[Touch-packages] [Bug 1679704] Comment bridged from LTC Bugzilla
--- Comment From bssrika...@in.ibm.com 2018-04-16 05:49 EDT---
Any updates on this one? when are we getting this fixed?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679704
Title:
libvirt profile is blocking global setrlimit despite having no rlimit
rule
Status in The Ubuntu-power-systems project:
In Progress
Status in apparmor package in Ubuntu:
In Progress
Bug description:
Hi,
while debugging bug 1678322 I was running along apparmor issues.
Thanks to jjohansen we debugged some of it and eventually I was asked to
report to a bug.
Symptom:
[ 8976.950635] audit: type=1400 audit(1491310016.224:48): apparmor="DENIED"
operation="setrlimit" profile="/usr/sbin/libvirtd" pid=10034 comm="libvirtd"
rlimit=memlock value=1610612736
But none of the profiles has any rlimit statement in it:
$ grep -Hirn limit /etc/apparmor*
/etc/apparmor.d/sbin.dhclient:58: # such, if the dhclient3 daemon is
subverted, this effectively limits it to
/etc/apparmor.d/abstractions/ubuntu-helpers:16:# Limitations:
/etc/apparmor.d/abstractions/ubuntu-helpers:64: # in limited libraries so
glibc's secure execution should be enough to not
/etc/apparmor.d/cache/.features:13:rlimit {mask {cpu fsize data stack core
rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
The profile contains a child profile which makes reading the dumps a bit
painful, but I'll attach them anyway for you to take a look.
To "recreate" if needed check out bug 1678322 - TL;DR hot-add some VFs via
libvirt.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1679704/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679704] Comment bridged from LTC Bugzilla
--- Comment From bssrika...@in.ibm.com 2018-04-09 00:43 EDT---
Any updates here? on bionic we are blocked on memory hotplug testing with this
bug.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679704
Title:
libvirt profile is blocking global setrlimit despite having no rlimit
rule
Status in The Ubuntu-power-systems project:
In Progress
Status in apparmor package in Ubuntu:
In Progress
Bug description:
Hi,
while debugging bug 1678322 I was running along apparmor issues.
Thanks to jjohansen we debugged some of it and eventually I was asked to
report to a bug.
Symptom:
[ 8976.950635] audit: type=1400 audit(1491310016.224:48): apparmor="DENIED"
operation="setrlimit" profile="/usr/sbin/libvirtd" pid=10034 comm="libvirtd"
rlimit=memlock value=1610612736
But none of the profiles has any rlimit statement in it:
$ grep -Hirn limit /etc/apparmor*
/etc/apparmor.d/sbin.dhclient:58: # such, if the dhclient3 daemon is
subverted, this effectively limits it to
/etc/apparmor.d/abstractions/ubuntu-helpers:16:# Limitations:
/etc/apparmor.d/abstractions/ubuntu-helpers:64: # in limited libraries so
glibc's secure execution should be enough to not
/etc/apparmor.d/cache/.features:13:rlimit {mask {cpu fsize data stack core
rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
The profile contains a child profile which makes reading the dumps a bit
painful, but I'll attach them anyway for you to take a look.
To "recreate" if needed check out bug 1678322 - TL;DR hot-add some VFs via
libvirt.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1679704/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679704] Comment bridged from LTC Bugzilla
--- Comment From lagar...@br.ibm.com 2017-10-05 17:29 EDT---
@JJohansen, any update on this one?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679704
Title:
libvirt profile is blocking global setrlimit despite having no rlimit
rule
Status in apparmor package in Ubuntu:
In Progress
Bug description:
Hi,
while debugging bug 1678322 I was running along apparmor issues.
Thanks to jjohansen we debugged some of it and eventually I was asked to
report to a bug.
Symptom:
[ 8976.950635] audit: type=1400 audit(1491310016.224:48): apparmor="DENIED"
operation="setrlimit" profile="/usr/sbin/libvirtd" pid=10034 comm="libvirtd"
rlimit=memlock value=1610612736
But none of the profiles has any rlimit statement in it:
$ grep -Hirn limit /etc/apparmor*
/etc/apparmor.d/sbin.dhclient:58: # such, if the dhclient3 daemon is
subverted, this effectively limits it to
/etc/apparmor.d/abstractions/ubuntu-helpers:16:# Limitations:
/etc/apparmor.d/abstractions/ubuntu-helpers:64: # in limited libraries so
glibc's secure execution should be enough to not
/etc/apparmor.d/cache/.features:13:rlimit {mask {cpu fsize data stack core
rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
The profile contains a child profile which makes reading the dumps a bit
painful, but I'll attach them anyway for you to take a look.
To "recreate" if needed check out bug 1678322 - TL;DR hot-add some VFs via
libvirt.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1679704/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679704] Comment bridged from LTC Bugzilla
--- Comment From lagar...@br.ibm.com 2017-08-04 13:56 EDT---
Hi Christian,
Do you have any updates on this one?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679704
Title:
libvirt profile is blocking global setrlimit despite having no rlimit
rule
Status in apparmor package in Ubuntu:
In Progress
Bug description:
Hi,
while debugging bug 1678322 I was running along apparmor issues.
Thanks to jjohansen we debugged some of it and eventually I was asked to
report to a bug.
Symptom:
[ 8976.950635] audit: type=1400 audit(1491310016.224:48): apparmor="DENIED"
operation="setrlimit" profile="/usr/sbin/libvirtd" pid=10034 comm="libvirtd"
rlimit=memlock value=1610612736
But none of the profiles has any rlimit statement in it:
$ grep -Hirn limit /etc/apparmor*
/etc/apparmor.d/sbin.dhclient:58: # such, if the dhclient3 daemon is
subverted, this effectively limits it to
/etc/apparmor.d/abstractions/ubuntu-helpers:16:# Limitations:
/etc/apparmor.d/abstractions/ubuntu-helpers:64: # in limited libraries so
glibc's secure execution should be enough to not
/etc/apparmor.d/cache/.features:13:rlimit {mask {cpu fsize data stack core
rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
The profile contains a child profile which makes reading the dumps a bit
painful, but I'll attach them anyway for you to take a look.
To "recreate" if needed check out bug 1678322 - TL;DR hot-add some VFs via
libvirt.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1679704/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679704] Comment bridged from LTC Bugzilla
--- Comment From lagar...@br.ibm.com 2017-06-20 20:06 EDT---
*** Bug 151486 has been marked as a duplicate of this bug. ***
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1679704
Title:
libvirt profile is blocking global setrlimit despite having no rlimit
rule
Status in apparmor package in Ubuntu:
In Progress
Bug description:
Hi,
while debugging bug 1678322 I was running along apparmor issues.
Thanks to jjohansen we debugged some of it and eventually I was asked to
report to a bug.
Symptom:
[ 8976.950635] audit: type=1400 audit(1491310016.224:48): apparmor="DENIED"
operation="setrlimit" profile="/usr/sbin/libvirtd" pid=10034 comm="libvirtd"
rlimit=memlock value=1610612736
But none of the profiles has any rlimit statement in it:
$ grep -Hirn limit /etc/apparmor*
/etc/apparmor.d/sbin.dhclient:58: # such, if the dhclient3 daemon is
subverted, this effectively limits it to
/etc/apparmor.d/abstractions/ubuntu-helpers:16:# Limitations:
/etc/apparmor.d/abstractions/ubuntu-helpers:64: # in limited libraries so
glibc's secure execution should be enough to not
/etc/apparmor.d/cache/.features:13:rlimit {mask {cpu fsize data stack core
rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
The profile contains a child profile which makes reading the dumps a bit
painful, but I'll attach them anyway for you to take a look.
To "recreate" if needed check out bug 1678322 - TL;DR hot-add some VFs via
libvirt.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1679704/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
