[Bug 2063998] Re: Cannot be found in the menu after installing! Ubuntu 24.04
ufw doesn't have a menu entry when installed as a snap or otherwise. Perhaps gufw or another application is installed? ** Project changed: ufw => ubuntu ** Changed in: ubuntu Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063998 Title: Cannot be found in the menu after installing! Ubuntu 24.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2063998/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062456] Re: bug report in docker imagw download
This bug lacks detail and doesn't look specific to ufw. Closing. ** Information type changed from Private Security to Public ** Project changed: ufw => ubuntu ** Changed in: ubuntu Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062456 Title: bug report in docker imagw download To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2062456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062455] Re: bug report in docker imagw download
This bug lacks detail and doesn't look specific to ufw. Closing. ** Information type changed from Private Security to Public ** Project changed: ufw => ubuntu ** Changed in: ubuntu Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062455 Title: bug report in docker imagw download To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2062455/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062128] Re: Booting with nvidia proprietary drivers 550.67 results in gdm3 being displayed on X11 rather than Wayland
>>> Is the machine a desktop with a single GPU or laptop with hybrid GPUs? This machine is a hybrid/optimus setup with an Intel iGPU and NVIDIA dGPU: 00:02.0 VGA compatible controller: Intel Corporation Alder Lake-HX GT1 [UHD Graphics 770] (rev 0c) 01:00.0 VGA compatible controller: NVIDIA Corporation GA107GLM [RTX A2000 8GB Laptop GPU] (rev a1) The system UEFI is configured to enable hybrid and the proprietary NVIDIA driver is configured as "on demand". In the setup at my desk, I am connected to a thunderbolt dock, which is connected to external monitors via DisplayPort. The laptop operates "closed lid" from power up. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062128 Title: Booting with nvidia proprietary drivers 550.67 results in gdm3 being displayed on X11 rather than Wayland To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/2062128/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062128] [NEW] Booting with nvidia proprietary drivers 550.67 results in gdm3 being displayed on X11 rather than Wayland
Public bug reported: I am testing Ubuntu 24.04 beta and using the proprietary NVIDIA drivers (550.67). Prior to installing the drivers packages (using nouveau), the system would load gdm3 in Wayland. After installer the drivers package, the system would load gdm3 in X11. This appears to be caused by the configuration file at /usr/lib/udev/rules.d/61-gdm.rules However, according to the comments in the rules file, it should prefer Wayland: # Disable wayland when nvidia modeset is disabled or when drivers are a lower # version than 470, # For versions above 470 but lower than 510 prefer Xorg, # Above 510, prefer Wayland. I am able to work around this by making a system override on the file, in /etc/udev/rules.d: lrwxrwxrwx 1 root root 9 Apr 18 00:34 61-gdm.rules -> /dev/null With this in place, when booting, gdm3 will be loaded with Wayland. ** Affects: gdm3 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062128 Title: Booting with nvidia proprietary drivers 550.67 results in gdm3 being displayed on X11 rather than Wayland To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/2062128/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062126] [NEW] Booting with laptop lid closed and external monitors on X11 causes the computer to sleep prior to login
Public bug reported: When powering on a laptop with the lid closed, connected to a dock which is connected to external monitors, if gdm3 is going to run on X11, the computer is suspended prior to the login screen being displayed. Tapping a key on the keyboard wakes the computer out of suspend and immediately shows the login screen on the external monitors as expected. The computer does not suspend prior to login if gdm3 is going to run on Wayland. I'm encountering this issue with Ubuntu 24.04 beta, and believe it may be related to the following systemd issue: https://github.com/systemd/systemd/issues/16045 ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062126 Title: Booting with laptop lid closed and external monitors on X11 causes the computer to sleep prior to login To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2062126/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060535] Re: apparmor's is_container_with_internal_policy() does not recognize incus
Note that after this fix, snapd in containers needs to be at >= 2.62 for apparmor policy to load (snapd's snapd-apparmor needs the corresponding fix as this bug). This is currently in the candidate channel. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060535 Title: apparmor's is_container_with_internal_policy() does not recognize incus To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060535] Re: apparmor's is_container_with_internal_policy() does not recognize incus
This is already available in noble. An SRU for jammy and focal (and ideally bionic) would be nice. ** Changed in: apparmor (Ubuntu Bionic) Status: New => Triaged ** Changed in: apparmor (Ubuntu Focal) Status: New => Triaged ** Changed in: apparmor (Ubuntu Jammy) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060535 Title: apparmor's is_container_with_internal_policy() does not recognize incus To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060535] Re: apparmor's is_container_with_internal_policy() does not recognize incus
https://gitlab.com/apparmor/apparmor/-/commit/659a187687fc8802045c113da0d12bc4b836d591 was committed upstream for this. It would be nice if this was SRU'd. ** Changed in: apparmor (Ubuntu Noble) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060535 Title: apparmor's is_container_with_internal_policy() does not recognize incus To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060535/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060535] [NEW] apparmor's is_container_with_internal_policy() does not recognize incus
Public bug reported:
apparmor is not loading for Ubuntu containers under incus. This is due
to `/lib/apparmor/rc.apparmor.functions` (18.04 uses
`/lib/apparmor/functions`):
is_container_with_internal_policy() {
# this function is sometimes called independently of
# is_apparmor_loaded(), so also define this here.
local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
local ns_stacked
local ns_name
if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
return 1
fi
read -r ns_stacked < "$ns_stacked_path"
if [ "$ns_stacked" != "yes" ]; then
return 1
fi
# LXD and LXC set up AppArmor namespaces starting with "lxd-" and
# "lxc-", respectively. Return non-zero for all other namespace
# identifiers.
read -r ns_name < "$ns_name_path"
if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
[ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi
return 0
}
This can be fixed by adjusting it to have:
# LXD, LXC and incus set up AppArmor namespaces starting with "lxd-",
# "lxc-", and "incus-" respectively. Return non-zero for all other namespace
# identifiers.
read -r ns_name < "$ns_name_path"
if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
[ "${ns_name#lxc-*}" = "$ns_name" ] && \
[ "${ns_name#incus-*}" = "$ns_name" ] ; then
return 1
fi
References:
* https://github.com/lxc/incus/issues/740
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Affects: apparmor (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: apparmor (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: apparmor (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Jammy)
Importance: Undecided
Status: New
** Description changed:
apparmor is not loading for Ubuntu containers under incus. This is due
to `/lib/apparmor/rc.apparmor.functions` (18.04 uses
`/lib/apparmor/functions`):
+ is_container_with_internal_policy() {
+ # this function is sometimes called independently of
+ # is_apparmor_loaded(), so also define this here.
+ local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
+ local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
+ local ns_stacked
+ local ns_name
- is_container_with_internal_policy() {
- # this function is sometimes called independently of
- # is_apparmor_loaded(), so also define this here.
- local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
- local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
- local ns_stacked
- local ns_name
+ if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
+ return 1
+ fi
- if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
- return 1
- fi
+ read -r ns_stacked < "$ns_stacked_path"
+ if [ "$ns_stacked" != "yes" ]; then
+ return 1
+ fi
- read -r ns_stacked < "$ns_stacked_path"
- if [ "$ns_stacked" != "yes" ]; then
- return 1
- fi
+ # LXD and LXC set up AppArmor namespaces starting with "lxd-" and
+ # "lxc-", respectively. Return non-zero for all other namespace
+ # identifiers.
+ read -r ns_name < "$ns_name_path"
+ if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
+[ "${ns_name#lxc-*}" = "$ns_name" ]; then
+ return 1
+ fi
- # LXD and LXC set up AppArmor namespaces starting with "lxd-" and
- # "lxc-", respectively. Return non-zero for all other namespace
- # identifiers.
- read -r ns_name < "$ns_name_path"
- if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
- [ "${ns_name#lxc-*}" = "$ns_name" ]; then
- return 1
- fi
-
- return 0
+ return 0
}
- ```
This can be fixed by adjusting it to have:
- ```
- # LXD, LXC and incus set up AppArmor namespaces starting with "lxd-",
- # "lxc-", and "incus-" respectively. Return non-zero for all other
namespace
- # identifiers.
- read -r ns_name < "$ns_name_path"
- if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
- [ "${ns_name#lxc-*}" = "$ns_name" ] && \
- [ "${ns_name#incus-*}" = "$ns_name" ] ; then
- return 1
- fi
- return 0
+ # LXD, LXC and incus set up AppArmor namespaces starting with "lxd-",
+ # "lxc-", and "incus-" respectively. Return non-zero for all other
namespace
+ # identifiers.
+ read -r ns_name < "$ns_name_path"
+
[Bug 2056635] Re: Wifi wlan0 device not present on Raspberry Pi 3A+
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056635 Title: Wifi wlan0 device not present on Raspberry Pi 3A+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2056635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056635] [NEW] Wifi wlan0 device not present on Raspberry Pi 3A+
Public bug reported: Ubuntu Noble beta does not currently bring up the wlan0 wifi interface on the Raspberry Pi 3A+. uname -a Linux ubuntu 6.8.0-1001-raspi #1-Ubuntu SMP PREEMPT_DYNAMIC Tue Feb 27 16:56:12 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux No wlan0 interface is present in 'ip a' output and the device isn't listed under /sys/class/net/. Netplan therefore fails to configure a connection to an access point. ** Affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056635 Title: Wifi wlan0 device not present on Raspberry Pi 3A+ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2056635/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971409] Re: value_copy: Assertion `arg->contents != nullptr' failed.
see also https://sourceware.org/bugzilla/show_bug.cgi?id=29045#c3 where the gdb list recommends updating to a stable version of gdb ** Bug watch added: Sourceware.org Bugzilla #29045 https://sourceware.org/bugzilla/show_bug.cgi?id=29045 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971409 Title: value_copy: Assertion `arg->contents != nullptr' failed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdb/+bug/1971409/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 337763] Re: virt-manager reboot action is non-functional
** Changed in: virt-manager (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/337763 Title: virt-manager reboot action is non-functional To manage notifications about this bug go to: https://bugs.launchpad.net/virt-manager/+bug/337763/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970731] Re: iptables empty when using firewalld
Reassigning to firewalld as the description mentions that ufw is disabled. This is not a bug though because iptables relies on certain tables/chains being used and it looks like firewalld doesn't use those (which is fine for firewalld to do). You should be able to see all netfilter firewall rules with 'nft' but you'll only see rules that are added to the (now non-default) tables/chains that iptables expects (INPUT, OUTPUT, etc). More specifically, 'nft' will see the rules that 'iptables' creates but not necessarily the other way around. ** Package changed: ufw (Ubuntu) => firewalld (Ubuntu) ** Changed in: firewalld (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970731 Title: iptables empty when using firewalld To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1970731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1969612] Re: 5.13.0-40 extremely slow with Alder Lake CPU
Marking Incomplete, I upgraded to Jammy where this is no longer a problem ** Changed in: linux-signed-hwe-5.13 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969612 Title: 5.13.0-40 extremely slow with Alder Lake CPU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe-5.13/+bug/1969612/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1969612] [NEW] 5.13.0-40 extremely slow with Alder Lake CPU
Public bug reported: System running i5-12400F CPU, this is Alder Lake with 6x performance cores (no efficiency cores). Booting with linux-image-5.13.0-40-generic is extremely slow. The system takes over a minute to even log in, usual time is a few seconds. Running anything even remotely taxing (eg: GRUB rebuild, sudo) effectively grinds the system to a halt. I notice CPU scaling never reaches above ~1 Ghz, whereas normal operation on 5.13.0-39 and earlier reaches up to ~4.7 GHz on demand. When 5.13.0-40 is booted, the CPU Frequency Scaling applet in MATE Desktop does not display the powersave/performance governors. sysfs shows the intel_pstate driver in use, running in powersave governor. Booting back into 5.13.0-39 resolves this, the system is fast and responsive again. Nothing jumps out as obvious to me in the changelog: https://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_5.13.0-40.45/changelog (searched "cpu" and "freq" and "alder"). As per https://wiki.ubuntu.com/KernelTeam/KernelTeamBugPolicies I would gladly test the latest upstream mainline build, however it's not possible to install v5.15.7 or later due to unmet libssl3 dependency. $ lsb_release -rd Description:Ubuntu 20.04.4 LTS Release:20.04 $ apt-cache policy linux-image-5.13.0-40-generic linux-image-5.13.0-40-generic: Installed: 5.13.0-40.45~20.04.1 Candidate: 5.13.0-40.45~20.04.1 Version table: *** 5.13.0-40.45~20.04.1 500 500 http://au.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.13.0-40-generic 5.13.0-40.45~20.04.1 ProcVersionSignature: Ubuntu 5.13.0-39.44~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-39-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.23 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: MATE Date: Wed Apr 20 20:41:52 2022 InstallationDate: Installed on 2022-03-17 (33 days ago) InstallationMedia: Ubuntu-MATE 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223) SourcePackage: linux-signed-hwe-5.13 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: linux-signed-hwe-5.13 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969612 Title: 5.13.0-40 extremely slow with Alder Lake CPU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe-5.13/+bug/1969612/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start
** Changed in: isc-dhcp (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1896772/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start
** Changed in: ifupdown (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1896772/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start
** Also affects: ifupdown (Ubuntu) Importance: Undecided Status: New ** Also affects: isc-dhcp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1896772/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start
I grep'd for 'netif' in /etc and noticed: $ sudo grep -r netif /etc /etc/network/if-down.d/resolved:statedir=/run/systemd/resolve/netif /etc/network/if-up.d/resolved:statedir=/run/systemd/resolve/netif /etc/dhcp/dhclient-exit-hooks.d/resolved:statedir=/run/systemd/resolve/netif /etc/network/if-up.d/resolved and /etc/dhcp/dhclient-exit- hooks.d/resolved have code like this: statedir=/run/systemd/resolve/netif mkdir -p $statedir but do not have a corresponding chown of /run/systemd/resolve/netif. There is a chown for `chown systemd-resolve:systemd-resolve "$statedir/$ifindex"` in /etc/network/if-up.d/resolved and /etc/dhcp/dhclient-exit-hooks.d/resolved. This system has been upgraded many, many times (at least since yakkety). dhclient is being used for this interface. ifupdown is installed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1896772/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1896772] Re: systemd-resolved configures no Current Scopes on start
I see this on 22.04 after upgrading from 20.04. $ journalctl |grep 'Failed to save link data' Apr 17 15:25:52 hostname systemd-resolved[19095]: Failed to save link data /run/systemd/resolve/netif/3: Permission denied Apr 17 15:25:52 hostname systemd-resolved[19095]: Failed to save link data /run/systemd/resolve/netif/3: Permission denied $ ls -ld /run/systemd/resolve/netif drwxr-xr-x 2 root root 40 Apr 17 14:46 /run/systemd/resolve/netif (note, I had tried to restart systemd-resolved) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current Scopes on start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1896772/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968608] Re: networking/firewall issues after upgrade when using iptables-nft
I filed https://github.com/docker-snap/docker-snap/issues/68 for the docker snap unconditionally using xtables. ** Bug watch added: github.com/docker-snap/docker-snap/issues #68 https://github.com/docker-snap/docker-snap/issues/68 ** Also affects: iptables (Ubuntu) Importance: Undecided Status: New ** Changed in: iptables (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968608 Title: networking/firewall issues after upgrade when using iptables-nft To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1968608/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968608] Re: networking/firewall issues after upgrade when using iptables-nft
** Description changed: Filing this issue in the hopes that it will help people who are upgrading from a system that previously used xtables to one that is using netfilter. ufw uses the 'iptables' suite of commands under the hood. As of iptables 1.8, iptables ships with two different backends for these commands: * nft (netfilter) * legacy (xtables) such that there are iptables-nft, iptables-legacy, ip6tables-nft, ip6tables-legacy, etc commands on the system. Distributions may choose to then install symlinks from these commands to the traditional command. Eg, iptables will point to either iptables-nft or iptables-legacy. These symlinks can be configured by the admin on Debian/Ubuntu-based systems with: $ sudo update-alternatives --config iptables # configures all the iptables* symlinks $ sudo update-alternatives --config ip6tables # configures all the ip6tables* symlinks ufw is fully compatible with either backend. iptables-nft and nftables (ie, the 'nft' command not part of 'iptables'; will refer to this here as 'nftables' for clarity) both work with the kernel netfilter and different software on the system may freely use iptables-nft or nftables (eg, ufw using iptables-nft with other software (eg, libvirt) using nftables is fine). Since iptables-nft works well for ufw's requirements, there hasn't been a compelling reason to migrate ufw to use 'nftables' instead of 'iptables'. While iptables-nft and nftables can be used together, you should NOT mix and match netfilter and xtables rules as the upstream kernel considers this undefined and the firewall may not work correctly. Before iptables 1.8, admins could not mix and match iptables and nftables (or software that used one or the other). With iptables 1.8, admins can choose to use iptables-legacy or nftables and/or iptables-nft. Older releases of distributions (eg, Ubuntu 20.04 LTS) defaulted to iptables-legacy as the iptables backend with the admin able to opt into iptables-nft. Newer releases of distributions (eg, Ubuntu 22.04 LTS) are choosing to default to iptables-nft instead. As mentioned, so long as all of the software on the system agrees on using either netfilter or xtables, everything should be fine. Use of the symlink mechanism (eg, the aforementioned 'update-alternatives' on Debian/Ubuntu) helps ensure everything works properly. Software that manipulates the firewall outside of the configured symlinks (or using iptables-legacy/iptables 1.6 while nftables is also in use) might introduce problems if they are not aware of the xtables/netfilter incompatibility. Eg, this might happen with snaps that ship their own iptables or nftables and unconditionally use it without considering existing rules on the system. The ufw snap will detect and use the correct backend for the system on startup. The lxd and multipass snaps will do the same. As such, eg, an Ubuntu 20.04 system that is configured with the default iptables-legacy backend can use the ufw deb from Ubuntu with the lxd and multipass snaps without issue (ufw follows the iptables symlink to use the legacy (xtables) backend to load firewall rules in early boot. When lxd and multipass are started, they see that legacy rules are in use and use xtables). Similarly, on an Ubuntu 22.04 system that is configured with the default iptables-nft backend, the ufw deb from Ubuntu will follow the iptables symlink to use the nft (netfilter) backend to load firewall rules in early boot. When lxd and multipass are started, the see that nft rules are in use and use netfilter. Users upgrading from earlier distributions that defaulted to the legacy backend to newer releases that use the nft backend may find that non- distro software isn't choosing the correct backend. You can see if this is the case by running: $ sudo iptables-nft -S and compare with: $ sudo iptables-legacy -S If one is populated and the other comes back with only: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT then everything should be operating together ok. You should also check ip6tables-nft vs ip6tables-legacy and if you have 'nft' on your system, see that 'sudo nft list ruleset' has only accept rules if 'iptables- legacy -S' shows rules are in use. If there is a mixture of rules in both backends, you'll need to make everything use either netfilter or xtables. If things were working correctly before the upgrade, you might find that going back to iptables-legacy could make things work until you're ready to migrate to iptables-nft (on Debian/Ubuntu, see update-alternatives, above). The 'docker' snap as of 20.10.12 in the stable channel is known to unconditionally use xtables. At the time of this filing, it did not have a way to adjust to using netfilter, so if using the docker snap, you might have to update your system to use
[Bug 1968608] [NEW] networking/firewall issues after upgrade when using iptables-nft
Public bug reported: Filing this issue in the hopes that it will help people who are upgrading from a system that previously used xtables to one that is using netfilter. ufw uses the 'iptables' suite of commands under the hood. As of iptables 1.8, iptables ships with two different backends for these commands: * nft (netfilter) * legacy (xtables) such that there are iptables-nft, iptables-legacy, ip6tables-nft, ip6tables-legacy, etc commands on the system. Distributions may choose to then install symlinks from these commands to the traditional command. Eg, iptables will point to either iptables-nft or iptables-legacy. These symlinks can be configured by the admin on Debian/Ubuntu-based systems with: $ sudo update-alternatives --config iptables # configures all the iptables* symlinks $ sudo update-alternatives --config ip6tables # configures all the ip6tables* symlinks ufw is fully compatible with either backend. iptables-nft and nftables (ie, the 'nft' command not part of 'iptables'; will refer to this here as 'nftables' for clarity) both work with the kernel netfilter and different software on the system may freely use iptables-nft or nftables (eg, ufw using iptables-nft with other software (eg, libvirt) using nftables is fine). Since iptables-nft works well for ufw's requirements, there hasn't been a compelling reason to migrate ufw to use 'nftables' instead of 'iptables'. While iptables-nft and nftables can be used together, you should NOT mix and match netfilter and xtables rules as the upstream kernel considers this undefined and the firewall may not work correctly. Before iptables 1.8, admins could not mix and match iptables and nftables (or software that used one or the other). With iptables 1.8, admins can choose to use iptables-legacy or nftables and/or iptables-nft. Older releases of distributions (eg, Ubuntu 20.04 LTS) defaulted to iptables-legacy as the iptables backend with the admin able to opt into iptables-nft. Newer releases of distributions (eg, Ubuntu 22.04 LTS) are choosing to default to iptables-nft instead. As mentioned, so long as all of the software on the system agrees on using either netfilter or xtables, everything should be fine. Use of the symlink mechanism (eg, the aforementioned 'update-alternatives' on Debian/Ubuntu) helps ensure everything works properly. Software that manipulates the firewall outside of the configured symlinks (or using iptables-legacy/iptables 1.6 while nftables is also in use) might introduce problems if they are not aware of the xtables/netfilter incompatibility. Eg, this might happen with snaps that ship their own iptables or nftables and unconditionally use it without considering existing rules on the system. The ufw snap will detect and use the correct backend for the system on startup. The lxd and multipass snaps will do the same. As such, eg, an Ubuntu 20.04 system that is configured with the default iptables-legacy backend can use the ufw deb from Ubuntu with the lxd and multipass snaps without issue (ufw follows the iptables symlink to use the legacy (xtables) backend to load firewall rules in early boot. When lxd and multipass are started, they see that legacy rules are in use and use xtables). Similarly, on an Ubuntu 22.04 system that is configured with the default iptables-nft backend, the ufw deb from Ubuntu will follow the iptables symlink to use the nft (netfilter) backend to load firewall rules in early boot. When lxd and multipass are started, the see that nft rules are in use and use netfilter. Users upgrading from earlier distributions that defaulted to the legacy backend to newer releases that use the nft backend may find that non- distro software isn't choosing the correct backend. You can see if this is the case by running: $ sudo iptables-nft -S and compare with: $ sudo iptables-legacy -S If one is populated and the other comes back with only: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT then everything should be operating together ok. You should also check ip6tables-nft vs ip6tables-legacy and if you have 'nft' on your system, see that 'sudo nft list ruleset' has only accept rules if 'iptables- legacy -S' shows rules are in use. If there is a mixture of rules in both backends, you'll need to make everything use either netfilter or xtables. If things were working correctly before the upgrade, you might find that going back to iptables-legacy could make things work until you're ready to migrate to iptables-nft (on Debian/Ubuntu, see update-alternatives, above). The 'docker' snap as of 20.10.12 in the stable channel is known to unconditionally use xtables. At the time of this filing, it did not have a way to adjust to using netfilter, so if using the docker snap, you might have to update your system to use iptables-legacy (on Debian/Ubuntu, see update-alternatives, above). Finally, if using various container/VM software with ufw on the host and everything agrees on using the same backend, you might check
[Bug 1968498] [NEW] Unhandled promise rejection after screenlock/unlock
Public bug reported: After upgrading from focal to jammy, I noticed this in my logs: Apr 10 14:05:40 host ubuntu-appindicat...@ubuntu.com[124051]: unable to update icon for software-update-available Apr 10 14:05:40 host gnome-shell[124051]: Unhandled promise rejection. To suppress this warning, add an error handler to your promise chain with .catch() or a try-catch block around your await expression. Stack trace of the failed promise: _checkNeededProperties@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/appIndicator.js:133:33 _nameOwnerChanged@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/appIndicator.js:154:18 _emit@resource:///org/gnome/gjs/modules/core/_signals.js:114:47 AppIndicatorsNameWatcher/this._watcherId<@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/util.js:205:22 This happens after screenlock/unlock. It looks like https://github.com/ubuntu/gnome-shell-extension- appindicator/issues/334 was filed for this as well. ** Affects: gnome-shell-extension-appindicator (Ubuntu) Importance: Undecided Status: New ** Description changed: After upgrading from focal to jammy, I noticed this in my logs: - Apr 10 14:05:40 iolanthe ubuntu-appindicat...@ubuntu.com[124051]: unable to update icon for software-update-available - Apr 10 14:05:40 iolanthe gnome-shell[124051]: Unhandled promise rejection. To suppress this warning, add an error handler to your promise chain with .catch() or a try-catch block around your await expression. Stack trace of the failed promise: - _checkNeededProperties@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/appIndicator.js:133:33 - _nameOwnerChanged@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/appIndicator.js:154:18 - _emit@resource:///org/gnome/gjs/modules/core/_signals.js:114:47 - AppIndicatorsNameWatcher/this._watcherId<@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/util.js:205:22 + Apr 10 14:05:40 host ubuntu-appindicat...@ubuntu.com[124051]: unable to update icon for software-update-available + Apr 10 14:05:40 host gnome-shell[124051]: Unhandled promise rejection. To suppress this warning, add an error handler to your promise chain with .catch() or a try-catch block around your await expression. Stack trace of the failed promise: + _checkNeededProperties@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/appIndicator.js:133:33 + _nameOwnerChanged@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/appIndicator.js:154:18 + _emit@resource:///org/gnome/gjs/modules/core/_signals.js:114:47 + AppIndicatorsNameWatcher/this._watcherId<@/usr/share/gnome-shell/extensions/ubuntu-appindicat...@ubuntu.com/util.js:205:22 This happens after screenlock/unlock. It looks like https://github.com/ubuntu/gnome-shell-extension- appindicator/issues/334 was filed for this as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968498 Title: Unhandled promise rejection after screenlock/unlock To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell-extension-appindicator/+bug/1968498/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04
The fsetid is actually quite old (at least 3 years; there may have been a Trello card for it). At one point it came in and I did analysis and tweaked the order of the priv dropping in snap-confine to get rid of it. Then some stuff was added to snap-confine and it came back. I always had it as a to-do to work through it, but weighing the necessity of keeping the priv-dropping solid vs getting rid of the noisy denial always kept it on the back-burner. Bottom line, the fsetid has to do with the delicate drop/raise/.../full drop dance we do and isn't new. I think you should keep that separate from these other two. The new ones feel like it's a delegation issue with the new kernel (ie where it depends on what is launching snap-confine/what snap-confine is launching), but maybe it is just as simple as the 5.15 kernel has new capabilities checks for things it didn't before. When looking at this, remember that the kernel rate limits capability denials differently than say, file rules and that it can be difficult to trigger the denials reliably without taking additional steps. John can help you with these techniques. I recall wanting to pull my hair out when investigating the fsetid denial until I nailed down how to get the logged denial reliably :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967884 Title: several snap-confine denials for capability net_admin and perfmon on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04
** Summary changed: - several snap-confine denials for capability net_admin on 22.04 + several snap-confine denials for capability net_admin and perfmon on 22.04 ** Description changed: I recently upgraded to 22.04 and started seeing denials like: - Apr 5 08:57:39 localhost kernel: [ 31.386426] audit: type=1400 audit(1649167059.397:267): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=2333 comm="snap-confine" capability=12 capname="net_admin" - Apr 5 08:58:14 localhost kernel: [ 66.234135] audit: type=1400 audit(1649167094.420:274): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5400 comm="snap-confine" capability=12 capname="net_admin" - Apr 5 08:59:50 localhost kernel: [ 162.033225] audit: type=1400 audit(1649167190.215:293): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=7166 comm="snap-confine" capability=12 capname="net_admin" + Apr 05 09:38:51 iolanthe audit[5815]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5815 comm="snap-confine" capability=12 capname="net_admin" + Apr 05 09:38:51 iolanthe audit[5815]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5815 comm="snap-confine" capability=38 capname="perfmon" + Apr 05 09:38:51 iolanthe kernel: audit: type=1400 audit(1649169531.339:277): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5815 comm="snap-confine" capability=12 capname="net_admin" + Apr 05 09:38:51 iolanthe kernel: audit: type=1400 audit(1649169531.339:278): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5815 comm="snap-confine" capability=38 capname="perfmon" I've not been able to figure out what is causing this and will add more details if I do. Filing this in case other see it too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967884 Title: several snap-confine denials for capability net_admin and perfmon on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967884] [NEW] several snap-confine denials for capability net_admin on 22.04
Public bug reported: I recently upgraded to 22.04 and started seeing denials like: Apr 5 08:57:39 localhost kernel: [ 31.386426] audit: type=1400 audit(1649167059.397:267): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=2333 comm="snap-confine" capability=12 capname="net_admin" Apr 5 08:58:14 localhost kernel: [ 66.234135] audit: type=1400 audit(1649167094.420:274): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5400 comm="snap-confine" capability=12 capname="net_admin" Apr 5 08:59:50 localhost kernel: [ 162.033225] audit: type=1400 audit(1649167190.215:293): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=7166 comm="snap-confine" capability=12 capname="net_admin" I've not been able to figure out what is causing this and will add more details if I do. Filing this in case other see it too. ** Affects: snapd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967884 Title: several snap-confine denials for capability net_admin on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892369] Re: Impossible to skip integrity test for ubuntu-server 20.04.1 iso
This is still completely unworkable for me. I'm installing 20.04.3 on a rack server via the LOM, and at no time while the system was starting up did I see anywhere I could set command line options - it went from the firmware talking about scanning the bus to "No Signal" to the kernel starting to boot in the space of about 3 seconds. And even if there was a splash screen that allowed me to press a key to set options as comments above imply there should be, it takes the firmware in this box two and half minutes to get to the point where the ISO is booting. So to make use of it, I'd have to be glued to my monitor for that long to make sure I didn't miss the window of how many seconds it's supposed to appear for. I could be spending more time waiting for the opportunity to press a key than I would spend answering the installer questions. As things stands, #11 appears to be the best solution I've got and I think that's absolutely ridiculous. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892369 Title: Impossible to skip integrity test for ubuntu-server 20.04.1 iso To manage notifications about this bug go to: https://bugs.launchpad.net/subiquity/+bug/1892369/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1960413] [NEW] lbzip2 binary files are missing from lbzip2 package on Ubuntu 21.10
Public bug reported: The following files are expected in this package and are missing in the amd64 version; --- /usr/bin/lbunzip2 /usr/bin/lbzcat /usr/bin/lbzip2 /usr/share/man/man1/lbunzip2.1.gz /usr/share/man/man1/lbzcat.1.gz /usr/share/man/man1/lbzip2.1.gz --- jamie@a17-laptop:~$ sudo apt-file list lbzip2 lbzip2: /usr/share/doc/lbzip2/changelog.Debian.gz lbzip2: /usr/share/doc/lbzip2/copyright --- https://packages.ubuntu.com/impish/amd64/lbzip2/filelist ProblemType: Bug DistroRelease: Ubuntu 21.10 Package: lbzip2 2.5-2.1build1 ProcVersionSignature: Ubuntu 5.13.0-28.31-generic 5.13.19 Uname: Linux 5.13.0-28-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu71 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Feb 9 08:00:18 2022 Dependencies: InstallationDate: Installed on 2022-02-02 (7 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lbzip2 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: lbzip2 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug impish -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1960413 Title: lbzip2 binary files are missing from lbzip2 package on Ubuntu 21.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lbzip2/+bug/1960413/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
** Tags removed: block-proposed block-proposed-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
https://launchpad.net/ubuntu/+source/ufw/0.36.1-3ubuntu1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
** Changed in: ufw (Ubuntu) Status: New => Triaged ** Changed in: cloud-init (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
Oh! I missed from the initial report that network-pre was deleted which clears up things considerably on my end (since I wasn't able to reproduce, I didn't see it locally either). :) Preparing an upload now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956029] Re: ufw remains inactive at boot time
Thanks for the response and glad you got it worked out. It reminds me that I would like to document using fail2ban with ufw more. ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956029 Title: ufw remains inactive at boot time To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1956029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
> This makes me want to understand the cloud-init configuration that is in play. Can you share it? I'm thinking I should upload: DefaultDependencies=no Before=network-pre.target Wants=network-pre.target local-fs.target After=local-fs.target Do you have any objections? This would remove the explicit sysinit from the dependency equation but I think it would otherwise achieve ufw's startup objectives. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
> I don't believe your reproducer is valid - cloud-init is not installed anymore, as autopkgtest-buildvm-ubuntu-cloud removes it when building the VM, whereas it remains on the cloud images, as it's needed there to actually get the IP address during boot. Note, in https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/comments/9 I installed cloud-init and did some analysis also (but see below). > Though arguably I'd expect this to be fixed by removing DefaultDependencies again, if I looked at this correctly. Seems likely, though this change was done to fix an issue people were seeing on stack exchange for Debian/Ubuntu systems related to a race between encrypted filesystems and ufw. I guess I could add back DefaultDependencies=no and add After=local-fs.target, but I'm not sure what this would do in practice since local-fs.target is so close to the end of sysinit anyway (but see below). In 0.36.1-2, ufw has: DefaultDependencies=no Before=network.target In 0.36.1-3, ufw has (no DefaultDependencies=no): Before=network-pre.target Wants=network-pre.target cloud-init has (among other things): Before=sysinit.target Before=network-pre.target Wants=network-pre.target AIUI, with 0.36.1-2, ufw will tend to start right away due to DefaultDependencies=no and so will cloud-init so long as it finishes before sysinit. ufw need only finish before network.target, which is after network-pre.target. Eg, ufw and cloud-init race to complete but otherwise their dependencies directly don't affect each other. With 0.36.1-3, cloud-init starts early and before ufw since it must finish before sysinit.target and ufw cannot start until after sysinit.target is done. Because both must finish before network- pre.target, this pushes network-pre.target after sysinit (and of course, ufw), but other than that, there shouldn't be a problem since we have: 1. cloud-init starts / finishes 2. sysinit starts / finishes 3. ufw starts / finishes 4. network-pre reached 5. systemd-networkd starts / finishes 6. network reached IME, there is no obvious problem with the dependencies (as they relate to ufw) since cloud-init is allowed to start/finish before sysinit and network-pre just like before. It is just that now network-pre is guaranteed to be after sysinit (which from cloud-init's point of view, shouldn't necessarily be a concern). It is also guaranteed to be after ufw but, unless cloud-init is doing something with ufw such as perhaps enabling ufw and restarting the ufw service, cloud-init shouldn't care cause the ufw service doesn't do anything unless ufw is enabled (and even when it is enabled, it just loads firewall rules). This makes me want to understand the cloud-init configuration that is in play. Can you share it? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956029] Re: ufw remains inactive at boot time
Thanks for the bug report. A few things: 1. I'm not sure what 'networking stops' means precisely in the context of this bug report. Does 'ufw disable' restore the network? Is the network torn down? Something else (you are using a lot of limit rules instead of allow rules, I wonder if you are hitting limits...)? 2. 'journalctl -u ufw.service' isn't normally going to show you much since the command run from the service isn't very chatty. Better would be to look at /var/log/ufw.log around the time the networking stops. If /var/log/ufw.log doesn't exist on your distro, you should check /var/log/kern.log for firewall denials and then try to resolve them with new/modified firewall rules 3. It isn't clear if you used the check-requirements from https://git.launchpad.net/ufw/tree/tests/check-requirements or the one on the system. Which did you use? (Note, I just made a change to https://git.launchpad.net/ufw/tree/tests/check-requirements that you might want to use) 4. you didn't mention which distro you are using, but the ufw.service file is not what is shipped upstream (or Ubuntu or Debian). This is what has been shipped in Ubuntu and Debian for several years: [Unit] Description=Uncomplicated firewall Documentation=man:ufw(8) DefaultDependencies=no Before=network.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/lib/ufw/ufw-init start quiet ExecStop=/lib/ufw/ufw-init stop [Install] WantedBy=multi-user.target and this is what is upstream (Debian is the same except omits the 'Conflicts') and what should solve some issues (though I'm not sure it would solve your issues: [Unit] Description=Uncomplicated firewall Documentation=man:ufw(8) Before=network-pre.target Wants=network-pre.target Conflicts=iptables.service ip6tables.service nftables.service firewalld.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/lib/ufw/ufw-init start quiet ExecStop=/lib/ufw/ufw-init stop [Install] WantedBy=multi-user.target You may want to adjust the service file to be like the upstream one, then run 'sudo systemctl daemon-reload' and reboot. ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956029 Title: ufw remains inactive at boot time To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1956029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956029] Re: ufw remains inactive at boot time
> How to I ensure that ufw is fully up and initialised BEFORE the
fail2ban service starts?
This line from your existing fail2ban.service should be sufficient:
After=network.target iptables.service firewalld.service
ip6tables.service ipset.service nftables.service ufw.service
See https://www.freedesktop.org/software/systemd/man/systemd.unit.html
for details ("After= is the inverse of Before=, i.e. while Before=
ensures that the configured unit is started before the listed unit
begins starting up, After= ensures the opposite, that the listed unit is
fully started up before the configured unit is started.")
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1956029
Title:
ufw remains inactive at boot time
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1956029/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956029] Re: ufw remains inactive at boot time
> 4. you didn't mention which distro you are using This would be good to know since some distros are using iptables 1.8.x which has two different backends that are in play. Which distro are you using and what is the output of `iptables --version` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956029 Title: ufw remains inactive at boot time To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1956029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
** Attachment added: "plot-2.svg" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+attachment/5550320/+files/plot-2.svg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
** Attachment added: "plot-3.svg" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+attachment/5550321/+files/plot-3.svg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
Attached are two 'systemd-analyze plot's for the autopktest jammy system with cloud-init and ufw installed. plot-2.svg is for booting the system with 0.36.1-2 (current jammy) and plot-3.svg is 0.36.1-3 (proposed jammy). Notice how plot-2.svg, ufw and systemd-networkd start quite a bit earlier than in plot-3.svg. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
@juliank - note I wasn't so much talking about 'blame' as much as understanding, so I apologize if it came across that way. Since I wasn't able to reproduce, I was trying to reason through my thoughts to help the discussion go further since I'm not able to diagnose it myself. In a nutshell, I have concerns that the ufw service has a side effect that somewhere else in the system is dependent on. That other part of the system should be setup to work without ufw in the mix. I'm also concerned that users might face issues if ufw is purged or if other similarly configured software is installed (eg, firewalld). With that in mind, it seems odd that a service that does nearly nothing by default would affect the system by having a Before/Wants on network- pre.target. It also seems odd that going from very little dependencies (DefaultDependencies=no) to have only those for 'basic system initialization' would be a problem since those are not related to networking, etc. Eg, in today's autopkgtest jammy instance that I created with `autopkgtest-buildvm-ubuntu-cloud -r jammy` and rebooting with the proposed -3 of ufw installed: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu Jammy Jellyfish (development branch) Release:22.04 Codename: jammy $ cat /proc/version_signature Ubuntu 5.13.0-19.19-generic 5.13.14 $ systemctl list-dependencies ufw.service ufw.service ● ├─system.slice ● ├─network-pre.target ● └─sysinit.target ● ├─apparmor.service ● ├─dev-hugepages.mount ● ├─dev-mqueue.mount ● ├─keyboard-setup.service ● ├─kmod-static-nodes.service ● ├─multipathd.service ● ├─plymouth-read-write.service ○ ├─plymouth-start.service ● ├─proc-sys-fs-binfmt_misc.automount ● ├─setvtrgb.service ● ├─sys-fs-fuse-connections.mount ● ├─sys-kernel-config.mount ● ├─sys-kernel-debug.mount ● ├─sys-kernel-tracing.mount ● ├─systemd-ask-password-console.path ○ ├─systemd-binfmt.service ○ ├─systemd-boot-system-token.service ● ├─systemd-journal-flush.service ● ├─systemd-journald.service ○ ├─systemd-machine-id-commit.service ● ├─systemd-modules-load.service ○ ├─systemd-pstore.service ● ├─systemd-random-seed.service ● ├─systemd-sysctl.service ● ├─systemd-sysusers.service ● ├─systemd-timesyncd.service ● ├─systemd-tmpfiles-setup-dev.service ● ├─systemd-tmpfiles-setup.service ● ├─systemd-udev-trigger.service ● ├─systemd-udevd.service ● ├─systemd-update-utmp.service ● ├─cryptsetup.target ● ├─local-fs.target ● │ ├─-.mount ● │ ├─boot-efi.mount ○ │ ├─systemd-fsck-root.service ● │ └─systemd-remount-fs.service ● ├─swap.target ● └─veritysetup.target Seeing what depends on ufw, there is very little: $ systemctl list-dependencies ufw.service --reverse ufw.service ● └─multi-user.target ● └─graphical.target I can also say that nothing in this VM depends on network-pre other than ufw: $ systemctl list-dependencies --reverse network-pre.target network-pre.target ● └─ufw.service and that there is not much depending on network.target: $ systemctl list-dependencies --reverse network.target network.target ○ ├─netplan-ovs-cleanup.service ● └─systemd-networkd.service Rebooting with ufw -2 installed, all of the above is the same except ufw's dependencies are nearly nothing: $ systemctl list-dependencies ufw.service ufw.service ● └─system.slice This autopkgtest VM doesn't have cloud-init installed (which is consistent with why I'm not seeing it in here like I am not in Debian) and I don't know what cloud-init config to provide to provide any additional diagnosis. I can say that if I install cloud-init, it add a dependency on on network-pre.target (still with -2 of ufw): $ systemctl list-dependencies network-pre.target --reverse network-pre.target ○ └─cloud-init-local.service It has: $ cat /usr/lib/systemd/system/cloud-init-local.service [Unit] Description=Initial cloud-init job (pre-networking) DefaultDependencies=no Wants=network-pre.target After=hv_kvp_daemon.service After=systemd-remount-fs.service Before=NetworkManager.service Before=network-pre.target Before=shutdown.target Before=sysinit.target Conflicts=shutdown.target RequiresMountsFor=/var/lib/cloud [Service] Type=oneshot ExecStart=/usr/bin/cloud-init init --local ExecStart=/bin/touch /run/cloud-init/network-config-ready RemainAfterExit=yes TimeoutSec=0 # Output needs to appear in instance console output StandardOutput=journal+console [Install] WantedBy=cloud-init.target I notice that it has a `Before=sysinit.target` and DefaultDependencies=no. Is cloud-init in our infrastructure configured to run ufw? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
** Changed in: ufw (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
@juliank - where did you see these errors? I booted with a freshly created autopkgtest jammy vm, installed the package from proposed and it worked fine. Please see my previous comments-- this does not seem to be a bug in ufw since it is using the documented unit setup that systemd recommends for firewall software (and that other firewall software use, such as firewalld) and this has been in Debian for some time now with no bug reports (indeed, it solved issues). Your initial report shows that lots of other units have the ordering cycle issue that you mentioned so I'm not sure why ufw would be singled out. So we're all on the same page, this was the change: -DefaultDependencies=no -Before=network.target +Before=network-pre.target +Wants=network-pre.target and I'll add this from debian/changelog: +- use Before and Wants on network-pre.target. Per systemd documentation, + "network-pre.target is a target that may be used to order services + before any network interface is configured. Its primary purpose is for + usage with firewall services". Because network-pre.target is a passive + unit, "services that want to be run before the network is configured + should place Before=network-pre.target and also set + Wants=network-pre.target to pull it in" +- remove DefaultDependencies=no so that we pull in default dependencies + for "basic system initialization". While ufw is meant to come up before + networking, there is no reason why it shouldn't come up after sysinit. + This should help make ufw startup more robust on systems that need + something from sysinit. The ufw unit itself does very little unless ufw is enabled since /lib/ufw/ufw-init exits very quickly when it is not enabled. As such, it seems to me that the ufw upload may have uncovered a latent issue in our early boot (but that wouldn't be a bug in ufw itself) where Ubuntu may not be supporting the documented behavior for network-pre.target. Finally, it has been a couple of months since this report; is it possible to rerun wherever this was run to see if it is still an issue (as mentioned, no bug reports in Debian and so perhaps things floated in that resolved this)? I would rerun autopkgtests, but they all have passed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726856] Re: ufw does not start automatically at boot
@Stefan, I suggest you try the fix that is in Debian. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834#27 @Myron, yours sounds like a different issue. I suggest you file a new bug, downloading https://git.launchpad.net/ufw/tree/tests/check- requirements and including the output of 'sudo sh /path/to/check- requirements'. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726856 Title: ufw does not start automatically at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1726856/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955940] [NEW] package timidity-daemon 2.14.0-8build1 failed to install/upgrade: installed timidity-daemon package post-installation script subprocess returned error exit status 5
Public bug reported: Failed to stop timidity.service: Unit timidity.service not loaded. invoke-rc.d: initscript timidity, action "stop" failed. dpkg: error processing package timidity-daemon (--configure): installed timidity-daemon package post-installation script subprocess returned error exit status 5 ProblemType: Package DistroRelease: Ubuntu 21.10 Package: timidity-daemon 2.14.0-8build1 ProcVersionSignature: Ubuntu 5.13.0-22.22-generic 5.13.19 Uname: Linux 5.13.0-22-generic x86_64 ApportVersion: 2.20.11-0ubuntu71 AptOrdering: timidity:amd64: Install timidity-daemon:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Dec 28 19:21:29 2021 ErrorMessage: installed timidity-daemon package post-installation script subprocess returned error exit status 5 InstallationDate: Installed on 2021-02-05 (326 days ago) InstallationMedia: Ubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022) PackageArchitecture: all Python3Details: /usr/bin/python3.9, Python 3.9.7, python3-minimal, 3.9.4-1build1 PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.18-9 RelatedPackageVersions: dpkg 1.20.9ubuntu2 apt 2.3.9 SourcePackage: timidity Title: package timidity-daemon 2.14.0-8build1 failed to install/upgrade: installed timidity-daemon package post-installation script subprocess returned error exit status 5 UpgradeStatus: Upgraded to impish on 2021-10-16 (73 days ago) ** Affects: timidity (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package impish need-duplicate-check -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955940 Title: package timidity-daemon 2.14.0-8build1 failed to install/upgrade: installed timidity-daemon package post-installation script subprocess returned error exit status 5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/timidity/+bug/1955940/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643706] Re: snap apps need to be able to browse outside of user $HOME dir. for Desktop installs
** Changed in: snapd (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643706 Title: snap apps need to be able to browse outside of user $HOME dir. for Desktop installs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1643706/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1948960] Re: nvidia-driver-XXX-server packaging: Demote nvidia-settings to "Suggests"
Hello, I've tested the focal-proposed versions of nvidia-driver-450-server- generic and nvidia-470-server-generic, and the changes look good. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1948960 Title: nvidia-driver-XXX-server packaging: Demote nvidia-settings to "Suggests" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-418-server/+bug/1948960/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951018] Re: No ability to discern IPv4 vs IPv6 rules through Python
** Also affects: ufw Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951018 Title: No ability to discern IPv4 vs IPv6 rules through Python To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1951018/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
Also, to be clear, when I say I can't look at the ufw portions 'for a while', I mean ~10 days (doing this from my phone). Thinking about this, my thinking is this is less about the Before/Wants on network-pre and the removal of DefaultDependencies and more about Before=network being removed (with perhaps nothing else doing that? ie, I don't think this an ufw bug; I think the change uncovered something). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
I mention firewalld cause while ufw could be reverted, firewalld users would presumably also hit it, as well as any other software that does it. If the ufw change is reverted, IME someone should audit the archive for other occurrences of this pattern and update the units accordingly). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network
Fyi, the current configuration is the same as firewalld upstream and what is in Debian, Moreover it is following systemd documentation for firewall software so I wonder if the change simply uncovered a latent bug Fyi, I won't be able to look at this for a while so if you need to back it out, please do an ubuntu1 upload (though it would be great if someone more familiar with systemd-networkd thought through my latent bug comment). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1946804] Re: ufw breaks boot on network root filesystem
Tested 0.36-6ubuntu1 on focal. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I didn't test on an iSCSI system so won't add verification-done-focal at this time, but I think the testing is probably sufficient for that (I'll let others decide). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network root filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1946804/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1946804] Re: ufw breaks boot on network root filesystem
Tested 0.36-0ubuntu0.18.04.2 on bionic. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I didn't test on an iSCSI system so won't add verification-done-focal at this time, but I think the testing is probably sufficient for that (I'll let others decide). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network root filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1946804/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule
Tested 0.36-0ubuntu0.18.04.2 on bionic. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I was able to verify the this bug is fixed via the test steps. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933117 Title: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1933117/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule
Tested 0.36-6ubuntu1 on focal. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order. I was able to verify the this bug is fixed via the test steps. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933117 Title: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1933117/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726856] Re: ufw does not start automatically at boot
I've looked at this issue again in reference to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834 and while I still cannot reproduce, I plan to change to the following (I won't ship the commented out lines of course): [Unit] Description=Uncomplicated firewall Documentation=man:ufw(8) #DefaultDependencies=no #Before=network.target Before=network-pre.target Wants=network-pre.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/lib/ufw/ufw-init start quiet ExecStop=/lib/ufw/ufw-init stop [Install] WantedBy=multi-user.target This removes DefaultDependencies=no so that 'sysinit' will be pulled in and changes the single 'Before=network.target' to instead have Before=network-pre.target and Wants=network-pre.target. This won't help people who have different firewall software installed (like some of the comments), but should make startup more robust (eg, for those needing something from sysinit) while still allowing it to come up before the network. ** Bug watch added: Debian Bug tracker #990834 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726856 Title: ufw does not start automatically at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1726856/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1948960] [NEW] nvidia-driver-XXX-server packaging: Demote nvidia-settings to "Suggests"
Public bug reported: The nvidia-driver-XXX-server meta-package "Recommends" nvidia-settings. I think it would be better to demote nvidia-settings to a "Suggests" for these packages because of all the following: - The Ubuntu default behavior is to install "recommended" packages. - The -server packages are associated with TRDs, which are generally used on Tesla GPUs, which are generally used on servers. - nvidia-settings pulls in many GUI bits which are generally not relevant to servers. ** Affects: nvidia-graphics-drivers-450-server (Ubuntu) Importance: Undecided Status: New ** Affects: nvidia-graphics-drivers-460-server (Ubuntu) Importance: Undecided Status: New ** Affects: nvidia-graphics-drivers-470-server (Ubuntu) Importance: Undecided Status: New ** Project changed: kernel-sru-workflow => nvidia-graphics- drivers-470-server (Ubuntu) ** Package changed: nvidia-graphics-drivers-470-server (Ubuntu) => nvidia-graphics-drivers-450-server (Ubuntu) ** Also affects: nvidia-graphics-drivers-460-server (Ubuntu) Importance: Undecided Status: New ** Also affects: nvidia-graphics-drivers-470-server (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1948960 Title: nvidia-driver-XXX-server packaging: Demote nvidia-settings to "Suggests" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-450-server/+bug/1948960/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1946804] Re: ufw breaks boot on network root filesystem
Ah, I hadn't checked that yet. Yes, please feel free to do the Impish SRU and the 0.36.1-2 that I just uploaded to Debian will float into 'J' after it opens. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network root filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1946804/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1946804] Re: ufw breaks boot on network root filesystem
For Impish, lets update debian/master, then I'll upload there and sync to Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network root filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1946804/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1946804] Re: ufw breaks boot on network root filesystem
I merged the changes into master. Thanks Mauricio! ** Changed in: ufw Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network root filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1946804/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap
Olivier, yes, I shouldn't be assigned. Ian, you're right the profile is
suboptimal (it's also old so likely needs updating).
Do note that this is a separate named profile and evince (and if this is
put in an abstraction, anything that uses the abstraction) only has the
`/{,snap/core/[0-9]*/}usr/bin/snap mrCx -> snap_browser,` rule which
means that it is able to run the 'snap' command (needed since everything
in /snap/bin points to /usr/bin/snap) which at the time I wrote the
profile meant that access to this socket was needed as part of snap run.
IIRC, snapd should be protecting certain actions by uid connecting to it
(eg, you are root or not), but it has been a while since I've looked at
that. Evince is not a snap though so if snapd does any checks on 'is the
client a snap' then those would fail and evince would be able to do
whatever a non-root user could do with the 'snap' command via the
socket.
For snap run, we can see that the snap_browser profile limits what can
be used with 'run' since (at the time I wrote the comment) 'snap run'
required being able to look at the meta/snap.yaml of the specific snap.
This 'works' (worked?) but is brittle since if snap run changed to lift
this requirement (eg, 'snap run' just passed the name of the unresolved
symlink to snapd over the socket and let snapd start the snap, perhaps
via userd, etc) then this falls apart.
The profile was put up as an example as what could be done at the time without
any help from snapd. I never particularly cared for it cause it was brittle and
not designed. I'm not sure how to fix this, but here are some thoughts:
* evince is just executing stuff from /snap/bin (probably via the system's
xdg-open). Assuming xdg-open, the system's xdg-open (or whatever evince is
using to decide and launch the default browser) could itself be fixed in Ubuntu
to launch a different command that behaved better. This wouldn't necessarily
fix other distros (though this is the evince profile in Debian and Ubuntu, so
*technically*, if you got this change (to presumably xdg-open) into them, you
could update the evince profile in them accordingly)
* In lieu of that, if the profile still worked as intended, snapd could be
hardened to look to check more than if the connecting process is root or a
snap; it could also see if it is running under a non-snap profile, then limit
access to the socket API accordingly. This has drawbacks and could break people
who have written custom profiles similar to what I presented.
* I suppose an alternative approach would be to have symlinks in /snap/bin for
things that are registered as browsers (or just the default browser) point to a
designed snap command. Eg:
/snap/bin/firefox -> /usr/bin/snap # keep the
existing one too
/snap/bin/default-browser-is-a-snap -> /usr/bin/snap-browser # name is
illustrative, TBD
Now firefox, chromium, opera, brave, etc snaps registers themselves as
being capable of being a default browser with snapd, then snapd
registers with the system that /snap/bin/default-browser-is-a-snap is
the default browser (so system utilities like xdg-open don't need to
change) and /usr/bin/snap-browser is written to be safe (eg, only able
to 'snap run' the configured default browser, nothing else) and apparmor
profiles are adjusted to have `/{,snap/core/[0-9]*/}usr/bin/snap-browser
Uxr,` (or similar). The /snap/bin/default-browser-is-a-snap path is
illustrative and there isn't really a need for it at all. Could simply
perhaps have snapd register /usr/bin/snap-browser as the default browser
on the system (it now needs to know what snapd configured as the default
browser snap though) and forego the symlink.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to open it if the default browser
is a snap
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1794064/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap
** Changed in: evince (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794064 Title: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1794064/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1909005] Re: Ubuntu does not resume (wake up) from suspend
Seeing this bug on my Dell Inspiron 15, 5515 Ubuntu 20.04.3 5.11.0-36-lowlatency Seeing one of the following two behaviors everytime it goes into suspend: 1) The machine goes into suspend okay, and when I press power it doesn't turn back on from suspend. I hold power to turn off, then press power again and it will come back on. OR 2) The machine goes into suspend okay, and when I press power it turns on but hangs at a black screen. I hold power to turn off, then press power again and it will come back on. Machine is dual booted with Windows and Ubuntu -> only seeing issues in Ubuntu -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1909005 Title: Ubuntu does not resume (wake up) from suspend To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule
** Also affects: ufw (Ubuntu) Importance: Undecided Status: New ** Changed in: ufw (Ubuntu) Status: New => In Progress ** Changed in: ufw (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933117 Title: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1933117/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726856] Re: ufw does not start automatically at boot
@cajicas215 - your comment is not helpful. If you look at the other comments in this bug, there has been nothing to fix in ufw. I suggest looking at the comments in this bug and seeing if any of the issues others have seen apply to you. If not, please report a new bug with steps to reproduce. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726856 Title: ufw does not start automatically at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1726856/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726856] Re: ufw does not start automatically at boot
@Fabian - your change both makes the firewall start after networking,
brings python into the boot process (which can slow down boot) and
changes the intent of 'systemctl stop ufw' from unloading the firewall
to disabling the firewall in the moment and forever in the future, which
is inappropriate ('systemctl stop' is supposed to stop the service until
someone runs 'systemctl start' again or reboot. 'systemctl disable' is
meant to prevent the service from starting on reboot. This might be fine
for your system, but it would not be appropriate as a default in ufw or
distributions. Also, this bug is in upstream ufw and you are reporting
an issue on Raspbian, who would supply the packaging for ufw. If you
still feel the change should be made, I suggest filing a bug with
Raspbian so they can change their packaging of ufw.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1726856
Title:
ufw does not start automatically at boot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1726856/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921350] Re: UFW hangs indefinitely on any action
There is another bug related to ansible in https://bugs.launchpad.net/ufw/+bug/1911637. I suggest following that one. Leaving this one as Expired. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921350 Title: UFW hangs indefinitely on any action To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1921350/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934931] Re: (X)ubuntu 20.04: GUFW and MS-Teams slow down traffic intermittently
It is unclear from the description that this has anything to do with networking. Are there any firewall denials in the logs (eg, /var/log/ufw.log or /var/log/kern.log)? If you disable ufw (sudo ufw disable) does the problem go away? As an aside, IIRC, MS-Teams is not a lightweight application and I suspect this could be memory consumption unrelated to the firewall. ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934931 Title: (X)ubuntu 20.04: GUFW and MS-Teams slow down traffic intermittently To manage notifications about this bug go to: https://bugs.launchpad.net/gui-ufw/+bug/1934931/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1909373] Re: package ufw 0.36-0ubuntu0.18.04.1 failed to install/upgrade: installed ufw package post-installation script subprocess returned error exit status 10
There isn't anything in the logs the indicates that there what happened. Do you have any other information? ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1909373 Title: package ufw 0.36-0ubuntu0.18.04.1 failed to install/upgrade: installed ufw package post-installation script subprocess returned error exit status 10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1909373/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898696] Re: add some deliminiter between ipv4 and ipv6 in ufw status
Thanks you for the report. It is difficult to convey ipv4 vs ipv6 vs both in list form and currently ufw lists any ipv6 rules with '(v6)' as part of the To and From (as seen in your paste). It isn't clear to me how adding an 'IPv6' break would improve this... I'm going to mark this as wishlist while I think about it. Regarding the side note, the person who posted the question was unaware of https://bugs.launchpad.net/ufw/+bug/1880453 which speaks to future support (it isn't needed as ufw will use the nft backend if the system is configured to do so). ** Changed in: ufw (Ubuntu) Importance: Undecided => Wishlist ** Changed in: ufw (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898696 Title: add some deliminiter between ipv4 and ipv6 in ufw status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1898696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1911637] Re: Another app is currently holding the xtables lock
** Changed in: ufw Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1911637 Title: Another app is currently holding the xtables lock To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1911637/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1911637] Re: Another app is currently holding the xtables lock
Actually, in thinking about this, ufw could use 'iptables -w' under the hood. I recall having troubles with this approach when providing the fix for https://bugs.launchpad.net/ufw/+bug/1204579. I suggest following my advice in my last comment to avoid the issue while using 'iptables -w' is explored. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1911637 Title: Another app is currently holding the xtables lock To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1911637/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1911637] Re: Another app is currently holding the xtables lock
Thanks for the report. I read the ansible bug but this issue is actually coming from the underlying iptables tool. Something on the system is manipulating the firewall via iptables at the same time that the ufw command is being run. As described, this would happen with any firewall software. If only ufw is being used with ansible, perhaps ensure that the ufw commands are not being run in parallel. The upstream bug referenced docker, which will also manipulate the firewall with iptables; perhaps ensure that ufw configuration is applied before docker is started. I'm going to mark this bug as Invalid for now. Feel free to provide more information if you feel this is specific to ufw. ** Changed in: ufw (Ubuntu) Status: Confirmed => Invalid ** Changed in: ufw (Ubuntu) Status: Invalid => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1911637 Title: Another app is currently holding the xtables lock To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1911637/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933828] Re: NTP servers from DHCP are not propagated to timesyncd
** Changed in: oem-priority Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933828 Title: NTP servers from DHCP are not propagated to timesyncd To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1933828/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1889137] Re: HWE kernel is missing firmwares
I started seeing the issues that Sergio mentioned lately as well. I think this was caused by the recent automatic move from 5.8 to 5.11. I had the oem kernel installed (20.04 install) but then apt recently moved me to the hwe-5.8 kernel. More recently apt pulled in hwe-5.11 and I believe that is when I started seeing this issue. I didn't look at this super carefully, but it appears that some packaging for the lenovo oem-sutton.newell-ace-meta ppa transitioned me to linux-image-generic-hwe-20.04 (fine) which at the time was 5.8 (on Jul 22 linux-generic-hwe-20.04:amd64 5.8.0.63.71~20.04.45 got installed, according to /var/log/dpkg.log.1). I rebooted into this kernel and was happy. Sometime in July, 5.11.0.22.23~20.04.6 came into -security and -updates, but I didn't install it. Later I performed an apt-get dist-upgrade and was upgraded to 5.11.0.25.27~20.04.10 on Aug 6. Today I upgraded again to 5.11.0-27.29~20.04.1. As it happens, I did not boot into either of the 5.11 kernels and am still on 5.8 (5.8.0-63.71~20.04.1-generic). I reinstalled linux-firmware just now and it readily demonstrates the issue: $ sudo dpkg -i ./linux-firmware_1.187.16_all.deb (Reading database ... 260812 files and directories currently installed.) Preparing to unpack .../linux-firmware_1.187.16_all.deb ... Unpacking linux-firmware (1.187.16) over (1.187.16) ... Setting up linux-firmware (1.187.16) ... update-initramfs: Generating /boot/initrd.img-5.11.0-27-generic W: Possible missing firmware /lib/firmware/i915/skl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/bxt_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/glk_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/cml_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/icl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/ehl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/ehl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_huc_7.5.0.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_huc_7.5.0.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/dg1_dmc_ver2_02.bin for module i915 update-initramfs: Generating /boot/initrd.img-5.11.0-25-generic W: Possible missing firmware /lib/firmware/i915/skl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/bxt_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/glk_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/kbl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/cml_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/icl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/ehl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/ehl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_huc_7.5.0.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_huc_7.5.0.bin for module i915 W: Possible missing firmware /lib/firmware/i915/tgl_guc_49.0.1.bin for module i915 W: Possible missing firmware /lib/firmware/i915/dg1_dmc_ver2_02.bin for module i915 update-initramfs: Generating /boot/initrd.img-5.8.0-63-generic $ From the above, we can see that the 5.8 kernel had no errors, but both the 5.11 ones do. As I have the i915 chipset on this device, I haven't rebooted yet as I need a functional system. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889137 Title: HWE kernel is missing firmwares To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1889137/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938005] Re: ufw ignores rules
Recall that ufw uses connection tracking so if you add a deny rule, you may need to expire the connection tracking. One way to do this is to run: `conntrack -D -d ` (see man conntrack for details). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938005 Title: ufw ignores rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1938005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939305] [NEW] e2scrub shouldn't run in a container
Public bug reported: This bug is similar to https://bugs.launchpad.net/ubuntu/+source/util- linux/+bug/1589289 (fstrim), but for the e2fsprogs timer e2scrub_all.timer. IME, the container itself shouldn't be running 'ext4 Metadata Checks for All Filesystems...' and that should be left up to the host to handle. I noticed this in a 20.04 container. I suspect the fix is similar to fstrim and to simply add 'ConditionVirtualization=!container' to the systemd timer. ** Affects: e2fsprogs (Ubuntu) Importance: Undecided Status: New ** Description changed: This bug is similar to https://bugs.launchpad.net/ubuntu/+source/util- - linux/+bug/1589289 (fstrim), but for the e2fsprogs timers: - e2scrub@.service and e2scrub_all.timer. IME, the container itself - shouldn't be running 'ext4 Metadata Checks for All Filesystems...' and - that should be left up to the host to handle. I noticed this in a 20.04 - container. + linux/+bug/1589289 (fstrim), but for the e2fsprogs timer + e2scrub_all.timer. IME, the container itself shouldn't be running 'ext4 + Metadata Checks for All Filesystems...' and that should be left up to + the host to handle. I noticed this in a 20.04 container. I suspect the fix is similar to fstrim and to simply add - 'ConditionVirtualization=!container' to the systemd timers. + 'ConditionVirtualization=!container' to the systemd timer. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939305 Title: e2scrub shouldn't run in a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/1939305/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938005] Re: ufw ignores rules
/etc/default/ufw has: DEFAULT_OUTPUT_POLICY="ACCEPT" This means that all outgoing traffic is allowed. If you would like to change that, you can use: $ sudo ufw deny outgoing This will make it more difficult for you to manage the firewall since you'll have to add rules like: $ sudo ufw allow out to any port 53 and the like. Note, using 'ufw reload' may not work as expected if you are running iptables commands by hand underneath it. In those case, I suggest: $ sudo /lib/ufw/ufw-init flush-all $ sudo ufw disable $ sudo ufw enable Please report back. Thanks again for the report. ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938005 Title: ufw ignores rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1938005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1938005] Re: ufw ignores rules
Thank you for the bug report. You mentioned that the problem happens after running `iptables -F`. This command removes all the rules from the firewall (see man iptables) so it would be expected that the firewall would not work correctly after running this. I'm going to mark this as Invalid, but if you have more information, feel free to add it. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938005 Title: ufw ignores rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1938005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1937036] [NEW] package initramfs-tools 0.136ubuntu6.6 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1
Public bug reported: I think my boot partition is full. Idea: could it have a pre-install script that checks if the install partition has space, and if not then provide a link to some documentation on how to find and purge old kernels? ProblemType: Package DistroRelease: Ubuntu 20.04 Package: initramfs-tools 0.136ubuntu6.6 ProcVersionSignature: Ubuntu 5.8.0-59.66~20.04.1-generic 5.8.18 Uname: Linux 5.8.0-59-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.18 Architecture: amd64 CasperMD5CheckResult: skip Date: Wed Jul 21 09:50:16 2021 ErrorMessage: installed initramfs-tools package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2021-04-21 (90 days ago) InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.6 SourcePackage: initramfs-tools Title: package initramfs-tools 0.136ubuntu6.6 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: initramfs-tools (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1937036 Title: package initramfs-tools 0.136ubuntu6.6 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1937036/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849753] Re: AppArmor profile prohibits classic snap from inheriting file descriptors
FYI, if people need to workaround this to get real work done, you can
add something like this to your bashrc:
snap_workaround() {
fn="/var/lib/snapd/apparmor/snap-confine/lp1849753"
test -e "$fn" && return
tmpfn=$(mktemp)
cat > "$tmpfn"
[Bug 1929212] Re: package initramfs-tools 0.136ubuntu6.4 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1
Was getting similar errors on on subsequent `sudo apt upgrade`s - worked around by freeing boot space as suggested in https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1899907 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929212 Title: package initramfs-tools 0.136ubuntu6.4 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1929212/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1929212] [NEW] package initramfs-tools 0.136ubuntu6.4 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1
Public bug reported: Crash report appeared immediately after wake-up from suspend On Ubuntu 20.04.2 LTS. ``` $ apt-cache policy initramfs-tools initramfs-tools: Installed: 0.136ubuntu6.4 Candidate: 0.136ubuntu6.5 Version table: 0.136ubuntu6.5 500 500 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://gb.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages *** 0.136ubuntu6.4 100 100 /var/lib/dpkg/status 0.136ubuntu6 500 500 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 Packages 500 http://gb.archive.ubuntu.com/ubuntu focal/main i386 Packages ``` ProblemType: Package DistroRelease: Ubuntu 20.04 Package: initramfs-tools 0.136ubuntu6.4 ProcVersionSignature: Ubuntu 5.8.0-50.56~20.04.1-generic 5.8.18 Uname: Linux 5.8.0-50-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.17 AptOrdering: intel-microcode:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: skip Date: Fri May 21 10:39:27 2021 ErrorMessage: installed initramfs-tools package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2021-04-21 (29 days ago) InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.5 SourcePackage: initramfs-tools Title: package initramfs-tools 0.136ubuntu6.4 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: initramfs-tools (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929212 Title: package initramfs-tools 0.136ubuntu6.4 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1929212/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922401] Re: do-release-upgrade fails because it marks e2fsprogs for removal
I found the problem. Documenting here for posterity. I had a file in /etc/apt/preferences.d/ containing this: Package: * Pin: Release v=18.04, -l=Ubuntu Pin-Priority: 10 I had added this a while ago to upgrade smartmontools to the version from Bionic, but forgot about it. Removing this (commenting out these 3 lines) made the do-release-upgrade succeed. ** Changed in: ubuntu-release-upgrader (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922401 Title: do-release-upgrade fails because it marks e2fsprogs for removal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1922401/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922401] [NEW] do-release-upgrade fails because it marks e2fsprogs for removal
Public bug reported: Here's the error that I think describes the problem in /var/log/dist- upgrade/main.log : 2021-04-02 21:21:20,082 DEBUG The package 'e2fsprogs' is marked for removal but it's an ESSENTIAL package 2021-04-02 21:21:20,129 ERROR Dist-upgrade failed: 'The essential package 'e2fsprogs' is marked for removal.' I've already removed all PPAs, purged uninstalled packages, fixed broken packages, and done "apt upgrade" and "apt dist-upgrade". My guess is that I installed somethingorother that is preventing the upgrade, but I've disabled all non-ubuntu sources from /etc/apt/sources.list, so I'm not sure why this is happening. # uname -a Linux merlin 4.4.0-206-generic #238-Ubuntu SMP Tue Mar 16 07:52:37 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux # lsb_release -rd Description:Ubuntu 16.04.7 LTS Release:16.04 # apt-cache policy e2fsprogs e2fsprogs: Installed: 1.42.13-1ubuntu1.2 Candidate: 1.42.13-1ubuntu1.2 Version table: 1.44.1-1 10 10 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages *** 1.42.13-1ubuntu1.2 500 500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status 1.42.13-1ubuntu1 500 500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: ubuntu-release-upgrader-core 1:16.04.32 ProcVersionSignature: Ubuntu 4.4.0-206.238-generic 4.4.254 Uname: Linux 4.4.0-206-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.30 Architecture: amd64 CrashDB: ubuntu Date: Fri Apr 2 21:24:33 2021 InstallationDate: Installed on 2010-05-16 (3974 days ago) InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427) PackageArchitecture: all ProcEnviron: TERM=dtterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: ubuntu-release-upgrader UpgradeStatus: Upgraded to xenial on 2021-04-03 (0 days ago) mtime.conffile..etc.update-manager.release-upgrades: 2017-10-10T23:01:47.418404 ** Affects: ubuntu-release-upgrader (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug dist-upgrade third-party-packages xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922401 Title: do-release-upgrade fails because it marks e2fsprogs for removal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1922401/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1921350] Re: UFW hangs indefinitely on any action
Thanks you for reporting a bug. Are there other ufw commands running at the same time? Eg, what is the output of: $ ps auxww|grep ufw ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921350 Title: UFW hangs indefinitely on any action To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1921350/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused
Thanks for the additional information! :) ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914816 Title: ufw not logging if it decides to stop all traffic ? Confused To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1914816/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused
The check is not free, but it is an interesting idea to do this. I've created a wishlist bug for it: https://bugs.launchpad.net/ufw/+bug/1917325 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914816 Title: ufw not logging if it decides to stop all traffic ? Confused To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1914816/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules
CzBiX, ufw does not yet manage the nat table (though there have been a couple of false starts). However, it does manage the FORWARD chain with 'ufw route' so it is possible for you to create a chain in the nat table in /etc/ufw/before.rules, and then use ufw route for other things. This is described in 'man ufw-framework' in the EXAMPLES section. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/881137 Title: UFW does not clean iptables setting from /etc/ufw/before.rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/881137/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused
Hi. A few things: ufw is capable of logging (see 'man ufw' the part about 'ufw logging' as well as per rule logging with 'ufw ... log' or 'ufw ... log-all'. It is also capable of ipv6 (see /etc/default/ufw. Also, gufw is a different project than ufw, but it sounds like the issue you saw may be seeing is another firewall is in place. What is the output of 'sudo /usr/share/ufw/check-requirements'? ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914816 Title: ufw not logging if it decides to stop all traffic ? Confused To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1914816/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912943] acpidump.txt
apport information ** Attachment added: "acpidump.txt" https://bugs.launchpad.net/bugs/1912943/+attachment/5456314/+files/acpidump.txt ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912943 Title: magicmouse driver causes soft panic intermittently at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912943] WifiSyslog.txt
apport information ** Attachment added: "WifiSyslog.txt" https://bugs.launchpad.net/bugs/1912943/+attachment/5456313/+files/WifiSyslog.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912943 Title: magicmouse driver causes soft panic intermittently at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912943] PulseList.txt
apport information ** Attachment added: "PulseList.txt" https://bugs.launchpad.net/bugs/1912943/+attachment/5456310/+files/PulseList.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912943 Title: magicmouse driver causes soft panic intermittently at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912943] UdevDb.txt
apport information ** Attachment added: "UdevDb.txt" https://bugs.launchpad.net/bugs/1912943/+attachment/5456312/+files/UdevDb.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912943 Title: magicmouse driver causes soft panic intermittently at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912943] RfKill.txt
apport information ** Attachment added: "RfKill.txt" https://bugs.launchpad.net/bugs/1912943/+attachment/5456311/+files/RfKill.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912943 Title: magicmouse driver causes soft panic intermittently at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912943] ProcModules.txt
apport information ** Attachment added: "ProcModules.txt" https://bugs.launchpad.net/bugs/1912943/+attachment/5456309/+files/ProcModules.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912943 Title: magicmouse driver causes soft panic intermittently at boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1912943/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
