subject:"\[Kernel\-packages\] \[Bug 1584953\] Re\: backport fix for \/proc\/net issues with containers"

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-27 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 3.13.0-91.138

---
linux (3.13.0-91.138) trusty; urgency=medium

  [ Luis Henriques ]

  * Release Tracking Bug
- LP: #1595991

  [ Upstream Kernel Changes ]

  * netfilter: x_tables: validate e->target_offset early
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: make sure e->next_offset covers remaining blob
size
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: fix unconditional helper
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: don't move to non-existent next rule
- LP: #1595350
  * netfilter: x_tables: validate targets of jumps
- LP: #1595350
  * netfilter: x_tables: add and use xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: kill check_entry helper
- LP: #1595350
  * netfilter: x_tables: assert minimum target size
- LP: #1595350
  * netfilter: x_tables: add compat version of xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: check standard target size too
- LP: #1595350
  * netfilter: x_tables: check for bogus target offset
- LP: #1595350
  * netfilter: x_tables: validate all offsets and sizes in a rule
- LP: #1595350
  * netfilter: x_tables: don't reject valid target size on some
architectures
- LP: #1595350
  * netfilter: arp_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip6_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
- LP: #1595350
  * netfilter: x_tables: do compat validation via translate_table
- LP: #1595350
  * netfilter: x_tables: introduce and use xt_copy_counters_from_user
- LP: #1595350

linux (3.13.0-90.137) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1595693

  [ Serge Hallyn ]

  * SAUCE: add a sysctl to disable unprivileged user namespace unsharing
- LP: #1555338, #1595350

linux (3.13.0-89.136) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1591315

  [ Kamal Mostafa ]

  * [debian] getabis: Only git add $abidir if running in local repo
- LP: #1584890
  * [debian] getabis: Fix inconsistent compiler versions check
- LP: #1584890

  [ Stefan Bader ]

  * SAUCE: powerpc/powernv: Fix incomplete backport of 8117ac6
- LP: #1589910

  [ Tim Gardner ]

  * [Config] Remove arc4 from nic-modules
- LP: #1582991

  [ Upstream Kernel Changes ]

  * KVM: x86: move steal time initialization to vcpu entry time
- LP: #1494350
  * lpfc: Fix premature release of rpi bit in bitmask
- LP: #1580560
  * lpfc: Correct loss of target discovery after cable swap.
- LP: #1580560
  * mm/balloon_compaction: redesign ballooned pages management
- LP: #1572562
  * mm/balloon_compaction: fix deflation when compaction is disabled
- LP: #1572562
  * bridge: Fix the way to find old local fdb entries in br_fdb_changeaddr
- LP: #1581585
  * bridge: notify user space after fdb update
- LP: #1581585
  * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
- LP: #1580379
- CVE-2016-4569
  * ALSA: timer: Fix leak in events via snd_timer_user_ccallback
- LP: #1581866
- CVE-2016-4578
  * ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
- LP: #1581866
- CVE-2016-4578
  * net: fix a kernel infoleak in x25 module
- LP: #1585366
- CVE-2016-4580
  * get_rock_ridge_filename(): handle malformed NM entries
- LP: #1583962
- CVE-2016-4913
  * netfilter: Set /proc/net entries owner to root in namespace
- LP: #1584953
  * USB: usbfs: fix potential infoleak in devio
- LP: #1578493
- CVE-2016-4482
  * IB/security: Restrict use of the write() interface
- LP: #1580372
- CVE-2016-4565
  * netlink: autosize skb lengthes
- LP: #1568969
  * xfs: allow inode allocations in post-growfs disk space
- LP: #1560142

 -- Luis Henriques   Fri, 24 Jun 2016
16:19:03 +0100

** Changed in: linux (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4565

** Changed in: linux-lts-utopic (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-27 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-lts-utopic -
3.16.0-76.98~14.04.1

---
linux-lts-utopic (3.16.0-76.98~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
- LP: #1596019

  [ Upstream Kernel Changes ]

  * netfilter: x_tables: validate e->target_offset early
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: make sure e->next_offset covers remaining blob
size
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: fix unconditional helper
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: don't move to non-existent next rule
- LP: #1595350
  * netfilter: x_tables: validate targets of jumps
- LP: #1595350
  * netfilter: x_tables: add and use xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: kill check_entry helper
- LP: #1595350
  * netfilter: x_tables: assert minimum target size
- LP: #1595350
  * netfilter: x_tables: add compat version of xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: check standard target size too
- LP: #1595350
  * netfilter: x_tables: check for bogus target offset
- LP: #1595350
  * netfilter: x_tables: validate all offsets and sizes in a rule
- LP: #1595350
  * netfilter: x_tables: don't reject valid target size on some
architectures
- LP: #1595350
  * netfilter: arp_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip6_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
- LP: #1595350
  * netfilter: x_tables: do compat validation via translate_table
- LP: #1595350
  * netfilter: x_tables: introduce and use xt_copy_counters_from_user
- LP: #1595350

linux-lts-utopic (3.16.0-75.97~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1595703

  [ Serge Hallyn ]

  * SAUCE: add a sysctl to disable unprivileged user namespace unsharing
- LP: #1555338, #1595350

linux-lts-utopic (3.16.0-74.96~14.04.1) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1591324

  [ Kamal Mostafa ]

  * [debian] getabis: Only git add $abidir if running in local repo
- LP: #1584890
  * [debian] getabis: Fix inconsistent compiler versions check
- LP: #1584890

  [ Tim Gardner ]

  * [Config] Remove arc4 from nic-modules
- LP: #1582991

  [ Upstream Kernel Changes ]

  * Revert "usb: hub: do not clear BOS field during reset device"
- LP: #1582864
  * mm/balloon_compaction: redesign ballooned pages management
- LP: #1572562
  * mm/balloon_compaction: fix deflation when compaction is disabled
- LP: #1572562
  * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
- LP: #1580379
- CVE-2016-4569
  * ALSA: timer: Fix leak in events via snd_timer_user_ccallback
- LP: #1581866
- CVE-2016-4578
  * ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
- LP: #1581866
- CVE-2016-4578
  * net: fix a kernel infoleak in x25 module
- LP: #1585366
- CVE-2016-4580
  * get_rock_ridge_filename(): handle malformed NM entries
- LP: #1583962
- CVE-2016-4913
  * netfilter: Set /proc/net entries owner to root in namespace
- LP: #1584953
  * USB: usbfs: fix potential infoleak in devio
- LP: #1578493
- CVE-2016-4482
  * IB/security: Restrict use of the write() interface
- LP: #1580372
- CVE-2016-4565

 -- Luis Henriques   Fri, 24 Jun 2016
17:17:07 +0100

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Released
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Released
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save;

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-27 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 3.19.0-64.72

---
linux (3.19.0-64.72) vivid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
- LP: #1595976

  [ Upstream Kernel Changes ]

  * netfilter: x_tables: validate e->target_offset early
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: make sure e->next_offset covers remaining blob
size
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: fix unconditional helper
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: don't move to non-existent next rule
- LP: #1595350
  * netfilter: x_tables: validate targets of jumps
- LP: #1595350
  * netfilter: x_tables: add and use xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: kill check_entry helper
- LP: #1595350
  * netfilter: x_tables: assert minimum target size
- LP: #1595350
  * netfilter: x_tables: add compat version of xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: check standard target size too
- LP: #1595350
  * netfilter: x_tables: check for bogus target offset
- LP: #1595350
  * netfilter: x_tables: validate all offsets and sizes in a rule
- LP: #1595350
  * netfilter: x_tables: don't reject valid target size on some
architectures
- LP: #1595350
  * netfilter: arp_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip6_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
- LP: #1595350
  * netfilter: x_tables: do compat validation via translate_table
- LP: #1595350
  * netfilter: x_tables: introduce and use xt_copy_counters_from_user
- LP: #1595350

linux (3.19.0-63.71) vivid; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1595723

  [ Serge Hallyn ]

  * SAUCE: add a sysctl to disable unprivileged user namespace unsharing
- LP: #1555338, #1595350

linux (3.19.0-62.70) vivid; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1591307

  [ Kamal Mostafa ]

  * [debian] getabis: Only git add $abidir if running in local repo
- LP: #1584890
  * [debian] getabis: Fix inconsistent compiler versions check
- LP: #1584890

  [ Tim Gardner ]

  * [Config] Remove arc4 from nic-modules
- LP: #1582991

  [ Upstream Kernel Changes ]

  * Revert "usb: hub: do not clear BOS field during reset device"
- LP: #1582864
  * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
- LP: #1580379
- CVE-2016-4569
  * ALSA: timer: Fix leak in events via snd_timer_user_ccallback
- LP: #1581866
- CVE-2016-4578
  * ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
- LP: #1581866
- CVE-2016-4578
  * net: fix a kernel infoleak in x25 module
- LP: #1585366
- CVE-2016-4580
  * get_rock_ridge_filename(): handle malformed NM entries
- LP: #1583962
- CVE-2016-4913
  * tipc: check nl sock before parsing nested attributes
- LP: #1585365
- CVE-2016-4951
  * netfilter: Set /proc/net entries owner to root in namespace
- LP: #1584953
  * USB: usbfs: fix potential infoleak in devio
- LP: #1578493
- CVE-2016-4482
  * USB: leave LPM alone if possible when binding/unbinding interface
drivers
- LP: #1577024
  * compiler-gcc: integrate the various compiler-gcc[345].h files
- LP: #1587557
  * fix backport "IB/security: restrict use of the write() interface"
- LP: #1587557
  * x86: LLVMLinux: Fix "incomplete type const struct x86cpu_device_id"
- LP: #1587557
  * regulator: s2mps11: Fix invalid selector mask and voltages for buck9
- LP: #1587557
  * regmap: spmi: Fix regmap_spmi_ext_read in multi-byte case
- LP: #1587557
  * atomic_open(): fix the handling of create_error
- LP: #1587557
  * crypto: hash - Fix page length clamping in hash walk
- LP: #1587557
  * drm/radeon: fix PLL sharing on DCE6.1 (v2)
- LP: #1587557
  * ALSA: hda - Fix white noise on Asus UX501VW headset
- LP: #1587557
  * Input: max8997-haptic - fix NULL pointer dereference
- LP: #1587557
  * drm/i915: Bail out of pipe config compute loop on LPT
- LP: #1587557
  * ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
- LP: #1587557
  * tools lib traceevent: Free filter tokens in process_filter()
- LP: #1587557
  * tools lib traceevent: Do not reassign parg after collapse_tree()
- LP: #1587557
  * workqueue: fix rebind bound workers warning
- LP: #1587557
  * ocfs2: fix posix_acl_create deadlock
- LP: #1587557
  * nf_conntrack: avoid kernel pointer value leak in slab name
- LP: #1587557
  * net: fec: only clear a queue's work bit if the queue was emptied
- LP: #1587557
  * net/mlx4_en: Fix endianness bug in IPV6 csum calculation
- LP: #1587557
  * macvtap: segmented packet is consumed
- LP: #1587557
  * tcp: refresh skb timestamp at

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-27 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.2.0-41.48

---
linux (4.2.0-41.48) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
- LP: #1595914

  [ Upstream Kernel Changes ]

  * netfilter: x_tables: validate e->target_offset early
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: make sure e->next_offset covers remaining blob
size
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: fix unconditional helper
- LP: #1555338
- CVE-2016-3134
  * netfilter: x_tables: don't move to non-existent next rule
- LP: #1595350
  * netfilter: x_tables: validate targets of jumps
- LP: #1595350
  * netfilter: x_tables: add and use xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: kill check_entry helper
- LP: #1595350
  * netfilter: x_tables: assert minimum target size
- LP: #1595350
  * netfilter: x_tables: add compat version of xt_check_entry_offsets
- LP: #1595350
  * netfilter: x_tables: check standard target size too
- LP: #1595350
  * netfilter: x_tables: check for bogus target offset
- LP: #1595350
  * netfilter: x_tables: validate all offsets and sizes in a rule
- LP: #1595350
  * netfilter: x_tables: don't reject valid target size on some
architectures
- LP: #1595350
  * netfilter: arp_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: ip6_tables: simplify translate_compat_table args
- LP: #1595350
  * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
- LP: #1595350
  * netfilter: x_tables: do compat validation via translate_table
- LP: #1595350
  * netfilter: x_tables: introduce and use xt_copy_counters_from_user
- LP: #1595350

linux (4.2.0-40.47) wily; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1595725

  [ Serge Hallyn ]

  * SAUCE: add a sysctl to disable unprivileged user namespace unsharing
- LP: #1555338, #1595350

linux (4.2.0-39.46) wily; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1591301

  [ J. R. Okajima ]

  * SAUCE: AUFS: mm/mmap: fix oopsing on remap_file_pages aufs mmap:
bugfix, mainly for linux-4.5-rc5, remap_file_pages(2) emulation
- LP: #1558120

  [ Kamal Mostafa ]

  * [debian] getabis: Only git add $abidir if running in local repo
- LP: #1584890
  * [debian] getabis: Fix inconsistent compiler versions check
- LP: #1584890

  [ Tim Gardner ]

  * Revert "SAUCE: mm/mmap: fix oopsing on remap_file_pages"
- LP: #1558120
  * [Config] Remove arc4 from nic-modules
- LP: #1582991

  [ Upstream Kernel Changes ]

  * Revert "usb: hub: do not clear BOS field during reset device"
- LP: #1582864
  * hpsa: move lockup_detected attribute to host attr
- LP: #1581169
  * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
- LP: #1580379
- CVE-2016-4569
  * ALSA: timer: Fix leak in events via snd_timer_user_ccallback
- LP: #1581866
- CVE-2016-4578
  * ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
- LP: #1581866
- CVE-2016-4578
  * net: fix a kernel infoleak in x25 module
- LP: #1585366
- CVE-2016-4580
  * get_rock_ridge_filename(): handle malformed NM entries
- LP: #1583962
- CVE-2016-4913
  * tipc: check nl sock before parsing nested attributes
- LP: #1585365
- CVE-2016-4951
  * netfilter: Set /proc/net entries owner to root in namespace
- LP: #1584953
  * USB: usbfs: fix potential infoleak in devio
- LP: #1578493
- CVE-2016-4482
  * USB: leave LPM alone if possible when binding/unbinding interface
drivers
- LP: #1577024
  * [4.2-stable only] fix backport "IB/security: restrict use of the
write() interface"
- LP: #1586447
  * regulator: s2mps11: Fix invalid selector mask and voltages for buck9
- LP: #1586447
  * regmap: spmi: Fix regmap_spmi_ext_read in multi-byte case
- LP: #1586447
  * ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)
- LP: #1586447
  * atomic_open(): fix the handling of create_error
- LP: #1586447
  * drm/i915/bdw: Add missing delay during L3 SQC credit programming
- LP: #1586447
  * crypto: hash - Fix page length clamping in hash walk
- LP: #1586447
  * drm/radeon: fix DP link training issue with second 4K monitor
- LP: #1586447
  * drm/radeon: fix PLL sharing on DCE6.1 (v2)
- LP: #1586447
  * ALSA: hda - Fix white noise on Asus UX501VW headset
- LP: #1586447
  * Input: max8997-haptic - fix NULL pointer dereference
- LP: #1586447
  * drm/i915: Bail out of pipe config compute loop on LPT
- LP: #1586447
  * ALSA: hda - Fix broken reconfig
- LP: #1586447
  * ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
- LP: #1586447
  * vfs: add vfs_select_inode() helper
- LP: #1586447
  * vfs: rename: check backing inode being equal
- LP: #1586447
  * ALSA: usb-audio: Yet

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-27 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.4.0-28.47

---
linux (4.4.0-28.47) xenial; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
- LP: #1595874

  * Linux netfilter local privilege escalation issues (LP: #1595350)
- netfilter: x_tables: don't move to non-existent next rule
- netfilter: x_tables: validate targets of jumps
- netfilter: x_tables: add and use xt_check_entry_offsets
- netfilter: x_tables: kill check_entry helper
- netfilter: x_tables: assert minimum target size
- netfilter: x_tables: add compat version of xt_check_entry_offsets
- netfilter: x_tables: check standard target size too
- netfilter: x_tables: check for bogus target offset
- netfilter: x_tables: validate all offsets and sizes in a rule
- netfilter: x_tables: don't reject valid target size on some architectures
- netfilter: arp_tables: simplify translate_compat_table args
- netfilter: ip_tables: simplify translate_compat_table args
- netfilter: ip6_tables: simplify translate_compat_table args
- netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
- netfilter: x_tables: do compat validation via translate_table
- netfilter: x_tables: introduce and use xt_copy_counters_from_user

  * Linux netfilter IPT_SO_SET_REPLACE memory corruption (LP: #1555338)
- netfilter: x_tables: validate e->target_offset early
- netfilter: x_tables: make sure e->next_offset covers remaining blob size
- netfilter: x_tables: fix unconditional helper

linux (4.4.0-27.46) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1594906

  * Support Edge Gateway's Bluetooth LED (LP: #1512999)
- Revert "UBUNTU: SAUCE: Bluetooth: Support for LED on Marvell modules"

linux (4.4.0-26.45) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1594442

  * linux: Implement secure boot state variables (LP: #1593075)
- SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl

  * failures building userspace packages that include ethtool.h (LP: #1592930)
- ethtool.h: define INT_MAX for userland

linux (4.4.0-25.44) xenial; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
- LP: #1591289

  * Xenial update to v4.4.13 stable release (LP: #1590455)
- MIPS64: R6: R2 emulation bugfix
- MIPS: math-emu: Fix jalr emulation when rd == $0
- MIPS: MSA: Fix a link error on `_init_msa_upper' with older GCC
- MIPS: Don't unwind to user mode with EVA
- MIPS: Avoid using unwind_stack() with usermode
- MIPS: Fix siginfo.h to use strict posix types
- MIPS: Fix uapi include in exported asm/siginfo.h
- MIPS: Fix watchpoint restoration
- MIPS: Flush highmem pages in __flush_dcache_page
- MIPS: Handle highmem pages in __update_cache
- MIPS: Sync icache & dcache in set_pte_at
- MIPS: ath79: make bootconsole wait for both THRE and TEMT
- MIPS: Reserve nosave data for hibernation
- MIPS: Loongson-3: Reserve 32MB for RS780E integrated GPU
- MIPS: Use copy_s.fmt rather than copy_u.fmt
- MIPS: Fix MSA ld_*/st_* asm macros to use PTR_ADDU
- MIPS: Prevent "restoration" of MSA context in non-MSA kernels
- MIPS: Disable preemption during prctl(PR_SET_FP_MODE, ...)
- MIPS: ptrace: Fix FP context restoration FCSR regression
- MIPS: ptrace: Prevent writes to read-only FCSR bits
- MIPS: Fix sigreturn via VDSO on microMIPS kernel
- MIPS: Build microMIPS VDSO for microMIPS kernels
- MIPS: lib: Mark intrinsics notrace
- MIPS: VDSO: Build with `-fno-strict-aliasing'
- affs: fix remount failure when there are no options changed
- ASoC: ak4642: Enable cache usage to fix crashes on resume
- Input: uinput - handle compat ioctl for UI_SET_PHYS
- ARM: mvebu: fix GPIO config on the Linksys boards
- ARM: dts: at91: fix typo in sama5d2 PIN_PD24 description
- ARM: dts: exynos: Add interrupt line to MAX8997 PMIC on exynos4210-trats
- ARM: dts: imx35: restore existing used clock enumeration
- ath9k: Add a module parameter to invert LED polarity.
- ath9k: Fix LED polarity for some Mini PCI AR9220 MB92 cards.
- ath10k: fix debugfs pktlog_filter write
- ath10k: fix firmware assert in monitor mode
- ath10k: fix rx_channel during hw reconfigure
- ath10k: fix kernel panic, move arvifs list head init before htt init
- ath5k: Change led pin configuration for compaq c700 laptop
- hwrng: exynos - Fix unbalanced PM runtime put on timeout error path
- rtlwifi: rtl8723be: Add antenna select module parameter
- rtlwifi: btcoexist: Implement antenna selection
- rtlwifi: Fix logic error in enter/exit power-save mode
- rtlwifi: pci: use dev_kfree_skb_irq instead of kfree_skb in
  rtl_pci_reset_trx_ring
- aacraid: Relinquish CPU during timeout wait
- aacraid: Fix for aac_command_thread hang
- aacraid: Fix for KDUMP driver hang
- hwmon: (ads7828) Enable

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-21 Thread Seth Forshee

Verified proposed kernels for wily/vivid using test script.

** Tags removed: verification-needed-vivid verification-needed-wily
** Tags added: verification-done-vivid verification-done-wily

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-21 Thread Philipp Gassmann

** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-20 Thread Philipp Gassmann

verification-done-xenial:

root@lxd1:~# lxc exec test2 -- bash
root@test2:~# iptables-save 
# Generated by iptables-save v1.6.0 on Mon Jun 20 09:11:56 2016
*filter
:INPUT ACCEPT [131:12129]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [125:]
COMMIT
# Completed on Mon Jun 20 09:11:56 2016
# Generated by iptables-save v1.6.0 on Mon Jun 20 09:11:56 2016
*nat
:PREROUTING ACCEPT [3:1015]
:INPUT ACCEPT [1:328]
:OUTPUT ACCEPT [60:4035]
:POSTROUTING ACCEPT [60:4035]
COMMIT
# Completed on Mon Jun 20 09:11:56 2016
# Generated by iptables-save v1.6.0 on Mon Jun 20 09:11:56 2016
*mangle
:PREROUTING ACCEPT [133:12816]
:INPUT ACCEPT [131:12129]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [125:]
:POSTROUTING ACCEPT [125:]
COMMIT
# Completed on Mon Jun 20 09:11:56 2016
root@test2:~# uname -a
Linux test2 4.4.0-25-generic #44-Ubuntu SMP Fri Jun 10 18:19:48 UTC 2016 x86_64 
x86_64 x86_64 GNU/Linux


** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-14 Thread Kamal Mostafa

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
wily' to 'verification-done-wily'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-xenial

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-14 Thread Kamal Mostafa

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-14 Thread Kamal Mostafa

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
vivid' to 'verification-done-vivid'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-wily

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-06-14 Thread Kamal Mostafa

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-trusty

** Tags added: verification-needed-vivid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-05-25 Thread Kamal Mostafa

** Changed in: linux (Ubuntu Trusty)
   Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Vivid)
   Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Wily)
   Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Xenial)
   Status: In Progress => Fix Committed

** Changed in: linux-lts-utopic (Ubuntu Trusty)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Committed
Status in linux-lts-utopic source package in Trusty:
  Fix Committed
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-05-24 Thread Seth Forshee

** Description changed:

+ SRU Justification
+ 
+ Impact: iptables-save fails in lxd containers due to the ownership of
+ /proc/net/ip_tables_names. This command is needed to manage firewalls in
+ containers using Puppet.
+ 
+ Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
+ ("netfilter: Set /proc/net entries owner to root in namespace") which
+ sets ownership for /proc/net files to root in the user ns which owns the
+ net ns.
+ 
+ Test Case: Script attached to this bug report. Before the fix no output
+ will be seen from iptables-save; after the fix it will output the
+ iptables rules.
+ 
+ ---
+ 
  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4 for
  xenial and if possible to lts kernel for 14.04
  
  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881
  
  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013
  
  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version 2.0.1,
  currently in xenial-proposed.
  
  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably other
  configuration management systems. And to use iptables-save manually

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  In Progress
Status in linux-lts-utopic source package in Trusty:
  In Progress
Status in linux source package in Vivid:
  In Progress
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  In Progress
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  In Progress
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-05-24 Thread Seth Forshee

Attaching script to reproduce based on
https://github.com/lxc/lxd/issues/1978.

Using this script I've confirmed the fix works in all supported kernels
since trusty, so I'll move forward with submitting the fix for SRU.

** Attachment added: "iptables-test.sh"
   
https://bugs.launchpad.net/ubuntu/xenial/+source/linux/+bug/1584953/+attachment/4669432/+files/iptables-test.sh

** Also affects: linux (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: linux-lts-utopic (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: linux-lts-utopic (Ubuntu)
   Status: New => Invalid

** Changed in: linux-lts-utopic (Ubuntu Vivid)
   Status: New => Invalid

** Changed in: linux-lts-utopic (Ubuntu Wily)
   Status: New => Invalid

** Changed in: linux-lts-utopic (Ubuntu Xenial)
   Status: New => Invalid

** Changed in: linux-lts-utopic (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: linux-lts-utopic (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: linux-lts-utopic (Ubuntu Trusty)
 Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: linux (Ubuntu Trusty)
 Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux (Ubuntu Vivid)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Vivid)
   Status: New => In Progress

** Changed in: linux (Ubuntu Vivid)
 Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux (Ubuntu Wily)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Wily)
   Status: New => In Progress

** Changed in: linux (Ubuntu Wily)
 Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux (Ubuntu Xenial)
   Status: Incomplete => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  In Progress
Status in linux-lts-utopic source package in Trusty:
  In Progress
Status in linux source package in Vivid:
  In Progress
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  In Progress
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux source package in Xenial:
  In Progress
Status in linux-lts-utopic source package in Xenial:
  Invalid

Bug description:
  SRU Justification

  Impact: iptables-save fails in lxd containers due to the ownership of
  /proc/net/ip_tables_names. This command is needed to manage firewalls
  in containers using Puppet.

  Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881
  ("netfilter: Set /proc/net entries owner to root in namespace") which
  sets ownership for /proc/net files to root in the user ns which owns
  the net ns.

  Test Case: Script attached to this bug report. Before the fix no
  output will be seen from iptables-save; after the fix it will output
  the iptables rules.

  ---

  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-05-23 Thread Seth Forshee

I posted a test build with the backport at the link below. Please test
and verify that the issue is fixed in this build. Thanks!

http://people.canonical.com/~sforshee/lp1584953/

** Changed in: linux (Ubuntu Xenial)
   Status: In Progress => Incomplete

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Incomplete

Bug description:
  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-05-23 Thread Seth Forshee

Fix is already present in yakkety unstable. Marking devleopment task
fixed.

** Changed in: linux (Ubuntu Xenial)
   Status: Confirmed => In Progress

** Changed in: linux (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress

Bug description:
  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

2016-05-23 Thread Seth Forshee

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu)
   Status: New => Confirmed

** Changed in: linux (Ubuntu)
 Assignee: (unassigned) => Seth Forshee (sforshee)

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => Seth Forshee (sforshee)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1584953

Title:
  backport fix for /proc/net issues with containers

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Xenial:
  Confirmed

Bug description:
  Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4
  for xenial and if possible to lts kernel for 14.04

  Change upstream:
  netfilter: Set /proc/net entries owner to root in namespace
  
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881

  This is the Kernel-side part of the fix for "iptables-save does not work 
inside lxd containers"
  https://github.com/lxc/lxd/issues/1978#issuecomment-220998013

  The necessary changes in lxc landed in lxc/lxd
  https://github.com/lxc/lxc/pull/1014 and is available in version
  2.0.1, currently in xenial-proposed.

  It would be great if this would be backported asap. As it allows to
  manage the firewall within lxd instances using Puppet and probably
  other configuration management systems. And to use iptables-save
  manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584953/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

[Kernel-packages] [Bug 1584953] Re: backport fix for /proc/net issues with containers

18 matches

Site Navigation

Mail list logo

Footer information