[Bug 2066982] Re: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size
** Changed in: linux-azure (Ubuntu Focal) Status: New => Invalid ** Changed in: linux-azure (Ubuntu Jammy) Status: New => In Progress ** Changed in: linux-azure (Ubuntu Mantic) Status: New => Fix Committed ** Changed in: linux-azure (Ubuntu Mantic) Status: Fix Committed => In Progress ** Changed in: linux-azure (Ubuntu Noble) Status: New => In Progress ** Changed in: linux-azure (Ubuntu Oracular) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066982 Title: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066992] Re: Azure: net: mana: Fix Rx DMA datasize and skb_over_panic
** Changed in: linux-azure (Ubuntu Focal) Status: New => Invalid ** Changed in: linux-azure (Ubuntu Jammy) Status: New => In Progress ** Changed in: linux-azure (Ubuntu Mantic) Status: New => In Progress ** Changed in: linux-azure (Ubuntu Noble) Status: New => In Progress ** Changed in: linux-azure (Ubuntu Oracular) Status: New => In Progress ** Description changed: SRU Justification [Impact] * Request to remove multiple of 64 alignment on mana Rx DMA datasize [Fix] * Clean cherry-pick, commit c0de6ab920aafb56feab56058e46b688e694a246 net: mana: Fix Rx DMA datasize and skb_over_panic [Test Plan] * Compile tested * Boot tested - * Loaded and unloaded mana_ib successfully * Microsoft to test [Regression potential] * Changes isolated * Could cause more dropped packets when truncated [Other Info] * SF: #00385930 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066992 Title: Azure: net: mana: Fix Rx DMA datasize and skb_over_panic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066992/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066992] Re: Azure: net: mana: Fix Rx DMA datasize and skb_over_panic
** Description changed: SRU Justification [Impact] - * Request to enable MANA driver on arm64 arch using 4k page size + * Request to remove multiple of 64 alignment on mana Rx DMA datasize [Fix] - * Clean cherry-pick, commit 40a1d11fc670ac03c5dc2e5a9724b330e74f38b0 - net: mana: Enable MANA driver on ARM64 with 4K page size + * Clean cherry-pick, commit c0de6ab920aafb56feab56058e46b688e694a246 + net: mana: Fix Rx DMA datasize and skb_over_panic [Test Plan] * Compile tested * Boot tested * Loaded and unloaded mana_ib successfully * Microsoft to test [Regression potential] - * Limited to configuration options, no regression potential + * Changes isolated + * Could cause more dropped packets when truncated [Other Info] * SF: #00385930 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066992 Title: Azure: net: mana: Fix Rx DMA datasize and skb_over_panic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066992/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066982] Re: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size
** Description changed: SRU Justification [Impact] * Request to enable MANA driver on arm64 arch using 4k page size [Fix] * Clean cherry-pick, commit 40a1d11fc670ac03c5dc2e5a9724b330e74f38b0 net: mana: Enable MANA driver on ARM64 with 4K page size [Test Plan] * Compile tested * Ensured mana modules built for arm64 arch * Boot tested * Loaded and unloaded mana_ib successfully * Microsoft to test [Regression potential] * Limited to configuration options, no regression potential [Other Info] - * SF: #003859 + * SF: #00385931 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066982 Title: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066992] [NEW] Azure: net: mana: Fix Rx DMA datasize and skb_over_panic
Public bug reported: SRU Justification [Impact] * Request to enable MANA driver on arm64 arch using 4k page size [Fix] * Clean cherry-pick, commit 40a1d11fc670ac03c5dc2e5a9724b330e74f38b0 net: mana: Enable MANA driver on ARM64 with 4K page size [Test Plan] * Compile tested * Boot tested * Loaded and unloaded mana_ib successfully * Microsoft to test [Regression potential] * Limited to configuration options, no regression potential [Other Info] * SF: #00385930 ** Affects: linux-azure (Ubuntu) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu Focal) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu Mantic) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu Noble) Importance: Undecided Status: New ** Affects: linux-azure (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066992 Title: Azure: net: mana: Fix Rx DMA datasize and skb_over_panic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066992/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066982] Re: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size
** Description changed: SRU Justification [Impact] * Request to enable MANA driver on arm64 arch using 4k page size [Fix] * Clean cherry-pick, commit 40a1d11fc670ac03c5dc2e5a9724b330e74f38b0 net: mana: Enable MANA driver on ARM64 with 4K page size [Test Plan] * Compile tested * Ensured mana modules built for arm64 arch * Boot tested + * Loaded and unloaded mana_ib successfully * Microsoft to test [Regression potential] * Limited to configuration options, no regression potential [Other Info] * SF: #003859 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066982 Title: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066982] Re: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size
** Description changed: SRU Justification [Impact] * Request to enable MANA driver on arm64 arch using 4k page size [Fix] * Clean cherry-pick, commit 40a1d11fc670ac03c5dc2e5a9724b330e74f38b0 net: mana: Enable MANA driver on ARM64 with 4K page size [Test Plan] * Compile tested + * Ensured mana modules built for arm64 arch * Boot tested * Microsoft to test [Regression potential] * Limited to configuration options, no regression potential [Other Info] * SF: #003859 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066982 Title: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066982] [NEW] Azure: net: mana: Enable MANA driver on ARM64 with 4K page size
Public bug reported: SRU Justification [Impact] * Request to enable MANA driver on arm64 arch using 4k page size [Fix] * Clean cherry-pick, commit 40a1d11fc670ac03c5dc2e5a9724b330e74f38b0 net: mana: Enable MANA driver on ARM64 with 4K page size [Test Plan] * Compile tested * Boot tested * Microsoft to test [Regression potential] * Limited to configuration options, no regression potential [Other Info] * SF: #003859 ** Affects: linux-azure (Ubuntu) Importance: Undecided Assignee: John Cabaj (john-cabaj) Status: New ** Affects: linux-azure (Ubuntu Focal) Importance: Undecided Assignee: John Cabaj (john-cabaj) Status: New ** Affects: linux-azure (Ubuntu Jammy) Importance: Undecided Assignee: John Cabaj (john-cabaj) Status: New ** Affects: linux-azure (Ubuntu Mantic) Importance: Undecided Assignee: John Cabaj (john-cabaj) Status: New ** Affects: linux-azure (Ubuntu Noble) Importance: Undecided Assignee: John Cabaj (john-cabaj) Status: New ** Affects: linux-azure (Ubuntu Oracular) Importance: Undecided Assignee: John Cabaj (john-cabaj) Status: New ** Also affects: linux-azure (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: linux-azure (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: linux-azure (Ubuntu Focal) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: linux-azure (Ubuntu Jammy) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: linux-azure (Ubuntu Mantic) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: linux-azure (Ubuntu Noble) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: linux-azure (Ubuntu Oracular) Assignee: (unassigned) => John Cabaj (john-cabaj) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066982 Title: Azure: net: mana: Enable MANA driver on ARM64 with 4K page size To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2066982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@mhalano: can you check your logs for apparmor denial messages? sudo dmesg | grep DENIED or journalctl -g apparmor -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064144] Re: lxc ships apparmor config that confuses aa-logprof
I opened a Ubuntu Noble specific task. We can close it after verifying the current apparmor in noble fixes the issue. ** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064144 Title: lxc ships apparmor config that confuses aa-logprof To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2064144/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066899] [NEW] Please enable Renesas RZ/G3S and RZ/V2H devices
Public bug reported:
Hi,
Please enable Renesas RZ/G3S and RZ/V2H device support in Ubuntu by
updated the following configurations in debian.master/config/annotations
CONFIG_ARCH_R9A08G045 policy<{'arm64': 'y'}>
CONFIG_ARCH_R9A09G057 policy<{'arm64': 'y'}>
CONFIG_ARCH_R9A08G045 enabling RZ/G3S. This is supported from Linux kernel v6.7
onwards
CONFIG_ARCH_R9A09G057 enabling RZ/V2H. This is supported from Linux kernel
v6.10 onwards
Best Regards
John
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2066899
Title:
Please enable Renesas RZ/G3S and RZ/V2H devices
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2066899/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1060081] Re: aptd crashed with UnicodeDecodeError in _emit_acquire_item(): 'utf-8' codec can't decode byte 0x93 in position 1: invalid start byte
It seems like you've encountered a technical issue with aptd crashing due to a UnicodeDecodeError. Technical glitches like these can be frustrating, but it's great that you're reaching out for assistance. As for your Ubuntu version and package details, it's always helpful to provide such information when seeking support or reporting bugs. This helps developers and community members better understand and address the issue. On a different note, if you're in need of a distraction from technical troubles, why not take a break and browse through https://www.jorde- calf.com/ .They offer a stunning collection of Leather jackets for women that are sure to catch your eye and elevate your style. Sometimes a little retail therapy can provide just the right pick-me-up! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1060081 Title: aptd crashed with UnicodeDecodeError in _emit_acquire_item(): 'utf-8' codec can't decode byte 0x93 in position 1: invalid start byte To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1060081/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Yes for the appimages that are affected they should be reported upstream. There are some things that upstream can do to make appimages work under the restriction, ideally they would do it dynamically based on whether the user namespace is available than just based on distro which is the quick fix some have done. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065685] Re: aa-logprof fails with 'runbindable' error
** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Maxime Bélair (mbelair) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065685 Title: aa-logprof fails with 'runbindable' error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
The AppArmor profile covers the packaged version and the standard privileged install location. You are correct that it does not cover running firefox from an unprivileged user writable location like $HOME. For unprivileged user writable locations like $HOME/bin/ the user has to deliberately make a privileged action like installing a profile for the location of the application. This applies to the appimage version run out of the users $HOME as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065499] [NEW] [UX430UAR, Realtek ALC294, Speaker, Internal] fails after a while
Public bug reported: The sound fades off after initially playing for about 2s. In Firefox, sometimes if I pause a Youtube video, switch between applications, and then return to Firefox, the same things repeats. The sound plays for 2s and then stops. In Rhythmbox, after it stops, the sound doesn't play again. The initial response after the first time I ran "ubuntu-bug audio" was: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it. After this message, I executed: sudo apt purge libatk-adaptor sudo reboot But the problem recurs and now, I don't get the message about the atk- bridge module. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 6.5.0-28.29~22.04.1-generic 6.5.13 Uname: Linux 6.5.0-28-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: vikram 1412 F pulseaudio /dev/snd/pcmC0D0p: vikram 1412 F...m pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat May 11 23:52:23 2024 InstallationDate: Installed on 2024-03-10 (62 days ago) InstallationMedia: Ubuntu 22.04.4 LTS "Jammy Jellyfish" - Release amd64 (20240220) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_Jack: Speaker, Internal Symptom_PulseAudioLog: Symptom_Type: Sound works for a while, then breaks Title: [UX430UAR, Realtek ALC294, Speaker, Internal] fails after a while UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/17/2019 dmi.bios.release: 5.12 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: UX430UAR.308 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: UX430UAR dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrUX430UAR.308:bd04/17/2019:br5.12:svnASUSTeKCOMPUTERINC.:pnUX430UAR:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnUX430UAR:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:sku: dmi.product.family: ZenBook dmi.product.name: UX430UAR dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy wayland-session -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065499 Title: [UX430UAR, Realtek ALC294, Speaker, Internal] fails after a while To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2065499/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 488905]
APNG is already supported in all major browsers (except for Edge/IE, naturally). I would vote having Plasma supporting it (not just khtml), since it would allow, for example, users to set simple animated wallpapers (i know... system resources... but it's not for the faint of heart, anyway ;) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/488905 Title: Konqueror does not animate APNG files To manage notifications about this bug go to: https://bugs.launchpad.net/kde-baseapps/+bug/488905/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@jorge-lavila: technically possible yes. I want to be careful with what I promise here, as the user experience is not my area. With that said we are currently looking at using aa-notify as a bridge to improve the user experience. We would install it with a filter to only fire a notification for the user namespace denial/transition. That notification will show in your desktops notification area with a button/click action that will launch a user prompt. There will have to be an SRU to add some of the new functionality, but we can make it available before the SRU via a ppa for those who want to test. I will make sure to update this bug when we have this ready for testing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@zgraft: I have added a tor item, a profile will land in an update. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@jorge-lavila, Its not a theoretical case, they have been used by multiple exploits every year (including this one) since landing in the kernel. Ubuntu is not the only ones looking at restricting them. SELinux has also picked up the ability but they haven't really rolled it out in policy, there are also discussions in other security forms (eg. the OSS security list) about how to disable them better than the giant sysctl that turns them off for everything. The apparmor solution allows doing it on a per application basis. Yes it deliberately requires a privileged operation, otherwise the restriction could be trivially by-passed by exploit code. We know the experience is not user friendly atm, and are working on improving it. Improving both the flexibility on what is mediated on how the user can by-pass/disable the restriction. On the GUI side the end goal is something similar to what you get on MacOS where the user gets notified, and has to go to the security center to enable running an untrusted application. There is in fact a profile coming for bwrap, and unshare, but not the unconfined profile that is being generically used to disable the restriction. The profile will restrict certain modes of operation, and prevent applications launch by it from having privilege within the user namespace. It will open the ubuntu shipped versions up for regular users again for many of its use cases. Unfortunately untrusted code, which is the case of code downloaded into the home dir, will require a privileged operation to be able to use user namespaces. That could be the use of sudo when using the application, or creating a profile for the application, which then allows the user to subsequently use the application without a privileged operation. ** Also affects: tor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065088] Re: AppArmor profiles allowing userns not immediately active in 24.04 live image
Your understanding is mostly correct. There are as best I can tell, 2 exceptions with how things are setup atm 1. If the environment is setup to use early policy load, the init script bailout won't stop that policy from being loaded. But it prevents it from being live updated via systemctl reload apparmor 2. Policy managed external to the apparmor init script is not affected. This basically means policy loaded/managed by - virt-manager - lxd - snapd - policy loaded manually by directly calling apparmor_parser I still need to dig into this more so we can get this fixed. With 24.04 enabling the user namespace restriction by default not having policy loaded can break things so we need to look at the short term immediate fix for 24.04, and then making sure this is fixed proper for 24.10. The 24.04 fix could be any of 3 different paths 1. just don't enable the user namespace restriction, to avoid the breakage it will cause without policy 2. just load the subset of policy allowing user namespaces. This would address the user namespace restriction breakage while trying to reduce surprises caused by confinement being enabled post release. 3. load all policy. With the fix coming post release, I doubt we will go for solution 3, but I at least want to run an initial evaluation of doing it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065088 Title: AppArmor profiles allowing userns not immediately active in 24.04 live image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065088/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065088] Re: AppArmor profiles allowing userns not immediately active in 24.04 live image
sadly yes, the init script has a bail out that stops loading policy on the live cd. We are going to have to investigate this. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065088 Title: AppArmor profiles allowing userns not immediately active in 24.04 live image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065088/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065088] Re: AppArmor profiles allowing userns not immediately active in 24.04 live image
s/live cd/live image/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065088 Title: AppArmor profiles allowing userns not immediately active in 24.04 live image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065088/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046624] Re: apparmor breaks surfshark vpn
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 @1fallen: it looks like there is something more going on here, can you check your kernel log / dmesg for apparmor DENIED messages. eg. ``` sudo dmesg | grep DENIED ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046624 Title: apparmor breaks surfshark vpn To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046624/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046624] Re: apparmor breaks surfshark vpn
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 As for upgrade vs. clean install. The unprivileged userns restriction is enabled via a sysctl and upgrading will not enable it by default. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046624 Title: apparmor breaks surfshark vpn To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046624/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
Paride, I've updated the packages at https://launchpad.net/~john- cabaj/+archive/ubuntu/asrdfd to include all versions in the changes file for the new package. Let me know if anything else is amiss. Thanks, John -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064096] Re: Services fail to start in noble deployed with TPM+FDE
Unfortunately there isn't a way to do this via abstractions or configs. It would be possible to add a patch to the userspace and SRU it. This would be the quickest solution while we work on the necessary kernel changes to make the use of attach_disconnected unnecessary. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064096 Title: Services fail to start in noble deployed with TPM+FDE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064096/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064096] Re: Services fail to start in noble deployed with TPM+FDE
Does the profile have the attach_disconnected flag set?
Does the profile have the attach_disconnected flag set while in complain
mode?
It looks to me that we are looking at open file descriptors that exist
out of the current namespace. This will result in a partial unattached
path that will not be allowed in complain mode. The denied path will not
start with /.
If the attach_disconnected flag is add, that will attach the
disconnected path to the root of the current mount namespace. Which is
what I believe is happening with
/systemd/...
vs
/run/systemd/..".
Unless unconfined is involved, both the ends of a socket are required to exist
in the namespace for v7/v8 unix socket mediation (what is in noble). Unconfined
is special in that it can delegate access to an open fd which is not
generically allowed atm.
If all the above is correct then you can use the
attach_disconnected.path flag to attach the accesses to disconnected
fds.
The full flags parameter to apparmor would then look like
profile example flags=(attach_disonnected
attach_disconnected.path=/run/) { ...)
and for complain mode
profile example flags=(complain attach_disonnected
attach_disconnected.path=/run/) { ...)
This of course is a less than satisfactory work around. There is work to
address the above better but none of it is in noble.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2064096
Title:
Services fail to start in noble deployed with TPM+FDE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064096/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04
So while I don't think we are where snapd can get rid of the snap- confine.internal snippets, with it now vendoring a more recent apparmor, a lot of these can drop away. It doesn't need to detect capabilities anymore. It can just specify deny capability perfmon, and it will work, for all kernels. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967884 Title: several snap-confine denials for capability net_admin and perfmon on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04
@neigin: yes the capability to resolve this exists. So now it is a matter of getting it functioning in snapd for these cases. This will get resolved I just can't say when it will land. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967884 Title: several snap-confine denials for capability net_admin and perfmon on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064363] Re: thunderbird snap on live systems "already running" but not responsive
@u-dal: thankyou, though I have to say I am at a loss as to why the snap version of thunderbird is trying to access ``` /media/lubuntu/drive/hq/email/thunderbird/awesomenough/.parentlock /media/lubuntu/drive/hq/email/thunderbird/awesomenough/lock ``` what kind of configuration have you done? I see you are copying data from /media/lubuntu/drive/startup/ into the snap, is something in one of these a symlink into /media/lubuntu/drive/hq/email/thunderbird? As for why this used to work and doesn't now is thunderbird unless you opted into it (enabled the profile) was not confined. The snap thunderbird is confined and defines down to the file what thunderbird has access to. Snaps however are not under normal apparmor control, and make it some what hard for the user to extend what is allowed. There are a few things that can be done to work around the issue but I am still trying to understand why thunderbird is trying to access that location. things we can do to work around this issue immediately, so you can have access to your mail 1. enable snapd prompting in the new security center (its a flutter based application, I am not sure if lubuntu is shipping it by default). If this is a location that falls under what is allowed to prompt (I am not sure it is), snapd we prompt you about allowing the access, store your response and it will be allowed in the future. 2. reinstall thunderbird snap in dev mode 3. manually update the snap profile. There will have to be script that recopies, and reloads, as snap can and will regenerate and reload when it refreshes. 4. uninstall the thunderbird snap and install thunderbird as a deb via the mozilla ppa. You can opt into an apparmor profile if you want, in this case you get full control over the profile. 5. disable apparmor in grub. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064363 Title: thunderbird snap on live systems "already running" but not responsive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064363] Re: thunderbird snap on live systems "already running" but not responsive
So my supposition on the overlay looks to be incorrect. Would you being willing to attach your full mount information? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064363 Title: thunderbird snap on live systems "already running" but not responsive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
For the thunderbird issue I have created https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064363] Re: thunderbird snap on live systems "already running" but not responsive
@u-dal: can you attach the overlay mount information. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064363 Title: thunderbird snap on live systems "already running" but not responsive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064363] [NEW] thunderbird snap on live systems "already running" but not responsive
Public bug reported: Moving this here from https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046844 snap policy on an overlay system is preventing thunderbird from running. This is related to the snapcraft form report https://forum.snapcraft.io/t/unexplained-thunderbird-already-running- but-is-not-responding-message/39990 ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Attachment added: "aa-status and systemctl output" https://bugs.launchpad.net/bugs/2064363/+attachment/5773407/+files/comment-101.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064363 Title: thunderbird snap on live systems "already running" but not responsive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064363] Re: thunderbird snap on live systems "already running" but not responsive
** Attachment added: "dmesg denial output" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+attachment/5773409/+files/comment-106.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064363 Title: thunderbird snap on live systems "already running" but not responsive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064363] Re: thunderbird snap on live systems "already running" but not responsive
** Attachment added: "dmesg denial output" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+attachment/5773408/+files/comment-106.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064363 Title: thunderbird snap on live systems "already running" but not responsive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-dal: the problem with firefox (it has a snap profile and is allowed access to user namespaces) is different than with chrome (no profile loaded), but still might be apparmor related. Can you look in dmesg for apparmor denials ``` sudo dmesg | grep DENIED ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-dal: are you running in a live cd environment? Something odd is happening on your system, with some profiles loaded and systemctl reporting ConditionPathExists=!/rofs/etc/apparmor.d -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
Hi Paride, thanks for having a look. I don't expect Bionic/Focal/Jammy to need backports for compatibility reasons, mostly because the latest changes were to enable compatibility with the 6.8 kernel. Only Jammy will need some form of compatibility with the 6.8 kernel as that will be the last HWE kernel for Jammy. Focal is still on 5.15 latest, and Bionic on 5.4. There may in the future be backports for particular features, but I wouldn't considered them compatibility related. I can re-upload debdiffs with the full changelog - that makes sense. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2023758] Re: Updating guest additions on ubuntu/focal64 hits timeout
Virtualbox in focal and jammy (20.04 and 22.04) has migrated to 6.1.50-dfsg-1~ubuntu1.20.04.1 reminder that virtualbox is a multiverse package, meaning it relies on community support at this time. Since we ar eon 6.1.x in 22.04 and 20.04, users can expect bugfixes and security fixes from the community through the lifetime of standard support. with extended support via Ubuntu Pro, universe (and multiverse) may also be covered in security updates. Based on previous discussion, it looks like using the Ubuntu supplied GuestAdditions works. this is shipped as part of the image, and works in a matchup with Ubuntu hosts. Vagrant images have community level support, where we do our best to help debug issues. Since it looks like reverting to the Ubuntu version of guest additions works, I'll be closing this ticket. We are also working on having more public docs for the community available here: https://documentation.ubuntu.com/public- images/en/latest/public-images-how-to/ you can see examples of building and running vagrant, as well as more information about what we can best support. We welcome community contributions to the documentation ** Changed in: virtualbox-guest-additions (Ubuntu) Status: New => Invalid ** Changed in: virtualbox (Ubuntu) Status: New => Invalid ** Changed in: cloud-images Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2023758 Title: Updating guest additions on ubuntu/focal64 hits timeout To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2023758/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@u-dal: This sounds like the apparmor policy is not being loaded can you please provide the output of ``` sudo aa-status ``` and ``` sudo systemctl status apparmor ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063066] Re: error dialogs for missing files unreasonable
Ubuntu just needs to update Audacious to version 4.2 to fix this. See https://audacious-media-player.org/news/53-audacious-4-2-released: - Prevent the Qt interface from popping up multiple error dialogs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063066 Title: error dialogs for missing files unreasonable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audacious/+bug/2063066/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063976] Re: Apparmor breaking nsjail in AOSP
> To clarify, this is not something that can be solved upstream in apparmor, and a profile can't be accepted due to the nature of the path location? correct, if it is a unprivileged user writable location it can't be fixed entirely upstream. It is possible for us to ship a profile that is disabled in some way but that takes a privileged user action to enable. Eg. we could ship a profile using the xattrs attachment from above, then the user would be responsible for setting the xattr with setfattr. packaging nsjail is an option for Ubuntu but like you said it wouldn't directly address previous versions and AOSP probably wouldn't like it. With that said this isn't going to be an Ubuntu only restriction, the security community in general is looking at different ways of restricting unprivileged user namespaces. SElinux has picked up some ability to mediate them, but isn't really applying it in policy yet. The OSS email list (oss-secur...@lists.openwall.com) has been discussing other options as well. The number of exploit chains associated with them has forced us to start locking them down. The AppArmor solution will be available to other distros as well, it already available upstream in the kernel and apparmor 4.0. AppArmor side there is work on aa-notify that we are looking at SRUing. That will help desktop users if they have it installed. Where they can get a notification that will take them to a simple gui that will allow them to click enable (with a password) instead of having to know the details underneath. It won't be integrated into the security center or pretty. But a little better than the current situation for the user. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063976 Title: Apparmor breaking nsjail in AOSP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064073] [NEW] gnome-terminal display lags on keypresses
Public bug reported: For a few weeks now my terminal has had an odd hang of up to nearly a second. Usually on the first character I type in a line. I'd say it happens on at least one out of 5 times. At first I thought that maybe it was something that bash was doing in the background, but I went to a bare Linux VT (Ctrl+Alt+F5) and there is never any hangup there. I also installed and tried stterm, and that doesn't appear to have the same problem at all either. I tried using the X.org display driver, rather than the Nvidia one (I have an RTX 2770) and that seemed to make the problem go away in gnome- terminal. But oddly, there aren't any similar hangs in games or anything else, just gnome-terminal. Although I think I also experienced something similar in the Ubuntu settings app in text input fields. So maybe there's something in common between those apps? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: gnome-terminal 3.44.0-1ubuntu1 ProcVersionSignature: Ubuntu 6.5.0-28.29~22.04.1-generic 6.5.13 Uname: Linux 6.5.0-28-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sun Apr 28 22:38:23 2024 InstallationDate: Installed on 2021-05-05 (1089 days ago) InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gnome-terminal (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064073 Title: gnome-terminal display lags on keypresses To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/2064073/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063976] Re: Apparmor breaking nsjail in AOSP
running privileged applications out of home is dirty. But it is the
situation we are in with user namespaces and app images as well. Ubuntu
will not ship a profile for a privileged executable in the users home or
a writable location of an unprivileged user. As this can be leveraged to
by-pass the restriction, or it requires us to expand user mediation in
such a way that user writable locations with profiles defined become
privileged. Atm we are not adding addition restriction to the user. This
allows the user to define a profile that allows by-passing the
restriction. A user opting to create a profile in a user writable
location is less dangerous as the location becomes non-standard so it
becomes harder to exploit. It also requires the user to take a
deliberate privileged action to add the profile.
Generally for the nsjail profile an attachment like
@{HOME}/android-*/prebuilts/build-tools/linux-x86/bin/nsjail
is slightly better, but still not great. Atm it is very close to the
same, but there are improvements coming that will tighten @{HOME} to a
user specific kernel variable which will be better than /**.
The other way to handle this would be setting the security xattr and
using that as part of the attachment.
```
sudo setfattr -n security.apparmor -v nsjail
```
and define the profile as something like (you can make the path more
specific if you want).
```
profile nsjail /**/nsjail xattrs=(security.apparmor="nsjail")
flags=(unconfined) {
```
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063976
Title:
Apparmor breaking nsjail in AOSP
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063976] Re: Apparmor breaking nsjail in AOSP
Commit 789cda2f089b3cd3c8c4ca387f023a36f7f1738a only controls the behavior of unprivileged user namespace mediation. With the unprivileged_userns profile loaded, when a user namespace is created by an unprivileged unconfined application the task will be transitioned into the unprivileged_userns profile. The unprivileged_userns profile will then deny privileged operations capability, mount etc. Without the unprivileged_userns profile loaded, the creation of the user namespace will be denied. Through experimentation we have learned that many applications behave better (handle the errors better, eg. qtwebkit will handle the error and fallback to using a sandbox without usernamespaces while without the profile it crashes) with the unprivileged_userns loaded. So that has become the default behavior. You can experiment with changing the behavior by manually unloading the unprivileged_userns profile using sudo apparmor_parser -R /etc/apparmor.d/unprivileged_userns nsjail will likely require a profile to work, please see https://discourse.ubuntu.com/t/noble-numbat-release- notes/39890#unprivileged-user-namespace-restrictions-15 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063976 Title: Apparmor breaking nsjail in AOSP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
Balena Etcher 1.18 dpkg won't install on 24.04 due to dependency issues, 1.19.16 installs fine and runs, but in a degraded sandbox mode. So adding a profile for it would be beneficial The appimage version of Belena Etcher unfortunately fails to run. We can not provide a default profile for the appimage unless it the user moves it to the default deb install location (ie. installs it to the system, instead of running it from their home dir). Users are free to add their own confinement profiles for appimages. Directions are in https://discourse.ubuntu.com/t/noble-numbat-release- notes/39890#unprivileged-user-namespace-restrictions-15 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
The Wike fix is coming in the next SRU. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063827] Re: Gnome Control Center fails to open on Wayland
I want to add: I faced a similar issue. Though updating to the 550 drivers through apt seemingly fixed the issue, there was actually more issues at play. First and foremost, on the Wayland session, running "glxinfo | egrep "OpenGL vendor|OpenGL renderer" returns: "OpenGL vendor string: Mesa OpenGL renderer string: llvmpipe (LLVM 17.0.6, 256 bits)" Upon some further research, I learned that the renderer being "llvmpipe" means that the nvidia driver isn't properly working. I'll note, also, that I could only install the driver using apt, as the ubuntu-drivers utility didn't show any drivers newer than 535. I can't tell if the driver installation broke, but nvidia-smi does return the expected output. And on XOrg, glxinfo mentions the nvidia drivers and my graphics card (RTX 4080). I don't know if this implies that the nvidia drivers are currently bugged on wayland. Again, I had a similar issue as OP upon a fresh install. All the gnome apps crashed (settings, the first-installation greeter) and going through the errors, it listed a segmentation fault (I'm sorry, but I can't reproduce it now). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063827 Title: Gnome Control Center fails to open on Wayland To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-535/+bug/2063827/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059038] Re: gnucash doesn't start
I found a fix for this that at least works for me. ;;; note: source file /usr/share/guile/3.0/ice-9/eval.scm ;;; newer than compiled /usr/lib/x86_64-linux-gnu/guile/3.0/ccache/ice-9/eval.go stat /usr/share/guile/3.0/ice-9/eval.scm and stat /usr/lib/x86_64-linux-gnu/guile/3.0/ccache/ice-9/eval.go showed that eval.scm was one second newer than eval.go. I’m not sure why. This didn’t happen on my last installation of mantic. But using touch -m --date="…" to set the modification dates of all the .scm files in /usr/share/guile/ to 2 seconds earlier stops the attempted compilation process and lets GnuCash start normally. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059038 Title: gnucash doesn't start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnucash/+bug/2059038/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973098] Re: [i915] Intermittent freezing and LSPCON init failed kernel messages
FWIW I also just tried 24.04 as well as the latest BIOS update (1.37). The issue appears to be significantly worse. I was initially unable to boot into a desktop environment at all. Changing the BIOS setting for Display to Discrete (from Hybrid) meant that everything worked but monitor detection was broken in Wayland so I've stayed with Xorg where it is only partially broken. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973098 Title: [i915] Intermittent freezing and LSPCON init failed kernel messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1973098/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056627] Re: PHPStorm crashes when opening a project
Its not just that app images don't have a default path, we can handle that as well. It is that user namespaces have become a privileged operation, and the user must take some privileged action to allow applications to use them. That can be any of - moving the application into a well known privileged location that has a profile already associated with it. - creating a profile for the application where it is installed in their unprivileged location. This is currently allowed but problematic in that unprivileged code code potentially write to it and we are not currently restricting unprivileged applications from writing these locations. But that will come - tagging the application with the correct security label. The important part is the user must take a privileged action to allow applications that are using user namespaces to gain privilege. Note, applications that use user namespaces that don't require privilege are allowed, its only applications that require privilege within the user namespace. Unfortunately appimages that use use namespaces need the user to take one of the above privileged actions. And unfortunately Ubuntu can not "fix" this without disabling the protection. There are plans to improve the user experience and make this easier for users to do, but atm it is a manual process. The instructions provided by Seth will enable you to get the appimage running. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056627 Title: PHPStorm crashes when opening a project To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056627/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061993] Re: RDP Remmina on Noble Numbat Ubuntu closes when trying to connect to a remote desktop - the same configuration works fine on other Ubuntu editions.
I experience this same issue on a fresh Noble installation. FWIW, this is only with the Debian repository version - the Snap version of Remmina is able to connect. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061993 Title: RDP Remmina on Noble Numbat Ubuntu closes when trying to connect to a remote desktop - the same configuration works fine on other Ubuntu editions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/2061993/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063513] Re: torbrowser unusable - not accepting keyboard input
Unless there are other denials, this is not related to bug #2046844 Try adding the following rule to the torbrowser_firefox profile allow rw /run/dbus/system_bus_socket, and then reloading it with either sudo systemctl reload apparmor or by using sudo apparmor_parser -r /path/to/torbrowser_firefox_profile where /path/to/torbrowser_firefox_profile which is likely in /etc/apparmor.d/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063513 Title: torbrowser unusable - not accepting keyboard input To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/2063513/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
Debdiffs provided. Packages also uploaded to https://launchpad.net/~john-cabaj/+archive/ubuntu/asrdfd. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
** Changed in: involflt (Ubuntu Bionic) Status: New => In Progress ** Changed in: involflt (Ubuntu Bionic) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: involflt (Ubuntu Focal) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: involflt (Ubuntu Jammy) Assignee: (unassigned) => John Cabaj (john-cabaj) ** Changed in: involflt (Ubuntu Focal) Status: New => In Progress ** Changed in: involflt (Ubuntu Jammy) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
** Patch added: "Bionic 18.04 debdiff" https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+attachment/5770457/+files/1-0.1.0-0ubuntu6~18.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
** Patch added: "Focal 20.04 debdiff" https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+attachment/5770456/+files/1-0.1.0-0ubuntu6~20.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
** Patch added: "Jammy 22.04 debdiff" https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+attachment/5770455/+files/1-0.1.0-0ubuntu6~22.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] Re: Backport for 22.04, 20.04, and 18.04
** Description changed: - Request to backport Azure Site Recovery Disk Filter Driver to Jammy - (22.04) and Focal (20.04) + [Impact] + + * Request to backport Azure Site Recovery Disk Filter Driver to Jammy + (22.04), Focal (20.04), and Bionic (18.04) + + [Fix] + + * Simple re-package, with updated dependencies + + [Test Plan] + + * Compile and install dkms module + * Microsoft tested + + [Where problems could occur] + + * Code could fail load and unload module in some manner -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2039294] Re: apparmor docker
To make this generic so that it will work on older and newer hosts we
should probably change the peer expression to
signal (receive) peer={runc,unconfined},
or possibly, define an @{runc} variable in the preamble and use that.
This really only is advantageous, in that it shows semantic intent, if
if using the value of unconfined, or if @[runc} is used multiple times
within the profile.
@{runc}={peer,unconfined}
signal (receive) peer=@{runc},
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2039294
Title:
apparmor docker
To manage notifications about this bug go to:
https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063362] [NEW] Backport for 22.04, 20.04, and 18.04
Public bug reported: Request to backport Azure Site Recovery Disk Filter Driver to Jammy (22.04) and Focal (20.04) ** Affects: involflt (Ubuntu) Importance: Undecided Status: New ** Affects: involflt (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: involflt (Ubuntu Focal) Importance: Undecided Status: New ** Affects: involflt (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: involflt (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: involflt (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: involflt (Ubuntu Jammy) Importance: Undecided Status: New ** Summary changed: - Backport for 22.04 and 20.04 + Backport for 22.04, 20.04 ** Summary changed: - Backport for 22.04, 20.04 + Backport for 22.04, 20.04, and 18.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063362 Title: Backport for 22.04, 20.04, and 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/involflt/+bug/2063362/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063271] Re: Illegal opcode in libssl
Thank you for your quick and helpful reply. A few quick checks make it appear that reinstalling libssl as you suggested has completely resolved the problem. Thanks also for your suggestion about checking failing hardware. There seems to be no sign of any errors in my drive, but I'll continue to test the drive and my RAM. Perhaps it was just a stray cosmic ray. Thanks again and best wishes to successful bug smashing! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063271 Title: Illegal opcode in libssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2063271/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063271] Re: Illegal opcode in libssl
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063271 Title: Illegal opcode in libssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2063271/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063256] [NEW] lvm and encryption option not available
Public bug reported: Description: Ubuntu 24.04 LTS Release: 24.04 There is no "entire disk with lvm and encryption" option available. When the "Erase disk" option is selected the entire disk is selected for installation and the user is given the option to "Encrypt system" but there is no mention of LVM. A 4GiB boot partition is created as ext4 and the rest is partitioned as luks2. After reboot the system looks like a standard non-lvm layout. ** Affects: ubuntu-desktop-provision Importance: Undecided Status: New ** Tags: noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063256 Title: lvm and encryption option not available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-desktop-provision/+bug/2063256/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061918] Re: package thunderbird 2:1snap1-0ubuntu1 failed to install/upgrade: new thunderbird package pre-installation script subprocess returned error exit status 1
*should be changed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061918 Title: package thunderbird 2:1snap1-0ubuntu1 failed to install/upgrade: new thunderbird package pre-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2061918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061918] Re: package thunderbird 2:1snap1-0ubuntu1 failed to install/upgrade: new thunderbird package pre-installation script subprocess returned error exit status 1
I think release upgrader settings changed. To do deb2snap transitions first before upgrade happens. Because during upgrade, packages are inconsistent, and snap hooks must be deffered until they are safe to execute on the system. Note all other deb2snap transitions were always graceful and would attempt transition later if snap configuration fails during upgrade. See old LXD deb2snap .deb logic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061918 Title: package thunderbird 2:1snap1-0ubuntu1 failed to install/upgrade: new thunderbird package pre-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2061918/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062956] Re: CVE-2024-32462 - Need to update to the last secure patch
FWIW, looks like a Debian patch must already exist for this: https://security-tracker.debian.org/tracker/CVE-2024-32462 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-32462 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062956 Title: CVE-2024-32462 - Need to update to the last secure patch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/2062956/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2057943] Re: Can't disable or modify snap package apparmor rules
I will note that current snap behavior is by design. Not saying that they couldn't make this easier but the snap side is functioning the way it was desiged. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2057943 Title: Can't disable or modify snap package apparmor rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2057943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062552] Re: Ubuntu 24.04 LTS Cloud Image ova error during deployment
Thank you for checking Aditya. I'll leave this open till you get some guidance from VMware regarding any changes in Cloud Director that may be affecting serial console connections. I've also added this to our 24.04 release notes (to be published soon for the clouds). Thank you a bunch for trying out 24.04 so that we can help others if they see this as well! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062552 Title: Ubuntu 24.04 LTS Cloud Image ova error during deployment To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2062552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062552] Re: Ubuntu 24.04 LTS Cloud Image ova error during deployment
1. what versions of VMware ESXi is this applicable? 2. is this reproducible in other environments, such as Virtualbox? 3. is this error true of all ubuntu images for those versions then? This was added in https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1895104 at the request of vmware 4. I have a worry that removing serial port may cause issues in other deployment areas, such as Virtualbox, and possibly other versions of ESXi. Could a full test plan be provided to ensure compatibility? This is also tightly coupled to this ticket, in which i requested a meeting and documentation, and it hasn't occurred yet: https://bugs.launchpad.net/ubuntu/+bug/1898871 NOTE: this is after Release Freeze so there is a change this does _not_ get fixed prior to the 24.04 release next week. If we cannot work out a fix, we will release note this issue and work on releasing as soon as possible ** Also affects: livecd-rootfs (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062552 Title: Ubuntu 24.04 LTS Cloud Image ova error during deployment To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2062552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895104] Re: It hangs during booting after deploy cloud image(.ova) and upgrade hardware vesion in ESXi
** Changed in: cloud-images Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895104 Title: It hangs during booting after deploy cloud image(.ova) and upgrade hardware vesion in ESXi To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1895104/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058179] Re: Kernel 6.8 + zfs-2.2.2: copy_file_range Operation Not Supported
** Changed in: zfs-linux (Ubuntu Noble) Status: Confirmed => In Progress ** Changed in: zfs-linux (Ubuntu Noble) Assignee: (unassigned) => John Cabaj (john-cabaj) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058179 Title: Kernel 6.8 + zfs-2.2.2: copy_file_range Operation Not Supported To manage notifications about this bug go to: https://bugs.launchpad.net/zfs/+bug/2058179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062441] Re: Apparmor breaks Joplin Desktop
unfortunately Joplin is only shipped as an appimage for Linux. Which
means we can not ship a profile for it by default that will allow it to
use capabilities within the unprivileged user namespace that the
electron embedded browser is attempting to use.
This means that the user is required to intervene to enable an electron
based appimage so that it can be run. Unfortunately for 24.04 this means
some manual command line based intervention, instead of using a GUI like
on MacOS when a user needs to enable an application downloaded from the
internet.
This change is deliberate to increase the security of Ubuntu systems,
and while we will work on improving the user experience the requirement
to have the user approve applications that are using privileged kernel
interfaces there is no plan to revert this change. You can read more
about this in the release notes https://discourse.ubuntu.com/t/noble-
numbat-release-notes/39890
If you look in the kernel logs, (or dmesg) you will find an message an apparmor
message similar to below showing what is causing your issue.
```
$ sudo dmesg | grep "apparmor=\"AUDIT"
[ 85.468352] audit: type=1400 audit(1713509122.843:224): apparmor="AUDIT"
operation="userns_create" class="namespace" info="Userns create - transitioning
profile" profile="unconfined" pid=3058 comm="@joplinapp-desk"
requested="userns_create" target="unprivileged_userns"
```
and
```
$ sudo dmesg | grep DENIED
[ 85.469966] audit: type=1400 audit(1713509122.847:225): apparmor="DENIED"
operation="capable" class="cap" profile="unprivileged_userns" pid=3065
comm="@joplinapp-desk" capability=21 capname="sys_admin"
```
Unfortunately unprivileged user namespaces are using privileged kernel
interfaces (above protected by capabiity sys_admin) that have now been
restricted to known applications because they have been used in a lot of
exploit chains.
you can add a profile for the application by copying the profile from
below into /etc/apparmor.d/ and then updating by replacing
```/home/jj/Downloads/Joplin-2.14.20.AppImage``` with the location you
are running your joplin appimage from.
```
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile joplin /home/jj/Downloads/Joplin-2.14.20.AppImage flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists
}
```
Once that is done you can do
```
$ sudo apparmor_parser -r /etc/apparmor.d/joplin
```
that will allow you to run joplin without having to reboot. Having the
jplin profile in /etc/apparmor.d/ will ensure it is reloaded if you
reboot.
** Changed in: apparmor (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062441
Title:
Apparmor breaks Joplin Desktop
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2062441/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058179] Re: Kernel 6.8 + zfs-2.2.2: copy_file_range Operation Not Supported
I've tested an initial version with the upstream patch and attached the debdiff here. Will work to get this uploaded. ** Patch added: "zfs-linux_2.2.2-0ubuntu9.debdiff" https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/2058179/+attachment/5767995/+files/zfs-linux_2.2.2-0ubuntu9.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058179 Title: Kernel 6.8 + zfs-2.2.2: copy_file_range Operation Not Supported To manage notifications about this bug go to: https://bugs.launchpad.net/zfs/+bug/2058179/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061698] ProcEnviron.txt
apport information ** Attachment added: "ProcEnviron.txt" https://bugs.launchpad.net/bugs/2061698/+attachment/5766302/+files/ProcEnviron.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061698 Title: Editing image, selecting a region and it crashed GIMP_2_10_36 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/2061698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061698] ProcCpuinfoMinimal.txt
apport information ** Attachment added: "ProcCpuinfoMinimal.txt" https://bugs.launchpad.net/bugs/2061698/+attachment/5766301/+files/ProcCpuinfoMinimal.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061698 Title: Editing image, selecting a region and it crashed GIMP_2_10_36 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/2061698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061698] Re: Editing image, selecting a region and it crashed GIMP_2_10_36
apport information ** Tags added: apport-collected jammy third-party-packages ** Description changed: ``` GNU Image Manipulation Program version 2.10.36 git-describe: GIMP_2_10_36 Build: unknown rev 0 for linux # C compiler # Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/11/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 11.4.0-1ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-11 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-11-XeT9lY/gcc-11-11.4.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-11-XeT9lY/gcc-11-11.4.0/debian/tmp-gcn/usr --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-serialization=2 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) # Libraries # using babl version 0.1.106 (compiled against version 0.1.106) using GEGL version 0.4.46 (compiled against version 0.4.46) using GLib version 2.72.4 (compiled against version 2.72.4) using GdkPixbuf version 2.42.8 (compiled against version 2.42.8) using GTK+ version 2.24.33 (compiled against version 2.24.33) using Pango version 1.50.6 (compiled against version 1.50.6) using Fontconfig version 2.13.1 (compiled against version 2.13.1) using Cairo version 1.16.0 (compiled against version 1.16.0) ``` > fatal error: Segmentation fault Stack trace: ``` # Stack traces obtained from PID 263503 - Thread 263503 # [New LWP 263504] [New LWP 263505] [New LWP 263506] [New LWP 263507] [New LWP 263508] [New LWP 263509] [New LWP 263510] [New LWP 263511] [New LWP 263512] [New LWP 263513] [New LWP 263514] [New LWP 263526] [New LWP 263527] [New LWP 263540] [New LWP 263594] [New LWP 264201] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". __GI___libc_read (nbytes=256, buf=0x7ffc7e6d7c90, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26 Id Target IdFrame * 1Thread 0x7f0ab24c5e80 (LWP 263503) "gimp"__GI___libc_read (nbytes=256, buf=0x7ffc7e6d7c90, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26 2Thread 0x7f0ab1c2f640 (LWP 263504) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 3Thread 0x7f0ab142e640 (LWP 263505) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 4Thread 0x7f0ab0c2d640 (LWP 263506) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 5Thread 0x7f0aa842c640 (LWP 263507) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 6Thread 0x7f0aabfff640 (LWP 263508) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 7Thread 0x7f0aab7fe640 (LWP 263509) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 8Thread 0x7f0aaaffd640 (LWP 263510) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 9Thread 0x7f0aaa7fc640 (LWP 263511) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 10 Thread 0x7f0aa9ffb640 (LWP 263512) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 11 Thread 0x7f0aa97fa640 (LWP 263513) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 12 Thread 0x7f0aa8ff9640 (LWP 263514) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 13 Thread 0x7f0a2f7fe640 (LWP 263526) "gmain" 0x7f0ab31c6bcf in __GI___poll (fds=0x559a3ada74d0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 14 Thread 0x7f0a37fff640 (LWP 263527) "gdbus" 0x7f0ab31c6bcf in __GI___poll (fds=0x7f09f0003170, nfds=4, timeout=-1) at
[Bug 2061869] Re: Snaps unable to connect to network under linux-lowlatency 6.8.0-25.25.3
the kernel team is already rolling kernels with the fix for 2061851 but it is also building in https://launchpad.net/~apparmor- dev/+archive/ubuntu/apparmor-devel ppa -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061869 Title: Snaps unable to connect to network under linux-lowlatency 6.8.0-25.25.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2061869/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061869] Re: Snaps unable to connect to network under linux-lowlatency 6.8.0-25.25.3
This is likely a dup of https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2061851 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061869 Title: Snaps unable to connect to network under linux-lowlatency 6.8.0-25.25.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2061869/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061698] [NEW] Editing image, selecting a region and it crashed GIMP_2_10_36
Public bug reported: ``` GNU Image Manipulation Program version 2.10.36 git-describe: GIMP_2_10_36 Build: unknown rev 0 for linux # C compiler # Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/11/lto-wrapper OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa OFFLOAD_TARGET_DEFAULT=1 Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 11.4.0-1ubuntu1~22.04' --with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-11 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-11-XeT9lY/gcc-11-11.4.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-11-XeT9lY/gcc-11-11.4.0/debian/tmp-gcn/usr --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-build-config=bootstrap-lto-lean --enable-link-serialization=2 Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) # Libraries # using babl version 0.1.106 (compiled against version 0.1.106) using GEGL version 0.4.46 (compiled against version 0.4.46) using GLib version 2.72.4 (compiled against version 2.72.4) using GdkPixbuf version 2.42.8 (compiled against version 2.42.8) using GTK+ version 2.24.33 (compiled against version 2.24.33) using Pango version 1.50.6 (compiled against version 1.50.6) using Fontconfig version 2.13.1 (compiled against version 2.13.1) using Cairo version 1.16.0 (compiled against version 1.16.0) ``` > fatal error: Segmentation fault Stack trace: ``` # Stack traces obtained from PID 263503 - Thread 263503 # [New LWP 263504] [New LWP 263505] [New LWP 263506] [New LWP 263507] [New LWP 263508] [New LWP 263509] [New LWP 263510] [New LWP 263511] [New LWP 263512] [New LWP 263513] [New LWP 263514] [New LWP 263526] [New LWP 263527] [New LWP 263540] [New LWP 263594] [New LWP 264201] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". __GI___libc_read (nbytes=256, buf=0x7ffc7e6d7c90, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26 Id Target IdFrame * 1Thread 0x7f0ab24c5e80 (LWP 263503) "gimp"__GI___libc_read (nbytes=256, buf=0x7ffc7e6d7c90, fd=24) at ../sysdeps/unix/sysv/linux/read.c:26 2Thread 0x7f0ab1c2f640 (LWP 263504) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 3Thread 0x7f0ab142e640 (LWP 263505) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 4Thread 0x7f0ab0c2d640 (LWP 263506) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 5Thread 0x7f0aa842c640 (LWP 263507) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 6Thread 0x7f0aabfff640 (LWP 263508) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 7Thread 0x7f0aab7fe640 (LWP 263509) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 8Thread 0x7f0aaaffd640 (LWP 263510) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 9Thread 0x7f0aaa7fc640 (LWP 263511) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 10 Thread 0x7f0aa9ffb640 (LWP 263512) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 11 Thread 0x7f0aa97fa640 (LWP 263513) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 12 Thread 0x7f0aa8ff9640 (LWP 263514) "worker" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 13 Thread 0x7f0a2f7fe640 (LWP 263526) "gmain" 0x7f0ab31c6bcf in __GI___poll (fds=0x559a3ada74d0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 14 Thread 0x7f0a37fff640 (LWP 263527) "gdbus" 0x7f0ab31c6bcf in __GI___poll (fds=0x7f09f0003170, nfds=4, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 15 Thread 0x7f0a3db03640 (LWP 263540) "async" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 16 Thread 0x7f0a3aaee640 (LWP 263594) "threaded-ml"
[Bug 2049860] Re: cloud-init cloud-config for ssh broken in jammy
@DisatesR : if you're not seeing a 50-cloud-init.conf file, it indicates to me that cloud-init is failing to parse the cloud_init configuration properly, and thus not adding the required configuration to /etc/ssh/sshd_config.d/ could you provide your entire cloud config? you can also use cloud-init to verify your user-data https://cloudinit.readthedocs.io/en/latest/howto/debug_user_data.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2049860 Title: cloud-init cloud-config for ssh broken in jammy To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2049860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060888] [NEW] Cannot obtain lock:E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 17406 (unattended-upgr) W: Be aware that removing the lock file is not a
Public bug reported: Cannot obtain lock:E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 17406 (unattended-upgr) W: Be aware that removing the lock file is not a solution and may break your system. E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it? Using Discover 5.24.7 Package Manager Operating System: Ubuntu Studio 22.04 KDE Plasma Version: 5.24.7 KDE Frameworks Version: 5.92.0 Qt Version: 5.15.3 Kernel Version: 6.5.0-26-lowlatency (64-bit) Graphics Platform: X11 Processors: 2 × Intel® Core™2 Duo CPU T9300 @ 2.50GHz Memory: 7.7 GiB of RAM Graphics Processor: NV84 ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: plasma-discover 5.24.7-0ubuntu0.1 ProcVersionSignature: Ubuntu 6.5.0-26.26.1~22.04.1-lowlatency 6.5.13 Uname: Linux 6.5.0-26-lowlatency x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Apr 10 17:41:50 2024 ExecutablePath: /usr/bin/plasma-discover InstallationDate: Installed on 2023-05-19 (327 days ago) InstallationMedia: Ubuntu-Studio 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230221) SourcePackage: plasma-discover UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: plasma-discover (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060888 Title: Cannot obtain lock:E: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 17406 (unattended- upgr) W: Be aware that removing the lock file is not a solution and may break your system. E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/plasma-discover/+bug/2060888/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2039206] Re: open-vm-tools "hwclock" needed for VM guest customization not available
Thanks for the suggestion. I have passed your suggestions along to the Guest Customization team along with links to this bug report in an internal bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2039206 Title: open-vm-tools "hwclock" needed for VM guest customization not available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/2039206/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060810] Re: Wike does not run in Ubuntu 24.04 due to apparmor issue
More applications will be getting confinement, on an individual level I don't think it will be everything from debs. In this case its because it uses unprivileged user namespaces. Which is now being restricted and treated as a semi-privileged because it gives access to several privileged kernel interfaces. Those privilege kernel interfaces should be in theory safe, but the reality is that they aren't. Unprivileged user namespaces are the first step in almost every kernel exploit chain for the last 7 or so years. In pwn2own last year 4 of the 5 exploits used unprivileged user namespaces. This year all 4 did, however if you turn the restriction on (present in 23.10 but not enabled by default) everyone one of the exploits are blocked. The current step is far from perfect, but we are working on improving it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060810 Title: Wike does not run in Ubuntu 24.04 due to apparmor issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060810] Re: Wike does not run in Ubuntu 24.04 due to apparmor issue
There are vague plans, yes. The time line of it has not been scoped, but it would be something akin to what happens on macos when you try to run a downloaded application for the first time and you have to go into their security config to allow it. The application will still be "confined" but it may not get its own individual profile and share one with others the user has downloaded. The unconfined profile's will also get developed into full profiles. The plan is that unconfined profiles won't be a standard thing but an exception. Another thing going to happen in the next upload is bwrap gets its own profile. Applications using bwrap might work through the bwrap profile. There will still be cases where they will need their own profile, but the bwrap profile will cover several cases that don't work today. Applications that have already received an unconfined profile will continue to work that way. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060810 Title: Wike does not run in Ubuntu 24.04 due to apparmor issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046154] Re: [MIR] libcryptx-perl (libmail-dkim-perl dependency)
Alternative idea, what about instead of writing a wrapper: 1. look at https://packages.ubuntu.com/noble/libnet-ssleay-perl a. libnet-ssleay-perl is in main 2. add eddsa-25519 to the list of constants upstream a. if i'm reading correctly, there's a mapping in a helper_scripts/constants.txt that contains a list of all algorithms, that is then used to autgen C and perl bindings. if libssl or libgrypt on the system already has eddsa-25519, it should "just work" 3. switch to using libnet-ssleay-perl for the backend of these calls a. bonus, you could see if you could switch _everything_. it'd make sense to me... I don't know if this ends up being a heavier or lighter lift. and it takes updating libnet-ssleay-perl upstream, but reading the list of constants, it could benefit from someone going through and fleshing out current libssl and libcrypt support. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046154 Title: [MIR] libcryptx-perl (libmail-dkim-perl dependency) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcryptx-perl/+bug/2046154/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060767] Re: Foliate does not run in Ubuntu 24.04 due to apparmor issue
The fix has been merged upstream in https://gitlab.com/apparmor/apparmor/-/merge_requests/1209 it will be in the next release. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060767 Title: Foliate does not run in Ubuntu 24.04 due to apparmor issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 2060736] Re: After update, Login no longer works after waking from 'systemctl suspend'
Sorry for the delay. I had to find an external keyboard and a usb-c adapter. I can connect the external keyboard and switch it in and out ad-hoc and my laptop keyboard and the external keyboard both work fine. So base case is good. I can suspend the computer with the laptop keyboard and, upon waking, the laptop keyboard does not type characters into the password box. Then I connect the external keyboard and I CAN enter the password and get to the desktop. Once I disconnect the external keyboard the laptop's keyboard still does not enter characters at the command prompt (after logging in with the external keyboard after waking up after a suspend). I reconnect the external keyboard and I can then resume working. It appears that suspending the laptop somehow is disabling the laptop's keyboard. Note that the functionality of the laptop's mouse is unaffected. I hope this helps, John If there's any other tests you'd like me to run, please let me know. (but I won't be able to run them until tomorrow morning.) On 4/9/24 15:13, Ganton wrote: > If you use an external keyboard, do you have the same problem? > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060736 Title: After update, Login no longer works after waking from 'systemctl suspend' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2060736/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060736] [NEW] After update, Login no longer works after waking from 'systemctl suspend'
Public bug reported: Updated 22.04.4 LTS today (4/9/24). After the update, the login screen coming out of being suspended (systemctl suspend) doesn't accept a password. Meaning that no characters typed show up in the password box. Like the password box doesn't, or can't get, focus. This prevents using the computer after suspending, and requires a reboot to get back into the desktop. All worked properly before today's update. Meaning that after coming out of suspension I was able to click in the password box, type in my password, and gain entry back to the desktop and continue my work. Steps are: Update Ubuntu using 'Software Updater' Reboot required to finish update Suspend computer using 'systemctl suspend' at command line Close computer lid --- After a few minutes --- Open lid Computer wakes up and login screen is displayed with the current user and password entry box. At this point the password box doesn't appear to receive focus and I can't type into it. I've tried tabbing and mouse clicking, but can't type into the password entry box. I've tried just typing my password and hitting the enter key as if it was accepting input but just not echoing it, but that doesn't work either. I've also rerun the updater to make sure everything is up-to-date and it says that there are no other updates. This problem results in not being able to resume working on the machine after suspending it. So I have to restart the computer. Thanks for your time, John ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: ubuntu-release-upgrader-core 1:22.04.19 ProcVersionSignature: Ubuntu 5.15.0-102.112-generic 5.15.148 Uname: Linux 5.15.0-102-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CrashDB: ubuntu CurrentDesktop: ubuntu:GNOME Date: Tue Apr 9 14:20:08 2024 InstallationDate: Installed on 2019-01-03 (1923 days ago) InstallationMedia: Ubuntu 18.04 "Bionic" - Build amd64 LIVE Binary 20180608-09:38 PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: ubuntu-release-upgrader Symptom: release-upgrade UpgradeStatus: Upgraded to jammy on 2022-08-14 (604 days ago) VarLogDistupgradeTermlog: mtime.conffile..etc.update-manager.release-upgrades: 2019-05-12T20:41:04.743940 ** Affects: ubuntu Importance: Undecided Status: New ** Tags: amd64 apport-bug dist-upgrade jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060736 Title: After update, Login no longer works after waking from 'systemctl suspend' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2060736/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@arraybolt3: Answer to your question. bwrap requires capabilities within the user namespace. unshare is a little more forgiving in that what it requires depends on the options passed but most of the options also require capabilities within the user namespace. The potential solution I mention is comment #91 is to define a profile for bwrap that allows it capabilities within the namespace but does not allow its children capabilities within the namespace, so that bwrap and unshare can not just launch an application to by-pass the restriction. This seems to work well for unshare but there are cases where bwrap is failing in unexpected ways (which is still being debugged). At this late stage the plan is to try to get a fix for bwrap in but if necessary to file an SRU if necessary for the bwrap fix. So yes this is being worked on and even if the fix isn't present on day one we do plan to get it fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
@arraybolt3 is correct. Both unshare and bwrap will not get a unconfined profile, as that allows for an arbitrary by-pass of the restriction. There is a potential solution in the works that will allow for bwrap and unshare to function as long as the child task does not require permissions but at this point there are still some issues with it that are being debugged. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1597017] Re: mount rules grant excessive permissions
It is in the SRU queue and the current ETA is April 15 to land in the proposed pocket (archive proposed not security proposed ppa), there is a caveat that the recent xz backdoor has caused some "fun" on the archive side and could potentially cause some delays. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1597017 Title: mount rules grant excessive permissions To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1597017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060100] Re: denials from sshd in noble
Fixed by MR https://gitlab.com/apparmor/apparmor/-/merge_requests/1196 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060100 Title: denials from sshd in noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060100] [NEW] denials from sshd in noble
Public bug reported: 2024-03-27T00:10:28.929314-04:00 image-ubuntu64 kernel: audit: type=1400 audit(1711512628.920:155): apparmor="DENIED" operation="bind" class="net" profile="/usr/sbin/sshd" pid=1290 comm="sshd" family="unix" sock_type="stream" protocol=0 requested_mask="bind" denied_mask="bind" addr="@63cf34db7fbab75f/bus/sshd/system" 2024-03-27T00:41:09.791826-04:00 image-ubuntu64 kernel: audit: type=1107 audit(1711514469.771:333907): pid=703 uid=101 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/login1" interface="org.freedesktop.login1.Manager" member="CreateSessionWithPIDFD" mask="send" name="org.freedesktop.login1" pid=4528 label="/usr/sbin/sshd" peer_pid=688 peer_label="unconfined" ** Affects: apparmor (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: apparmor (Ubuntu Noble) Importance: Undecided Status: Confirmed ** Changed in: apparmor (Ubuntu) Status: New => Confirmed ** Also affects: apparmor (Ubuntu Noble) Importance: Undecided Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060100 Title: denials from sshd in noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060100/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2046844] Re: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP
We have an update of the firefox profile coming that supports the /opt/firefox/firefox location used as the default install for the firefox downloaded directly from mozilla.org If you are running firefox out of your home directory, that will not be directly supported and you will need to chose to do one of the following to fix the issue. 1. The recommended way is updating the firefox profile in /etc/apparmor.d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor.d/firefox. 2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https://lwn.net/Articles/673597/ 3. the least recommended way to fix this is you can disable the finer grained user namespace restrictions as outlined in https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user- namespaces ** Changed in: qmapshack (Ubuntu) Status: Confirmed => Fix Released ** Changed in: qutebrowser (Ubuntu) Status: Confirmed => Fix Released ** Changed in: rssguard (Ubuntu) Status: Confirmed => Fix Released ** Changed in: supercollider (Ubuntu) Status: Confirmed => Fix Released ** Changed in: geary (Ubuntu) Status: Confirmed => Fix Released ** Changed in: goldendict-webengine (Ubuntu) Status: Confirmed => Fix Released ** Changed in: kchmviewer (Ubuntu) Status: Confirmed => Fix Released ** Changed in: loupe (Ubuntu) Status: Confirmed => Fix Released ** Changed in: notepadqq (Ubuntu) Status: Confirmed => Fix Released ** Changed in: pageedit (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2046844 Title: AppArmor user namespace creation restrictions cause many applications to crash with SIGTRAP To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2046844/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056297] Re: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 I will add here as well that we have an update of the firefox profile coming that supports the /opt/firefox/firefox location used as the default install for the firefox downloaded directly from mozilla.org -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056297 Title: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056297] Re: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04
*** This bug is a duplicate of bug 2046844 *** https://bugs.launchpad.net/bugs/2046844 Hi cipricus, can you specify how and where your firefox was installed? We are trying to support multiple variations including downloading directly from mozilla if it is installed to the standard location? mruffell is correct in his assessment that this is due to firefox not correctly handling user namespace mediation. This can be seen in your dmesg with the following messages [ 69.033622] audit: type=1400 audit(1709714939.278:138): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=2922 comm=495043204C61756E6368 requested="userns_create" target="unprivileged_userns" [ 69.037108] audit: type=1400 audit(1709714939.282:139): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=2982 comm=53616E64626F7820466F726B6564 capability=21 capname="sys_admin" Unfortunately firefox does not handle the error returned when it tries an operation that require sys_admin capability gracefully resulting in the crash. mruffell has already provided all the relevant links so I will just supplement that information 1. The recommended way is updating the firefox profile in /etc/apparmor.d/firefox by adding the location you have firefox installed, and then reloading the profile with sudo apparmor_parser -r /etc/apparmor.d/firefox 2. You can disable user namespaces, this will keep firefox from trying to use them as part of ts sandbox https://lwn.net/Articles/673597/ 3. the least recommended way to fix this is you can disable the finer grained user namespace restrictions as outlined in https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user- namespaces -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056297 Title: Non-flatpak Firefox-based browsers crash with kernel 6.8.0-11-generic in 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2056297/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2049860] Re: cloud-init cloud-config for ssh broken in jammy
Tested working on the image from http://cloud- images.ubuntu.com/releases/jammy/release-20240319/ $ ssh -o "UserKnownHostsFile=/dev/null -o CheckHostIP=no StrictHostKeyChecking no" jchittum@0.0.0.0 -p The authenticity of host '[0.0.0.0]: ([0.0.0.0]:)' can't be established. ED25519 key fingerprint is This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[0.0.0.0]:' (ED25519) to the list of known hosts. jchittum@0.0.0.0's password: Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-101-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Mon Apr 1 11:55:56 UTC 2024 $ ls /etc/ssh/sshd_config.d/ 50-cloud-init.conf 60-cloudimg-settings.conf $ sudo cat /etc/ssh/sshd_config.d/50-cloud-init.conf PasswordAuthentication yes $ sudo cat /etc/ssh/sshd_config.d/60-cloudimg-settings.conf PasswordAuthentication no cloud-init and passwords is a bit confusing. here is a working example of a cloud-init: #cloud-config ssh_pwauth: true users: - name: jchittum groups: [adm, lxd, sudo] passwd: sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash lock_passwd: false - name: timmy groups: [adm, lxd, sudo, cdrom, dip] ssh_import_id: lp:jchittum sudo: ALL=(ALL) NOPASSWD:ALL passwd: shell: /bin/bash lock_passwd: false NOTES: passwd was set by running : mkpasswd --method=SHA-512 --rounds=50 lock_passwd: false is _required_ to make this work. otherwise providing a password won't do anything, and you'll never be able to log in. I'm wondering if it's from a different version of cloud-init instead? 20231211: cloud-init 23.3.3-0ubuntu0~22.04.1 20240319: cloud-init 23.4.4-0ubuntu0~22.04.1 i don't see anything related in the changelog[https://github.com/canonical/cloud-init/blob/main/ChangeLog] next steps: try a coud-init config like i have above. If it fails, please provide your cloud-init and outputs (especially helpful with some cloud-init logs). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2049860 Title: cloud-init cloud-config for ssh broken in jammy To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2049860/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
