[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-04-24 Thread Launchpad Bug Tracker 
This bug was fixed in the package linux - 4.8.0-49.52

---
linux (4.8.0-49.52) yakkety; urgency=low

  * linux: 4.8.0-49.52 -proposed tracker (LP: #1684427)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
(LP: #1682561)
- Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.8.0-48.51) yakkety; urgency=low

  * linux: 4.8.0-48.51 -proposed tracker (LP: #1682034)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
(LP: #1681893)
- Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.8.0-47.50) yakkety; urgency=low

  * linux: 4.8.0-47.50 -proposed tracker (LP: #1679678)

  * CVE-2017-6353
- sctp: deny peeloff operation on asocs with threads sleeping on it

  * CVE-2017-5986
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf

  * vfat: missing iso8859-1 charset (LP: #1677230)
- [Config] NLS_ISO8859_1=y

  * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs

  * Regression: KVM modules should be on main kernel package (LP: #1678099)
- [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
4.4.0-63.84~14.04.2 (LP: #1664912)
- SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * regession tests failing after stackprofile test is run (LP: #1661030)
- SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
list' command (LP: #1648903)
- SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
from a unshared mount namespace (LP: #1656121)
- SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
(LP: #1660849)
- SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
namespace="root//CONTAINERNAME_" profile="unconfined"
name="system_tor" (LP: #1648143)
- SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using 
stacked
  namespaces

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
- SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor  auditing denied access of special apparmor .null fi\ le
(LP: #1660836)
- SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
- SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
- SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
- SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with nested namespaces
(LP: #1660832)
- SAUCE: apparmor: fix cross ns perm of unix domain sockets

  * [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device
shutdown (LP: #1672785)
- Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow"
- net/mlx4_core: Avoid delays during VF driver device shutdown

  * Update ENA driver to 1.1.2 from net-next (LP: #1664312)
- net: ena: Remove unnecessary pci_set_drvdata()
- net: ena: Fix error return code in ena_device_init()
- net: ena: change the return type of ena_set_push_mode() to be void.
- net: ena: use setup_timer() and mod_timer()
- net/ena: remove ntuple filter support from device feature list
- net/ena: fix queues number calculation
- net/ena: fix ethtool RSS flow configuration
- net/ena: fix RSS default hash configuration
- net/ena: fix NULL dereference when removing the driver after device reset
  failed
- net/ena: refactor ena_get_stats64 to be atomic context safe
- net/ena: fix potential access to freed memory during device reset
- net/ena: use READ_ONCE to access completion descriptors
- net/ena: reduce the severity of ena printouts
- net/ena: change driver's default timeouts
- net/ena: change condition for host attribute configuration
- net/ena: update driver version to 1.1.2

  * ISST-LTE:pVM:roselp4:ubuntu16.04.2: number of numa_miss and numa_foreign
wrong in numastat (LP: #1672953)
- mm: fix remote numa hits statistics
- mm: get rid of __GFP_OTHER_NODE

  * Using an NVMe drive causes huge power drain (LP: #1664602)
- nvme/scsi: Remove power management support
- nvme: Pass pointers, not dma addresses, to nvme_get/set_features()
- nvme: introduce struct nvme_request
- nvme: Add a quirk

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-04-24 Thread Launchpad Bug Tracker 
This bug was fixed in the package linux - 4.4.0-75.96

---
linux (4.4.0-75.96) xenial; urgency=low

  * linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
(LP: #1682561)
- Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.4.0-74.95) xenial; urgency=low

  * linux: 4.4.0-74.95 -proposed tracker (LP: #1682041)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
(LP: #1681893)
- Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.4.0-73.94) xenial; urgency=low

  * linux: 4.4.0-73.94 -proposed tracker (LP: #1680416)

  * CVE-2017-6353
- sctp: deny peeloff operation on asocs with threads sleeping on it

  * vfat: missing iso8859-1 charset (LP: #1677230)
- [Config] NLS_ISO8859_1=y

  * Regression: KVM modules should be on main kernel package (LP: #1678099)
- [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
4.4.0-63.84~14.04.2 (LP: #1664912)
- SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * regession tests failing after stackprofile test is run (LP: #1661030)
- SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
list' command (LP: #1648903)
- SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
from a unshared mount namespace (LP: #1656121)
- SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
(LP: #1660849)
- SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
namespace="root//CONTAINERNAME_" profile="unconfined"
name="system_tor" (LP: #1648143)
- SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using 
stacked
  namespaces

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
- SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor  auditing denied access of special apparmor .null fi\ le
(LP: #1660836)
- SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
- SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
- SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
- SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with nested namespaces
(LP: #1660832)
- SAUCE: apparmor: fix cross ns perm of unix domain sockets

  * Xenial update to v4.4.59 stable release (LP: #1678960)
- xfrm: policy: init locks early
- virtio_balloon: init 1st buffer in stats vq
- pinctrl: qcom: Don't clear status bit on irq_unmask
- c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
- h8300/ptrace: Fix incorrect register transfer count
- mips/ptrace: Preserve previous registers for short regset write
- sparc/ptrace: Preserve previous registers for short regset write
- metag/ptrace: Preserve previous registers for short regset write
- metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
- metag/ptrace: Reject partial NT_METAG_RPIPE writes
- fscrypt: remove broken support for detecting keyring key revocation
- sched/rt: Add a missing rescheduling point
- Linux 4.4.59

  * Update ENA driver to 1.1.2 from net-next (LP: #1664312)
- net: ena: Remove unnecessary pci_set_drvdata()
- net: ena: Fix error return code in ena_device_init()
- net: ena: change the return type of ena_set_push_mode() to be void.
- net: ena: use setup_timer() and mod_timer()
- net/ena: remove ntuple filter support from device feature list
- net/ena: fix queues number calculation
- net/ena: fix ethtool RSS flow configuration
- net/ena: fix RSS default hash configuration
- net/ena: fix NULL dereference when removing the driver after device reset
  failed
- net/ena: refactor ena_get_stats64 to be atomic context safe
- net/ena: fix potential access to freed memory during device reset
- net/ena: use READ_ONCE to access completion descriptors
- net/ena: reduce the severity of ena printouts
- net/ena: change driver's default timeouts
- net/ena: change condition for host attribute configuration
- net/ena: update driver version to 1.1.2

  * Xenial update to v4.4.58 stable release (LP: #1677600)
- net/openvswitch: Set the ipv6 source tunnel key

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-04-07 Thread Thadeu Lima de Souza Cascardo 
** Changed in: linux (Ubuntu Xenial)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Triaged
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-03-30 Thread Stefan Bader 
Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Triaged
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Triaged
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-03-05 Thread John Johansen 
** Tags removed: verification-needed-yakkety
** Tags added: verification-done-yakkety

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Released
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Released
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-03-02 Thread Launchpad Bug Tracker 
This bug was fixed in the package linux - 4.8.0-40.43

---
linux (4.8.0-40.43) yakkety; urgency=low

  * linux: 4.8.0-40.43 -proposed tracker (LP: #1667066)

  [ Andy Whitcroft ]
  * NFS client : permission denied when trying to access subshare, since kernel
4.4.0-31 (LP: #1649292)
- fs: Better permission checking for submounts

  * shaking screen  (LP: #1651981)
- drm/radeon: drop verde dpm quirks

  * [0bda:0328] Card reader failed after S3 (LP: #1664809)
- usb: hub: Wait for connection to be reestablished after port reset

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
4.4.0-63.84~14.04.2 (LP: #1664912)
- SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * In Ubuntu 17.04 : after reboot getting message in console like Unable to
open file: /etc/keys/x509_ima.der (-2) (LP: #1656908)
- SAUCE: ima: Downgrade error to warning

  * 16.04.2: Extra patches for POWER9 (LP: #1664564)
- powerpc/mm: Fix no execute fault handling on pre-POWER5
- powerpc/mm: Fix spurrious segfaults on radix with autonuma

  * ibmvscsis: Add SGL LIMIT (LP: #1662551)
- ibmvscsis: Add SGL limit

  * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
(LP: #1663687)
- scsi: storvsc: Enable tracking of queue depth
- scsi: storvsc: Remove the restriction on max segment size
- scsi: storvsc: Enable multi-queue support
- scsi: storvsc: use tagged SRB requests if supported by the device
- scsi: storvsc: properly handle SRB_ERROR when sense message is present
- scsi: storvsc: properly set residual data length on errors

  * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs
caused KVM host hung and all KVM guests down. (LP: #1651248)
- KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT
- KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
- KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends
- KVM: PPC: Book 3S: XICS: Implement ICS P/Q states
- KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend

  * ISST-LTE:pNV: ppc64_cpu command is hung w HDs, SSDs and NVMe (LP: #1662666)
- blk-mq: Avoid memory reclaim when remapping queues
- blk-mq: Fix failed allocation path when mapping queues
- blk-mq: Always schedule hctx->next_cpu

  * systemd-udevd hung in blk_mq_freeze_queue_wait testing unpartitioned NVMe
drive (LP: #1662673)
- percpu-refcount: fix reference leak during percpu-atomic transition

  * [Yakkety SRU] Enable KEXEC support in ARM64 kernel (LP: #1662554)
- [Config] Enable KEXEC support in ARM64.

  * [Hyper-V] Fix ring buffer handling to avoid host throttling (LP: #1661430)
- Drivers: hv: vmbus: On write cleanup the logic to interrupt the host
- Drivers: hv: vmbus: On the read path cleanup the logic to interrupt the 
host
- Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()

  * brd module compiled as built-in (LP: #1593293)
- CONFIG_BLK_DEV_RAM=m

  * regession tests failing after stackprofile test is run (LP: #1661030)
- SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
list' command (LP: #1648903)
- SAUCE: fix regression with domain change in complain mode

  * flock not mediated by 'k' (LP: #1658219)
- SAUCE: apparmor: flock mediation is not being enforced on cache check

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
from a unshared mount namespace (LP: #1656121)
- SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
(LP: #1660849)
- SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
namespace="root//CONTAINERNAME_" profile="unconfined"
name="system_tor" (LP: #1648143)
- SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using 
stacked
  namespaces

  * apparmor_parser hangs indefinitely when called by multiple threads
(LP: #1645037)
- SAUCE: apparmor: fix lock ordering for mkdir

  * apparmor leaking securityfs pin count (LP: #1660846)
- SAUCE: apparmor: fix leak on securityfs pin count

  * apparmor reference count leak when securityfs_setup_d_inode\ () fails
(LP: #1660845)
- SAUCE: apparmor: fix reference count leak when securityfs_setup_d_inode()
  fails

  * apparmor not checking error if security_pin_fs() fails (LP: #1660842)
- SAUCE: apparmor: fix not handling error case when securityfs_pin_fs() 
fails

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
- SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor  auditing denied access of special apparmor .null fi\ le
(LP: #1660836)
- SAUCE: apparmor:

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-03-02 Thread Launchpad Bug Tracker 
This bug was fixed in the package linux - 4.4.0-65.86

---
linux (4.4.0-65.86) xenial; urgency=low

  * linux: 4.4.0-65.86 -proposed tracker (LP: #1667052)

  [ Stefan Bader ]
  * Upgrade Redpine RS9113 driver to support AP mode (LP: #1665211)
- SAUCE: Redpine driver to support Host AP mode

  * NFS client : permission denied when trying to access subshare, since kernel
4.4.0-31 (LP: #1649292)
- fs: Better permission checking for submounts

  * [Hyper-V] SAUCE: pci-hyperv fixes for SR-IOV on Azure (LP: #1665097)
- SAUCE: PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal
- SAUCE: pci-hyperv: properly handle pci bus remove
- SAUCE: pci-hyperv: lock pci bus on device eject

  * [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and
image (LP: #1650058)
- net/mlx4_en: Fix bad WQE issue
- net/mlx4_core: Fix racy CQ (Completion Queue) free
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to 
VGT
  transitions
- net/mlx4_core: Avoid command timeouts during VF driver device shutdown

  * Xenial update to v4.4.49 stable release (LP: #1664960)
- ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
- selinux: fix off-by-one in setprocattr
- Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback"
- cpumask: use nr_cpumask_bits for parsing functions
- hns: avoid stack overflow with CONFIG_KASAN
- ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset 
write
- target: Don't BUG_ON during NodeACL dynamic -> explicit conversion
- target: Use correct SCSI status during EXTENDED_COPY exception
- target: Fix early transport_generic_handle_tmr abort scenario
- target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
- ARM: 8642/1: LPAE: catch pending imprecise abort on unmask
- mac80211: Fix adding of mesh vendor IEs
- netvsc: Set maximum GSO size in the right place
- scsi: zfcp: fix use-after-free by not tracing WKA port open/close on 
failed
  send
- scsi: aacraid: Fix INTx/MSI-x issue with older controllers
- scsi: mpt3sas: disable ASPM for MPI2 controllers
- xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
- ALSA: seq: Fix race at creating a queue
- ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
- drm/i915: fix use-after-free in page_flip_completed()
- Linux 4.4.49

  * NFS client : kernel 4.4.0-57 crash with nfsv4 enries in /etc/fstab
(LP: #1650336)
- SUNRPC: fix refcounting problems with auth_gss messages.

  * [0bda:0328] Card reader failed after S3 (LP: #1664809)
- usb: hub: Wait for connection to be reestablished after port reset

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
4.4.0-63.84~14.04.2 (LP: #1664912)
- SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * ibmvscsis: Add SGL LIMIT (LP: #1662551)
- ibmvscsis: Add SGL limit

  * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
(LP: #1663687)
- scsi: storvsc: Enable tracking of queue depth
- scsi: storvsc: Remove the restriction on max segment size
- scsi: storvsc: Enable multi-queue support
- scsi: storvsc: use tagged SRB requests if supported by the device
- scsi: storvsc: properly handle SRB_ERROR when sense message is present
- scsi: storvsc: properly set residual data length on errors

  * ISST-LTE:pNV: ppc64_cpu command is hung w HDs, SSDs and NVMe (LP: #1662666)
- blk-mq: Avoid memory reclaim when remapping queues
- blk-mq: Fix failed allocation path when mapping queues

  * Possible missing firmware /lib/firmware/i915/kbl_dmc_ver1.bin for module
i915_bpo (LP: #1624164)
- SAUCE: i915_bpo: Remove MODULE_FIRMWARE statement for 
i915/kbl_dmc_ver1.bin

  *  Intel I210 ethernet does not work both after S3 (LP: #1662763)
- igb: implement igb_ptp_suspend
- igb: call igb_ptp_suspend during suspend/resume cycle

  * [Hyper-V] Fix ring buffer handling to avoid host throttling (LP: #1661430)
- Drivers: hv: vmbus: On write cleanup the logic to interrupt the host
- Drivers: hv: vmbus: On the read path cleanup the logic to interrupt the 
host
- Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()

  * brd module compiled as built-in (LP: #1593293)
- [Config] CONFIG_BLK_DEV_RAM=m

  * regession tests failing after stackprofile test is run (LP: #1661030)
- SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
list' command (LP: #1648903)
- SAUCE: fix regression with domain change in complain mode

  * flock not mediated by 'k' (LP: #1658219)
- SAUCE: apparmor: flock mediation is not being enforced on cache check

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
from a unshared mount

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-27 Thread Simon Déziel 
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-27 Thread Brad Figg 
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag 'verification-needed-xenial' to 'verification-failed-
xenial'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-xenial

** Tags added: verification-needed-yakkety

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-27 Thread Brad Figg 
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
yakkety' to 'verification-done-yakkety'. If the problem still exists,
change the tag 'verification-needed-yakkety' to 'verification-failed-
yakkety'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-24 Thread Simon Déziel 
I can confirm this problem was fixed for Xenial on 4.4.0-65.86, thank
you.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-21 Thread Launchpad Bug Tracker 
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu Yakkety)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-21 Thread Launchpad Bug Tracker 
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu Xenial)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-21 Thread Launchpad Bug Tracker 
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-20 Thread Launchpad Bug Tracker 
This bug was fixed in the package linux - 4.10.0-8.10

---
linux (4.10.0-8.10) zesty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
- LP: #1664217

  * [Hyper-V] Bug fixes for storvsc (tagged queuing, error conditions)
(LP: #1663687)
- scsi: storvsc: Enable tracking of queue depth
- scsi: storvsc: Remove the restriction on max segment size
- scsi: storvsc: Enable multi-queue support
- scsi: storvsc: use tagged SRB requests if supported by the device
- scsi: storvsc: properly handle SRB_ERROR when sense message is present
- scsi: storvsc: properly set residual data length on errors

  * Ubuntu16.10-KVM:Big configuration with multiple guests running SRIOV VFs
caused KVM host hung and all KVM guests down. (LP: #1651248)
- KVM: PPC: Book 3S: XICS cleanup: remove XICS_RM_REJECT
- KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
- KVM: PPC: Book 3S: XICS: Fix potential issue with duplicate IRQ resends
- KVM: PPC: Book 3S: XICS: Implement ICS P/Q states
- KVM: PPC: Book 3S: XICS: Don't lock twice when checking for resend

  * overlay: mkdir fails if directory exists in lowerdir in a user namespace
(LP: #1531747)
- SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

  * CVE-2016-1575 (LP: #1534961)
- SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

  * CVE-2016-1576 (LP: #1535150)
- SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

  * Miscellaneous Ubuntu changes
- SAUCE: md/raid6 algorithms: scale test duration for speedier boots
- SAUCE: Import aufs driver
- d-i: Build message-modules udeb for arm64
- rebase to v4.10-rc8

  * Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: aufs -- remove .readlink assignment"
- Revert "UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support 
setattr_prepare()"
- Revert "UBUNTU: SAUCE: aufs -- Add flags argument to aufs_rename()"
- Revert "UBUNTU: SAUCE: aufs -- Convert to use xattr handlers"
- Revert "UBUNTU: SAUCE: Import aufs driver"

  [ Upstream Kernel Changes ]

  * rebase to v4.10-rc8

 -- Tim Gardner   Mon, 06 Feb 2017 08:34:24
-0700

** Changed in: linux (Ubuntu Zesty)
   Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1575

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1576

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  New
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  New
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  New
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-14 Thread Thadeu Lima de Souza Cascardo 
** Changed in: linux (Ubuntu Xenial)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  New
Status in linux package in Ubuntu:
  In Progress
Status in apparmor source package in Xenial:
  New
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  New
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  New
Status in linux source package in Zesty:
  In Progress

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-14 Thread Tim Gardner 
** Changed in: linux (Ubuntu Yakkety)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  New
Status in linux package in Ubuntu:
  In Progress
Status in apparmor source package in Xenial:
  New
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Yakkety:
  New
Status in linux source package in Yakkety:
  Fix Committed
Status in apparmor source package in Zesty:
  New
Status in linux source package in Zesty:
  In Progress

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

2017-02-01 Thread John Johansen 
** Changed in: linux (Ubuntu Xenial)
   Status: Incomplete => In Progress

** Changed in: linux (Ubuntu Yakkety)
   Status: Incomplete => In Progress

** Changed in: linux (Ubuntu Zesty)
   Status: Incomplete => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  New
Status in linux package in Ubuntu:
  In Progress
Status in apparmor source package in Xenial:
  New
Status in linux source package in Xenial:
  In Progress
Status in apparmor source package in Yakkety:
  New
Status in linux source package in Yakkety:
  In Progress
Status in apparmor source package in Zesty:
  New
Status in linux source package in Zesty:
  In Progress

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp