1.img, from http://10.1.10.2 DEBUG:root:Creating cloud user-data DEBUG:root:Creating cloud meta-data I: -input-charset not specified, using utf-8 (detected in locale settings) Total translation table size: 0 Total rockridge attributes bytes: 331 Total directory bytes: 0 Path table size(bytes): 10 Max brk space used 0 183 extents written (0 MB) DEBUG:root:Attempting boot for:xenial-server-cloudimg-ppc64el-disk1.img DEBUG:root:Attaching Cloud config disk DEBUG:root:Using params:qemu-system-ppc64 -m 1024 -display none -nographic -net nic -net user,net=10.0.0.0/8,host=10.0.0.1,hostfwd=tcp::-:22 -enable-kvm -machine pseries,usb=off -cpu POWER8 -drive file=xenial-server-cloudimg-ppc64el-disk1.img,if=virtio -drive file=seed.iso,if=virtio INFO:root:Storing VM console output in /home/ubuntu/.cache/plainbox/sessions/canonical-certification-server-2017-01-12T22.19.34.session/CHECKBOX_DATA/virt_debug ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-59-generic 4.4.0-59.80 ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35 Uname: Linux 4.4.0-59-generic ppc64le AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Jan 12 22:18 seq crw-rw 1 root audio 116, 33 Jan 12 22:18 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.4 Architecture: ppc64el ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: Date: Thu Jan 12 22:45:34 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lsusb: Bus 002 Device 002: ID 125f:312b A-DATA Technology Co., Ltd. Superior S102 Pro Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 046b:ff10 American Megatrends, Inc. Virtual Keyboard and Mouse Bus 001 Device 002: ID 046b:ff01 American Megatrends, Inc. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub PciMultimedia: ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 astdrmfb ProcKernelCmdLine: root=UUID=a7ce18b4-4614-485f-9346-b19b0415db3a ro fips=1 ProcLoadAvg: 0.03 0.02 0.08 1/1288 11017
[Group.of.nepali.translators] [Bug 1673092] Re: systemd doesn't wait until the tentative flag isn't removed before firing units depending on network-online.target
** Also affects: systemd (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673092 Title: systemd doesn't wait until the tentative flag isn't removed before firing units depending on network-online.target Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: New Status in systemd source package in Yakkety: New Bug description: [Impact] See this issue for details https://github.com/systemd/systemd/issues/2037 Basically, while DAD is running checks on a ipv6 address, no service can bind the interface, which could provoke units to fail. Disabling DAD is a workaround as explained here [1], but ideally systemd should wait until the tentative flag is removed. v232 doesn't have this issue. Can the relevant patches be backported to LTS releases? [Test Case] 1. Configure ipv6 address on one interface 2. Create unit with After=network-online.target that pings a host over ipv6 3. Restart the system [Regression Potential] * Unknown [Other Info] * Seems to have been fixed on v232. * Using ifupdown or networkd to create the interface seems to be irrelevant (upstream bug report uses networkd, while I use ifupdown) [1]: https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1673092/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1590799] Re: nfs-kernel-server does not start because of dependency failure
This bug was fixed in the package nfs-utils - 1:1.2.8-9.2ubuntu2 --- nfs-utils (1:1.2.8-9.2ubuntu2) zesty; urgency=medium * Fixing nfs-mountd dependency on rpcbind (race condition) (LP: #1590799) by adding "rpcbind.socket" to "nfs-mountd.service" as a dependency to avoid race conditions: - Add systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch - Add systemd-unit-files-fix-up-dependencies-on-rpcbind.patch -- Rafael David TinocoFri, 17 Mar 2017 12:19:53 +0100 ** Changed in: nfs-utils (Ubuntu Zesty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1590799 Title: nfs-kernel-server does not start because of dependency failure Status in nfs-utils package in Ubuntu: Fix Released Status in nfs-utils source package in Xenial: In Progress Status in nfs-utils source package in Yakkety: In Progress Status in nfs-utils source package in Zesty: Fix Released Bug description: [Impact] * nfs-mountd doesn't get started because of a race condition happening when rpcbind.socket is not specified as a needed service for it to start. * nfs-server using rpcbind.target instead of using rpcbind.socket. Target should not be used (Comment #24) [Test Case] * Install nfs-kernel-server inside a xenial lxc guest and restart it until nfs-mountd doesn't start complaining on rpc error. * Comment #25 [Regression Potential] * Cons: Systemd dependencies could brake for nfs-server and nfs-mountd. * Pros: Patches have been accepted upstream (and tested). [Other Info] # Original Bug Description Immediately after boot: root@feynmann:~# systemctl status nfs-kernel-server ● nfs-server.service - NFS server and services Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled) Active: inactive (dead) Jun 09 14:35:47 feynmann systemd[1]: Dependency failed for NFS server and services. Jun 09 14:35:47 feynmann systemd[1]: nfs-server.service: Job nfs-server.service/start failed root@feynmann:~# systemctl status nfs-mountd.service ● nfs-mountd.service - NFS Mount Daemon Loaded: loaded (/lib/systemd/system/nfs-mountd.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2016-06-09 14:35:47 BST; 7min ago Process: 1321 ExecStart=/usr/sbin/rpc.mountd $RPCMOUNTDARGS (code=exited, status=1/FAILURE) Jun 09 14:35:47 feynmann systemd[1]: Starting NFS Mount Daemon... Jun 09 14:35:47 feynmann rpc.mountd[1321]: mountd: could not create listeners Jun 09 14:35:47 feynmann systemd[1]: nfs-mountd.service: Control process exited, code=exited Jun 09 14:35:47 feynmann systemd[1]: Failed to start NFS Mount Daemon. Jun 09 14:35:47 feynmann systemd[1]: nfs-mountd.service: Unit entered failed state. Jun 09 14:35:47 feynmann systemd[1]: nfs-mountd.service: Failed with result 'exit-code'. root@feynmann:~# systemctl list-dependencies nfs-kernel-server nfs-kernel-server.service ● ├─auth-rpcgss-module.service ● ├─nfs-config.service ● ├─nfs-idmapd.service ● ├─nfs-mountd.service ● ├─proc-fs-nfsd.mount ● ├─rpc-svcgssd.service ● ├─system.slice ● ├─network.target ● └─rpcbind.target ● └─rpcbind.service root@feynmann:~# systemctl list-dependencies nfs-mountd.service nfs-mountd.service ● ├─nfs-config.service ● ├─nfs-server.service ● ├─proc-fs-nfsd.mount ● └─system.slice root@feynmann:~# root@feynmann:~# lsb_release -rd Description: Ubuntu 16.04 LTS Release: 16.04 root@feynmann:~# apt-cache policy nfs-kernel-server nfs-kernel-server: Installed: 1:1.2.8-9ubuntu12 Candidate: 1:1.2.8-9ubuntu12 Version table: *** 1:1.2.8-9ubuntu12 500 500 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status Additional comments: 1. There seems to be a circular dependency between nfs-mountd and nfs-kernel-server 2. I can get it working by changing the AFter,Requires in /lib/ssystemd/system/nfs-{mountd|server}.service files. I have managed to get nfs-kernel-server to start but not nfs-mountd. 3. /usr/lib/systemd/scripts/nfs-utils_env.sh references /etc/sysconfig/nfs which is Centos/RedHat location of this file. Also /etc/default/nfs does not exist. (possibly unrelated to this bug) 4. A file "/lib/systemd/system/-.slice" exists. this file prevents execution of 'ls *' or 'grep xxx *' commands in that directory. I am unsure whether this is intended by the systemd developers but it is unfriendly when investigating this bug. Attempted solution: 1. Edit /lib/systemd/system/nfs-server.service (original lines are commented out: [Unit] Description=NFS server and services DefaultDependencies=no
[Group.of.nepali.translators] [Bug 1676845] Re: libgles1-mesa is being removed, don't depend on it
fixed in zesty ** Changed in: vlc (Ubuntu) Status: New => Fix Released ** Also affects: opentk (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1676845 Title: libgles1-mesa is being removed, don't depend on it Status in opentk package in Ubuntu: Fix Released Status in vlc package in Ubuntu: Fix Released Status in opentk source package in Xenial: New Status in vlc source package in Xenial: New Status in opentk source package in Yakkety: New Status in vlc source package in Yakkety: New Bug description: Mesa in zesty has dropped libgles1-mesa, slightly ahead of upstream. Backporting mesa to xenial & yakkety requires packages that depend on it to stop doing that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opentk/+bug/1676845/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1676845] Re: libgles1-mesa is being removed, don't depend on it
opentk fixed in zesty ** Changed in: opentk (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1676845 Title: libgles1-mesa is being removed, don't depend on it Status in opentk package in Ubuntu: Fix Released Status in vlc package in Ubuntu: Fix Released Status in opentk source package in Xenial: New Status in vlc source package in Xenial: New Status in opentk source package in Yakkety: New Status in vlc source package in Yakkety: New Bug description: Mesa in zesty has dropped libgles1-mesa, slightly ahead of upstream. Backporting mesa to xenial & yakkety requires packages that depend on it to stop doing that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opentk/+bug/1676845/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted
This bug was fixed in the package neutron-lbaas - 2:8.3.0-0ubuntu2~cloud0 --- neutron-lbaas (2:8.3.0-0ubuntu2~cloud0) trusty-mitaka; urgency=medium . * New update for the Ubuntu Cloud Archive. . neutron-lbaas (2:8.3.0-0ubuntu2) xenial; urgency=medium . * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: #1664203) - d/p/ensure_namespace_deleted_with_pool.patch ** Changed in: cloud-archive/mitaka Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1664203 Title: [SRU] v1 driver does not delete namespace when pool deleted Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive kilo series: Fix Released Status in Ubuntu Cloud Archive liberty series: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in neutron-lbaas package in Ubuntu: Invalid Status in neutron-lbaas source package in Trusty: New Status in neutron-lbaas source package in Xenial: Fix Committed Status in neutron-lbaas source package in Yakkety: Won't Fix Bug description: [Impact] The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a bug in that it deletes the haproxy state directory for a pool when it's vip is deleted. This means that when the pool itself is deleted, its associated namespace is never deleted since the delete is predicated on the state path being extant. The v1 driver is deprecated as of the Liberty release and was totally removed from the codebase in the Newton release. However, Openstack Kilo and Mitaka are still supported in Ubuntu, the former requiring the v1 driver and the latter still capable of using it so while upstream will not accept a patch we will still patch the neutron- lbaas-agent Ubuntu package to fix this issue. [Test Case] Please see http://pastebin.ubuntu.com/24058957/ [Regression Potential] None To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted
This bug was fixed in the package neutron-lbaas - 1:2015.1.4-0ubuntu3 --- neutron-lbaas (1:2015.1.4-0ubuntu3) trusty-kilo; urgency=medium . * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: #1664203) - d/p/ensure_namespace_deleted_with_pool.patch ** Changed in: cloud-archive/kilo Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1664203 Title: [SRU] v1 driver does not delete namespace when pool deleted Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive kilo series: Fix Released Status in Ubuntu Cloud Archive liberty series: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in neutron-lbaas package in Ubuntu: Invalid Status in neutron-lbaas source package in Trusty: New Status in neutron-lbaas source package in Xenial: Fix Committed Status in neutron-lbaas source package in Yakkety: Won't Fix Bug description: [Impact] The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a bug in that it deletes the haproxy state directory for a pool when it's vip is deleted. This means that when the pool itself is deleted, its associated namespace is never deleted since the delete is predicated on the state path being extant. The v1 driver is deprecated as of the Liberty release and was totally removed from the codebase in the Newton release. However, Openstack Kilo and Mitaka are still supported in Ubuntu, the former requiring the v1 driver and the latter still capable of using it so while upstream will not accept a patch we will still patch the neutron- lbaas-agent Ubuntu package to fix this issue. [Test Case] Please see http://pastebin.ubuntu.com/24058957/ [Regression Potential] None To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted
This bug was fixed in the package neutron-lbaas - 2:7.1.1-0ubuntu1~cloud1 --- neutron-lbaas (2:7.1.1-0ubuntu1~cloud1) trusty-liberty; urgency=medium . * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: #1664203) - d/p/ensure_namespace_deleted_with_pool.patch ** Changed in: cloud-archive/liberty Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1664203 Title: [SRU] v1 driver does not delete namespace when pool deleted Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive kilo series: Fix Released Status in Ubuntu Cloud Archive liberty series: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in neutron-lbaas package in Ubuntu: Invalid Status in neutron-lbaas source package in Trusty: New Status in neutron-lbaas source package in Xenial: Fix Committed Status in neutron-lbaas source package in Yakkety: Won't Fix Bug description: [Impact] The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a bug in that it deletes the haproxy state directory for a pool when it's vip is deleted. This means that when the pool itself is deleted, its associated namespace is never deleted since the delete is predicated on the state path being extant. The v1 driver is deprecated as of the Liberty release and was totally removed from the codebase in the Newton release. However, Openstack Kilo and Mitaka are still supported in Ubuntu, the former requiring the v1 driver and the latter still capable of using it so while upstream will not accept a patch we will still patch the neutron- lbaas-agent Ubuntu package to fix this issue. [Test Case] Please see http://pastebin.ubuntu.com/24058957/ [Regression Potential] None To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1638996 Title: apparmor's raw_data file in securityfs is sometimes truncated Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: Hi, It looks like sometimes apparmor's securityfs output is sometimes truncated, root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1# ls -al total 0 drwxr-xr-x 3 root root 0 Nov 3 16:45 . drwxr-xr-x 13 root root 0 Nov 3 16:44 .. -r--r--r-- 1 root root 0 Nov 3 16:45 attach -r--r--r-- 1 root root 0 Nov 3 16:45 mode -r--r--r-- 1 root root 0 Nov 3 16:45 name drwxr-xr-x 3 root root 0 Nov 3 16:45 profiles -r--r--r-- 1 root root 0 Nov 3 16:45 raw_abi -r--r--r-- 1 root root 46234 Nov 3 16:45 raw_data -r--r--r-- 1 root root 0 Nov 3 16:45 raw_hash -r--r--r-- 1 root root 0 Nov 3 16:45 sha1 root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1# cat raw_data > /tmp/out root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1# ls -al /tmp/out -rw-r--r-- 1 root root 4009 Nov 3 16:55 /tmp/out and 2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/ 2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size of the policy 2016-11-03 10:59:20 @jjohansen tych0: hrmm interesting, can you zip up the /tmp/out file so I can see it looks like a complete policy file? 2016-11-03 11:00:03 @jjohansen something is definitely not right there. hrmmm 2016-11-03 11:00:26 @jjohansen the size is set by the input buffer size 2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out 2016-11-03 11:00:36 tych0 yeah, i assume 2016-11-03 11:01:15 @jjohansen my guess is something is messing up in the seq_file walk of the policy 2016-11-03 11:02:38 @jjohansen tych0: yep the file is truncated, can you open a bug and I will start looking for it 2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux? 2016-11-03 11:03:35 @jjohansen tych0: yeah for now, just linux 2016-11-03 11:03:43 @jjohansen we can add others if needed later 2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue sometimes it works and sometimes it doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660833] Re: apparmor reference count bug in label_merge_insert()
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660833 Title: apparmor reference count bug in label_merge_insert() Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: @new does not have a reference taken locally and should not have its reference put locally either. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660833/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660834] Re: apparmor label leak when new label is unused
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660834 Title: apparmor label leak when new label is unused Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: When a new label is created, it is created with a proxy in a circular ref count that is broken by replacement. However if the label is not used it will never be replaced and the circular ref count will never be broken resulting in a leak. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660834/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660836] Re: apparmor auditing denied access of special apparmor .null fi\ le
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660836 Title: apparmor auditing denied access of special apparmor .null fi\ le Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: When an fd is disallowed from being inherited during exec, instead of closed it is duped to a special apparmor/.null file. This prevents the fd from being reused by another file in case the application expects the original file on a give fd (eg stdin/stdout etc). This results in a denial message like [32375.561535] audit: type=1400 audit(1478825963.441:358): apparmor="DENIED" op\ eration="file_inherit" namespace="root//lxd-t_" profile="/sbin/dhc\ lient" name="/dev/pts/1" pid=16795 comm="dhclient" requested_mask="wr" denied_m\ ask="wr" fsuid=165536 ouid=165536 Further access to the fd is resultin in the rather useless denial message of [32375.566820] audit: type=1400 audit(1478825963.445:359): apparmor="DENIED" op\ eration="file_perm" namespace="root//lxd-t_" profile="/sbin/dhclie\ nt" name="/apparmor/.null" pid=16795 comm="dhclient" requested_mask="w" denied_\ mask="w" fsuid=165536 ouid=0 since we have the original denial, the noisy and useless .null based denials can be skipped. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660836/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1636322] Re: upstart: ceph-all service starts before networks up
** Changed in: ceph (Ubuntu Xenial) Status: Invalid => New ** Changed in: ceph (Ubuntu Yakkety) Status: Invalid => New ** Summary changed: - upstart: ceph-all service starts before networks up + [SRU] upstart: ceph-all service starts before networks up -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1636322 Title: [SRU] upstart: ceph-all service starts before networks up Status in Ubuntu Cloud Archive: Triaged Status in Ubuntu Cloud Archive icehouse series: Triaged Status in Ubuntu Cloud Archive kilo series: Triaged Status in Ubuntu Cloud Archive liberty series: Triaged Status in Ubuntu Cloud Archive mitaka series: Triaged Status in ceph package in Ubuntu: Fix Released Status in ceph source package in Trusty: New Status in ceph source package in Xenial: New Status in ceph source package in Yakkety: New Status in ceph source package in Zesty: Fix Released Bug description: As reported in upstream bug http://tracker.ceph.com/issues/17689, the ceph-all service starts at runlevels [2345] and introduces a race condition which allows the ceph service (e.g. ceph-mon) to start prior to the network the service binds to is up on the server. This causes the service to fail on start because it was unable to bind to the specific network the service is configured to listen on. A work around is to provide a post-up directive to the network stanza configuring the network device in the /etc/network/interfaces file which restarts the necessary ceph service. [Impact] * Ceph service fails to start on reboot of machine/container when networking takes some time to come up. * The provided patch to the upstart service configuration adds the static-network-up event as a dependency for the start on service directive. The static-network-up event is started after all the network stanzas have been processed in the necessary config files. [Test Case] * Configure multiple network interfaces and have the ceph service bind to one of the last configured network devices to introduce a delayed start of the network interface. [Regression Potential] * Upstream previously had the directive to start the service after any network-device-up for a network which is not the loopback interface. This caused some "weirdness" to be seen when the multiple network interfaces were configured. This was likely due the events that it keyed on being the local filesystems being available and a single network interface being available. This would add the change to start only after all the network interface stanzas are processed in the /e/n/i configuration files. * Additionally, this will cause some ceph services to start later than they previously would have since this change causes additional start dependencies. However, the results should be that the interfaces have always had a chance to be started prior to the attempt to start the ceph service. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1636322/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660849] Re: apparmor refcount leak of profile namespace when removing profiles
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660849 Title: apparmor refcount leak of profile namespace when removing profiles Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: When doing profile removal, the parent ns of the profiles is taken, but the reference isn't being put, resulting in the ns never being freed even after it is removed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660849/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1656121] Re: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1656121 Title: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace Status in AppArmor: Confirmed Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: This bug is based on a discussion with jjohansen on IRC. While working on a feature for snapd (https://github.com/snapcore/snapd/pull/2624) we came across an unexpected EACCES that only seems to happen when apparmor is in the loop. The kernel log shows something interesting. The full log is available here: http://paste.ubuntu.com/23789099/ Jan 12 23:16:43 autopkgtest kernel: [ 498.616822] audit: type=1400 audit(1484259403.009:67): apparmor="ALLOWED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="snap .test-snapd-tools.cmd//null-/usr/bin/snap//null-/usr/lib/snapd/snap- confine" name="" pid=25299 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 The code that triggers this is reproduced below (also visible here https://github.com/snapcore/snapd/pull/2624/files) +void sc_reassociate_with_pid1_mount_ns() +{ +int init_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1; +int self_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1; + +debug("checking if the current process shares mount namespace" + "with the init process"); + +init_mnt_fd = open("/proc/1/ns/mnt", + O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH); +if (init_mnt_fd < 0) { +die("cannot open mount namespace of the init process (O_PATH)"); +} +self_mnt_fd = open("/proc/self/ns/mnt", + O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH); +if (self_mnt_fd < 0) { +die("cannot open mount namespace of the current process (O_PATH)"); +} +char init_buf[128], self_buf[128]; +memset(init_buf, 0, sizeof init_buf); +if (readlinkat(init_mnt_fd, "", init_buf, sizeof init_buf) < 0) { +die("cannot perform readlinkat() on the mount namespace file " +"descriptor of the init process"); +} +memset(self_buf, 0, sizeof self_buf); +if (readlinkat(self_mnt_fd, "", self_buf, sizeof self_buf) < 0) { +die("cannot perform readlinkat() on the mount namespace file " +"descriptor of the current process"); +} +if (memcmp(init_buf, self_buf, sizeof init_buf) != 0) { +debug("the current process does not share mount namespace with " + "the init process, re-association required"); +// NOTE: we cannot use O_NOFOLLOW here because that file will always be a +// symbolic link. We actually want to open it this way. +int init_mnt_fd_real +__attribute__ ((cleanup(sc_cleanup_close))) = -1; +init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC); +if (init_mnt_fd_real < 0) { +die("cannot open mount namespace of the init process"); +} +if (setns(init_mnt_fd_real, CLONE_NEWNS) < 0) { +die("cannot re-associate the mount namespace with the init process"); +} +} else { +debug("re-associating is not required"); +} +} The specific part that causes the error is: + init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC); The call to open returns -1 and errno set to 13 (EACCES) despite using attach_disconnected. The code in question is executed from a seguid root executable that runs under a complain-mode profile (it is started from a process that is already confined with such a profile). All of the profiles are using attach_disconnected. I can reproduce this issue each time by running: spread -debug -v qemu:ubuntu-16.04-64:tests/regression/lp-1644439 Against the code in this pull request: https://github.com/snapcore/snapd/pull/2624 Which is git://github.com/zyga/snapd in the "reassociate-fix" branch Appropriate qemu images can be made using instructions from: https://github.com/zyga/spread-qemu-images I'm also happy to try any test kernels as I can easily run those. To manage notifications about this bug go to:
[Group.of.nepali.translators] [Bug 1648143] Re: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor"
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1648143 Title: tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor" Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Fix Released Status in tor package in Ubuntu: Invalid Status in apparmor source package in Xenial: New Status in linux source package in Xenial: Triaged Status in tor source package in Xenial: Invalid Status in apparmor source package in Yakkety: New Status in linux source package in Yakkety: Triaged Status in tor source package in Yakkety: Invalid Bug description: Environment: Distribution: ubuntu Distribution version: 16.10 lxc info: apiextensions: storage_zfs_remove_snapshots container_host_shutdown_timeout container_syscall_filtering auth_pki container_last_used_at etag patch usb_devices https_allowed_credentials image_compression_algorithm directory_manipulation container_cpu_time storage_zfs_use_refquota storage_lvm_mount_options network profile_usedby container_push apistatus: stable apiversion: "1.0" auth: trusted environment: addresses: 163.172.48.149:8443 172.20.10.1:8443 172.20.11.1:8443 172.20.12.1:8443 172.20.22.1:8443 172.20.21.1:8443 10.8.0.1:8443 architectures: x86_64 i686 certificate: | -BEGIN CERTIFICATE- -END CERTIFICATE- certificatefingerprint: 3048baa9f20d316f60a6c602452b58409a6d9e2c3218897e8de7c7c72af0179b driver: lxc driverversion: 2.0.5 kernel: Linux kernelarchitecture: x86_64 kernelversion: 4.8.0-27-generic server: lxd serverpid: 32694 serverversion: 2.4.1 storage: btrfs storageversion: 4.7.3 config: core.https_address: '[::]:8443' core.trust_password: true Container: ubuntu 16.10 Issue description -- tor can't start in a non privileged container Logs from the container: - Dec 7 15:03:00 anonymous tor[302]: Configuration was valid Dec 7 15:03:00 anonymous systemd[303]: tor@default.service: Failed at step APPARMOR spawning /usr/bin/tor: No such file or directory Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Main process exited, code=exited, status=231/APPARMOR Dec 7 15:03:00 anonymous systemd[1]: Failed to start Anonymizing overlay network for TCP. Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Unit entered failed state. Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Failed with result 'exit-code'. Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Service hold-off time over, scheduling restart. Dec 7 15:03:00 anonymous systemd[1]: Stopped Anonymizing overlay network for TCP. Dec 7 15:03:00 anonymous systemd[1]: tor@default.service: Failed to reset devices.list: Operation not permitted Dec 7 15:03:00 anonymous systemd[1]: Failed to set devices.allow on /system.slice/system-tor.slice/tor@default.service: Operation not permitted Dec 7 15:03:00 anonymous systemd[1]: message repeated 6 times: [ Failed to set devices.allow on /system.slice/system-tor.slice/tor@default.service: Operation not permitted] Dec 7 15:03:00 anonymous systemd[1]: Couldn't stat device /run/systemd/inaccessible/chr Dec 7 15:03:00 anonymous systemd[1]: Couldn't stat device /run/systemd/inaccessible/blk Dec 7 15:03:00 anonymous systemd[1]: Failed to set devices.allow on /system.slice/system-tor.slice/tor@default.service: Operation not permitted Logs from the host audit: type=1400 audit(1481119378.856:6950): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 namespace="root//lxd-anonymous_" profile="unconfined" name="system_tor" pid=12164 comm="(tor)" Steps to reproduce - install ubuntu container 16.10 on a ubuntu 16.10 host install tor in the container Launch tor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1648143/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to :
[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1645037 Title: apparmor_parser hangs indefinitely when called by multiple threads Status in apparmor package in Ubuntu: Triaged Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: This bug surfaced when starting ~50 LXC container with LXD in parallel multiple times: # Create the containers for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done # Exectute this loop multiple times until you observe errors. for c in c foo{1..50}; do lxc restart $c & done After this you can ps aux | grep apparmor and you should see output similar to: root 19774 0.0 0.0 12524 1116 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30 root 19775 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26 root 19776 0.0 0.0 13592 3224 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30 root 19778 0.0 0.0 13592 3384 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26 root 19780 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43 root 19782 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34 root 19783 0.0 0.0 13592 3388 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43 root 19784 0.0 0.0 13592 3252 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34 root 19794 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25 root 19795 0.0 0.0 13592 3256 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25 apparmor_parser remains stuck even after all LXC/LXD commands have exited. dmesg output yields lines like: [41902.815174] audit: type=1400 audit(1480191089.678:43): apparmor="STATUS" operation="profile_load" profile="unconfined" name ="lxd-foo30_" pid=12545 comm="apparmor_parser" and cat /proc/12545/stack shows: [] aa_remove_profiles+0x88/0x270 21:19 brauner [] profile_remove+0x144/0x2e0 21:19 brauner [] __vfs_write+0x18/0x40 21:19 brauner [] vfs_write+0xb8/0x1b0 21:19 brauner [] SyS_write+0x55/0xc0 21:19 brauner [] entry_SYSCALL_64_fastpath+0x1e/0xa8 21:19 brauner [] 0x This looks like a potential kernel bug. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1645037/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1658219] Re: flock not mediated by 'k'
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1658219 Title: flock not mediated by 'k' Status in AppArmor: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: $ cat ./apparmor.profile #include profile test { #include /bin/bash ixr, /dev/pts/* rw, /usr/bin/flock ixr, # Not blocked: # aa-exec -p test -- flock -w 1 /tmp/test.lock -c true /tmp/test.lock rw, } $ sudo apparmor_parser -r ./apparmor.profile $ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes yes $ ls -l /tmp/test.lock -rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock The flock command uses flock(LOCK_EX) and I expected it to be blocked due to the lack of 'k'. apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic kernel on amd64. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660846] Re: apparmor leaking securityfs pin count
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660846 Title: apparmor leaking securityfs pin count Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: apparmor is leaking pinfs refcoutn when inode setup fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660846/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1648903 Title: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command Status in AppArmor: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30 With this profile: #include profile test (attach_disconnected,complain) { #include /{,usr/}{,s}bin/ip ixr, # COMMENT OUT THIS RULE TO SEE WEIRDNESS capability sys_admin, capability net_admin, capability sys_ptrace, network netlink raw, ptrace (trace), / r, /run/netns/ rw, /run/netns/* rw, mount options=(rw, rshared) -> /run/netns/, mount options=(rw, bind) /run/netns/ -> /run/netns/, mount options=(rw, bind) / -> /run/netns/*, mount options=(rw, rslave) /, mount options=(rw, rslave), # LP: #1648245 umount /sys/, umount /, /bin/dash ixr, } Everything is fine when I do: $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p test -- sh -c 'ip netns list' $ and there are no ALLOWED entries in syslog. However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a permission denied and a bunch of ALLOWED entries: $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p test -- sh -c 'ip netns list' open("/proc/self/ns/net"): Permission denied Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400 audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="test" pid=4314 comm="apparmor_parser" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400 audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test" name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="test//null-/bin/ip" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400 audit(1481324889.790:471): apparmor="ALLOWED" operation="open" profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400 audit(1481324889.790:472): apparmor="ALLOWED" operation="open" profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400 audit(1481324889.790:473): apparmor="ALLOWED" operation="open" profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400 audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect" profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400 audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect" profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400 audit(1481324889.790:476): apparmor="ALLOWED" operation="create" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="create" denied_mask="create" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400 audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400 audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400 audit(1481324889.790:479): apparmor="ALLOWED" operation="bind" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400 audit(1481324889.794:480): apparmor="ALLOWED"
[Group.of.nepali.translators] [Bug 1660840] Re: apparmor oops in bind_mnt when dev_path lookup fails
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660840 Title: apparmor oops in bind_mnt when dev_path lookup fails Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: Bind mounts can oops when devname lookup fails because the devname is unintialized and used in auditing the denial. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660840/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660845] Re: apparmor reference count leak when securityfs_setup_d_inode\ () fails
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660845 Title: apparmor reference count leak when securityfs_setup_d_inode\ () fails Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: apparmor is leaking the parent ns ref count, by directly returning the error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660845/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660842] Re: apparmor not checking error if security_pin_fs() fails
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660842 Title: apparmor not checking error if security_pin_fs() fails Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: The error condition of security_pin_fs() was not being checked which will result can result in an oops or use after free, due to the fs pin count not being incremented. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660842/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1661030] Re: regession tests failing after stackprofile test is run
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1661030 Title: regession tests failing after stackprofile test is run Status in apparmor package in Ubuntu: Fix Released Status in linux package in Ubuntu: Incomplete Status in apparmor source package in Xenial: Fix Committed Status in linux source package in Xenial: Triaged Status in apparmor source package in Yakkety: Fix Committed Status in linux source package in Yakkety: Triaged Status in apparmor source package in Zesty: Fix Released Status in linux source package in Zesty: Incomplete Bug description: from source, I'm running the tests and the makefile fails at the end with: running stackprofile Makefile:303: recipe for target 'tests' failed make: *** [tests] Error 1 No idea why that is happening. It's breaking on our kernel team regression tests runs, so can this be investigated? The source was fetched using "apt-get source apparmor". A full run is below: king@ubuntu:~/apparmor-2.10.95/tests/regression/apparmor$ sudo make USE_SYSTEM=1 tests running aa_exec running access xfail: ACCESS file rx (r) xfail: ACCESS file rwx (r) xfail: ACCESS file r (wx) xfail: ACCESS file rx (wx) xfail: ACCESS file rwx (wx) xfail: ACCESS dir rwx (r) xfail: ACCESS dir r (wx) xfail: ACCESS dir rx (wx) xfail: ACCESS dir rwx (wx) running at_secure running introspect running capabilities (ptrace) (sethostname) (setdomainname) (setpriority) (setscheduler) (reboot) (chroot) (mlockall) (net_raw) (ioperm) (iopl) running changeprofile running onexec running changehat running changehat_fork running changehat_misc *** A 'Killed' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12503 Killed $testexec "$@" > $outfile 2>&1 *** A 'Killed' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12537 Killed $testexec "$@" > $outfile 2>&1 running chdir running clone running coredump *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12803 Segmentation fault (core dumped) $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12833 Segmentation fault $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12869 Segmentation fault $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12905 Segmentation fault $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12941 Segmentation fault $testexec "$@" > $outfile 2>&1 XFAIL: Error: corefile present when not expected -- COREDUMP (ix confinement) running deleted running environ Fatal Error (environ): Unable to run test sub-executable running exec running exec_qual running fchdir running fd_inheritance running fork running i18n running link running link_subset running mkdir running mmap running mount using mount rules ... running mult_mount running named_pipe running namespaces running net_raw running open running openat running pipe running pivot_root running ptrace using ptrace v6 tests ... running pwrite running query_label Alert: query_label passed. Test 'QUERY file (all base perms #1)' was marked as expected pass but known problem (xpass) xpass: QUERY file (all base perms #1) Alert: query_label passed. Test 'QUERY file (all base perms #2)' was marked as expected pass but known problem (xpass) xpass: QUERY file (all base perms #2) running regex running rename running readdir running rw running socketpair running swap mkswap: /tmp/sdtest.21272-20356-eRXvtR/swapfile: insecure permissions 0644, 0600 suggested. swapon:
[Group.of.nepali.translators] [Bug 1669611] Re: Regression in 4.4.0-65-generic causes very frequent system crashes
This bug was fixed in Ubuntu-4.8.0-44.47. ** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Yakkety) Importance: Undecided => Critical ** Changed in: linux (Ubuntu Yakkety) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1669611 Title: Regression in 4.4.0-65-generic causes very frequent system crashes Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Yakkety: Fix Released Status in linux source package in Zesty: Fix Released Bug description: After upgrading to 4.4.0-65-generic all of our Jenkins test runners are dying every 10 minutes or so. They don't answer on the network, on the console or through serial console. The kernel backtraces we got are: ``` buildd04 login: [ 1443.707658] BUG: unable to handle kernel paging request at 2d5e501d [ 1443.707969] IP: [] mntget+0xf/0x20 [ 1443.708086] *pdpt = 24056001 *pde = [ 1443.708237] Oops: 0002 [#1] SMP [ 1443.708325] Modules linked in: ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables xt_comment veth ebtable_filter ebtables dm_snapshot dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio libcrc32c binfmt_misc xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables zram lz4_compress bridge stp llc kvm_intel ppdev kvm irqbypass crc32_pclmul aesni_intel aes_i586 xts lrw gf128mul ablk_helper cryptd joydev input_leds serio_raw parport_pc 8250_fintek i2c_piix4 mac_hid lp parport autofs4 btrfs xor raid6_pq psmouse virtio_scsi pata_acpi floppy [ 1443.710365] CPU: 1 PID: 14167 Comm: apparmor_parser Not tainted 4.4.0-65-generic #86-Ubuntu [ 1443.710505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 1443.710651] task: f5920a00 ti: e63f2000 task.ti: e63f2000 [ 1443.710776] EIP: 0060:[] EFLAGS: 00010286 CPU: 1 [ 1443.710875] EIP is at mntget+0xf/0x20 [ 1443.710946] EAX: f57e4d90 EBX: ECX: c1d333cc EDX: 0002801d [ 1443.711088] ESI: c1d36404 EDI: c1d36408 EBP: e63f3de8 ESP: e63f3de8 [ 1443.711228] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 1443.711334] CR0: 80050033 CR2: 2d5e501d CR3: 35072440 CR4: 001406f0 [ 1443.711471] Stack: [ 1443.711593] e63f3e04 c1203752 c13b7f71 c1d333cc eebb5980 e59d71e0 41ed e63f3e30 [ 1443.711822] c130546b e59d7230 1a628dcf 0003 e63f3e58 6c0a010a e53b6800 [ 1443.712044] 00de eebb5980 e63f3e44 c13055be e63f3e6c [ 1443.712264] Call Trace: [ 1443.712314] [] simple_pin_fs+0x32/0xa0 [ 1443.712421] [] ? vsnprintf+0x321/0x420 [ 1443.712516] [] securityfs_create_dentry+0x5b/0x150 [ 1443.712632] [] securityfs_create_dir+0x2e/0x30 [ 1443.712729] [] __aa_fs_profile_mkdir+0x46/0x3c0 [ 1443.712826] [] aa_replace_profiles+0x4c0/0xbc0 [ 1443.712927] [] ? ns_capable_common+0x55/0x80 [ 1443.713022] [] policy_update+0x97/0x230 [ 1443.713122] [] ? security_file_permission+0x39/0xc0 [ 1443.713247] [] profile_replace+0x98/0xe0 [ 1443.713346] [] ? policy_update+0x230/0x230 [ 1443.713445] [] __vfs_write+0x1f/0x50 [ 1443.713535] [] vfs_write+0x8c/0x1b0 [ 1443.713633] [] SyS_write+0x51/0xb0 [ 1443.713738] [] do_fast_syscall_32+0x8d/0x150 [ 1443.713838] [] sysenter_past_esp+0x3d/0x61 [ 1443.713938] Code: c0 74 09 83 42 10 01 89 d0 5b 5d c3 3b 5b 10 b8 fe ff ff ff 75 e3 eb eb 8d 74 26 00 55 89 e5 3e 8d 74 26 00 85 c0 74 06 8b 50 14 <64> ff 02 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00 55 89 e5 3e [ 1443.715713] EIP: [] mntget+0xf/0x20 SS:ESP 0068:e63f3de8 [ 1443.715852] CR2: 2d5e501d ``` ``` buildd07 login: [ 1262.522071] BUG: unable to handle kernel NULL pointer dereference at 0008 [ 1262.522339] IP: [] mntput_no_expire+0x68/0x180 [ 1262.522464] PGD 439912067 PUD 43997f067 PMD 0 [ 1262.522556] Oops: 0002 [#1] SMP [ 1262.522760] Modules linked in: ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables xt_comment veth ebtable_filter ebtables dm_snapshot dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio libcrc32c binfmt_misc xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp iptable_filter ip_tables x_tables bridge stp llc zram lz4_compress zfs(PO) zunicode(PO)
[Group.of.nepali.translators] [Bug 1673350] Re: dm-queue-length module is not included in installer/initramfs
This bug was fixed in the package hw-detect - 1.117ubuntu4 --- hw-detect (1.117ubuntu4) zesty; urgency=medium * disk-detect.sh: unconditionally modprobe dm-service-time and dm-queue-length multipath path selector modules alongside dm-round-robin. (LP: #1673350) -- Mathieu Trudel-LapierreMon, 27 Mar 2017 21:23:41 -0400 ** Changed in: hw-detect (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673350 Title: dm-queue-length module is not included in installer/initramfs Status in hw-detect package in Ubuntu: Fix Released Status in initramfs-tools package in Ubuntu: Invalid Status in linux package in Ubuntu: Fix Released Status in multipath-tools package in Ubuntu: Fix Released Status in hw-detect source package in Xenial: New Status in initramfs-tools source package in Xenial: Invalid Status in linux source package in Xenial: In Progress Status in multipath-tools source package in Xenial: New Status in hw-detect source package in Yakkety: New Status in initramfs-tools source package in Yakkety: Invalid Status in linux source package in Yakkety: New Status in multipath-tools source package in Yakkety: New Bug description: [Impact] Multipath users using EMC XtremIO storage as boot device or at install time may run into this issue. With the module unavailable the device is more often than not unavailable. Any users changing path selector to 'queue-length' with other storage devices may also be affected. [Test case] 1) Install on multipath system using EMC XtremIO storage / OR: a) Start d-i install on qemu with multipath enabled b) exit to d-i menu c) modify /etc/multipath.conf to define path selector as 'queue-length' for the local qemu device. d) restart multipathd if necessary. 2) Try to complete the install, setting up storage as multipath and using the multipath device as boot disk. 3) Reboot to disk. In a success case, the install should complete successfully without requiring manual configuration from the user to support the multipath storage past the normal detection of multipath and partitioning. In a failure case, the install may not complete, or rebooting may fail or lead to a system booted on a single path of the multipath device (ie. / on /dev/sda2 rather than /dev/mpatha2). [Regression Potential] The inclusion of a new multipath path selector driver should not cause any regressions, but any failure to detect, configure or boot on multipath devices following this change on XtremIO hardware or otherwise would constitute a regression potentially caused by this change. --- ---Problem Description--- dm-queue-length module is not included in installer/initramfs On Ubuntu, multipath devices using the 'queue-length' path selector are non-functional on both the installer and initramfs environments; because the 'dm-queue-length' kernel module is not included in them. The multipath-modules.udeb (src:linux) does not include it in the installer, nor multipath-tools-boot (src:multipath-tools) installs it in the initramfs. One example is the EMC XtremIO storage, which has 'queue-length' defined as its path selector in the default multipath configuration, at least on 16.04. Other products may be affected if they are manually configured to use that path selector (e.g., via /etc/multipath.conf), and the mere switch of that might render the system _unbootable_ if booting from multipath, since the initramfs is affected. More recently this and another storage changed default path selectors out of 'queue-length', however, it's virtually possible for any storage system to be affected, with the described manual configuration change. So, this change is also desired on for the next stable release, 17.04, and later. Patches are provided for 16.04 and 17.04. Error logs in LP comment #6. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hw-detect/+bug/1673350/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp