[Kernel-packages] [Bug 1823862] Re: disco: unable to enable ufw under -virtual kernel
Marking the ufw task as Invalid. The kernel doesn't have what is needed to run iptables. ** Changed in: ufw (Ubuntu) Status: New => Invalid ** Changed in: ufw (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1823862 Title: disco: unable to enable ufw under -virtual kernel Status in linux package in Ubuntu: Incomplete Status in ufw package in Ubuntu: Invalid Bug description: Fresh install of disco: $ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ERROR: problem running ufw-init iptables-restore v1.6.1: Can't set policy `DROP' on `INPUT' line 3: Bad built-in chain name iptables-restore: line 22 failed iptables-restore: line 2 failed iptables-restore v1.6.1: Couldn't load target `ufw-logging-deny':No such file or directory Error occurred at line: 30 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.6.1: Couldn't load target `ufw-skip-to-policy-input':No such file or directory Error occurred at line: 19 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.6.1: Couldn't load target `ufw-user-input':No such file or directory Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Problem running '/etc/ufw/before.rules' Problem running '/etc/ufw/after.rules' ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: ufw 0.36-1ubuntu1 ProcVersionSignature: Ubuntu 5.0.0-8.9-generic 5.0.1 Uname: Linux 5.0.0-8-generic x86_64 ApportVersion: 2.20.10-0ubuntu26 Architecture: amd64 Date: Tue Apr 9 08:49:59 2019 Ec2AMI: ami-04cf Ec2AMIManifest: FIXME Ec2AvailabilityZone: nova Ec2InstanceType: m1.blue Ec2Kernel: unavailable Ec2Ramdisk: unavailable PackageArchitecture: all ProcEnviron: TERM=screen-256color PATH=(custom, no user) LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: ufw UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.ufw: 2019-04-09T08:48:31.371301 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823862/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1823862] Re: disco: unable to enable ufw under -virtual kernel
I can confirm that without linux-modules-extra-*, iptables is broken. Reduced test case: $ sudo iptables -L -n iptables: No chain/target/match by that name. Full test case: $ sudo /usr/share/ufw/check-requirements -f ... ERROR: could not create 'ufw-check-requirements'. Aborting FAIL: check your kernel and that you have iptables >= 1.4.0 Perhaps the above should be added to image smoke tests? ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Summary changed: - disco: unable to enable ufw under -virtual kernel + disco: unable to use iptables/enable ufw under -virtual kernel -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1823862 Title: disco: unable to use iptables/enable ufw under -virtual kernel Status in linux package in Ubuntu: Confirmed Status in ufw package in Ubuntu: Invalid Bug description: Fresh install of disco: $ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ERROR: problem running ufw-init iptables-restore v1.6.1: Can't set policy `DROP' on `INPUT' line 3: Bad built-in chain name iptables-restore: line 22 failed iptables-restore: line 2 failed iptables-restore v1.6.1: Couldn't load target `ufw-logging-deny':No such file or directory Error occurred at line: 30 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.6.1: Couldn't load target `ufw-skip-to-policy-input':No such file or directory Error occurred at line: 19 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.6.1: Couldn't load target `ufw-user-input':No such file or directory Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Problem running '/etc/ufw/before.rules' Problem running '/etc/ufw/after.rules' ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: ufw 0.36-1ubuntu1 ProcVersionSignature: Ubuntu 5.0.0-8.9-generic 5.0.1 Uname: Linux 5.0.0-8-generic x86_64 ApportVersion: 2.20.10-0ubuntu26 Architecture: amd64 Date: Tue Apr 9 08:49:59 2019 Ec2AMI: ami-04cf Ec2AMIManifest: FIXME Ec2AvailabilityZone: nova Ec2InstanceType: m1.blue Ec2Kernel: unavailable Ec2Ramdisk: unavailable PackageArchitecture: all ProcEnviron: TERM=screen-256color PATH=(custom, no user) LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: ufw UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.ufw: 2019-04-09T08:48:31.371301 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823862/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1820114] Re: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem
FYI, I saw this when looking at https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823862. In the other bug, the reporter say a different error message, but I saw 'iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem'. If those in this bug do not have linux-modules- extra-5.0.0-8-generic installed, then this is a dupe of the other bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1820114 Title: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Status in iptables package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Bug description: I hit this error on disco: ``` $ free -h totalusedfree shared buff/cache available Mem: 478Mi98Mi 311Mi 0.0Ki68Mi 366Mi Swap:0B 0B 0B $ sudo iptables -S iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Perhaps iptables or your kernel needs to be upgraded. ``` ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: iptables 1.6.1-2ubuntu3 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Uname: Linux 5.0.0-7-generic x86_64 ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 Date: Thu Mar 14 19:16:15 2019 SourcePackage: iptables UpgradeStatus: No upgrade log present (probably fresh install) --- ProblemType: Bug ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 DistroRelease: Ubuntu 19.04 Package: linux PackageArchitecture: amd64 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Tags: disco uec-images Uname: Linux 5.0.0-7-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dialout dip floppy netdev plugdev sudo video _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1820114/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1820114] Re: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem
To be clear, when I installed linux-modules-extra-5.0.0-8-generic, I no longer saw this error message. Of course, it might not strictly be a duplicate, but I'll let the kernel team figure that out. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1820114 Title: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Status in iptables package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Bug description: I hit this error on disco: ``` $ free -h totalusedfree shared buff/cache available Mem: 478Mi98Mi 311Mi 0.0Ki68Mi 366Mi Swap:0B 0B 0B $ sudo iptables -S iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Perhaps iptables or your kernel needs to be upgraded. ``` ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: iptables 1.6.1-2ubuntu3 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Uname: Linux 5.0.0-7-generic x86_64 ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 Date: Thu Mar 14 19:16:15 2019 SourcePackage: iptables UpgradeStatus: No upgrade log present (probably fresh install) --- ProblemType: Bug ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 DistroRelease: Ubuntu 19.04 Package: linux PackageArchitecture: amd64 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Tags: disco uec-images Uname: Linux 5.0.0-7-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dialout dip floppy netdev plugdev sudo video _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1820114/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers
The following will reproduce the issue in a disco VM with disco LXD
container:
Initial setup:
1. have an up to date disco vm
$ cat /proc/version_signature
Ubuntu 5.0.0-11.12-generic 5.0.6
2. sudo snap install lxd
3. sudo adduser `id -un` lxd
4. newgrp lxd
5. sudo lxd init # use defaults
6. . /etc/profile.d/apps-bin-path.sh
After this note the SFS_MOUNTPOINT bug:
1. lxc launch ubuntu-daily:d d-testapparmor
2. lxc exec d-testapparmor /lib/apparmor/apparmor.systemd reload
3. fix /lib/apparmor/rc.apparmor.functions to define
SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}" at the top of
is_container_with_internal_policy(). Ie lxc exec d-testapparmor vi
/lib/apparmor/rc.apparmor.functions
4. lxc exec d-testapparmor -- sh -x /lib/apparmor/apparmor.systemd reload #
notice apparmor_parser was called
At this point, these were called (as seen from the sh -x output, above):
/sbin/apparmor_parser --write-cache --replace -- /etc/apparmor.d
/sbin/apparmor_parser --write-cache --replace --
/var/lib/snapd/apparmor/profiles
but no profiles were loaded:
$ lxc exec d-testapparmor aa-status
Note weird parser error trying to load an individual profile:
$ lxc exec d-testapparmor -- apparmor_parser -r /etc/apparmor.d/sbin.dhclient
AppArmor parser error for /etc/apparmor.d/sbin.dhclient in
/etc/apparmor.d/tunables/home at line 25: Could not process include directory
'/etc/apparmor.d/tunables/home.d' in 'tunables/home.d'
Stopping and starting the container doesn't help:
$ lxc stop d-testapparmor
$ lxc start d-testapparmor
$ lxc exec d-testapparmor aa-status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Note, under 5.0.0-8.9 and with the SFS_MOUNTPOINT fix, the tunables error goes
away:
$ lxc exec d-testapparmor -- apparmor_parser -r /etc/apparmor.d/sbin.dhclient
$
and the profiles load on container start:
$ lxc exec d-testapparmor aa-status
apparmor module is loaded.
27 profiles are loaded.
27 profiles are in enforce mode.
/sbin/dhclient
/snap/core/6673/usr/lib/snapd/snap-confine
/snap/core/6673/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/tcpdump
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
snap-update-ns.core
snap-update-ns.lxd
snap.core.hook.configure
snap.lxd.activate
snap.lxd.benchmark
snap.lxd.buginfo
snap.lxd.check-kernel
snap.lxd.daemon
snap.lxd.hook.configure
snap.lxd.hook.install
snap.lxd.lxc
snap.lxd.lxd
snap.lxd.migrate
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
However, 5.0.0-11.12 has fixes for lxd and apparmor. This 11.12 also
starts using shiftfs. Very interestingly, if I create a container under
5.0.0-8.9, do the SFS_MOUNTPOINT fix and start it under 5.0.0-11.12,
then policy loads and everything seems fine; there are no shiftfs mounts
for that container:
$ lxc exec d-testapparmor -- grep shiftfs /proc/self/mountinfo
$
*but* if I create the container under 11.12, I see the problems and there are
shiftfs mounts:
$ lxc exec shiftfs-testapparmor -- grep shiftfs /proc/self/mountinfo
1042 443 0:78 / / rw,relatime - shiftfs
/var/snap/lxd/common/lxd/storage-pools/default/containers/shiftfs-testapparmor/rootfs
rw,passthrough=3
1067 1043 0:57 /shiftfs-testapparmor /dev/.lxd-mounts rw,relatime master:216 -
tmpfs tmpfs rw,size=100k,mode=711
1514 1042 0:78 /snap /snap rw,relatime shared:626 - shiftfs
/var/snap/lxd/common/lxd/storage-pools/default/containers/shiftfs-testapparmor/rootfs
rw,passthrough=3
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD containers
Status in AppArmor:
Triaged
Status in apparmor package in Ubuntu:
Triaged
Status in libvirt package in Ubuntu:
Invalid
Status in linux package in Ubuntu:
Confirmed
Bug description:
In LXD apparmor now skips starting.
Steps to reproduce:
1. start LXD container
$ lxc launch ubuntu-daily:d d-testapparmor
(disco to trigger the issue, cosmic as reference)
2. check the default profiles loaded
$ aa-status
=> This will in cosmic and u
[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers
Since the apparmor SFS_MOUNTPOINT change is small, I'll prepare an upload for that immediately. We may need another parser update for the other issue. ** Changed in: apparmor (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824812 Title: apparmor does not start in Disco LXD containers Status in AppArmor: Triaged Status in apparmor package in Ubuntu: In Progress Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Confirmed Bug description: In LXD apparmor now skips starting. Steps to reproduce: 1. start LXD container $ lxc launch ubuntu-daily:d d-testapparmor (disco to trigger the issue, cosmic as reference) 2. check the default profiles loaded $ aa-status => This will in cosmic and up to recently disco list plenty of profiles active even in the default install. Cosmic: 25 profiles are loaded. 25 profiles are in enforce mode. Disco: 15 profiles are loaded. 15 profiles are in enforce mode. All those 15 remaining are from snaps. The service of apparmor.service actually states that it refuses to start. $ systemctl status apparmor ... Apr 15 13:56:12 testkvm-disco-to apparmor.systemd[101]: Not starting AppArmor in container I can get those profiles (the default installed ones) loaded, for example: $ sudo apparmor_parser -r /etc/apparmor.d/sbin.dhclient makes it appear 22 profiles are in enforce mode. /sbin/dhclient I was wondering as in my case I found my guest with no (=0) profiles loaded. But as shown above after "apparmor_parser -r" and package install profiles seemed fine. Then the puzzle was solved, on package install they will call apparmor_parser via the dh_apparmor snippet and it is fine. To fully disable all of them: $ lxc stop $ lxc start $ lxc exec d-testapparmor aa-status apparmor module is loaded. 0 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 0 processes have profiles defined. 0 processes are in enforce mode. 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. That would match the service doing an early exit as shown in systemctl status output above. The package install or manual load works, but none are loaded by the service automatically e.g. on container restart. --- --- --- This bug started as: Migrations to Disco trigger "Unable to find security driver for model apparmor" This most likely is related to my KVM-in-LXD setup but it worked fine for years and I'd like to sort out what broke. I have migrated to Disco's qemu 3.1 already which makes me doubts generic issues in qemu 3.1 in general. The virt tests that run cross release work fine starting from X/B/C but all those chains fail at mirgating to Disco now with: $ lxc exec testkvm-cosmic-from -- virsh migrate --unsafe --live kvmguest-bionic-normal qemu+ssh://10.21.151.207/system error: unsupported configuration: Unable to find security driver for model apparmor I need to analyze what changed To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1824812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers
Uploaded 2.13.2-9ubuntu6 with the SFS_MOUNTPOINT change. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824812 Title: apparmor does not start in Disco LXD containers Status in AppArmor: Triaged Status in apparmor package in Ubuntu: In Progress Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Confirmed Bug description: In LXD apparmor now skips starting. Steps to reproduce: 1. start LXD container $ lxc launch ubuntu-daily:d d-testapparmor (disco to trigger the issue, cosmic as reference) 2. check the default profiles loaded $ aa-status => This will in cosmic and up to recently disco list plenty of profiles active even in the default install. Cosmic: 25 profiles are loaded. 25 profiles are in enforce mode. Disco: 15 profiles are loaded. 15 profiles are in enforce mode. All those 15 remaining are from snaps. The service of apparmor.service actually states that it refuses to start. $ systemctl status apparmor ... Apr 15 13:56:12 testkvm-disco-to apparmor.systemd[101]: Not starting AppArmor in container I can get those profiles (the default installed ones) loaded, for example: $ sudo apparmor_parser -r /etc/apparmor.d/sbin.dhclient makes it appear 22 profiles are in enforce mode. /sbin/dhclient I was wondering as in my case I found my guest with no (=0) profiles loaded. But as shown above after "apparmor_parser -r" and package install profiles seemed fine. Then the puzzle was solved, on package install they will call apparmor_parser via the dh_apparmor snippet and it is fine. To fully disable all of them: $ lxc stop $ lxc start $ lxc exec d-testapparmor aa-status apparmor module is loaded. 0 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 0 processes have profiles defined. 0 processes are in enforce mode. 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. That would match the service doing an early exit as shown in systemctl status output above. The package install or manual load works, but none are loaded by the service automatically e.g. on container restart. --- --- --- This bug started as: Migrations to Disco trigger "Unable to find security driver for model apparmor" This most likely is related to my KVM-in-LXD setup but it worked fine for years and I'd like to sort out what broke. I have migrated to Disco's qemu 3.1 already which makes me doubts generic issues in qemu 3.1 in general. The virt tests that run cross release work fine starting from X/B/C but all those chains fail at mirgating to Disco now with: $ lxc exec testkvm-cosmic-from -- virsh migrate --unsafe --live kvmguest-bionic-normal qemu+ssh://10.21.151.207/system error: unsupported configuration: Unable to find security driver for model apparmor I need to analyze what changed To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1824812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated
** Changed in: ufw (Ubuntu) Status: New => Triaged ** Changed in: ufw (Ubuntu) Importance: Undecided => Medium ** Changed in: ufw (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1556419 Title: nf_conntrack: automatic helper assignment is deprecated Status in iptables package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in ufw package in Ubuntu: Triaged Bug description: Get this logged into journalctl (since a moment): kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-13-generic 4.4.0-13.29 ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5 Uname: Linux 4.4.0-13-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: oem1942 F pulseaudio /dev/snd/pcmC0D0p: oem1942 F...m pulseaudio /dev/snd/controlC0: oem1942 F pulseaudio CurrentDesktop: GNOME Date: Sat Mar 12 14:52:09 2016 HibernationDevice: RESUME=UUID=0a9ca7f0-6eeb-4b21-b70f-670fa600de16 IwConfig: eth0 no wireless extensions. eth1 no wireless extensions. lono wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 046d:c062 Logitech, Inc. M-UAS144 [LS1 Laser Mouse] Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=7c755ed6-51cc-4b75-88ac-9c75acf82749 ro RelatedPackageVersions: linux-restricted-modules-4.4.0-13-generic N/A linux-backports-modules-4.4.0-13-generic N/A linux-firmware1.156 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/22/2010 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: To Be Filled By O.E.M. dmi.board.name: P5W DH Deluxe dmi.board.vendor: ASUSTeK Computer INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Asset-1234567890 dmi.chassis.type: 3 dmi.chassis.vendor: Chassis Manufacture dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: dmi.product.name: P5W DH Deluxe dmi.product.version: System Version dmi.sys.vendor: ASUSTEK COMPUTER INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1658219] Re: flock not mediated by 'k'
After discussing with Field, snapd, kernel and the security team, this
will break existing Ubuntu Core devices that use the 4.4 kernel and the
network-manager snap in the default channel (per reporter, the 1.10
channel is unaffected). Therefore, the 4.4 kernels snaps that include
this change (ie, 4.4.0-160.188 based) must not be promoted to stable at
this time.
The snapd team is investigating an idea to gate the kernel snap refresh
on snapd 2.41 (ie, that has the updated policy) and should know more
tomorrow. If it works, we'll coordinate with the kernel team for any
necessary changes.
While this change may still be suitable for the Ubuntu archive, I'm
marking it as verification-failed-xenial for now to ensure that
automated processes don't promote 4.4.0-160.188 to stable without
coordination.
** Tags removed: verification-done-xenial
** Tags added: verification-failed-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Won't Fix
Bug description:
$ cat ./apparmor.profile
#include
profile test {
#include
/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,
}
$ sudo apparmor_parser -r ./apparmor.profile
$ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
yes
$ ls -l /tmp/test.lock
-rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock
The flock command uses flock(LOCK_EX) and I expected it to be blocked
due to the lack of 'k'.
apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
kernel on amd64.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1820114] Re: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem
FYI, I cannot reproduce this with even less memory: $ iptables --version iptables v1.6.1 $ free totalusedfree shared buff/cache available Mem: 265712 114824 667441024 84144 36024 Swap: 0 0 0 $ cat /proc/version_signature Ubuntu 5.0.0-7.8-generic 5.0.0 $ sudo iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1820114 Title: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Status in iptables package in Ubuntu: Incomplete Status in linux package in Ubuntu: Confirmed Bug description: I hit this error on disco: ``` $ free -h totalusedfree shared buff/cache available Mem: 478Mi98Mi 311Mi 0.0Ki68Mi 366Mi Swap:0B 0B 0B $ sudo iptables -S iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Perhaps iptables or your kernel needs to be upgraded. ``` ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: iptables 1.6.1-2ubuntu3 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Uname: Linux 5.0.0-7-generic x86_64 ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 Date: Thu Mar 14 19:16:15 2019 SourcePackage: iptables UpgradeStatus: No upgrade log present (probably fresh install) --- ProblemType: Bug ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 DistroRelease: Ubuntu 19.04 Package: linux PackageArchitecture: amd64 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Tags: disco uec-images Uname: Linux 5.0.0-7-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dialout dip floppy netdev plugdev sudo video _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1820114/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1820114] Re: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem
Are there additional steps that need to occur? ** Changed in: iptables (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1820114 Title: iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Status in iptables package in Ubuntu: Incomplete Status in linux package in Ubuntu: Confirmed Bug description: I hit this error on disco: ``` $ free -h totalusedfree shared buff/cache available Mem: 478Mi98Mi 311Mi 0.0Ki68Mi 366Mi Swap:0B 0B 0B $ sudo iptables -S iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem Perhaps iptables or your kernel needs to be upgraded. ``` ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: iptables 1.6.1-2ubuntu3 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Uname: Linux 5.0.0-7-generic x86_64 ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 Date: Thu Mar 14 19:16:15 2019 SourcePackage: iptables UpgradeStatus: No upgrade log present (probably fresh install) --- ProblemType: Bug ApportVersion: 2.20.10-0ubuntu23 Architecture: amd64 DistroRelease: Ubuntu 19.04 Package: linux PackageArchitecture: amd64 ProcVersionSignature: User Name 5.0.0-7.8-generic 5.0.0 Tags: disco uec-images Uname: Linux 5.0.0-7-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dialout dip floppy netdev plugdev sudo video _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1820114/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1821625] Re: systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
FYI, please note that seccomp 2.4.1 was pushed to bionic in
https://usn.ubuntu.com/4001-1/ on 2019/05/30. It shouldn't affect this
bug report AFAICT because while the 2.4.1 Ubuntu packaging drops these
patches, the upstream commits for lp-1815415-arch-update-syscalls-for-
Linux-4.9.patch and lp-1815415-update-the-syscall-tables-to-4.10.patch
are both included in 2.4.1. Based on the 2.4.1 changelog, nothing else
was changed in this area, so 2.4.1 should be affected in the same way as
2.3.1-2.1ubuntu4.1.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1821625
Title:
systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-
seccomp)
Status in libseccomp package in Ubuntu:
Incomplete
Status in linux package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Invalid
Status in libseccomp source package in Bionic:
Incomplete
Status in linux source package in Bionic:
In Progress
Status in systemd source package in Bionic:
Invalid
Bug description:
Starting with systemd 237-3ubuntu10.14, the testcase test-seccomp is
failing on Bionic on ppc64el with the error messages:
Operating on architecture: ppc
Failed to add n/a() rule for architecture ppc, skipping: Bad address
Operating on architecture: ppc64
Failed to add n/a() rule for architecture ppc64, skipping: Bad address
Operating on architecture: ppc64-le
Failed to add n/a() rule for architecture ppc64-le, skipping: Numerical
argument out of domain
Assertion 'p == MAP_FAILED' failed at ../src/test/test-seccomp.c:413,
function test_memory_deny_write_execute_mmap(). Aborting.
memoryseccomp-mmap terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("memoryseccomp-mmap", pid, WAIT_LOG)
== EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:427, function
test_memory_deny_write_execute_mmap(). Aborting.
Aborted (core dumped)
FAIL: test-seccomp (code: 134)
Full logs at:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/ppc64el/s/systemd/20190302_025135_d0e38@/log.gz
The testcase passed with systemd version 237-3ubuntu10.13 running on the same
4.15.0-45 kernel on ppc64el:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/ppc64el/s/systemd/20190228_154406_6b12f@/log.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1821625/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1861359] Re: swap storms kills interactive use
This entry: * swap storms kills interactive use (LP: #1861359) - SAUCE: mm/page_alloc.c: disable memory reclaim watermark boosting by default closed this bug, but per latest comments, that isn't sufficient to address the issue. Putting back to Confirmed. ** Changed in: linux (Ubuntu Focal) Status: Fix Released => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1861359 Title: swap storms kills interactive use Status in linux package in Ubuntu: Confirmed Status in linux source package in Focal: Confirmed Bug description: [Impact] High watermark boosting can cause large swap activity under certain memory intensive workloads, making the system very unresponsive (screen does not refresh, keyboard not responding, etc.). This large swap activity seems to be prevented disabling high watermark boosting. [Test case] Opening this web page in chrome seems to be a good reproducer of the problem: https://platform.leolabs.space/visualizations/conjunction?type=conjunction&reportId=2004981040 When this page is opened we can clearly see from 'top' (for example) that the used swap is going up very quickly. With the fix applied swap is not used at all and the system is always responsive. [Fix] Set vm.watermark_boost_factor to 0, disabling watermark boosting by default. [Regression potential] Regression potential is minimal, setting vm.watermark_boost_factor to 0 by default restores the old kernel behavior before watermark boosting was introduced. In case of unexpected regressions we can always fix this in user-space via sysctl. [Original report] Hello, several times since upgrading to focal from 19.04 I've found my computer entirely unresponsive for periods of twenty or thirty seconds. No mouse movement, no keyboard input, the screen output does not change. My computer was using swap space and despite very slow writeout speeds well below what the NVME drive can handle, the computer was unusable. I've captured some vmstat 1 output and top output that I started collecting during the event. (Normally one very long painful period is followed by several shorter periods of uselessness.) Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-12-generic 5.4.0-12.15 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 Uname: Linux 5.4.0-12-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Wed Jan 29 23:44:05 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-5.4 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-12-generic. ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sarnold2734 F pulseaudio /dev/snd/controlC1: sarnold2734 F pulseaudio Card0.Amixer.info: Card hw:0 'PCH'/'HDA Intel PCH at 0x2fe1028000 irq 145' Mixer name : 'Realtek ALC285' Components : 'HDA:10ec0285,17aa225c,0012 HDA:8086280b,80860101,0010' Controls : 53 Simple ctrls : 15 Card1.Amixer.info: Card hw:1 'Audio'/'Generic ThinkPad Dock USB Audio at usb-:00:14.0-4.2.4, high speed' Mixer name : 'USB Mixer' Components : 'USB17ef:306f' Controls : 9 Simple ctrls : 4 DistroRelease: Ubuntu 20.04 HibernationDevice: RESUME=none IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' MachineType: LENOVO 20KHCTO1WW NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair Package: linux (not installed) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-12-generic root=ZFS=rpool/ROOT/ubuntu ro root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015" vt.handoff=1 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 RelatedPackageVersions: linux-restricted-modules-5.4.0-12-generic N/A linux-backports-modules-5.4.0-12-generic N/A linux-firmware1.185 Tags: focal Uname: Linux 5.4.0-12-generic x86_64 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) UserGroups: adm cdrom libvirt lpadmin plugdev sambashare sbuild sudo _MarkForUpload: True dmi.bios.date: 11/25/2019 dmi.bios.vendor: LENOVO dmi.bios.version: N23ET69W (1.44 ) dmi.board.asset.tag: Not Available dmi.board.name: 20KHCTO1WW dmi.board.vendor: LENOVO dmi.board.version: SDK0J40709 WIN dmi.chas
[Kernel-packages] [Bug 1868894] Re: [uc18] docker overlayfs* seems broken
I can't comment on the interaction of AppArmor and overlay with the
available information. I can say that we already have these rules:
const dockerSupportConnectedPlugAppArmorCore = `
# These accesses are necessary for Ubuntu Core 16 and 18, likely due to the
# version of apparmor or the kernel which doesn't resolve the upper layer of an
# overlayfs mount correctly the accesses show up as runc trying to read from
# /system-data/var/snap/docker/common/var-lib-docker/overlay2/$SHA/diff/
/system-data/var/snap/{@{SNAP_NAME},@{SNAP_INSTANCE_NAME}}/common/{,**/} rwl,
/system-data/var/snap/{@{SNAP_NAME},@{SNAP_INSTANCE_NAME}}/@{SNAP_REVISION}/{,**/}
rwl,
`
The denial of 'apparmor="DENIED" operation="open"
profile="snap.docker.dockerd" name="/system-data/var/snap/docker/common
/var-lib-
docker/overlay2/afce643d5ac2c31f46b8c867c35abea776166c6da199fab370c30af17d314fd7-init/diff/.dockerenv"
pid=2932 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0
ouid=0' doesn't match this though, because '.dockerenv' is a file, not a
directory. If I were to guess, I'd guess that perhaps the snap is
overlaying a file rather than a dir, but again, I don't know for sure.
It would be fine to adjust the policy to use this instead:
/system-data/var/snap/{@{SNAP_NAME},@{SNAP_INSTANCE_NAME}}/common/{,**} rwl,
/system-data/var/snap/{@{SNAP_NAME},@{SNAP_INSTANCE_NAME}}/@{SNAP_REVISION}/{,**}
rwl,
since the snap already has read/write access to these directories when
/system-data is not prepended. I've taken a todo to send up a PR for
this.
** Also affects: snapd
Importance: Undecided
Status: New
** Changed in: snapd
Status: New => Triaged
** Changed in: snapd
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi2 in Ubuntu.
https://bugs.launchpad.net/bugs/1868894
Title:
[uc18] docker overlayfs* seems broken
Status in snapd:
Triaged
Status in linux-raspi2 package in Ubuntu:
Confirmed
Status in linux-raspi2 source package in Bionic:
New
Bug description:
A customer recently reported that 'sudo docker run hello-world' fails
on a pi3 or pi4 running UC18. Looking at the journal, the failure
appears to be caused by an apparmor denial related docker's overlay2
storage driver. I've tried both the unified and the Pi3 specific UC18
images and both fail with the same error. The same command works fine
on other devices running UC18 (I've tested multipass+macOS, and
dragonboard), and also works on a Pi3b running our standard UC16
image.
Here are the details from the UC18 image.
$ snap list
core 16-2.43.3 8691stablecanonical✓
core
core18202001241673stablecanonical✓
base
docker18.09.9 427 stablecanonical✓ -
pi18-127 18-pi canonical✓
gadget
pi-kernel 5.3.0-1019.21~18.04.1 104 18-pi canonical✓
kernel
snapd 2.43.3 6438stablecanonical✓
snapd
And here's the apparmor denial:
Mar 24 19:38:55 localhost sudo[3095]: awe : TTY=pts/0 ; PWD=/home/awe ;
USER=root ; COMMAND=/snap/bin/docker run hello-world
Mar 24 19:39:02 localhost audit[2932]: AVC apparmor="DENIED" operation="open"
profile="snap.docker.dockerd"
name="/system-data/var/snap/docker/common/var-lib-docker/overlay2/afce643d5ac2c31f46b8c867c35abea776166c6da199fab370c30af17d314fd7-init/diff/.dockerenv"
pid=2932 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I've been told this may end up being something that gets worked around
in snapd, however as this looks like a regression, I'm erring on the
side of caution and filing this bug anyways.
Please let me know if there's anything else I can provide.
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1868894/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated
The linux task can be marked as Fix Released since net/netfilter/nf_conntrack_helper has defaulted to 0 since 4.7. ** Changed in: ufw (Ubuntu) Status: Triaged => In Progress ** Changed in: linux (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1556419 Title: nf_conntrack: automatic helper assignment is deprecated Status in iptables package in Ubuntu: Confirmed Status in linux package in Ubuntu: Fix Released Status in ufw package in Ubuntu: In Progress Bug description: Get this logged into journalctl (since a moment): kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-13-generic 4.4.0-13.29 ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5 Uname: Linux 4.4.0-13-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: oem1942 F pulseaudio /dev/snd/pcmC0D0p: oem1942 F...m pulseaudio /dev/snd/controlC0: oem1942 F pulseaudio CurrentDesktop: GNOME Date: Sat Mar 12 14:52:09 2016 HibernationDevice: RESUME=UUID=0a9ca7f0-6eeb-4b21-b70f-670fa600de16 IwConfig: eth0 no wireless extensions. eth1 no wireless extensions. lono wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 046d:c062 Logitech, Inc. M-UAS144 [LS1 Laser Mouse] Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=7c755ed6-51cc-4b75-88ac-9c75acf82749 ro RelatedPackageVersions: linux-restricted-modules-4.4.0-13-generic N/A linux-backports-modules-4.4.0-13-generic N/A linux-firmware1.156 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/22/2010 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: To Be Filled By O.E.M. dmi.board.name: P5W DH Deluxe dmi.board.vendor: ASUSTeK Computer INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Asset-1234567890 dmi.chassis.type: 3 dmi.chassis.vendor: Chassis Manufacture dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: dmi.product.name: P5W DH Deluxe dmi.product.version: System Version dmi.sys.vendor: ASUSTEK COMPUTER INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated
Users seeing this issue should modify IPT_MODULES in /etc/defaults/ufw to be empty. Ubuntu 20.04 will do this be default and future releases of ufw will introduce rule syntax for working with helper rules. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1556419 Title: nf_conntrack: automatic helper assignment is deprecated Status in iptables package in Ubuntu: Confirmed Status in linux package in Ubuntu: Fix Released Status in ufw package in Ubuntu: In Progress Bug description: Get this logged into journalctl (since a moment): kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-13-generic 4.4.0-13.29 ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5 Uname: Linux 4.4.0-13-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: oem1942 F pulseaudio /dev/snd/pcmC0D0p: oem1942 F...m pulseaudio /dev/snd/controlC0: oem1942 F pulseaudio CurrentDesktop: GNOME Date: Sat Mar 12 14:52:09 2016 HibernationDevice: RESUME=UUID=0a9ca7f0-6eeb-4b21-b70f-670fa600de16 IwConfig: eth0 no wireless extensions. eth1 no wireless extensions. lono wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 046d:c062 Logitech, Inc. M-UAS144 [LS1 Laser Mouse] Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=7c755ed6-51cc-4b75-88ac-9c75acf82749 ro RelatedPackageVersions: linux-restricted-modules-4.4.0-13-generic N/A linux-backports-modules-4.4.0-13-generic N/A linux-firmware1.156 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/22/2010 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: To Be Filled By O.E.M. dmi.board.name: P5W DH Deluxe dmi.board.vendor: ASUSTeK Computer INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Asset-1234567890 dmi.chassis.type: 3 dmi.chassis.vendor: Chassis Manufacture dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: dmi.product.name: P5W DH Deluxe dmi.product.version: System Version dmi.sys.vendor: ASUSTEK COMPUTER INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1880025] Re: apparmor="DENIED" on docker container files
*** This bug is a duplicate of bug 1879690 *** https://bugs.launchpad.net/bugs/1879690 Actually, this is 1879690 which is a bug in the Ubuntu kernel. ** Project changed: snapd => linux (Ubuntu) ** Changed in: linux (Ubuntu) Status: New => Confirmed ** This bug has been marked a duplicate of bug 1879690 Docker registry doesn't stay up and keeps restarting -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1880025 Title: apparmor="DENIED" on docker container files Status in linux package in Ubuntu: Confirmed Bug description: % docker run -it ubuntu bash yields: kernel: audit: type=1400 audit(1590071666.897:72): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/root/.bashrc" pid=3497 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 with: vmlinuz-5.4.0-31-generic Nearly all containers cannot start properly and hence malfunction. With vmlinuz-5.4.0-29-generic its ok and containers can be started and work properly. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1880025/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1831490] Re: kernel is out of memory and killed during a kernel sys_write operation
*** This bug is a duplicate of bug 1848567 *** https://bugs.launchpad.net/bugs/1848567 I'm going to mark the linux task as Invalid and then mark as a dupe of bug 1848567 ** Changed in: linux (Ubuntu) Status: Confirmed => Won't Fix ** Changed in: apparmor (Ubuntu) Status: New => Confirmed ** This bug has been marked a duplicate of bug 1848567 autogenerated per-snap snap-update-ns apparmor profile may contain many duplicate mount rules causing excessive parser memory usage -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1831490 Title: kernel is out of memory and killed during a kernel sys_write operation Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Won't Fix Bug description: This error is being reproduced on i386 arch when using the pc-kernel snap from beta or candidate. > sudo snap install test-snapd-tools > dmesg [15131.806107] audit: type=1400 audit(1559585825.240:93): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap-update-ns.test-snapd-tools" pid=18240 comm="apparmor_parser" [15131.871610] vmap allocation for size 73728 failed: use vmalloc= to increase size. [15131.871614] vmalloc: allocation failure: 68481 bytes [15131.871616] apparmor_parser: page allocation failure: order:0, mode:0x24000c2 [15131.871619] CPU: 0 PID: 18242 Comm: apparmor_parser Not tainted 4.4.0-150-generic #176-Ubuntu [15131.871620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [15131.871622] c1b15967 5ed07e43 0286 cfee9e00 c13c12ef c1a1ce6c 0001 cfee9e30 [15131.871625] c11821b6 c1a1b220 f40ba700 024000c2 cfee9e44 c1a1ce6c cfee9e18 [15131.871629] 5ed07e43 00010b81 cfee9e60 c11ba86f 024000c2 c1a1ce6c [15131.871632] Call Trace: [15131.871637] [] dump_stack+0x58/0x79 [15131.871640] [] warn_alloc_failed+0xd6/0x110 [15131.871643] [] __vmalloc_node_range+0x1ef/0x210 [15131.871645] [] __vmalloc_node+0x66/0x70 [15131.871648] [] ? __aa_kvmalloc+0x28/0x60 [15131.871650] [] vmalloc+0x38/0x40 [15131.871652] [] ? __aa_kvmalloc+0x28/0x60 [15131.871654] [] __aa_kvmalloc+0x28/0x60 [15131.871656] [] aa_simple_write_to_buffer+0x34/0x90 [15131.871658] [] policy_update+0x73/0x230 [15131.871660] [] ? security_file_permission+0x3e/0xd0 [15131.871662] [] profile_replace+0x98/0xe0 [15131.871664] [] ? policy_update+0x230/0x230 [15131.871666] [] __vfs_write+0x22/0x50 [15131.871668] [] vfs_write+0x8c/0x1b0 [15131.871669] [] SyS_write+0x51/0xb0 [15131.871672] [] do_fast_syscall_32+0x9f/0x190 [15131.871675] [] sysenter_past_esp+0x3d/0x61 [15131.871676] Mem-Info: [15131.871679] active_anon:16802 inactive_anon:2068 isolated_anon:0 active_file:84472 inactive_file:25195 isolated_file:0 unevictable:0 dirty:34 writeback:0 unstable:0 slab_reclaimable:7222 slab_unreclaimable:14030 mapped:8431 shmem:5785 pagetables:204 bounce:0 free:289381 free_pcp:659 free_cma:0 [15131.871685] DMA free:8848kB min:788kB low:984kB high:1180kB active_anon:636kB inactive_anon:0kB active_file:2720kB inactive_file:800kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15916kB mlocked:0kB dirty:0kB writeback:0kB mapped:472kB shmem:308kB slab_reclaimable:484kB slab_unreclaimable:424kB kernel_stack:8kB pagetables:4kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no [15131.871686] lowmem_reserve[]: 0 834 1942 1942 [15131.871692] Normal free:364440kB min:42432kB low:53040kB high:63648kB active_anon:30164kB inactive_anon:2776kB active_file:158404kB inactive_file:32020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:897016kB managed:862444kB mlocked:0kB dirty:116kB writeback:0kB mapped:11176kB shmem:6332kB slab_reclaimable:28404kB slab_unreclaimable:55696kB kernel_stack:1040kB pagetables:348kB unstable:0kB bounce:0kB free_pcp:1336kB local_pcp:676kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no [15131.871693] lowmem_reserve[]: 0 0 8863 8863 [15131.871698] HighMem free:784236kB min:512kB low:14600kB high:28688kB active_anon:36408kB inactive_anon:5496kB active_file:176764kB inactive_file:67960kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:1134472kB managed:1134472kB mlocked:0kB dirty:20kB writeback:0kB mapped:22076kB shmem:16500kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:464kB unstable:0kB bounce:0kB free_pcp:1300kB local_pcp:680kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no [15131.871699] lowmem_reserve[]: 0 0 0 0 [15131.871701] DMA: 12*4kB (UME) 10*8kB (UME) 7*16kB (ME) 5*32kB (UM) 2*64
[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers
This was fixed upstream in 61c27d8808f0589beb6a319cc04073e8bb32d860 ** Changed in: apparmor Status: Triaged => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1824812 Title: apparmor does not start in Disco LXD containers Status in AppArmor: Fix Released Status in apparmor package in Ubuntu: Fix Released Status in libvirt package in Ubuntu: Invalid Status in linux package in Ubuntu: Fix Released Status in linux source package in Disco: Fix Released Bug description: In LXD apparmor now skips starting. Steps to reproduce: 1. start LXD container $ lxc launch ubuntu-daily:d d-testapparmor (disco to trigger the issue, cosmic as reference) 2. check the default profiles loaded $ aa-status => This will in cosmic and up to recently disco list plenty of profiles active even in the default install. Cosmic: 25 profiles are loaded. 25 profiles are in enforce mode. Disco: 15 profiles are loaded. 15 profiles are in enforce mode. All those 15 remaining are from snaps. The service of apparmor.service actually states that it refuses to start. $ systemctl status apparmor ... Apr 15 13:56:12 testkvm-disco-to apparmor.systemd[101]: Not starting AppArmor in container I can get those profiles (the default installed ones) loaded, for example: $ sudo apparmor_parser -r /etc/apparmor.d/sbin.dhclient makes it appear 22 profiles are in enforce mode. /sbin/dhclient I was wondering as in my case I found my guest with no (=0) profiles loaded. But as shown above after "apparmor_parser -r" and package install profiles seemed fine. Then the puzzle was solved, on package install they will call apparmor_parser via the dh_apparmor snippet and it is fine. To fully disable all of them: $ lxc stop $ lxc start $ lxc exec d-testapparmor aa-status apparmor module is loaded. 0 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 0 processes have profiles defined. 0 processes are in enforce mode. 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. That would match the service doing an early exit as shown in systemctl status output above. The package install or manual load works, but none are loaded by the service automatically e.g. on container restart. --- --- --- This bug started as: Migrations to Disco trigger "Unable to find security driver for model apparmor" This most likely is related to my KVM-in-LXD setup but it worked fine for years and I'd like to sort out what broke. I have migrated to Disco's qemu 3.1 already which makes me doubts generic issues in qemu 3.1 in general. The virt tests that run cross release work fine starting from X/B/C but all those chains fail at mirgating to Disco now with: $ lxc exec testkvm-cosmic-from -- virsh migrate --unsafe --live kvmguest-bionic-normal qemu+ssh://10.21.151.207/system error: unsupported configuration: Unable to find security driver for model apparmor I need to analyze what changed To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1824812/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1861359] Re: swap storms kills interactive use
Seth and I talked about this and I marked this as affects me. If it helps, I saw this on eoan and focal doesn't make a difference (which might suggest the change is between disco and eoan). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1861359 Title: swap storms kills interactive use Status in linux package in Ubuntu: Confirmed Bug description: Hello, several times since upgrading to focal from 19.04 I've found my computer entirely unresponsive for periods of twenty or thirty seconds. No mouse movement, no keyboard input, the screen output does not change. My computer was using swap space and despite very slow writeout speeds well below what the NVME drive can handle, the computer was unusable. I've captured some vmstat 1 output and top output that I started collecting during the event. (Normally one very long painful period is followed by several shorter periods of uselessness.) Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-12-generic 5.4.0-12.15 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 Uname: Linux 5.4.0-12-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Wed Jan 29 23:44:05 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-5.4 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-12-generic. ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sarnold2734 F pulseaudio /dev/snd/controlC1: sarnold2734 F pulseaudio Card0.Amixer.info: Card hw:0 'PCH'/'HDA Intel PCH at 0x2fe1028000 irq 145' Mixer name : 'Realtek ALC285' Components : 'HDA:10ec0285,17aa225c,0012 HDA:8086280b,80860101,0010' Controls : 53 Simple ctrls : 15 Card1.Amixer.info: Card hw:1 'Audio'/'Generic ThinkPad Dock USB Audio at usb-:00:14.0-4.2.4, high speed' Mixer name : 'USB Mixer' Components : 'USB17ef:306f' Controls : 9 Simple ctrls : 4 DistroRelease: Ubuntu 20.04 HibernationDevice: RESUME=none IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' MachineType: LENOVO 20KHCTO1WW NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair Package: linux (not installed) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-12-generic root=ZFS=rpool/ROOT/ubuntu ro root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015" vt.handoff=1 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 RelatedPackageVersions: linux-restricted-modules-5.4.0-12-generic N/A linux-backports-modules-5.4.0-12-generic N/A linux-firmware1.185 Tags: focal Uname: Linux 5.4.0-12-generic x86_64 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) UserGroups: adm cdrom libvirt lpadmin plugdev sambashare sbuild sudo _MarkForUpload: True dmi.bios.date: 11/25/2019 dmi.bios.vendor: LENOVO dmi.bios.version: N23ET69W (1.44 ) dmi.board.asset.tag: Not Available dmi.board.name: 20KHCTO1WW dmi.board.vendor: LENOVO dmi.board.version: SDK0J40709 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN23ET69W(1.44):bd11/25/2019:svnLENOVO:pn20KHCTO1WW:pvrThinkPadX1Carbon6th:rvnLENOVO:rn20KHCTO1WW:rvrSDK0J40709WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 6th dmi.product.name: 20KHCTO1WW dmi.product.sku: LENOVO_MT_20KH_BU_Think_FM_ThinkPad X1 Carbon 6th dmi.product.version: ThinkPad X1 Carbon 6th dmi.sys.vendor: LENOVO --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-12-generic. ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sarnold2734 F pulseaudio /dev/snd/controlC1: sarnold2734 F pulseaudio Card0.Amixer.info: Card hw:0 'PCH'/'HDA Intel PCH at 0x2fe1028000 irq 145' Mixer name : 'Realtek ALC285' Components : 'HDA:10ec0285,17aa225c,0012 HDA:8086280b,80860101,0010' Controls : 53 Simple ctrls : 15 Card1.Amixer.info: Card hw:1 'Audio'/'Generic ThinkPad Dock USB Audio at usb-:00:14.0-4.2.4, high speed' Mixer name : 'USB Mixer' Components : 'USB17ef:306f' Controls : 9
[Kernel-packages] [Bug 1861359] Re: swap storms kills interactive use
FYI, I decided to do this: $ sudo swapoff -a && sudo swapon -a $ free -h totalusedfree shared buff/cache available Mem: 15Gi 5.9Gi 4.8Gi 2.0Gi 4.8Gi 7.2Gi Swap: 15Gi 348Mi15Gi Even though I am no where near needing to swap, after the swapoff/swapon, it immediately climbed back up to 348M. Oddly, I did it again after flushing the page cache, and the swap stayed at zero: $ sudo sync ; sudo sh -c 'echo 1 > /proc/sys/vm/drop_caches' $ sudo swapoff -a && sudo swapon -a $ free -h totalusedfree shared buff/cache available Mem: 15Gi 5.6Gi 6.8Gi 2.6Gi 3.1Gi 7.0Gi Swap: 15Gi 0B15Gi I don't know if flushing the page cache is related or coincidence with the second swap clearance. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1861359 Title: swap storms kills interactive use Status in linux package in Ubuntu: Confirmed Bug description: Hello, several times since upgrading to focal from 19.04 I've found my computer entirely unresponsive for periods of twenty or thirty seconds. No mouse movement, no keyboard input, the screen output does not change. My computer was using swap space and despite very slow writeout speeds well below what the NVME drive can handle, the computer was unusable. I've captured some vmstat 1 output and top output that I started collecting during the event. (Normally one very long painful period is followed by several shorter periods of uselessness.) Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-12-generic 5.4.0-12.15 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 Uname: Linux 5.4.0-12-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Wed Jan 29 23:44:05 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-5.4 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-12-generic. ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sarnold2734 F pulseaudio /dev/snd/controlC1: sarnold2734 F pulseaudio Card0.Amixer.info: Card hw:0 'PCH'/'HDA Intel PCH at 0x2fe1028000 irq 145' Mixer name : 'Realtek ALC285' Components : 'HDA:10ec0285,17aa225c,0012 HDA:8086280b,80860101,0010' Controls : 53 Simple ctrls : 15 Card1.Amixer.info: Card hw:1 'Audio'/'Generic ThinkPad Dock USB Audio at usb-:00:14.0-4.2.4, high speed' Mixer name : 'USB Mixer' Components : 'USB17ef:306f' Controls : 9 Simple ctrls : 4 DistroRelease: Ubuntu 20.04 HibernationDevice: RESUME=none IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' MachineType: LENOVO 20KHCTO1WW NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair Package: linux (not installed) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-12-generic root=ZFS=rpool/ROOT/ubuntu ro root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015" vt.handoff=1 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 RelatedPackageVersions: linux-restricted-modules-5.4.0-12-generic N/A linux-backports-modules-5.4.0-12-generic N/A linux-firmware1.185 Tags: focal Uname: Linux 5.4.0-12-generic x86_64 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) UserGroups: adm cdrom libvirt lpadmin plugdev sambashare sbuild sudo _MarkForUpload: True dmi.bios.date: 11/25/2019 dmi.bios.vendor: LENOVO dmi.bios.version: N23ET69W (1.44 ) dmi.board.asset.tag: Not Available dmi.board.name: 20KHCTO1WW dmi.board.vendor: LENOVO dmi.board.version: SDK0J40709 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN23ET69W(1.44):bd11/25/2019:svnLENOVO:pn20KHCTO1WW:pvrThinkPadX1Carbon6th:rvnLENOVO:rn20KHCTO1WW:rvrSDK0J40709WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 6th dmi.product.name: 20KHCTO1WW dmi.product.sku: LENOVO_MT_20KH_BU_Think_FM_ThinkPad X1 Carbon 6th dmi.product.version: ThinkPad X1 Carbon 6th dmi.sys.vendor: LENOVO --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version
[Kernel-packages] [Bug 1861359] Re: swap storms kills interactive use
I forgot to mention, I also have nvme. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1861359 Title: swap storms kills interactive use Status in linux package in Ubuntu: Confirmed Bug description: Hello, several times since upgrading to focal from 19.04 I've found my computer entirely unresponsive for periods of twenty or thirty seconds. No mouse movement, no keyboard input, the screen output does not change. My computer was using swap space and despite very slow writeout speeds well below what the NVME drive can handle, the computer was unusable. I've captured some vmstat 1 output and top output that I started collecting during the event. (Normally one very long painful period is followed by several shorter periods of uselessness.) Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-12-generic 5.4.0-12.15 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 Uname: Linux 5.4.0-12-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Wed Jan 29 23:44:05 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed-5.4 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-12-generic. ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sarnold2734 F pulseaudio /dev/snd/controlC1: sarnold2734 F pulseaudio Card0.Amixer.info: Card hw:0 'PCH'/'HDA Intel PCH at 0x2fe1028000 irq 145' Mixer name : 'Realtek ALC285' Components : 'HDA:10ec0285,17aa225c,0012 HDA:8086280b,80860101,0010' Controls : 53 Simple ctrls : 15 Card1.Amixer.info: Card hw:1 'Audio'/'Generic ThinkPad Dock USB Audio at usb-:00:14.0-4.2.4, high speed' Mixer name : 'USB Mixer' Components : 'USB17ef:306f' Controls : 9 Simple ctrls : 4 DistroRelease: Ubuntu 20.04 HibernationDevice: RESUME=none IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' MachineType: LENOVO 20KHCTO1WW NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair Package: linux (not installed) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/BOOT/ubuntu@/vmlinuz-5.4.0-12-generic root=ZFS=rpool/ROOT/ubuntu ro root=ZFS=rpool/ROOT/ubuntu quiet splash acpi_osi=! "acpi_osi=Windows 2015" vt.handoff=1 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 RelatedPackageVersions: linux-restricted-modules-5.4.0-12-generic N/A linux-backports-modules-5.4.0-12-generic N/A linux-firmware1.185 Tags: focal Uname: Linux 5.4.0-12-generic x86_64 UpgradeStatus: Upgraded to focal on 2020-01-24 (5 days ago) UserGroups: adm cdrom libvirt lpadmin plugdev sambashare sbuild sudo _MarkForUpload: True dmi.bios.date: 11/25/2019 dmi.bios.vendor: LENOVO dmi.bios.version: N23ET69W (1.44 ) dmi.board.asset.tag: Not Available dmi.board.name: 20KHCTO1WW dmi.board.vendor: LENOVO dmi.board.version: SDK0J40709 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrN23ET69W(1.44):bd11/25/2019:svnLENOVO:pn20KHCTO1WW:pvrThinkPadX1Carbon6th:rvnLENOVO:rn20KHCTO1WW:rvrSDK0J40709WIN:cvnLENOVO:ct10:cvrNone: dmi.product.family: ThinkPad X1 Carbon 6th dmi.product.name: 20KHCTO1WW dmi.product.sku: LENOVO_MT_20KH_BU_Think_FM_ThinkPad X1 Carbon 6th dmi.product.version: ThinkPad X1 Carbon 6th dmi.sys.vendor: LENOVO --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-12-generic. ApportVersion: 2.20.11-0ubuntu16 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: sarnold2734 F pulseaudio /dev/snd/controlC1: sarnold2734 F pulseaudio Card0.Amixer.info: Card hw:0 'PCH'/'HDA Intel PCH at 0x2fe1028000 irq 145' Mixer name : 'Realtek ALC285' Components : 'HDA:10ec0285,17aa225c,0012 HDA:8086280b,80860101,0010' Controls : 53 Simple ctrls : 15 Card1.Amixer.info: Card hw:1 'Audio'/'Generic ThinkPad Dock USB Audio at usb-:00:14.0-4.2.4, high speed' Mixer name : 'USB Mixer' Components : 'USB17ef:306f' Controls : 9 Simple ctrls : 4 DistroRelease: Ubuntu 20.04 HibernationDevice: RESUME=none IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': '
[Kernel-packages] [Bug 1701297] Re: NTP reload failure (unable to read library) on overlayfs
** Changed in: apparmor (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1701297 Title: NTP reload failure (unable to read library) on overlayfs Status in cloud-init: Won't Fix Status in apparmor package in Ubuntu: Invalid Status in cloud-init package in Ubuntu: Incomplete Status in linux package in Ubuntu: Fix Committed Bug description: After update [1] of cloud-init in Ubuntu (which landed in xenial- updates on 2017-06-27), it is causing NTP reload failures. https://launchpad.net/ubuntu/+source/cloud-init/0.7.9-153-g16a7302f- 0ubuntu1~16.04.1 In MAAS scenarios, this is causing the machine to fail to deploy. Related bugs: * bug 1645644: cloud-init ntp not using expected servers To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1701297/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1772775] Re: 4.4.0-127.153 generates many "sit: non-ECT" messages
I too am seeing this after the most recent upgrade: $ grep -cF 'sit: non-ECT' /var/log/syslog 2917 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1772775 Title: 4.4.0-127.153 generates many "sit: non-ECT" messages Status in linux package in Ubuntu: Incomplete Bug description: Since deploying linux-image-4.4.0-127-generic (4.4.0-127.153) on a Xenial VM with a sit tunnel, I get such messages: May 22 10:49:38 gw kernel: [ 68.121601] sit: non-ECT from 0.0.0.0 with TOS=0x5 Those are logged quite often: # grep -cF 'sit: non-ECT' /var/log/syslog 9108 Reverting to linux-image-4.4.0-124-generic (4.4.0-124.148) fixes the issue. # lsb_release -rd Description: Ubuntu 16.04.4 LTS Release: 16.04 # apt-cache policy linux-image-4.4.0-127-generic linux-image-4.4.0-127-generic: Installed: 4.4.0-127.153 Candidate: 4.4.0-127.153 Version table: *** 4.4.0-127.153 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-127-generic 4.4.0-127.153 ProcVersionSignature: Ubuntu 4.4.0-127.153-generic 4.4.128 Uname: Linux 4.4.0-127-generic x86_64 AlsaDevices: total 0 crw-rw 1 root audio 116, 1 May 22 20:08 seq crw-rw 1 root audio 116, 33 May 22 20:08 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: [Errno 2] No such file or directory: 'fuser' CRDA: N/A Date: Tue May 22 21:18:45 2018 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Error: [Errno 2] No such file or directory: 'lspci' Lsusb: Error: [Errno 2] No such file or directory: 'lsusb' MachineType: QEMU Standard PC (i440FX + PIIX, 1996) PciMultimedia: ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 EFI VGA ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-127-generic root=UUID=67f7ee15-64f4-4c85-805c-08386d5fed8b ro console=ttyS0 net.ifnames=0 kaslr vsyscall=none nmi_watchdog=0 possible_cpus=1 pti=on nr_cpus=1 RelatedPackageVersions: linux-restricted-modules-4.4.0-127-generic N/A linux-backports-modules-4.4.0-127-generic N/A linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: Ubuntu-1.8.2-1ubuntu1 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-2.5 dmi.modalias: dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.5:cvnQEMU:ct1:cvrpc-i440fx-2.5: dmi.product.name: Standard PC (i440FX + PIIX, 1996) dmi.product.version: pc-i440fx-2.5 dmi.sys.vendor: QEMU --- AlsaDevices: total 0 crw-rw 1 root audio 116, 1 May 22 21:33 seq crw-rw 1 root audio 116, 33 May 22 21:33 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: [Errno 2] No such file or directory CRDA: N/A DistroRelease: Ubuntu 16.04 IwConfig: Error: [Errno 2] No such file or directory Lspci: Error: [Errno 2] No such file or directory Lsusb: Error: [Errno 2] No such file or directory MachineType: QEMU Standard PC (i440FX + PIIX, 1996) Package: linux (not installed) PciMultimedia: ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 EFI VGA ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic root=UUID=67f7ee15-64f4-4c85-805c-08386d5fed8b ro kaslr net.ifnames=0 nmi_watchdog=0 nr_cpus=1 pti=on console=ttyS0 vsyscall=none ProcVersionSignature: Ubuntu 4.4.0-124.148-generic 4.4.117 RelatedPackageVersions: linux-restricted-modules-4.4.0-124-generic N/A linux-backports-modules-4.4.0-124-generic N/A linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory Tags: xenial Uname: Linux 4.4.0-124-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: _MarkForUpload: True dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: Ubuntu-1.8.2-1ubuntu1 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-2.5 dmi.modalias: dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,19
[Kernel-packages] [Bug 1691152] Re: linux-azure: -proposed tracker
** Changed in: kernel-sru-workflow/security-signoff Assignee: Canonical Security Team (canonical-security) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1691152 Title: linux-azure: -proposed tracker Status in Kernel SRU Workflow: Invalid Status in Kernel SRU Workflow automated-testing series: New Status in Kernel SRU Workflow certification-testing series: New Status in Kernel SRU Workflow prepare-package series: New Status in Kernel SRU Workflow prepare-package-meta series: New Status in Kernel SRU Workflow promote-to-proposed series: New Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: New Status in Kernel SRU Workflow security-signoff series: New Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: New Status in linux-azure package in Ubuntu: Invalid Status in linux-azure source package in Xenial: New Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- kernel-stable-master-bug: 1691146 To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1691152/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1699051] Re: linux: -proposed tracker
** Changed in: kernel-sru-workflow/security-signoff Assignee: Canonical Security Team (canonical-security) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1699051 Title: linux: -proposed tracker Status in Kernel SRU Workflow: Invalid Status in Kernel SRU Workflow automated-testing series: New Status in Kernel SRU Workflow certification-testing series: New Status in Kernel SRU Workflow prepare-package series: Confirmed Status in Kernel SRU Workflow prepare-package-lbm series: Confirmed Status in Kernel SRU Workflow prepare-package-meta series: Confirmed Status in Kernel SRU Workflow promote-to-proposed series: New Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: New Status in Kernel SRU Workflow security-signoff series: New Status in Kernel SRU Workflow upload-to-ppa series: Invalid Status in Kernel SRU Workflow verification-testing series: New Status in linux package in Ubuntu: Invalid Status in linux source package in Precise: New Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow backports: derivatives: 1699052,1699053 To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1699051/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1408106] Re: attach_disconnected not sufficient for overlayfs
Ok, I spent quite a bit of time evaluating this and believe this bug can
be closed, but other bugs open.
In looking at this I created https://code.launchpad.net/~jdstrand/+git
/test-overlay (to build simply git clone, run 'snapcraft', install the
snap and then run 'test-overlay' for instructions on how to test
different things).
For this bug, the test code was broken and it didn't pivot_root. I'm not
sure if it did pivot_root back when this was filed (I didn't check). The
use of attach_disconnected is required because upperdir (man 8 mount,
look for overlay) is disconnected. Once attach_disconnected is present,
all file paths are mediatable:
- when using just an overlay, the paths show up where you expect them to be in
the filesystem
- when using overlay plus chroot paths are mediatable but an alias rule is
really needed to have worthwhile policy (otherwise you need to keep the
inner-chroot policy and outer-system policy in sync). Also logged denials have
the overlay mountpoint prefixed. This is consistent with how apparmor works
with chroots
- when using overlay plus private mount namespace plus pivot_root, no alias
rule is required and logged path denials look like the system paths (ie, the
overlay mountpoint is not prefixed)
In all, closing this bug as Invalid. I'll be filing new bugs for various
issues I found in my investigation.
** Changed in: linux (Ubuntu)
Status: Triaged => Won't Fix
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Won't Fix
** Changed in: apparmor
Status: In Progress => Invalid
** Changed in: apparmor (Ubuntu)
Status: Won't Fix => Invalid
** Changed in: linux (Ubuntu)
Status: Won't Fix => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
Status in AppArmor:
Invalid
Status in MAAS:
Incomplete
Status in apparmor package in Ubuntu:
Invalid
Status in linux package in Ubuntu:
Invalid
Bug description:
With the following use of overlayfs, we get a disconnected path:
$ cat ./profile
#include
profile foo {
#include
capability sys_admin,
capability sys_chroot,
mount,
pivot_root,
}
$ cat ./overlay.c
#include
#include
#include
#include
#include
#include
#include
int main(int argc, char* argv[]) {
int i = 0;
int len = 0;
int ret = 0;
char* options;
if (geteuid())
unshare(CLONE_NEWUSER);
unshare(CLONE_NEWNS);
for (i = 1; i < argc; i++) {
if (i == 1) {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/", argv[i]);
}
else {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/mnt") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/mnt",
argv[i]);
}
mount("overlayfs", "/mnt", "overlayfs", MS_MGC_VAL, options);
}
chdir("/mnt");
pivot_root(".", ".");
chroot(".");
chdir("/");
execl("/bin/bash", "/bin/bash", NULL);
}
$ sudo apparmor_parser -r ./profile && aa-exec -p foo -- ./a.out /tmp
[255]
...
Dec 12 14:31:38 localhost kernel: [57278.040216] audit: type=1400
audit(1418387498.613:712): apparmor="DENIED" operation="exec" info="Failed name
lookup - disconnected path" error=-13 profile="foo" name="/bin/bash" pid=18255
comm="a.out" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
With the above, the expectation was for the denial to be /mnt/bin/bash. There
are three ways forward:
1. the correct solution is to patch overlayfs to properly track the loopback,
but this will take a while, may ultimately be unachievable. UPDATE: upstream is
currently working on this and Ubuntu will engage with them
2. we could rely on the fact that overlayfs creates a private unshared
submount, and provide a way to not mediate the path when that is present, and
tagged. This would take a bit of time, and might be the preferred method over 1
longer term
3. we could extend attach_disconnected so that we can define the attach root.
Eg, we can use profile foo (attach_disconnected=/mnt) {} such that '/bin/bash'
maps to '/mnt/bin/bash'. UPDATE: THIS IS NOT VIABLE
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1408106/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1408106] Re: attach_disconnected not sufficient for overlayfs
Actually, I marked the MAAS task as incomplete in case people want to
give feedback.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
Status in AppArmor:
Invalid
Status in MAAS:
Incomplete
Status in apparmor package in Ubuntu:
Invalid
Status in linux package in Ubuntu:
Invalid
Bug description:
With the following use of overlayfs, we get a disconnected path:
$ cat ./profile
#include
profile foo {
#include
capability sys_admin,
capability sys_chroot,
mount,
pivot_root,
}
$ cat ./overlay.c
#include
#include
#include
#include
#include
#include
#include
int main(int argc, char* argv[]) {
int i = 0;
int len = 0;
int ret = 0;
char* options;
if (geteuid())
unshare(CLONE_NEWUSER);
unshare(CLONE_NEWNS);
for (i = 1; i < argc; i++) {
if (i == 1) {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/", argv[i]);
}
else {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/mnt") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/mnt",
argv[i]);
}
mount("overlayfs", "/mnt", "overlayfs", MS_MGC_VAL, options);
}
chdir("/mnt");
pivot_root(".", ".");
chroot(".");
chdir("/");
execl("/bin/bash", "/bin/bash", NULL);
}
$ sudo apparmor_parser -r ./profile && aa-exec -p foo -- ./a.out /tmp
[255]
...
Dec 12 14:31:38 localhost kernel: [57278.040216] audit: type=1400
audit(1418387498.613:712): apparmor="DENIED" operation="exec" info="Failed name
lookup - disconnected path" error=-13 profile="foo" name="/bin/bash" pid=18255
comm="a.out" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
With the above, the expectation was for the denial to be /mnt/bin/bash. There
are three ways forward:
1. the correct solution is to patch overlayfs to properly track the loopback,
but this will take a while, may ultimately be unachievable. UPDATE: upstream is
currently working on this and Ubuntu will engage with them
2. we could rely on the fact that overlayfs creates a private unshared
submount, and provide a way to not mediate the path when that is present, and
tagged. This would take a bit of time, and might be the preferred method over 1
longer term
3. we could extend attach_disconnected so that we can define the attach root.
Eg, we can use profile foo (attach_disconnected=/mnt) {} such that '/bin/bash'
maps to '/mnt/bin/bash'. UPDATE: THIS IS NOT VIABLE
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1408106/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1408106] Re: attach_disconnected not sufficient for overlayfs
Closing the MAAS task as it the referenced bug is marked Fix Release. If
there are issues there still, please see my previous comment and look at
the code in that snap-- there are viable ways to use overlayfs with
chroot and an apparmor alias rule, or overlayfs with private mount,
chroot and pivot_root.
** Changed in: maas
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
Status in AppArmor:
Invalid
Status in MAAS:
Incomplete
Status in apparmor package in Ubuntu:
Invalid
Status in linux package in Ubuntu:
Invalid
Bug description:
With the following use of overlayfs, we get a disconnected path:
$ cat ./profile
#include
profile foo {
#include
capability sys_admin,
capability sys_chroot,
mount,
pivot_root,
}
$ cat ./overlay.c
#include
#include
#include
#include
#include
#include
#include
int main(int argc, char* argv[]) {
int i = 0;
int len = 0;
int ret = 0;
char* options;
if (geteuid())
unshare(CLONE_NEWUSER);
unshare(CLONE_NEWNS);
for (i = 1; i < argc; i++) {
if (i == 1) {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/", argv[i]);
}
else {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/mnt") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/mnt",
argv[i]);
}
mount("overlayfs", "/mnt", "overlayfs", MS_MGC_VAL, options);
}
chdir("/mnt");
pivot_root(".", ".");
chroot(".");
chdir("/");
execl("/bin/bash", "/bin/bash", NULL);
}
$ sudo apparmor_parser -r ./profile && aa-exec -p foo -- ./a.out /tmp
[255]
...
Dec 12 14:31:38 localhost kernel: [57278.040216] audit: type=1400
audit(1418387498.613:712): apparmor="DENIED" operation="exec" info="Failed name
lookup - disconnected path" error=-13 profile="foo" name="/bin/bash" pid=18255
comm="a.out" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
With the above, the expectation was for the denial to be /mnt/bin/bash. There
are three ways forward:
1. the correct solution is to patch overlayfs to properly track the loopback,
but this will take a while, may ultimately be unachievable. UPDATE: upstream is
currently working on this and Ubuntu will engage with them
2. we could rely on the fact that overlayfs creates a private unshared
submount, and provide a way to not mediate the path when that is present, and
tagged. This would take a bit of time, and might be the preferred method over 1
longer term
3. we could extend attach_disconnected so that we can define the attach root.
Eg, we can use profile foo (attach_disconnected=/mnt) {} such that '/bin/bash'
maps to '/mnt/bin/bash'. UPDATE: THIS IS NOT VIABLE
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1408106/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1898280] [NEW] Please unrevert the apparmor audit rule filtering feature
Public bug reported: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve these issues and groovy now carries the updated LSM stacking patchset. As such, please re-enable the audit rule filtering feature in apparmor. While this could be an SRU, having it in groovy release would be ideal. ** Affects: linux (Ubuntu) Importance: High Assignee: John Johansen (jjohansen) Status: Triaged ** Changed in: linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu) Status: New => Triaged ** Changed in: linux (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Description changed: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset resolved these issues and groovy now carries the updated LSM stacking patchset. As such, please re-enable the audit rule filtering feature in apparmor. + + While this could be an SRU, having it in groovy release would be ideal. ** Description changed: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking - patchsets. The upstream LSM stacking patchset resolved these issues and - groovy now carries the updated LSM stacking patchset. As such, please - re-enable the audit rule filtering feature in apparmor. + patchsets. The upstream LSM stacking patchset is believed to resolve + these issues and groovy now carries the updated LSM stacking patchset. + As such, please re-enable the audit rule filtering feature in apparmor. While this could be an SRU, having it in groovy release would be ideal. ** Summary changed: - Please unrevert the audit rule filtering feature + Please unrevert the apparmor audit rule filtering feature -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1898280 Title: Please unrevert the apparmor audit rule filtering feature Status in linux package in Ubuntu: Triaged Bug description: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve these issues and groovy now carries the updated LSM stacking patchset. As such, please re-enable the audit rule filtering feature in apparmor. While this could be an SRU, having it in groovy release would be ideal. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1898280/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1898280] Re: Please unrevert the apparmor audit rule filtering feature
After more discussion with John, while groovy does have a newer stacking patchset, it doesn't have the latest patchset that resolves the audit subsystem. Unfortunately, as of today, all of those patches haven't been signed-off on yet so there might be future changes. ** Description changed: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve - these issues and groovy now carries the updated LSM stacking patchset. + these issues and groovy now carries the updated LSM stacking patchset + (CORRECTION: groovy's stacking patchset was revved but doesn't have the + latest so we'd need to refresh the full stack to reenable the feature). As such, please re-enable the audit rule filtering feature in apparmor. While this could be an SRU, having it in groovy release would be ideal. ** Description changed: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve - these issues and groovy now carries the updated LSM stacking patchset - (CORRECTION: groovy's stacking patchset was revved but doesn't have the - latest so we'd need to refresh the full stack to reenable the feature). - As such, please re-enable the audit rule filtering feature in apparmor. + these issues and groovy now carries the updated LSM stacking patchset.As + such, please re-enable the audit rule filtering feature in apparmor. - While this could be an SRU, having it in groovy release would be ideal. + CORRECTION: groovy's stacking patchset was revved but doesn't have the + latest so we'd need to refresh the full stack to reenable the audit rule + filtering feature. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1898280 Title: Please unrevert the apparmor audit rule filtering feature Status in linux package in Ubuntu: Triaged Bug description: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve these issues and groovy now carries the updated LSM stacking patchset.As such, please re-enable the audit rule filtering feature in apparmor. CORRECTION: groovy's stacking patchset was revved but doesn't have the latest so we'd need to refresh the full stack to reenable the audit rule filtering feature. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1898280/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1898280] Re: Please unrevert the apparmor audit rule filtering feature
FYI, John refreshed the patchset to v20 and reenabled audit rule filtering and submitted to https://lists.ubuntu.com/archives/kernel- team/2020-October/113932.html. Since this is a significant change, it will be considered for a stable release update (SRU) after groovy release (to allow for peer review, QA, etc). ** Changed in: linux (Ubuntu) Status: Triaged => In Progress ** Changed in: linux (Ubuntu) Milestone: None => groovy-updates -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1898280 Title: Please unrevert the apparmor audit rule filtering feature Status in linux package in Ubuntu: In Progress Bug description: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve these issues and groovy now carries the updated LSM stacking patchset.As such, please re-enable the audit rule filtering feature in apparmor. CORRECTION: groovy's stacking patchset was revved but doesn't have the latest so we'd need to refresh the full stack to reenable the audit rule filtering feature. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1898280/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1890848] [NEW] 'ptrace trace' needed to readlink() /proc/*/ns/* files
Public bug reported:
Per 'man namespaces':
"Permission to dereference or read (readlink(2)) these symbolic links is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2)."
This suggests that a 'ptrace read' rule should be sufficient to
readlink() /proc/*/ns/*, which is the case with 5.4.0-42.46-generic
(Ubuntu 20.04 LTS).
However, on Ubuntu 18.04 LTS and 16.04 LTS, 'ptrace trace' is needed.
Here is a reproducer:
$ cat ./readlink-ns.c
#include
#include
#include
#include
#include
#include
#include
void usage() {
fprintf(stderr, "Usage: readlink-ns -p -n \n");
}
int main(int argc, char *argv[])
{
pid_t pid = 0;
char *ns = NULL;
char path[PATH_MAX] = {};
char rpath[PATH_MAX] = {};
int c;
while ((c = getopt(argc, argv, "hn:p:")) != -1) {
switch(c) {
case 'n':
ns = optarg;
break;
case 'p':
pid = atoi(optarg);
break;
case 'h':
usage();
return 0;
case '?':
usage();
return 1;
default:
return 1;
}
}
int n = snprintf(path, sizeof(path), "/proc/%d/ns/%s", pid, ns);
if (n < 0 || (size_t)n >= sizeof(path)) {
fprintf(stderr, "cannot format string\n");
return 1;
}
path[n] = '\0';
printf("path: %s\n", path);
n = readlink(path, rpath, sizeof(rpath));
if (n < 0) {
perror("readlink()");
return 1;
} else if (n == sizeof(rpath)) {
fprintf(stderr, "cannot readlink()\n");
return 1;
}
printf("rpath: %s\n", rpath);
return 0;
}
$ cat ./readlink-ns.apparmor
#include
profile test {
#include
# focal
ptrace (read) peer="unconfined",
# xenial, bionic
#ptrace (trace) peer="unconfined",
}
# bionic and xenial need 'ptrace trace'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor && sudo
aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
readlink(): Permission denied
Denial:
Aug 07 14:40:59 sec-bionic-amd64 kernel: audit: type=1400
audit(1596829259.675:872): apparmor="DENIED" operation="ptrace" profile="test"
pid=1311 comm="a.out" requested_mask="trace" denied_mask="trace"
peer="unconfined"
# focal needs only 'ptrace read'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor && sudo
aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: Confirmed
** Affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: Confirmed
** Tags: apparmor
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: New => Fix Released
** Tags added: apparmor
** Changed in: linux (Ubuntu Bionic)
Status: New => Confirmed
** Changed in: linux (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890848
Title:
'ptrace trace' needed to readlink() /proc/*/ns/* files
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Confirmed
Status in linux source package in Bionic:
Confirmed
Bug description:
Per 'man namespaces':
"Permission to dereference or read (readlink(2)) these symbolic links is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2)."
This suggests that a 'ptrace read' rule should be sufficient to
readlink() /proc/*/ns/*, which is the case with 5.4.0-42.46-generic
(Ubuntu 20.04 LTS).
However, on Ubuntu 18.04 LTS and 16.04 LTS, 'ptrace trace' is needed.
Here is a reproducer:
$ cat ./readlink-ns.c
#include
#include
#include
#include
#include
#include
#include
void usage() {
fprintf(stderr, "Usage: readlink-ns -p -n \n");
}
int main(int argc, char *argv[])
{
pid_t pid = 0;
char *ns = NULL;
char path[PATH_MAX] = {};
char rpath[PATH_MAX] = {};
int c;
while ((c = getopt(argc, argv, "hn:p:")) != -1) {
switch(c) {
case 'n':
ns = optarg;
break;
case
[Kernel-packages] [Bug 1890848] Re: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels
** Summary changed:
- 'ptrace trace' needed to readlink() /proc/*/ns/* files
+ 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890848
Title:
'ptrace trace' needed to readlink() /proc/*/ns/* files on older
kernels
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Confirmed
Status in linux source package in Bionic:
Confirmed
Bug description:
Per 'man namespaces':
"Permission to dereference or read (readlink(2)) these symbolic links is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2)."
This suggests that a 'ptrace read' rule should be sufficient to
readlink() /proc/*/ns/*, which is the case with 5.4.0-42.46-generic
(Ubuntu 20.04 LTS).
However, on Ubuntu 18.04 LTS and 16.04 LTS, 'ptrace trace' is needed.
Here is a reproducer:
$ cat ./readlink-ns.c
#include
#include
#include
#include
#include
#include
#include
void usage() {
fprintf(stderr, "Usage: readlink-ns -p -n \n");
}
int main(int argc, char *argv[])
{
pid_t pid = 0;
char *ns = NULL;
char path[PATH_MAX] = {};
char rpath[PATH_MAX] = {};
int c;
while ((c = getopt(argc, argv, "hn:p:")) != -1) {
switch(c) {
case 'n':
ns = optarg;
break;
case 'p':
pid = atoi(optarg);
break;
case 'h':
usage();
return 0;
case '?':
usage();
return 1;
default:
return 1;
}
}
int n = snprintf(path, sizeof(path), "/proc/%d/ns/%s", pid, ns);
if (n < 0 || (size_t)n >= sizeof(path)) {
fprintf(stderr, "cannot format string\n");
return 1;
}
path[n] = '\0';
printf("path: %s\n", path);
n = readlink(path, rpath, sizeof(rpath));
if (n < 0) {
perror("readlink()");
return 1;
} else if (n == sizeof(rpath)) {
fprintf(stderr, "cannot readlink()\n");
return 1;
}
printf("rpath: %s\n", rpath);
return 0;
}
$ cat ./readlink-ns.apparmor
#include
profile test {
#include
# focal
ptrace (read) peer="unconfined",
# xenial, bionic
#ptrace (trace) peer="unconfined",
}
# bionic and xenial need 'ptrace trace'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
readlink(): Permission denied
Denial:
Aug 07 14:40:59 sec-bionic-amd64 kernel: audit: type=1400
audit(1596829259.675:872): apparmor="DENIED" operation="ptrace" profile="test"
pid=1311 comm="a.out" requested_mask="trace" denied_mask="trace"
peer="unconfined"
# focal needs only 'ptrace read'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1890848] Re: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels
Thanks John! Is this something that we can get into the next SRU cycle?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890848
Title:
'ptrace trace' needed to readlink() /proc/*/ns/* files on older
kernels
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Confirmed
Status in linux source package in Bionic:
Confirmed
Bug description:
Per 'man namespaces':
"Permission to dereference or read (readlink(2)) these symbolic links is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2)."
This suggests that a 'ptrace read' rule should be sufficient to
readlink() /proc/*/ns/*, which is the case with 5.4.0-42.46-generic
(Ubuntu 20.04 LTS).
However, on Ubuntu 18.04 LTS and 16.04 LTS, 'ptrace trace' is needed.
Here is a reproducer:
$ cat ./readlink-ns.c
#include
#include
#include
#include
#include
#include
#include
void usage() {
fprintf(stderr, "Usage: readlink-ns -p -n \n");
}
int main(int argc, char *argv[])
{
pid_t pid = 0;
char *ns = NULL;
char path[PATH_MAX] = {};
char rpath[PATH_MAX] = {};
int c;
while ((c = getopt(argc, argv, "hn:p:")) != -1) {
switch(c) {
case 'n':
ns = optarg;
break;
case 'p':
pid = atoi(optarg);
break;
case 'h':
usage();
return 0;
case '?':
usage();
return 1;
default:
return 1;
}
}
int n = snprintf(path, sizeof(path), "/proc/%d/ns/%s", pid, ns);
if (n < 0 || (size_t)n >= sizeof(path)) {
fprintf(stderr, "cannot format string\n");
return 1;
}
path[n] = '\0';
printf("path: %s\n", path);
n = readlink(path, rpath, sizeof(rpath));
if (n < 0) {
perror("readlink()");
return 1;
} else if (n == sizeof(rpath)) {
fprintf(stderr, "cannot readlink()\n");
return 1;
}
printf("rpath: %s\n", rpath);
return 0;
}
$ cat ./readlink-ns.apparmor
#include
profile test {
#include
# focal
ptrace (read) peer="unconfined",
# xenial, bionic
#ptrace (trace) peer="unconfined",
}
# bionic and xenial need 'ptrace trace'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
readlink(): Permission denied
Denial:
Aug 07 14:40:59 sec-bionic-amd64 kernel: audit: type=1400
audit(1596829259.675:872): apparmor="DENIED" operation="ptrace" profile="test"
pid=1311 comm="a.out" requested_mask="trace" denied_mask="trace"
peer="unconfined"
# focal needs only 'ptrace read'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1891020] Re: No IPv4 iptable kernel module can be loaded
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1891020
Title:
No IPv4 iptable kernel module can be loaded
Status in linux package in Ubuntu:
Confirmed
Bug description:
Ubuntu groovy
linux-modules-5.8.0-12-generic 5.8.0-12.13
# uname -r
5.8.0-12-generic
After reboot,
1) no IPv4 iptable kernel module are loaded:
# lsmod|grep iptable
#
2) all IPv4 iptable kernel modules are present:
# find /lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter -name
"iptable_*"
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_raw.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_security.ko
3) No IPv4 iptable kernel modules can be loaded:
# for module in iptable_filter iptable_nat iptable_mangle; do modprobe
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/${module}.ko; done
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko not
found in directory /lib/modules/5.8.0-12-generic
4) Same issue after re-creating the module dependency:
# depmod
# for module in iptable_filter iptable_nat iptable_mangle; do modprobe
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/${module}.ko; done
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko not
found in directory /lib/modules/5.8.0-12-generic
No such issue with linux-modules-5.4.0-42-generic.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1891020/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1890848] Re: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels
I spoke with John and he plans to SRU this. Marking as triaged and
assigning to him. Thanks John!
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Xenial)
Status: Confirmed => Triaged
** Changed in: linux (Ubuntu Bionic)
Status: Confirmed => Triaged
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890848
Title:
'ptrace trace' needed to readlink() /proc/*/ns/* files on older
kernels
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Triaged
Status in linux source package in Bionic:
Triaged
Bug description:
Per 'man namespaces':
"Permission to dereference or read (readlink(2)) these symbolic links is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2)."
This suggests that a 'ptrace read' rule should be sufficient to
readlink() /proc/*/ns/*, which is the case with 5.4.0-42.46-generic
(Ubuntu 20.04 LTS).
However, on Ubuntu 18.04 LTS and 16.04 LTS, 'ptrace trace' is needed.
Here is a reproducer:
$ cat ./readlink-ns.c
#include
#include
#include
#include
#include
#include
#include
void usage() {
fprintf(stderr, "Usage: readlink-ns -p -n \n");
}
int main(int argc, char *argv[])
{
pid_t pid = 0;
char *ns = NULL;
char path[PATH_MAX] = {};
char rpath[PATH_MAX] = {};
int c;
while ((c = getopt(argc, argv, "hn:p:")) != -1) {
switch(c) {
case 'n':
ns = optarg;
break;
case 'p':
pid = atoi(optarg);
break;
case 'h':
usage();
return 0;
case '?':
usage();
return 1;
default:
return 1;
}
}
int n = snprintf(path, sizeof(path), "/proc/%d/ns/%s", pid, ns);
if (n < 0 || (size_t)n >= sizeof(path)) {
fprintf(stderr, "cannot format string\n");
return 1;
}
path[n] = '\0';
printf("path: %s\n", path);
n = readlink(path, rpath, sizeof(rpath));
if (n < 0) {
perror("readlink()");
return 1;
} else if (n == sizeof(rpath)) {
fprintf(stderr, "cannot readlink()\n");
return 1;
}
printf("rpath: %s\n", rpath);
return 0;
}
$ cat ./readlink-ns.apparmor
#include
profile test {
#include
# focal
ptrace (read) peer="unconfined",
# xenial, bionic
#ptrace (trace) peer="unconfined",
}
# bionic and xenial need 'ptrace trace'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
readlink(): Permission denied
Denial:
Aug 07 14:40:59 sec-bionic-amd64 kernel: audit: type=1400
audit(1596829259.675:872): apparmor="DENIED" operation="ptrace" profile="test"
pid=1311 comm="a.out" requested_mask="trace" denied_mask="trace"
peer="unconfined"
# focal needs only 'ptrace read'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1891020] Re: iptable_filter and ip6table_filter cannot be loaded with 5.8 kernel
** Summary changed:
- No IPv4 iptable kernel module can be loaded
+ iptable_filter and ip6table_filter cannot be loaded with 5.8 kernel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1891020
Title:
iptable_filter and ip6table_filter cannot be loaded with 5.8 kernel
Status in linux package in Ubuntu:
Incomplete
Bug description:
Ubuntu groovy
linux-modules-5.8.0-12-generic 5.8.0-12.13
# uname -r
5.8.0-12-generic
After reboot,
1) no IPv4 iptable kernel module are loaded:
# lsmod|grep iptable
#
2) all IPv4 iptable kernel modules are present:
# find /lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter -name
"iptable_*"
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_raw.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_security.ko
3) No IPv4 iptable kernel modules can be loaded:
# for module in iptable_filter iptable_nat iptable_mangle; do modprobe
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/${module}.ko; done
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko not
found in directory /lib/modules/5.8.0-12-generic
4) Same issue after re-creating the module dependency:
# depmod
# for module in iptable_filter iptable_nat iptable_mangle; do modprobe
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/${module}.ko; done
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko not
found in directory /lib/modules/5.8.0-12-generic
No such issue with linux-modules-5.4.0-42-generic.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1891020/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1891020] Re: iptable_filter and ip6table_filter cannot be loaded with 5.8 kernel
I cannot confirm this with the 5.8.0-12 kernel. Eg, with the 5.4 kernel
in groovy, things work fine:
$ cat /proc/version_signature
Ubuntu 5.4.0-42.46-generic 5.4.44
$ sudo modprobe iptable_filter
$ sudo modprobe ip6table_filter
$ lsmod|grep table_filter
ip6table_filter16384 0
ip6_tables 32768 1 ip6table_filter
iptable_filter 16384 0
ip_tables 32768 1 iptable_filter
x_tables 40960 4
ip6table_filter,iptable_filter,ip6_tables,ip_tables
and booting into the current 5.8 kernel in groovy-proposed, it still
works ok:
$ cat /proc/version_signature
Ubuntu 5.8.0-12.13-generic 5.8.0-rc7
$ lsmod|grep table_filter
$ sudo modprobe iptable_filter
$ sudo modprobe ip6table_filter
$ lsmod|grep table_filter
ip6table_filter16384 0
ip6_tables 32768 1 ip6table_filter
iptable_filter 16384 0
ip_tables 32768 1 iptable_filter
x_tables 45056 4
ip6table_filter,iptable_filter,ip6_tables,ip_tables
I upgraded to this kernel by using 'sudo apt-get install linux-generic'.
Did you fetch all the necessary packages?
Eg, in my non-secure-boot VM:
ii linux-generic 5.8.0.12.14
amd64Complete Generic Linux kernel and headers
ii linux-headers-5.8.0-12 5.8.0-12.13
all Header files related to Linux kernel version 5.8.0
ii linux-headers-5.8.0-12-generic 5.8.0-12.13
amd64Linux kernel headers for version 5.8.0 on 64 bit x86 SMP
ii linux-headers-generic 5.8.0.12.14
amd64Generic Linux kernel headers
ii linux-image-5.8.0-12-generic 5.8.0-12.13
amd64Signed kernel image generic
ii linux-image-generic5.8.0.12.14
amd64Generic Linux kernel image
ii linux-modules-5.8.0-12-generic 5.8.0-12.13
amd64Linux kernel extra modules for version 5.8.0 on 64 bit x86 SMP
ii linux-modules-extra-5.8.0-12-generic 5.8.0-12.13
amd64Linux kernel extra modules for version 5.8.0 on 64 bit x86 SMP
** Changed in: linux (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1891020
Title:
iptable_filter and ip6table_filter cannot be loaded with 5.8 kernel
Status in linux package in Ubuntu:
Incomplete
Bug description:
Ubuntu groovy
linux-modules-5.8.0-12-generic 5.8.0-12.13
# uname -r
5.8.0-12-generic
After reboot,
1) no IPv4 iptable kernel module are loaded:
# lsmod|grep iptable
#
2) all IPv4 iptable kernel modules are present:
# find /lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter -name
"iptable_*"
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_raw.ko
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_security.ko
3) No IPv4 iptable kernel modules can be loaded:
# for module in iptable_filter iptable_nat iptable_mangle; do modprobe
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/${module}.ko; done
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko not
found in directory /lib/modules/5.8.0-12-generic
4) Same issue after re-creating the module dependency:
# depmod
# for module in iptable_filter iptable_nat iptable_mangle; do modprobe
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/${module}.ko; done
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_filter.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_nat.ko not
found in directory /lib/modules/5.8.0-12-generic
modprobe: FATAL: Module
/lib/modules/5.8.0-12-generic/kernel/net/ipv4/netfilter/iptable_mangle.ko not
found in directory /lib/modules/5.8.0-12-generic
No such issue with linux-modules-5.4.0-42-generic.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1891020/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
U
[Kernel-packages] [Bug 1890848] Re: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels
FYI, John provided me a test kernel for 18.04 and it resolved the issue.
This will be the basis of the SRU.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890848
Title:
'ptrace trace' needed to readlink() /proc/*/ns/* files on older
kernels
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Triaged
Status in linux source package in Bionic:
Triaged
Bug description:
Per 'man namespaces':
"Permission to dereference or read (readlink(2)) these symbolic links is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2)."
This suggests that a 'ptrace read' rule should be sufficient to
readlink() /proc/*/ns/*, which is the case with 5.4.0-42.46-generic
(Ubuntu 20.04 LTS).
However, on Ubuntu 18.04 LTS and 16.04 LTS, 'ptrace trace' is needed.
Here is a reproducer:
$ cat ./readlink-ns.c
#include
#include
#include
#include
#include
#include
#include
void usage() {
fprintf(stderr, "Usage: readlink-ns -p -n \n");
}
int main(int argc, char *argv[])
{
pid_t pid = 0;
char *ns = NULL;
char path[PATH_MAX] = {};
char rpath[PATH_MAX] = {};
int c;
while ((c = getopt(argc, argv, "hn:p:")) != -1) {
switch(c) {
case 'n':
ns = optarg;
break;
case 'p':
pid = atoi(optarg);
break;
case 'h':
usage();
return 0;
case '?':
usage();
return 1;
default:
return 1;
}
}
int n = snprintf(path, sizeof(path), "/proc/%d/ns/%s", pid, ns);
if (n < 0 || (size_t)n >= sizeof(path)) {
fprintf(stderr, "cannot format string\n");
return 1;
}
path[n] = '\0';
printf("path: %s\n", path);
n = readlink(path, rpath, sizeof(rpath));
if (n < 0) {
perror("readlink()");
return 1;
} else if (n == sizeof(rpath)) {
fprintf(stderr, "cannot readlink()\n");
return 1;
}
printf("rpath: %s\n", rpath);
return 0;
}
$ cat ./readlink-ns.apparmor
#include
profile test {
#include
# focal
ptrace (read) peer="unconfined",
# xenial, bionic
#ptrace (trace) peer="unconfined",
}
# bionic and xenial need 'ptrace trace'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
readlink(): Permission denied
Denial:
Aug 07 14:40:59 sec-bionic-amd64 kernel: audit: type=1400
audit(1596829259.675:872): apparmor="DENIED" operation="ptrace" profile="test"
pid=1311 comm="a.out" requested_mask="trace" denied_mask="trace"
peer="unconfined"
# focal needs only 'ptrace read'
$ gcc ./readlink-ns.c && sudo apparmor_parser -r ./readlink-ns.apparmor &&
sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1898280] Re: Please unrevert the apparmor audit rule filtering feature
Thanks John! :) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1898280 Title: Please unrevert the apparmor audit rule filtering feature Status in linux package in Ubuntu: Fix Released Bug description: Ubuntu carried a patch to apparmor for audit rule filtering, but it was reverted due to conflicts related to secids with earlier LSM stacking patchsets. The upstream LSM stacking patchset is believed to resolve these issues and groovy now carries the updated LSM stacking patchset.As such, please re-enable the audit rule filtering feature in apparmor. CORRECTION: groovy's stacking patchset was revved but doesn't have the latest so we'd need to refresh the full stack to reenable the audit rule filtering feature. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1898280/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1734038] Re: utils don't understand «include "/where/ever"» (was: Potential regression found with apparmor test on Xenial/Zesty)
@mvo - this is probably obvious, but if you used '#include' instead of 'include', it would side-step the issue. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: utils don't understand «include "/where/ever"» (was: Potential regression found with apparmor test on Xenial/Zesty) Status in AppArmor: New Status in apparmor package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Status in snapd package in Ubuntu: Invalid Bug description: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, (BTW the include and this ld.so.cache are not in the same line, please refer to comment #3 for attachment) This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 Debug information: ubuntu@kernel01:~$ snap version snap2.29.3 snapd 2.29.3 series 16 ubuntu 16.04 kernel 4.4.0-102-generic ubuntu@kernel01:~$ apt list snapd Listing... Done snapd/xenial-proposed,now 2.29.3 s390x [installed] N: There are 2 additional versions. Please use the '-a' switch to see them. ubuntu@kernel01:~$ apt list apparmor -a Listing... Done apparmor/xenial-updates,now 2.10.95-0ubuntu2.7 s390x [installed] apparmor/xenial-security 2.10.95-0ubuntu2.6 s390x apparmor/xenial 2.10.95-0ubuntu2 s390x Steps to run the Apparmor test from QA Regression testing suite: 1. git clone --depth 1 https://git.launchpad.net/qa-regression-testing 2. sudo ./qa-regression-testing/scripts/test-apparmor.py ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions: linux-restricted-modules-4.4.0-102-generic N/A linux-backports-modules-4.4.0-102-generic N/A linux-firmware 1.157.13 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1734038/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1734038] Re: utils don't understand «include "/where/ever"» (was: Potential regression found with apparmor test on Xenial/Zesty)
Since snapd is using this bug for its SRU blocker and we have bug #1733700 that is the same issue, I'm going to use this bug as the snapd one and for the apparmor one. ** Summary changed: - utils don't understand «include "/where/ever"» (was: Potential regression found with apparmor test on Xenial/Zesty) + snap-confine profile uses 'include' instead of '#include' which breaks apparmor-utils python toolsnd with apparmor test on Xenial/Zesty) ** No longer affects: apparmor ** Summary changed: - snap-confine profile uses 'include' instead of '#include' which breaks apparmor-utils python toolsnd with apparmor test on Xenial/Zesty) + snap-confine profile uses 'include' instead of '#include' which breaks apparmor-utils python tools ** No longer affects: apparmor (Ubuntu) ** No longer affects: linux (Ubuntu) ** Changed in: snapd (Ubuntu) Status: Invalid => In Progress ** Changed in: snapd (Ubuntu) Assignee: (unassigned) => Michael Vogt (mvo) ** Also affects: snapd (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: snapd (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: snapd (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: snapd (Ubuntu Bionic) Importance: Undecided Assignee: Michael Vogt (mvo) Status: In Progress ** Also affects: snapd (Ubuntu Zesty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1734038 Title: snap-confine profile uses 'include' instead of '#include' which breaks apparmor-utils python tools Status in snapd package in Ubuntu: In Progress Status in snapd source package in Trusty: New Status in snapd source package in Xenial: New Status in snapd source package in Zesty: New Status in snapd source package in Artful: New Status in snapd source package in Bionic: In Progress Bug description: Issue found with Xenial kernel 4.4.0-102 and Zesty kernel 4.10.0-41, across different architectures Multiple tests from ubuntu_qrt_apparmor test suite failed with the same error message: ERROR: Syntax Error: Unknown line found in file /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15: include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r, (BTW the include and this ld.so.cache are not in the same line, please refer to comment #3 for attachment) This issue will gone if you downgrade the snapd and ubuntu-core-launcher package: sudo apt-get install snapd=2.28.5 ubuntu-core-launcher=2.28.5 Debug information: ubuntu@kernel01:~$ snap version snap2.29.3 snapd 2.29.3 series 16 ubuntu 16.04 kernel 4.4.0-102-generic ubuntu@kernel01:~$ apt list snapd Listing... Done snapd/xenial-proposed,now 2.29.3 s390x [installed] N: There are 2 additional versions. Please use the '-a' switch to see them. ubuntu@kernel01:~$ apt list apparmor -a Listing... Done apparmor/xenial-updates,now 2.10.95-0ubuntu2.7 s390x [installed] apparmor/xenial-security 2.10.95-0ubuntu2.6 s390x apparmor/xenial 2.10.95-0ubuntu2 s390x Steps to run the Apparmor test from QA Regression testing suite: 1. git clone --depth 1 https://git.launchpad.net/qa-regression-testing 2. sudo ./qa-regression-testing/scripts/test-apparmor.py ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-102-generic 4.4.0-102.125 ProcVersionSignature: Ubuntu 4.4.0-102.125-generic 4.4.98 Uname: Linux 4.4.0-102-generic s390x NonfreeKernelModules: zfs zunicode zcommon znvpair zavl AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.1-0ubuntu2.13 Architecture: s390x ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDmesg: Date: Thu Nov 23 01:36:31 2017 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C SHELL=/bin/bash ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' ProcKernelCmdLine: root=UUID=44b0b919-a1a4-4849-9425-e71d4ac87d85 crashkernel=196M BOOT_IMAGE=0 RelatedPackageVersions: linux-restricted-modules-4.4.0-102-generic N/A linux-backports-modules-4.4.0-102-generic N/A linux-firmware 1.157.13 RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launch
[Kernel-packages] [Bug 1744942] Re: Lenovo IdeaPad U460 fails to boot with 4.13.0-31.34~16.04.1
Marking the incomplete tasks as confirmed so the bot doesn't auto-close the bug. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu Artful) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1744942 Title: Lenovo IdeaPad U460 fails to boot with 4.13.0-31.34~16.04.1 Status in linux package in Ubuntu: Confirmed Status in linux-hwe package in Ubuntu: Invalid Status in linux source package in Xenial: Invalid Status in linux-hwe source package in Xenial: Confirmed Status in linux source package in Artful: Confirmed Status in linux-hwe source package in Artful: Invalid Bug description: After using a 4.10 kernel for a while, booting into the new linux-hwe 4.13 (4.13.0-31.34~16.04.1, 4.13.0.31.51 (meta)) causes the system to immediately reboot the system into grub. The system has intel- microcode (3.20180108.0+really20170707ubuntu16.04.1) and nvidia-304 (304.135-0ubuntu0.16.04.2) installed. This system has 4G of RAM. From dmesg: [0.683392] smpboot: CPU0: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz (family: 0x6, model: 0x25, stepping: 0x5) I believe that makes it a Westmere/Arandale according to https://software.intel.com/en-us/articles/intel-architecture-and- processor-identification-with-cpuid-model-and-family-numbers. This is a 32 bit install with the i386 kernel: $ dpkg --print-architecture i386 $ cat /proc/cpuinfo # from 4.10 processor : 0 vendor_id : GenuineIntel cpu family: 6 model : 37 model name: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz stepping : 5 microcode : 0x4 cpu MHz : 1333.000 cache size: 3072 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 2 apicid: 0 initial apicid: 0 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 11 wp: yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm tpr_shadow vnmi flexpriority ept vpid dtherm ida arat bugs : bogomips : 5319.62 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family: 6 model : 37 model name: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz stepping : 5 microcode : 0x4 cpu MHz : 1199.000 cache size: 3072 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 2 apicid: 1 initial apicid: 1 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 11 wp: yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm tpr_shadow vnmi flexpriority ept vpid dtherm ida arat bugs : bogomips : 5319.62 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 2 vendor_id : GenuineIntel cpu family: 6 model : 37 model name: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz stepping : 5 microcode : 0x4 cpu MHz : 1199.000 cache size: 3072 KB physical id : 0 siblings : 4 core id : 2 cpu cores : 2 apicid: 4 initial apicid: 4 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 11 wp: yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm tpr_shadow vnmi flexpriority ept vpid dtherm ida arat bugs : bogomips : 5319.62 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: processor : 3 vendor_id : GenuineIntel cpu family: 6
[Kernel-packages] [Bug 1370218] Re: Fine-grained shm mediation (confined applications need access to /run/shm/shmfd*)
** Changed in: qtbase-opensource-src (Ubuntu)
Status: New => Won't Fix
** Changed in: qtmultimedia-opensource-src (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
Fine-grained shm mediation (confined applications need access to
/run/shm/shmfd*)
Status in AppArmor:
Triaged
Status in apparmor package in Ubuntu:
Confirmed
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Triaged
Status in qtbase-opensource-src package in Ubuntu:
Won't Fix
Status in qtmultimedia-opensource-src package in Ubuntu:
Won't Fix
Status in apparmor-easyprof-ubuntu package in Ubuntu RTM:
Fix Released
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Add a snapd task so that when the https://launchpad.net/ubuntu/+source
/linux-gcp is Fix Released, snapd can re-enable the tests/main/lxd test
on GCE.
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Artful)
Status: New => Fix Committed
** Changed in: apparmor (Ubuntu Artful)
Status: Fix Committed => Won't Fix
** Changed in: linux (Ubuntu Bionic)
Status: New => Confirmed
** Tags added: aa-kernel
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463
Title:
apparmor profile load in stacked policy container fails
Status in snapd:
Triaged
Status in apparmor package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Confirmed
Status in linux-gcp package in Ubuntu:
Invalid
Status in apparmor source package in Xenial:
Won't Fix
Status in linux source package in Xenial:
Invalid
Status in linux-gcp source package in Xenial:
Confirmed
Status in apparmor source package in Artful:
Fix Committed
Status in linux source package in Artful:
Confirmed
Status in linux-gcp source package in Artful:
Invalid
Status in apparmor source package in Bionic:
Confirmed
Status in linux source package in Bionic:
Confirmed
Status in linux-gcp source package in Bionic:
Invalid
Bug description:
LXD containers on an artful or bionic host with aa namespaces, should
be able to load the lxc policies. However /lib/apparmor/profile-load
skips that part when running in a container.
aa-status shows 0 policies
/lib/apparmor/profile-load is failing due to
is_container_with_internal_policy() failing
due to
/sys/kernel/security/apparmor/.ns_name being empty which causes
if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
[ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi
to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Since this is going to be fixed in 'linux' and 'linux-gcp', adding tasks
for those.
** Changed in: apparmor (Ubuntu Artful)
Status: Won't Fix => Fix Committed
** Changed in: linux (Ubuntu Artful)
Status: Fix Committed => Confirmed
** Also affects: linux-gcp (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux-gcp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu Xenial)
Status: New => Won't Fix
** Changed in: linux (Ubuntu Xenial)
Status: New => Invalid
** Changed in: linux-gcp (Ubuntu Artful)
Status: New => Invalid
** Changed in: linux-gcp (Ubuntu Bionic)
Status: New => Invalid
** Changed in: linux-gcp (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463
Title:
apparmor profile load in stacked policy container fails
Status in snapd:
Triaged
Status in apparmor package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Confirmed
Status in linux-gcp package in Ubuntu:
Invalid
Status in apparmor source package in Xenial:
Won't Fix
Status in linux source package in Xenial:
Invalid
Status in linux-gcp source package in Xenial:
Confirmed
Status in apparmor source package in Artful:
Fix Committed
Status in linux source package in Artful:
Confirmed
Status in linux-gcp source package in Artful:
Invalid
Status in apparmor source package in Bionic:
Confirmed
Status in linux source package in Bionic:
Confirmed
Status in linux-gcp source package in Bionic:
Invalid
Bug description:
LXD containers on an artful or bionic host with aa namespaces, should
be able to load the lxc policies. However /lib/apparmor/profile-load
skips that part when running in a container.
aa-status shows 0 policies
/lib/apparmor/profile-load is failing due to
is_container_with_internal_policy() failing
due to
/sys/kernel/security/apparmor/.ns_name being empty which causes
if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
[ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi
to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
FYI, the following kernels are also affected (all 4.13 based):
* linux-azure
* linux-hwe
* linux-hwe-edge
* linux-oem
* linux-raspi2
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463
Title:
apparmor profile load in stacked policy container fails
Status in snapd:
Triaged
Status in apparmor package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Confirmed
Status in linux-gcp package in Ubuntu:
Invalid
Status in apparmor source package in Xenial:
Won't Fix
Status in linux source package in Xenial:
Invalid
Status in linux-gcp source package in Xenial:
Confirmed
Status in apparmor source package in Artful:
Fix Committed
Status in linux source package in Artful:
Confirmed
Status in linux-gcp source package in Artful:
Invalid
Status in apparmor source package in Bionic:
Confirmed
Status in linux source package in Bionic:
Confirmed
Status in linux-gcp source package in Bionic:
Invalid
Bug description:
LXD containers on an artful or bionic host with aa namespaces, should
be able to load the lxc policies. However /lib/apparmor/profile-load
skips that part when running in a container.
aa-status shows 0 policies
/lib/apparmor/profile-load is failing due to
is_container_with_internal_policy() failing
due to
/sys/kernel/security/apparmor/.ns_name being empty which causes
if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
[ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi
to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1567597] Re: implement 'complain mode' in seccomp for developer mode with snaps
This is fixed in xenial 2.3.1-2.1ubuntu2~16.04.1 ** Changed in: libseccomp (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1567597 Title: implement 'complain mode' in seccomp for developer mode with snaps Status in Snappy: In Progress Status in libseccomp package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in libseccomp source package in Xenial: Fix Released Status in linux source package in Xenial: Fix Released Status in libseccomp source package in Zesty: Fix Released Status in linux source package in Zesty: Fix Released Bug description: A requirement for snappy is that a snap may be placed in developer mode which will put the security sandbox in complain mode such that violations against policy are logged, but permitted. In this manner learning tools can be written to parse the logs, etc and make developing on snappy easier. Unfortunately with seccomp only SCMP_ACT_KILL logs to dmesg and while we can set complain mode to permit all calls, they are not logged at this time. I've discussed this with upstream and we are working together on the approach. This may require a kernel patch and an update to libseccomp, to filing this bug for now as a placeholder and we'll add other tasks as necessary. UPDATE: ubuntu-core-launcher now supports the '@complain' directive that is a synonym for '@unrestricted' so people can at least turn on developer mode and not be blocked by seccomp. Proper complain mode for seccomp needs to still be implemented (this bug). [Impact] Snapd needs a way to log seccomp actions without blocking any syscalls in order to have a more useful complain mode. Such functionality has been acked upstream and patches are on their way into the Linux 4.14 kernel (backported to 4.12.0-13.14 in artful). The corresponding libseccomp changes are still undergoing review (https://github.com/seccomp/libseccomp/pull/92). The pull request adds a number of new symbols and probably isn't appropriate to backport until upstream has acked the pull request. However, only a small part of that larger pull request is needed by snapd and that change can be safely backported since the only added symbol, the SCMP_ACT_LOG macro, must match the SECCOMP_RET_LOG macro that has already been approved and merged in the upstream Linux kernel. [libseccomp Test Case] A large number of tests are ran as part of the libseccomp build. However, the "live" tests which test libseccomp with actual kernel enforcement are not ran at that time. They can be manually exercised to help catch any regressions. Note that on Artful, there's an existing test failure (20-live-basic_die%%002-1): $ sudo apt build-dep -y libseccomp $ sudo apt install -y cython $ apt source libseccomp $ cd libseccomp-* $ autoreconf -ivf && ./configure --enable-python && make check-build $ (cd tests && ./regression -T live) All tests should pass on zesty (12 tests) and xenial (10 tests). On artful, you'll see one pre-existing failure: ... Test 20-live-basic_die%%002-1 result: FAILURE 20-live-basic_die TRAP rc=159 ... Regression Test Summary tests run: 12 tests skipped: 0 tests passed: 11 tests failed: 1 tests errored: 0 Now we can build and run a small test program to test the SCMP_ACT_LOG action in the way that snapd wants to use it for developer mode: $ sudo apt install -y libseccomp-dev $ gcc -o lp1567597-test lp1567597-test.c -lseccomp $ ./lp1567597-test With a kernel that contains the logging patches and an updated libseccomp, the exit code should be 0 and you should have an entry in the system log that looks like this: audit: type=1326 audit(1505859630.994:69): auid=1000 uid=1000 gid=1000 ses=2 pid=18451 comm="lp1567597-test" exe="/home/tyhicks/lp1567597-test" sig=0 arch=c03e syscall=2 compat=0 ip=0x7f547352c5c0 code=0x7ffc If you have an updated libseccomp with an old kernel, you'll see that seccomp_init() fails due to the added compatibility check inside of libseccomp determines that the kernel doesn't have proper support for the new log action: $ ./lp1567597-test ERROR: seccomp_init: Invalid argument [Linux Kernel Test Case] All of the libseccomp test cases apply here. Running the seccomp kernel selftests is also a great to exercise seccomp and the kernel patch set proposed for the SRU includes additional seccomp selftests. To build, enter into the root of the kernel source tree and build the seccomp test binary: $ make -C tools/testing/selftests TARGETS=seccomp Now you can execute tools/testing/selftests/seccomp/seccomp_bpf o
[Kernel-packages] [Bug 1716848] Re: package bluez 5.37-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Marking as "Won't Fix" for the bluez deb -- the postinst is doing the right thing, there just happens to be something installed outside of dpkg/apt that is getting in the way. ** Changed in: bluez (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1716848 Title: package bluez 5.37-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Status in bluez package in Ubuntu: Won't Fix Bug description: Bluetooth no working in my laptop. Therefore, it's not possible to detect other devices or transfer archives. ProblemType: Package DistroRelease: Ubuntu 16.04 Package: bluez 5.37-0ubuntu5.1 ProcVersionSignature: Ubuntu 4.4.0-93.116-generic 4.4.79 Uname: Linux 4.4.0-93-generic i686 ApportVersion: 2.20.1-0ubuntu2.10 Architecture: i386 Date: Wed Sep 13 08:01:25 2017 ErrorMessage: subprocess installed post-installation script returned error exit status 1 InstallationDate: Installed on 2016-04-10 (520 days ago) InstallationMedia: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release i386 (20160217.1) InterestingModules: bnep bluetooth MachineType: Hewlett-Packard HP Pavilion dv6500 Notebook PC ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-93-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 RelatedPackageVersions: dpkg 1.18.4ubuntu1.2 apt 1.2.24 SourcePackage: bluez Title: package bluez 5.37-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: Upgraded to xenial on 2016-12-03 (283 days ago) dmi.bios.date: 08/17/2007 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: F.22 dmi.board.name: 30CC dmi.board.vendor: Quanta dmi.board.version: 79.1D dmi.chassis.type: 10 dmi.chassis.vendor: Quanta dmi.chassis.version: N/A dmi.modalias: dmi:bvnHewlett-Packard:bvrF.22:bd08/17/2007:svnHewlett-Packard:pnHPPaviliondv6500NotebookPC:pvrRev1:rvnQuanta:rn30CC:rvr79.1D:cvnQuanta:ct10:cvrN/A: dmi.product.name: HP Pavilion dv6500 Notebook PC dmi.product.version: Rev 1 dmi.sys.vendor: Hewlett-Packard hciconfig: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1716848/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1716848] Re: package bluez 5.37-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Looking at the logs I see: Sep 13 07:51:08 agda-HP-Pavilion-dv6500-Notebook-PC audit[1221]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.bluez.bluetoothctl" pid=1221 comm="apparmor_parser" This indicates you have the bluez snap installed. This bug is about the bluez deb on your system. You can't have both on the system at the same time because one will fail to start when the other is listening on the well-known DBus name. The failures you list are consistent with this: the snap has claimed the name on the system bus so the deb cannot, and the postinst fails. Use either the snap or the deb. I suggest you use the deb on classic distro since it has working polkit integration. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1716848 Title: package bluez 5.37-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Status in bluez package in Ubuntu: Won't Fix Bug description: Bluetooth no working in my laptop. Therefore, it's not possible to detect other devices or transfer archives. ProblemType: Package DistroRelease: Ubuntu 16.04 Package: bluez 5.37-0ubuntu5.1 ProcVersionSignature: Ubuntu 4.4.0-93.116-generic 4.4.79 Uname: Linux 4.4.0-93-generic i686 ApportVersion: 2.20.1-0ubuntu2.10 Architecture: i386 Date: Wed Sep 13 08:01:25 2017 ErrorMessage: subprocess installed post-installation script returned error exit status 1 InstallationDate: Installed on 2016-04-10 (520 days ago) InstallationMedia: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release i386 (20160217.1) InterestingModules: bnep bluetooth MachineType: Hewlett-Packard HP Pavilion dv6500 Notebook PC ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-93-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 RelatedPackageVersions: dpkg 1.18.4ubuntu1.2 apt 1.2.24 SourcePackage: bluez Title: package bluez 5.37-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: Upgraded to xenial on 2016-12-03 (283 days ago) dmi.bios.date: 08/17/2007 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: F.22 dmi.board.name: 30CC dmi.board.vendor: Quanta dmi.board.version: 79.1D dmi.chassis.type: 10 dmi.chassis.vendor: Quanta dmi.chassis.version: N/A dmi.modalias: dmi:bvnHewlett-Packard:bvrF.22:bd08/17/2007:svnHewlett-Packard:pnHPPaviliondv6500NotebookPC:pvrRev1:rvnQuanta:rn30CC:rvr79.1D:cvnQuanta:ct10:cvrN/A: dmi.product.name: HP Pavilion dv6500 Notebook PC dmi.product.version: Rev 1 dmi.sys.vendor: Hewlett-Packard hciconfig: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1716848/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1408106] Re: attach_disconnected not sufficient for overlayfs
@Frode, I can yes, when I file them. I need to do a bit of work for
simple reproducers/etc/etc to file them. I've added an item to add a
comment to this bug when I do.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected not sufficient for overlayfs
Status in AppArmor:
Invalid
Status in MAAS:
Incomplete
Status in apparmor package in Ubuntu:
Invalid
Status in linux package in Ubuntu:
Invalid
Bug description:
With the following use of overlayfs, we get a disconnected path:
$ cat ./profile
#include
profile foo {
#include
capability sys_admin,
capability sys_chroot,
mount,
pivot_root,
}
$ cat ./overlay.c
#include
#include
#include
#include
#include
#include
#include
int main(int argc, char* argv[]) {
int i = 0;
int len = 0;
int ret = 0;
char* options;
if (geteuid())
unshare(CLONE_NEWUSER);
unshare(CLONE_NEWNS);
for (i = 1; i < argc; i++) {
if (i == 1) {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/", argv[i]);
}
else {
len = strlen(argv[i]) + strlen("upperdir=,lowerdir=/mnt") + 2;
options = alloca(len);
ret = snprintf(options, len, "upperdir=%s,lowerdir=/mnt",
argv[i]);
}
mount("overlayfs", "/mnt", "overlayfs", MS_MGC_VAL, options);
}
chdir("/mnt");
pivot_root(".", ".");
chroot(".");
chdir("/");
execl("/bin/bash", "/bin/bash", NULL);
}
$ sudo apparmor_parser -r ./profile && aa-exec -p foo -- ./a.out /tmp
[255]
...
Dec 12 14:31:38 localhost kernel: [57278.040216] audit: type=1400
audit(1418387498.613:712): apparmor="DENIED" operation="exec" info="Failed name
lookup - disconnected path" error=-13 profile="foo" name="/bin/bash" pid=18255
comm="a.out" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
With the above, the expectation was for the denial to be /mnt/bin/bash. There
are three ways forward:
1. the correct solution is to patch overlayfs to properly track the loopback,
but this will take a while, may ultimately be unachievable. UPDATE: upstream is
currently working on this and Ubuntu will engage with them
2. we could rely on the fact that overlayfs creates a private unshared
submount, and provide a way to not mediate the path when that is present, and
tagged. This would take a bit of time, and might be the preferred method over 1
longer term
3. we could extend attach_disconnected so that we can define the attach root.
Eg, we can use profile foo (attach_disconnected=/mnt) {} such that '/bin/bash'
maps to '/mnt/bin/bash'. UPDATE: THIS IS NOT VIABLE
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1408106/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command
This is fixed with 4.10.0-8.10-generic. Marking zesty task as fixed.
** Changed in: linux (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1648903
Title:
Permission denied and inconsistent behavior in complain mode with 'ip
netns list' command
Status in AppArmor:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30
With this profile:
#include
profile test (attach_disconnected,complain) {
#include
/{,usr/}{,s}bin/ip ixr, # COMMENT OUT THIS RULE TO SEE WEIRDNESS
capability sys_admin,
capability net_admin,
capability sys_ptrace,
network netlink raw,
ptrace (trace),
/ r,
/run/netns/ rw,
/run/netns/* rw,
mount options=(rw, rshared) -> /run/netns/,
mount options=(rw, bind) /run/netns/ -> /run/netns/,
mount options=(rw, bind) / -> /run/netns/*,
mount options=(rw, rslave) /,
mount options=(rw, rslave), # LP: #1648245
umount /sys/,
umount /,
/bin/dash ixr,
}
Everything is fine when I do:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
$
and there are no ALLOWED entries in syslog.
However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a
permission denied and a bunch of ALLOWED entries:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
open("/proc/self/ns/net"): Permission denied
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400
audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="test" pid=4314 comm="apparmor_parser"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400
audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test"
name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0
ouid=0 target="test//null-/bin/ip"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400
audit(1481324889.790:471): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400
audit(1481324889.790:472): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so"
pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400
audit(1481324889.790:473): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400
audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400
audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400
audit(1481324889.790:476): apparmor="ALLOWED" operation="create"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400
audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400
audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400
audit(1481324889.790:479): apparmor="ALLOWED" operation="bind"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400
audit(1481324889.794:480): apparmor="ALLOWED" operation="getsockname"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="getattr" den
[Kernel-packages] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command
Confirmed this bug is fixed with 4.4.0-65.86-generic on xenial.
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
** Changed in: apparmor
Status: New => In Progress
** Changed in: apparmor
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1648903
Title:
Permission denied and inconsistent behavior in complain mode with 'ip
netns list' command
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30
With this profile:
#include
profile test (attach_disconnected,complain) {
#include
/{,usr/}{,s}bin/ip ixr, # COMMENT OUT THIS RULE TO SEE WEIRDNESS
capability sys_admin,
capability net_admin,
capability sys_ptrace,
network netlink raw,
ptrace (trace),
/ r,
/run/netns/ rw,
/run/netns/* rw,
mount options=(rw, rshared) -> /run/netns/,
mount options=(rw, bind) /run/netns/ -> /run/netns/,
mount options=(rw, bind) / -> /run/netns/*,
mount options=(rw, rslave) /,
mount options=(rw, rslave), # LP: #1648245
umount /sys/,
umount /,
/bin/dash ixr,
}
Everything is fine when I do:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
$
and there are no ALLOWED entries in syslog.
However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a
permission denied and a bunch of ALLOWED entries:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
open("/proc/self/ns/net"): Permission denied
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400
audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="test" pid=4314 comm="apparmor_parser"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400
audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test"
name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0
ouid=0 target="test//null-/bin/ip"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400
audit(1481324889.790:471): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400
audit(1481324889.790:472): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so"
pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400
audit(1481324889.790:473): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400
audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400
audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400
audit(1481324889.790:476): apparmor="ALLOWED" operation="create"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400
audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400
audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400
audit(1481324889.790:479): apparmor="ALLOWED" operation="bind"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400
audit(1481324889.794:480): apparmor=
[Kernel-packages] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command
Confirmed this bug is fixed with 4.8.0-40.43-generic on yakkety.
** Tags removed: verification-needed-yakkety
** Tags added: verification-done-yakkety
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1648903
Title:
Permission denied and inconsistent behavior in complain mode with 'ip
netns list' command
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30
With this profile:
#include
profile test (attach_disconnected,complain) {
#include
/{,usr/}{,s}bin/ip ixr, # COMMENT OUT THIS RULE TO SEE WEIRDNESS
capability sys_admin,
capability net_admin,
capability sys_ptrace,
network netlink raw,
ptrace (trace),
/ r,
/run/netns/ rw,
/run/netns/* rw,
mount options=(rw, rshared) -> /run/netns/,
mount options=(rw, bind) /run/netns/ -> /run/netns/,
mount options=(rw, bind) / -> /run/netns/*,
mount options=(rw, rslave) /,
mount options=(rw, rslave), # LP: #1648245
umount /sys/,
umount /,
/bin/dash ixr,
}
Everything is fine when I do:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
$
and there are no ALLOWED entries in syslog.
However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a
permission denied and a bunch of ALLOWED entries:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
open("/proc/self/ns/net"): Permission denied
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400
audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="test" pid=4314 comm="apparmor_parser"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400
audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test"
name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0
ouid=0 target="test//null-/bin/ip"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400
audit(1481324889.790:471): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400
audit(1481324889.790:472): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so"
pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400
audit(1481324889.790:473): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400
audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400
audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400
audit(1481324889.790:476): apparmor="ALLOWED" operation="create"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400
audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400
audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400
audit(1481324889.790:479): apparmor="ALLOWED" operation="bind"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400
audit(1481324889.794:480): apparmor="ALLOWED" operation="getsockname"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_
[Kernel-packages] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command
FYI, this issue was hitting snapcrafters on Raspberry Pi3
(https://lists.ubuntu.com/archives/snapcraft/2017-February/003366.html).
Please also update the other reference kernels and snaps. Thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1648903
Title:
Permission denied and inconsistent behavior in complain mode with 'ip
netns list' command
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30
With this profile:
#include
profile test (attach_disconnected,complain) {
#include
/{,usr/}{,s}bin/ip ixr, # COMMENT OUT THIS RULE TO SEE WEIRDNESS
capability sys_admin,
capability net_admin,
capability sys_ptrace,
network netlink raw,
ptrace (trace),
/ r,
/run/netns/ rw,
/run/netns/* rw,
mount options=(rw, rshared) -> /run/netns/,
mount options=(rw, bind) /run/netns/ -> /run/netns/,
mount options=(rw, bind) / -> /run/netns/*,
mount options=(rw, rslave) /,
mount options=(rw, rslave), # LP: #1648245
umount /sys/,
umount /,
/bin/dash ixr,
}
Everything is fine when I do:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
$
and there are no ALLOWED entries in syslog.
However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a
permission denied and a bunch of ALLOWED entries:
$ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p
test -- sh -c 'ip netns list'
open("/proc/self/ns/net"): Permission denied
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400
audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="test" pid=4314 comm="apparmor_parser"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400
audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test"
name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0
ouid=0 target="test//null-/bin/ip"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400
audit(1481324889.790:471): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400
audit(1481324889.790:472): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so"
pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400
audit(1481324889.790:473): apparmor="ALLOWED" operation="open"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400
audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400
audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect"
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400
audit(1481324889.790:476): apparmor="ALLOWED" operation="create"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400
audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400
audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400
audit(1481324889.790:479): apparmor="ALLOWED" operation="bind"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink"
sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind"
Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400
audit(1481324889.794:480): apparmor="ALLOWED" operation="getsockname"
profile="test//null-/bin/ip" pid=4317 comm="ip" family="ne
[Kernel-packages] [Bug 1658219] Re: flock not mediated by 'k'
4.10.0-8.10-generic has the fix for this bug so marking the zesty task
as released.
** Changed in: linux (Ubuntu)
Status: Incomplete => Fix Released
** Changed in: apparmor
Status: Triaged => In Progress
** Changed in: apparmor
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
$ cat ./apparmor.profile
#include
profile test {
#include
/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,
}
$ sudo apparmor_parser -r ./apparmor.profile
$ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
yes
$ ls -l /tmp/test.lock
-rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock
The flock command uses flock(LOCK_EX) and I expected it to be blocked
due to the lack of 'k'.
apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
kernel on amd64.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1658219] Re: flock not mediated by 'k'
4.8.0-40.43-generic fixes this issue on yakkety.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
$ cat ./apparmor.profile
#include
profile test {
#include
/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,
}
$ sudo apparmor_parser -r ./apparmor.profile
$ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
yes
$ ls -l /tmp/test.lock
-rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock
The flock command uses flock(LOCK_EX) and I expected it to be blocked
due to the lack of 'k'.
apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
kernel on amd64.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1658219] Re: flock not mediated by 'k'
4.4.0-65.86-generic fixes this issue on xenial.
** Tags removed: verification-needed-xenial verification-needed-yakkety
** Tags added: verification-done-xenial verification-done-yakkety
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658219
Title:
flock not mediated by 'k'
Status in AppArmor:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
$ cat ./apparmor.profile
#include
profile test {
#include
/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,
}
$ sudo apparmor_parser -r ./apparmor.profile
$ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
yes
$ ls -l /tmp/test.lock
-rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock
The flock command uses flock(LOCK_EX) and I expected it to be blocked
due to the lack of 'k'.
apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
kernel on amd64.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
The kernels from http://kernel.ubuntu.com/~jsalisbury/lp1547619 are 4.4.0-040400rc1.201602231809 and have the same checksums as the kernels I tested in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/comments/15. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I saw a new kernel in xenial with intel fixes so I decided to try it. This kernel has the bug: $ cat /proc/version_signature Ubuntu 4.4.0-9.24-generic 4.4.3 I'll try the bisected kernel now. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version Linux version 4.3.0-040300-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160225 (Ubuntu 5.3.1-10ubuntu2) ) #201603030935 SMP Thu Mar 3 14:39:41 UTC 2016 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. I saw a new xenial kernel 4.4.0-10.25 come in. All try that one too after this one. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
While I can't be 100% sure cause the issue is intermittent, it seems that this kernel does not have the bug: $ cat /proc/version Linux version 4.3.0-040300-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160225 (Ubuntu 5.3.1-10ubuntu2) ) #201603030935 SMP Thu Mar 3 14:39:41 UTC 2016 $ uptime 08:44:12 up 3 days, 19 min, 3 users, load average: 1.43, 0.68, 0.57 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version Linux version 4.3.0-040300-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160225 (Ubuntu 5.3.1-10ubuntu2) ) #201603101009 SMP Thu Mar 10 15:13:56 UTC 2016 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
FYI, I needed overlayfs and so had to interrupt my 4.3.0-040300-generic (#201603101009) testing and booted into 4.4.0-12.28. 4.4.0-12.28 has the bug. I am back in 4.3.0-040300-generic (#201603101009) now. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated
FYI, this is not a new issue. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1556419 Title: nf_conntrack: automatic helper assignment is deprecated Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Incomplete Bug description: Get this logged into journalctl (since a moment): kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-13-generic 4.4.0-13.29 ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5 Uname: Linux 4.4.0-13-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: oem1942 F pulseaudio /dev/snd/pcmC0D0p: oem1942 F...m pulseaudio /dev/snd/controlC0: oem1942 F pulseaudio CurrentDesktop: GNOME Date: Sat Mar 12 14:52:09 2016 HibernationDevice: RESUME=UUID=0a9ca7f0-6eeb-4b21-b70f-670fa600de16 IwConfig: eth0 no wireless extensions. eth1 no wireless extensions. lono wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 046d:c062 Logitech, Inc. M-UAS144 [LS1 Laser Mouse] Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=7c755ed6-51cc-4b75-88ac-9c75acf82749 ro RelatedPackageVersions: linux-restricted-modules-4.4.0-13-generic N/A linux-backports-modules-4.4.0-13-generic N/A linux-firmware1.156 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/22/2010 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: To Be Filled By O.E.M. dmi.board.name: P5W DH Deluxe dmi.board.vendor: ASUSTeK Computer INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Asset-1234567890 dmi.chassis.type: 3 dmi.chassis.vendor: Chassis Manufacture dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: dmi.product.name: P5W DH Deluxe dmi.product.version: System Version dmi.sys.vendor: ASUSTEK COMPUTER INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
While I can't be 100% sure cause the issue is intermittent, it seems that this kernel does not have the bug: $ cat /proc/version Linux version 4.3.0-040300-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160225 (Ubuntu 5.3.1-10ubuntu2) ) #201603101009 SMP Thu Mar 10 15:13:56 UTC 2016 $ uptime 14:16:39 up 1 day, 5:18, 2 users, load average: 1.72, 1.29, 1.20 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1560094] Re: Starting bluez service is denied
Your snapcraft.yaml is wrong for the new world. Ie, you have: apps: bluetoothctl: command: usr/bin/bluetoothctl uses: [bluez-client] obexctl: command: usr/bin/obexctl uses: [bluez-client] bluez: command: "usr/lib/bluetooth/bluetoothd -E" daemon: simple uses: [bluez-service] obex: command: "usr/lib/bluetooth/obexd" daemon: simple uses: [obex-service] uses: bluez-client: type: migration-skill caps: [bluez_client] bluez-service: type: migration-skill security-policy: apparmor: bluez.apparmor seccomp: bluez.seccomp obex-service: type: migration-skill security-policy: apparmor: obex.apparmor seccomp: obex.seccomp But you should 's/uses:/plugs:/' and 's/type: migration-skill/interface: old-security/'. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1560094 Title: Starting bluez service is denied Status in bluez package in Ubuntu: New Bug description: If snappy core is updated in the background (on Raspberry Pi 2), and then bluez installed, starting the service is failing. Denials: [ 45.955490] audit: type=1400 audit(1458574955.667:11): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=834 comm="c0 [ 46.197608] audit: type=1326 audit(1458574955.907:12): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=831 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=4028 sysc0 [ 46.275680] audit: type=1400 audit(1458574955.987:13): apparmor="DENIED" operation="create" profile="bluez5_bluez_5.37-2-armhf" pid=829 comm="bluetoothd" family="bluetooth" sock_type="raw" protocol=1 [ 46.276483] audit: type=1326 audit(1458574955.987:14): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=829 comm="bluetoothd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/bluetoothd" sig=31 arch=4000 [ 46.412021] audit: type=1326 audit(1458574956.123:15): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=839 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=4028 sysc0 [ 46.504308] audit: type=1400 audit(1458574956.215:16): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=842 comm="c0 [ 46.520137] audit: type=1400 audit(1458574956.231:17): apparmor="DENIED" operation="create" profile="bluez5_bluez_5.37-2-armhf" pid=841 comm="bluetoothd" family="bluetooth" sock_type="raw" protocol=1 [ 46.520800] audit: type=1326 audit(1458574956.231:18): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=841 comm="bluetoothd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/bluetoothd" sig=31 arch=4000 [ 46.625293] audit: type=1326 audit(1458574956.335:19): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=844 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=4028 sysc0 [ 46.721080] audit: type=1400 audit(1458574956.431:20): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=847 comm="c2 If trying to start bluetootctl: [ 582.205066] audit: type=1400 audit(1458575491.915:31): apparmor="DENIED" operation="connect" profile="bluez5_bluetoothctl_5.37-2-armhf" name="/run/dbus/system_bus_socket" pid=993 comm="bluetoothctl" re0 [bluetooth]# ubuntu@localhost:~$ snappy list NameDate Version Developer bluez5 2016-02-04 5.37-2-armhf canonical canonical-pi2 2016-02-02 3.0 canonical canonical-pi2-linux 2016-02-03 4.3.0-1006-3 canonical ubuntu-core 2016-03-08 16.04.0-15.armhf canonical ubuntu@localhost:~$ ubuntu@localhost:~$ snappy info release: core/rolling architecture: armhf frameworks: bluez5.canonical apps: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1560094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1560094] Re: Starting bluez service is denied
Also, you should be using the new snappy interface for dbus instead of adding rules to copy dbus bus policy files into place. I haven't used this before-- you might ping zyga for details. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1560094 Title: Starting bluez service is denied Status in bluez package in Ubuntu: New Bug description: If snappy core is updated in the background (on Raspberry Pi 2), and then bluez installed, starting the service is failing. Denials: [ 45.955490] audit: type=1400 audit(1458574955.667:11): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=834 comm="c0 [ 46.197608] audit: type=1326 audit(1458574955.907:12): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=831 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=4028 sysc0 [ 46.275680] audit: type=1400 audit(1458574955.987:13): apparmor="DENIED" operation="create" profile="bluez5_bluez_5.37-2-armhf" pid=829 comm="bluetoothd" family="bluetooth" sock_type="raw" protocol=1 [ 46.276483] audit: type=1326 audit(1458574955.987:14): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=829 comm="bluetoothd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/bluetoothd" sig=31 arch=4000 [ 46.412021] audit: type=1326 audit(1458574956.123:15): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=839 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=4028 sysc0 [ 46.504308] audit: type=1400 audit(1458574956.215:16): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=842 comm="c0 [ 46.520137] audit: type=1400 audit(1458574956.231:17): apparmor="DENIED" operation="create" profile="bluez5_bluez_5.37-2-armhf" pid=841 comm="bluetoothd" family="bluetooth" sock_type="raw" protocol=1 [ 46.520800] audit: type=1326 audit(1458574956.231:18): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=841 comm="bluetoothd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/bluetoothd" sig=31 arch=4000 [ 46.625293] audit: type=1326 audit(1458574956.335:19): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=844 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=4028 sysc0 [ 46.721080] audit: type=1400 audit(1458574956.431:20): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=847 comm="c2 If trying to start bluetootctl: [ 582.205066] audit: type=1400 audit(1458575491.915:31): apparmor="DENIED" operation="connect" profile="bluez5_bluetoothctl_5.37-2-armhf" name="/run/dbus/system_bus_socket" pid=993 comm="bluetoothctl" re0 [bluetooth]# ubuntu@localhost:~$ snappy list NameDate Version Developer bluez5 2016-02-04 5.37-2-armhf canonical canonical-pi2 2016-02-02 3.0 canonical canonical-pi2-linux 2016-02-03 4.3.0-1006-3 canonical ubuntu-core 2016-03-08 16.04.0-15.armhf canonical ubuntu@localhost:~$ ubuntu@localhost:~$ snappy info release: core/rolling architecture: armhf frameworks: bluez5.canonical apps: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1560094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1560583] [NEW] reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
Public bug reported:
$ cat ./t
#include
profile t {
#include
/bin/cat ixr,
/sys/kernel/security/apparmor/profiles r,
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles
cat: /sys/kernel/security/apparmor/profiles: Permission denied
[1]
kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128):
apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
capability=33 capname="mac_admin"
This is new in the -15 kernel.
** Affects: linux (Ubuntu)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Confirmed
** Tags: apparmor
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1560583
Title:
reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
Status in linux package in Ubuntu:
Confirmed
Bug description:
$ cat ./t
#include
profile t {
#include
/bin/cat ixr,
/sys/kernel/security/apparmor/profiles r,
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles
cat: /sys/kernel/security/apparmor/profiles: Permission denied
[1]
kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128):
apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
capability=33 capname="mac_admin"
This is new in the -15 kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1560583] Re: reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1560583
Title:
reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN
Status in linux package in Ubuntu:
In Progress
Bug description:
$ cat ./t
#include
profile t {
#include
/bin/cat ixr,
/sys/kernel/security/apparmor/profiles r,
}
$ sudo apparmor_parser -r ./t
$ sudo aa-exec -p t -- cat /sys/kernel/security/apparmor/profiles
cat: /sys/kernel/security/apparmor/profiles: Permission denied
[1]
kernel: [ 62.203035] audit: type=1400 audit(1458665428.726:128):
apparmor="DENIED" operation="capable" profile="t" pid=3683 comm="cat"
capability=33 capname="mac_admin"
This is new in the -15 kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
** Description changed: $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. + + Downgrading to the -13 kernel resolves the issue: + $ cat /proc/version_signature + Ubuntu 4.4.0-13.29-generic 4.4.5 ** Package changed: ubuntu-core-launcher (Ubuntu) => linux (Ubuntu) ** Changed in: linux (Ubuntu) Importance: Undecided => Critical ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Description changed: $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] + + There is an apparmor denial: + audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: - $ cat /proc/version_signature + $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 ** Description changed: + $ sudo apt-get install ubuntu-snappy + $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in linux package in Ubuntu: Confirmed Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-wor
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
I took the hello-world application, then adjusted its yaml to be the same as the ubuntu-clock-app (using ubuntu-cl0ck-app as the name) and was unable to reproduce. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in linux package in Ubuntu: Confirmed Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
** Tags added: apparmor -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in linux package in Ubuntu: Confirmed Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
Here is a reproducer. See main.c for instructions. ** Attachment added: "1562989.tar.gz" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+attachment/4615205/+files/1562989.tar.gz -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in linux package in Ubuntu: Confirmed Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
It appears that the profile name can't start with 'u'. If I change the app-profile to prepend anything other than 'u', then it works. Eg, if I update app-profile accordingly before each call to change the profile name: $ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p launcher -- ./test-1562989 ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2 /usr/bin/uptime argv[0]: ./test-1562989 argv[1]: ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2 argv[2]: /usr/bin/uptime aa_change_onexec failed with -1. errmsg: Permission denied $ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p launcher -- ./test-1562989 u /usr/bin/uptimeargv[0]: ./test-1562989 argv[1]: u argv[2]: /usr/bin/uptime aa_change_onexec failed with -1. errmsg: Permission denied $ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p launcher -- ./test-1562989 fooubuntu-clock-app.ubuntucoredev_clock_3.6+snap2 /usr/bin/uptime argv[0]: ./test-1562989 argv[1]: fooubuntu-clock-app.ubuntucoredev_clock_3.6+snap2 argv[2]: /usr/bin/uptime 15:40:27 up 18 min, 2 users, load average: 0.02, 0.10, 0.08 Wild guess would be the check for unconfined is busted. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in linux package in Ubuntu: Confirmed Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
** Changed in: linux (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in linux package in Ubuntu: Triaged Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1562989] Re: 'aa_change_onexec failed with -1. errmsg: Permission denied'
Looks like the kernel got some fixes and the rules for change_profile matching unconfined that we had for the launcher no longer work. Those rules seem like they weren't doing what we wanted anyway, so update them. ** Package changed: linux (Ubuntu) => ubuntu-core-launcher (Ubuntu) ** Changed in: ubuntu-core-launcher (Ubuntu) Status: Triaged => In Progress ** Changed in: ubuntu-core-launcher (Ubuntu) Assignee: Tyler Hicks (tyhicks) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1562989 Title: 'aa_change_onexec failed with -1. errmsg: Permission denied' Status in ubuntu-core-launcher package in Ubuntu: In Progress Bug description: $ sudo apt-get install ubuntu-snappy $ sudo snappy install ubuntu-core $ sudo snappy install ubuntu-clock-app.ubuntucore-dev $ ubuntu-clock-app.clock aa_change_onexec failed with -1. errmsg: Permission denied [1] There is an apparmor denial: audit: type=1400 audit(1459194964.529:35): apparmor="DENIED" operation="change_onexec" profile="/usr/bin/ubuntu-core-launcher" name="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" pid=2080 comm="ubuntu-core-lau" target="ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2" Downgrading to ubuntu-core-launcher doesn't help the clock app get past this failure. The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS): $ hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 $ sudo /snaps/bin/hello-world.env |grep SNAP= SNAP=/snaps/hello-world.canonical/6.0 cap-test.mvo doesn't have this problem either: $ sudo snappy install cap-test.mvo $ cap-test.xbomb If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch. Downgrading to the -13 kernel resolves the issue: $ cat /proc/version_signature Ubuntu 4.4.0-13.29-generic 4.4.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-core-launcher/+bug/1562989/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version_signature Ubuntu 4.4.0-0.10Commit3b7e590bf-generic 4.4.0 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day on Monday. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
** Description changed: - When using an external 4K monitor plugging into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: + When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome- terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: - USERPID ACCESS COMMAND - /dev/snd/controlC2: jamie 5882 F pulseaudio - /dev/snd/controlC1: jamie 5882 F pulseaudio - /dev/snd/controlC0: jamie 5882 F pulseaudio + USERPID ACCESS COMMAND + /dev/snd/controlC2: jamie 5882 F pulseaudio + /dev/snd/controlC1: jamie 5882 F pulseaudio + /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: - linux-restricted-modules-4.4.0-6-generic N/A - linux-backports-modules-4.4.0-6-generic N/A - linux-firmware 1.156 + linux-restricted-modules-4.4.0-6-generic N/A + linux-backports-modules-4.4.0-6-generic N/A + linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
This kernel has the bug: $ cat /proc/version_signature Ubuntu 4.4.0-0.10Commit3b7e590bf-generic 4.4.0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] [NEW] Intermittent screen blinking with 4k external mini display port with 4.4 kernels
Public bug reported: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome- terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. ** Affects: linux (Ubuntu) Importance: Medium Assignee: Joseph Salisbury (jsalisbury) Status: Triaged ** Affects: linux (Ubuntu Xenial) Importance: Medium Assignee: Joseph Salisbury (jsalisbury) Status: Triaged ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xeni
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
This kernel has the bug: $ cat /proc/version_signature Ubuntu 4.4.0-1.15-generic 4.4.0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version_signature Ubuntu 4.4.0-0.3~lp1547619Commit324ae35-generic 4.4.0 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
This kernel has the bug: $ cat /proc/version_signature Ubuntu 4.4.0-0.3~lp1547619Commit324ae35-generic 4.4.0 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
It is difficult for me to use a non-Ubuntu kernel since I do a lot of work with apparmor for the distro. I suppose I could try for a little while at a time, but my ability to test will be impeded (ie, I'll need to run mainline only when not doing the other work). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version Linux version 4.4.0-040400rc1-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160222 (Ubuntu 5.3.1-9ubuntu3) ) #201602231809 SMP Tue Feb 23 23:12:04 UTC 2016 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
This kernel has the bug: $ cat /proc/version Linux version 4.4.0-040400rc1-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160222 (Ubuntu 5.3.1-9ubuntu3) ) #201602231809 SMP Tue Feb 23 23:12:04 UTC 2016 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1545174] Re: can no longer use hands free calling after upgrade to OTA9
** Description changed: - I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make - calls with no problem. After upgrading (and without unpairing/re-pairing - after upgrading), I can connect to the car, and I can listen to music - but if I try to make a call while connected to bluetooth, the car will - after a few moments say "the call has been transferred to the phone", - but when I pick up the phone to continue the call, the call is made (ie, - the dialer indicates the call is ongoing and the person I called sees an - incoming call from me) but there is no sound and the other end cannot - hear me. + I'm on arale. With OTA8.5 I could pair, listen to music and make calls + with no problem. After upgrading to OTA9 (and without unpairing/re- + pairing after upgrading), I can connect to the car, and I can listen to + music but if I try to make a call while connected to bluetooth, the car + will after a few moments say "the call has been transferred to the + phone", but when I pick up the phone to continue the call, the call is + made (ie, the dialer indicates the call is ongoing and the person I + called sees an incoming call from me) but there is no sound and the + other end cannot hear me. I have not tried unpairing and re-pairing. In other words, I can no - longer use hands free calling after upgrading to OTA9. + longer use hands free calling after upgrading to OTA9. OTA9.1 also + suffers from this issue. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. I'm not sure this is related to bug #1539158 or not, but I was afraid to unpair due to other MX4 users in that bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1545174 Title: can no longer use hands free calling after upgrade to OTA9 Status in Canonical System Image: Confirmed Status in bluez package in Ubuntu: New Bug description: I'm on arale. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading to OTA9 (and without unpairing/re- pairing after upgrading), I can connect to the car, and I can listen to music but if I try to make a call while connected to bluetooth, the car will after a few moments say "the call has been transferred to the phone", but when I pick up the phone to continue the call, the call is made (ie, the dialer indicates the call is ongoing and the person I called sees an incoming call from me) but there is no sound and the other end cannot hear me. I have not tried unpairing and re-pairing. In other words, I can no longer use hands free calling after upgrading to OTA9. OTA9.1 also suffers from this issue. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. I'm not sure this is related to bug #1539158 or not, but I was afraid to unpair due to other MX4 users in that bug. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1545174/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1545174] [NEW] can no longer use hands free calling after upgrade to OTA9
Public bug reported: I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading (and without unpairing/re-pairing after upgrading), I can connect to the car, and I can listen to music but if I try to make a call while connected to bluetooth, the car will after a few moments say "the call has been transferred to the phone", but when I pick up the phone to continue the call, the call appears to be made (ie, the dialer indicates the call is ongoing) but there is no sound. I have not tried unpairing and re-pairing. In other words, I can no longer use hands free calling after upgrading to OTA9. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. I'm not sure this is related to bug #1539158 or not, but I was afraid to unpair due to other MX4 users in that bug. ** Affects: canonical-devices-system-image Importance: Undecided Status: New ** Affects: bluez (Ubuntu) Importance: Undecided Status: New ** Tags: bluetooth ** Description changed: I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading (and without unpairing/re-pairing after upgrading), I can connect to the car, and I can listen to music but if I try to make a call while connected to bluetooth the car after a few moments says "the call has been transferred to the phone", but when I pick up the phone to conduct the call, the call appears to be made but there is no sound. I have not tried unpairing and re-pairing. In other words, I can no longer use hands free calling after upgrading to OTA9. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. + + I'm not sure this is related to bug #1539158 or not, but I was afraid to + unpair due to other MX4 users in that bug. ** Also affects: canonical-devices-system-image Importance: Undecided Status: New ** Description changed: I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading (and without unpairing/re-pairing after upgrading), I can connect to the car, and I can listen to music - but if I try to make a call while connected to bluetooth the car after a - few moments says "the call has been transferred to the phone", but when - I pick up the phone to conduct the call, the call appears to be made but - there is no sound. I have not tried unpairing and re-pairing. In other - words, I can no longer use hands free calling after upgrading to OTA9. + but if I try to make a call while connected to bluetooth, the car will + after a few moments say "the call has been transferred to the phone", + but when I pick up the phone to continue the call, the call appears to + be made (ie, the dialer indicates the call is ongoing) but there is no + sound. I have not tried unpairing and re-pairing. In other words, I can + no longer use hands free calling after upgrading to OTA9. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. I'm not sure this is related to bug #1539158 or not, but I was afraid to unpair due to other MX4 users in that bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1545174 Title: can no longer use hands free calling after upgrade to OTA9 Status in Canonical System Image: New Status in bluez package in Ubuntu: New Bug description: I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading (and without unpairing/re- pairing after upgrading), I can connect to the car, and I can listen to music but if I try to make a call while connected to bluetooth, the car will after a few moments say "the call has been transferred to the phone", but when I pick up the phone to continue the call, the call appears to be made (ie, the dialer indicates the call is ongoing) but there is no sound. I have not tried unpairing and re-pairing. In other words, I can no longer use hands free calling after upgrading to OTA9. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then
[Kernel-packages] [Bug 1545174] Re: can no longer use hands free calling after upgrade to OTA9
** Description changed: I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading (and without unpairing/re-pairing after upgrading), I can connect to the car, and I can listen to music but if I try to make a call while connected to bluetooth, the car will after a few moments say "the call has been transferred to the phone", - but when I pick up the phone to continue the call, the call appears to - be made (ie, the dialer indicates the call is ongoing) but there is no - sound. I have not tried unpairing and re-pairing. In other words, I can - no longer use hands free calling after upgrading to OTA9. + but when I pick up the phone to continue the call, the call is made (ie, + the dialer indicates the call is ongoing and the person I called sees an + incoming call from me) but there is no sound and the other end cannot + hear me. + + I have not tried unpairing and re-pairing. In other words, I can no + longer use hands free calling after upgrading to OTA9. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. I'm not sure this is related to bug #1539158 or not, but I was afraid to unpair due to other MX4 users in that bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1545174 Title: can no longer use hands free calling after upgrade to OTA9 Status in Canonical System Image: New Status in bluez package in Ubuntu: New Bug description: I'm on arale, OTA9. With OTA8.5 I could pair, listen to music and make calls with no problem. After upgrading (and without unpairing/re- pairing after upgrading), I can connect to the car, and I can listen to music but if I try to make a call while connected to bluetooth, the car will after a few moments say "the call has been transferred to the phone", but when I pick up the phone to continue the call, the call is made (ie, the dialer indicates the call is ongoing and the person I called sees an incoming call from me) but there is no sound and the other end cannot hear me. I have not tried unpairing and re-pairing. In other words, I can no longer use hands free calling after upgrading to OTA9. I'm not sure if this is related, but after OTA9 I can connect to the car and both the phone and the car say they're connected, but then after a second or two it disconnects and then after a while 10-30 seconds, the reconnect and they stay connected. Before, once connected they would stay connected. I'm not sure this is related to bug #1539158 or not, but I was afraid to unpair due to other MX4 users in that bug. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1545174/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
Apologies for the delay-- I needed our Ubuntu kernel for a number of weeks and had to pause this bisection. I have booted into this kernel: $ cat /proc/version Linux version 4.3.0-040300-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160311 (Ubuntu 5.3.1-11ubuntu1) ) #201603151533 SMP Tue Mar 15 19:37:15 UTC 2016 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
Ah, that was fast. This kernel has the bug: $ cat /proc/version Linux version 4.3.0-040300-generic (jsalisbury@gomeisa) (gcc version 5.3.1 20160311 (Ubuntu 5.3.1-11ubuntu1) ) #201603151533 SMP Tue Mar 15 19:37:15 UTC 2016 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version Linux version 4.4.9-040409-generic (kernel@gomeisa) (gcc version 5.3.1 20160413 (Ubuntu 5.3.1-14ubuntu2) ) #201605041832 SMP Wed May 4 22:34:16 UTC 2016 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
This kernel has the bug: $ cat /proc/version Linux version 4.4.9-040409-generic (kernel@gomeisa) (gcc version 5.3.1 20160413 (Ubuntu 5.3.1-14ubuntu2) ) #201605041832 SMP Wed May 4 22:34:16 UTC 2016 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
I have booted into this kernel: $ cat /proc/version Linux version 4.3.0-040300rc5-generic (jsalisbury@gomeisa) (gcc version 5.2.1 20151010 (Ubuntu 5.2.1-22ubuntu2) ) #201605111621 SMP Wed May 11 20:26:24 UTC 2016 Since the bug doesn't always show itself right away, I will want to use the kernel for at least several hours. I'll report back as soon as I see the bug or after using the computer throughout the day. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1547619] Re: Intermittent screen blinking with 4k external mini display port with 4.4 kernels
This kernel does not seem to have the bug after using the system all day: $ cat /proc/version Linux version 4.3.0-040300rc5-generic (jsalisbury@gomeisa) (gcc version 5.2.1 20151010 (Ubuntu 5.2.1-22ubuntu2) ) #201605111621 SMP Wed May 11 20:26:24 UTC 2016 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1547619 Title: Intermittent screen blinking with 4k external mini display port with 4.4 kernels Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: When using an external 4K monitor plugged into the mini display port on my Dell XPS 13 9343 using both the laptop screen and the external monitor (external monitor is left and laptop screen right), when using all of the following kernels: 4.4.0-2.16-generic 4.4.0-4.19-generic 4.4.0-6.21-generic 4.4.0-7.22-generic the external monitor will sometimes blink off for about a second or two, then back on. What is weird is this seems to only happen when typing into a gnome-terminal as opposed to firefox or evolution. Simply changing to a gnome-terminal and typing into it doesn't cause the blinking, but it might happen immediately or it might take several minutes. 4.3.0-7.18-generic worked fine and I can go hours and hours in a gnome-terminal with no issues. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-6-generic 4.4.0-6.21 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: jamie 5882 F pulseaudio /dev/snd/controlC1: jamie 5882 F pulseaudio /dev/snd/controlC0: jamie 5882 F pulseaudio CurrentDesktop: Unity Date: Fri Feb 19 12:09:28 2016 HibernationDevice: RESUME=UUID=27fa6713-c8c2-4eb8-9766-ba6918bc1cfb InstallationDate: Installed on 2015-06-13 (250 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: Dell Inc. XPS 13 9343 ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-6-generic.efi.signed root=UUID=7bc4dcd2-0bd8-4e42-b8b7-9f1ed6b8a3e9 ro libata.force=noncq kaslr quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-4.4.0-6-generic N/A linux-backports-modules-4.4.0-6-generic N/A linux-firmware 1.156 SourcePackage: linux UpgradeStatus: Upgraded to xenial on 2016-01-12 (38 days ago) dmi.bios.date: 11/11/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A07 dmi.board.name: 0310JH dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA07:bd11/11/2015:svnDellInc.:pnXPS139343:pvr:rvnDellInc.:rn0310JH:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: XPS 13 9343 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547619/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1016299] Re: CVE-2012-2372
** Changed in: linux-lts-backport-maverick (Ubuntu Saucy) Status: New => Won't Fix ** Changed in: linux-lts-backport-natty (Ubuntu Saucy) Status: New => Won't Fix ** Changed in: linux-lts-backport-oneiric (Ubuntu Saucy) Status: New => Won't Fix ** Changed in: linux-lts-backport-maverick (Ubuntu Trusty) Status: New => Won't Fix ** Changed in: linux-lts-backport-natty (Ubuntu Trusty) Status: New => Won't Fix ** Changed in: linux-lts-backport-oneiric (Ubuntu Trusty) Status: New => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1016299 Title: CVE-2012-2372 Status in “linux” package in Ubuntu: Fix Released Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: Invalid Status in “linux-lts-backport-natty” package in Ubuntu: Invalid Status in “linux-lts-backport-oneiric” package in Ubuntu: Invalid Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Invalid Status in “linux” source package in Lucid: Fix Released Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Fix Released Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: Invalid Status in “linux-lts-backport-natty” source package in Lucid: Fix Released Status in “linux-lts-backport-oneiric” source package in Lucid: Fix Released Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Natty: Invalid Status in “linux-lts-backport-natty” source package in Natty: Invalid Status in “linux-lts-backport-oneiric” source package in Natty: Invalid Status in “linux-lts-backport-maverick” source package in Oneiric: Invalid Status in “linux-lts-backport-natty” source package in Oneiric: Invalid Status in “linux-lts-backport-oneiric” source package in Oneiric: Invalid Status in “linux” source package in Precise: Fix Released Status in “linux-armadaxp” source package in Precise: Fix Released Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: Invalid Status in “linux-lts-backport-natty” source package in Precise: Invalid Status in “linux-lts-backport-oneiric” source package in Precise: Invalid Status in “linux-lts-quantal” source package in Precise: Fix Committed Status in “linux-lts-raring” source package in Precise: Fix Committed Status in “linux-lts-saucy” source package in Precise: Fix Committed Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: Fix Released Status in “linux-lts-backport-maverick” source package in Quantal: Invalid Status in “linux-lts-backport-natty” source package in Quantal: Invalid Status in “linux-lts-backport-oneiric” source package in Quantal: Invalid Status in “linux” source package in Saucy: Invalid Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: Won't Fix Status in “linux-lts-backport-natty” source package in Saucy: Won't Fix Status in “linux-lts-backport-oneiric” source package in Saucy: Won't Fix Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-lts-saucy” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: Invalid Status in “linux” source package in Trusty: Invalid Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-backport-maverick” source package in Trusty: Won't Fix Status in “linux-lts-backport-natty” source package in Trusty: Won't Fix Status in “linux-lts-backport-oneiric” source package in Trusty: Won't Fix Status in “l
[Kernel-packages] [Bug 1155022] Re: CVE-2013-1825
** Changed in: linux (Ubuntu Quantal) Status: New => Won't Fix ** Changed in: linux-armadaxp (Ubuntu Quantal) Status: New => Won't Fix ** Changed in: linux-ti-omap4 (Ubuntu Quantal) Status: New => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1155022 Title: CVE-2013-1825 Status in “linux” package in Ubuntu: New Status in “linux-armadaxp” package in Ubuntu: New Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: Invalid Status in “linux-lts-backport-natty” package in Ubuntu: Invalid Status in “linux-lts-backport-oneiric” package in Ubuntu: Invalid Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: New Status in “linux” source package in Lucid: New Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: New Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: Invalid Status in “linux-lts-backport-natty” source package in Lucid: Invalid Status in “linux-lts-backport-oneiric” source package in Lucid: Won't Fix Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Oneiric: Invalid Status in “linux-armadaxp” source package in Oneiric: Invalid Status in “linux-ec2” source package in Oneiric: Invalid Status in “linux-fsl-imx51” source package in Oneiric: Invalid Status in “linux-lts-backport-maverick” source package in Oneiric: Invalid Status in “linux-lts-backport-natty” source package in Oneiric: Invalid Status in “linux-lts-backport-oneiric” source package in Oneiric: Invalid Status in “linux-lts-quantal” source package in Oneiric: Invalid Status in “linux-mvl-dove” source package in Oneiric: Invalid Status in “linux-ti-omap4” source package in Oneiric: Won't Fix Status in “linux” source package in Precise: New Status in “linux-armadaxp” source package in Precise: New Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: Invalid Status in “linux-lts-backport-natty” source package in Precise: Invalid Status in “linux-lts-backport-oneiric” source package in Precise: Invalid Status in “linux-lts-quantal” source package in Precise: New Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: New Status in “linux” source package in Quantal: Won't Fix Status in “linux-armadaxp” source package in Quantal: Won't Fix Status in “linux-ec2” source package in Quantal: Invalid Status in “linux-fsl-imx51” source package in Quantal: Invalid Status in “linux-lts-backport-maverick” source package in Quantal: Invalid Status in “linux-lts-backport-natty” source package in Quantal: Invalid Status in “linux-lts-backport-oneiric” source package in Quantal: Invalid Status in “linux-lts-quantal” source package in Quantal: Invalid Status in “linux-mvl-dove” source package in Quantal: Invalid Status in “linux-ti-omap4” source package in Quantal: Won't Fix Status in “linux” source package in Raring: Won't Fix Status in “linux-armadaxp” source package in Raring: Won't Fix Status in “linux-ec2” source package in Raring: Invalid Status in “linux-fsl-imx51” source package in Raring: Invalid Status in “linux-lts-backport-maverick” source package in Raring: Invalid Status in “linux-lts-backport-natty” source package in Raring: Invalid Status in “linux-lts-backport-oneiric” source package in Raring: Invalid Status in “linux-lts-quantal” source package in Raring: Invalid Status in “linux-mvl-dove” source package in Raring: Invalid Status in “linux-ti-omap4” source package in Raring: Won't Fix Status in “linux” source package in Hardy: Invalid Status in “linux-armadaxp” source package in Hardy: Invalid Status in “linux-ec2” source package in Hardy: Invalid Status in “linux-fsl-imx51” source package in Hardy: Invalid Status in “linux-lts-backport-maverick” source package in Hardy: Invalid Status in “linux-lts-backport-natty” source package in Hardy: Invalid Status in “linux-lts-backport-oneiric” source package in Hardy: Invalid Status in “linux-lts-quantal” source package in Hardy: Invalid Status in “linux-mvl-dove” source package in Hardy: Invalid Status in “linux-ti-omap4” source package in Hardy: Invalid Bug description: crypto: user - fix info leaks in report API
[Kernel-packages] [Bug 1130950] Re: CVE-2013-0310
** Changed in: linux (Ubuntu Quantal) Status: Fix Committed => Won't Fix ** Changed in: linux-ti-omap4 (Ubuntu Quantal) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1130950 Title: CVE-2013-0310 Status in “linux” package in Ubuntu: Invalid Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: Invalid Status in “linux-lts-backport-natty” package in Ubuntu: Invalid Status in “linux-lts-backport-oneiric” package in Ubuntu: Invalid Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Fix Committed Status in “linux” source package in Lucid: Fix Released Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Fix Released Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: Invalid Status in “linux-lts-backport-natty” source package in Lucid: Won't Fix Status in “linux-lts-backport-oneiric” source package in Lucid: Fix Released Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: Fix Released Status in “linux-armadaxp” source package in Precise: Fix Released Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: Invalid Status in “linux-lts-backport-natty” source package in Precise: Invalid Status in “linux-lts-backport-oneiric” source package in Precise: Invalid Status in “linux-lts-quantal” source package in Precise: Fix Committed Status in “linux-lts-raring” source package in Precise: Invalid Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: Fix Released Status in “linux” source package in Quantal: Won't Fix Status in “linux-armadaxp” source package in Quantal: Invalid Status in “linux-ec2” source package in Quantal: Invalid Status in “linux-fsl-imx51” source package in Quantal: Invalid Status in “linux-lts-backport-maverick” source package in Quantal: Invalid Status in “linux-lts-backport-natty” source package in Quantal: Invalid Status in “linux-lts-backport-oneiric” source package in Quantal: Invalid Status in “linux-lts-quantal” source package in Quantal: Invalid Status in “linux-lts-raring” source package in Quantal: Invalid Status in “linux-mvl-dove” source package in Quantal: Invalid Status in “linux-ti-omap4” source package in Quantal: Won't Fix Status in “linux” source package in Raring: Invalid Status in “linux-armadaxp” source package in Raring: Invalid Status in “linux-ec2” source package in Raring: Invalid Status in “linux-fsl-imx51” source package in Raring: Invalid Status in “linux-lts-backport-maverick” source package in Raring: Invalid Status in “linux-lts-backport-natty” source package in Raring: Invalid Status in “linux-lts-backport-oneiric” source package in Raring: Invalid Status in “linux-lts-quantal” source package in Raring: Invalid Status in “linux-lts-raring” source package in Raring: Invalid Status in “linux-mvl-dove” source package in Raring: Invalid Status in “linux-ti-omap4” source package in Raring: Won't Fix Status in “linux” source package in Saucy: Invalid Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: Invalid Status in “linux-lts-backport-natty” source package in Saucy: Invalid Status in “linux-lts-backport-oneiric” source package in Saucy: Invalid Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: Fix Committed Bug description: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. Break-Fix: - 89d7ae34cd
