[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2018-03-15 Thread Tyler Hicks 
Closing this bug based on my last comment.

** Changed in: apparmor (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-14 Thread Tyler Hicks 
The attach_disconnected flag was added to the dnsmasq profile just
before 16.04 was released:

  https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-13 Thread Christian Boltz 
For the records:

revno: 3437
fixes bug: https://launchpad.net/bugs/1569316
committer: Tyler Hicks 
branch nick: apparmor
timestamp: Tue 2016-04-12 16:36:43 -0500
message:
  profiles: Add attach_disconnected flag to dnsmasq profile
  
  https://launchpad.net/bugs/1569316
  
  When Ubuntu made the jump from network-manager 1.0.4 to 1.1.93, the
  dnsmasq process spawned from network-manager started hitting a
  disconnected path denial:

;-)

Note: I don't know if Ubuntu ships this profile from upstream bzr or has
its own one. Or maybe 16.04 is just a bit too old for this change.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-12 Thread John Johansen 
@Bjoern can you set a couple of apparmor flags and report back what is
reported in the logs?

Specifically as root can you do

echo -n "noquiet" > /sys/module/apparmor/parameters/audit
echo 1 >  /sys/module/apparmor/parameters/debug
echo 0 > /proc/sys/kernel/printk_ratelimit

and then restart dnsmasq

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-12 Thread Bjoern O. 
Hello Seth Arnold,

i don't have change anything at dnsmasq.

I have only create a profile and set the profile in complain mode.

Normally in complain mode Apparmor shouldn't block anything. Apparmor
should only log. Why should apparmor influence the behaviour of dnsmasq
in complain mode?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-12 Thread Bjoern O. 
P.S. In the log file i can see, that Apparmor have allowed the
connection. I don't know why dnsmasq doesn't work with Apparmor in
complain mode. But apparmor have allowed the connection. Why did this
influence dnsmasq?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-11 Thread Seth Arnold 
Did you by chance change anything related to dnsmasq's startup? This
looks like dnsmasq is now starting in a private filesystem namespace
without access to the dbus sockets. It's possible to adapt the AppArmor
profile for this (by adding the attach_disconnected flag to the profile)
but the downside is that AppArmor will then attach all paths not in the
namespace to / which might allow e.g. a chroot etc/shadow to also allow
access to non-chroot /etc/shadow.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1703520] Re: DNS resolving doesn't work in complain mode with dnsmasq and apparmor

2017-07-11 Thread Bjoern O. 
** Description changed:

  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites. (Log
  is at the attachement)
  
- I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites. 
+ I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.
+ 
+ I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1703520

Title:
  DNS resolving doesn't work in complain mode with dnsmasq and apparmor

Status in apparmor package in Ubuntu:
  New

Bug description:
  After i have firefox, chromium-browser and dnsmasq profiled with sudo
  aa-autodep (complain-mode was used), i can not resolving websites.
  (Log is at the attachement)

  I have copied the profiles of the three programms from the top in 
/etc/apparmor.d/disable and after a reboot i can resolving websites.
  The network manager can connect with my router the whole time.

  I'm have Ubuntu 16.04.02 LTS with all updates. (11.07.2017 CEST)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1703520/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp