[Bug 1849346] Re: [snap] kerberos GSSAPI no longer works after deb->snap transition
The /etc/gss/mech.d/ and /etc/krb5.conf.d/ denials may be relevant. Both directories are empty in my case, but lack of access may be killing some logic that relies on checking them. ** Attachment added: "AppArmor denials" https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+attachment/5303122/+files/apparmor_denials.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849346] Re: [snap] kerberos GSSAPI no longer works after deb->snap transition
** Summary changed: - kerberos GSSAPI no longer works after deb->snap transition + [snap] kerberos GSSAPI no longer works after deb->snap transition -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849346] Re: kerberos GSSAPI no longer works after deb->snap transition
** Description changed: I configure AuthServerWhitelist as documented: - https://cloud.google.com/docs/chrome- - enterprise/policies/?policy=AuthServerWhitelist + https://www.chromium.org/developers/design-documents/http-authentication and can see my whitelisted domains in chrome://policy/ - but websites that used to work with SPEGNO/GSSAPI/kerberos no longer + but websites that used to work with SPNEGO/GSSAPI/kerberos no longer work. I'm guessing the snap needs some sort of permission to use the kerberos ticket cache (or the plumbing to do so doesn't exist...). I can confirm that Chrome has the desired behavior. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1849346] [NEW] kerberos GSSAPI no longer works after deb->snap transition
Public bug reported: I configure AuthServerWhitelist as documented: https://cloud.google.com/docs/chrome- enterprise/policies/?policy=AuthServerWhitelist and can see my whitelisted domains in chrome://policy/ but websites that used to work with SPEGNO/GSSAPI/kerberos no longer work. I'm guessing the snap needs some sort of permission to use the kerberos ticket cache (or the plumbing to do so doesn't exist...). I can confirm that Chrome has the desired behavior. ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1691025] Re: Installing xpra on HWE-enabled LTS breaks system
A bit more discussion if you are using the xpra repo (and upgrading to hwe on bionic rather than a fresh install): https://xpra.org/trac/ticket/2190 ** Bug watch added: xpra.org/trac/ #2190 https://xpra.org/trac/ticket/2190 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1691025 Title: Installing xpra on HWE-enabled LTS breaks system To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xpra/+bug/1691025/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1691025] Re: Installing xpra on HWE-enabled LTS breaks system
FWIW the author of xpra recommends you use their repository instead of the Ubuntu repository. See https://www.xpra.org/trac/wiki/Packaging/DistributionPackages https://xpra.org/trac/wiki/Download The packages from xpra.org don't have this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1691025 Title: Installing xpra on HWE-enabled LTS breaks system To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xpra/+bug/1691025/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1691025] Re: Installing xpra on HWE-enabled LTS breaks system
I just ran into this with 18.04.2, which has HWE out of the box. Repro: 1) Fresh 18.04.2 in a KVM VM. 2) sudo apt install xpra 3) After graphical console login (?), input devices don't work. Package list below: --- $ sudo apt install xpra [sudo] password for user: Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: freeglut3 libgtkglext1 libpango1.0-0 libpangox-1.0-0 libpython-stdlib python python-cairo python-dbus python-gi python-gi-cairo python-gobject-2 python-gtk2 python-gtkglext1 python-lz4 python-lzo python-minimal python-olefile python-opengl python-pil python-rencode python2.7 python2.7-minimal ssh-askpass xserver-xorg-core xserver-xorg-input-void xserver-xorg-video-dummy Suggested packages: python-doc python-tk python-dbus-dbg python-dbus-doc python-gobject-2-dbg python-gtk2-doc python-numpy libgle3 python-pil-doc python-pil-dbg python2.7-doc binfmt-support openssh-server python-pyopencl python-gst-1.0 python-avahi python-netifaces cups-pdf python-cups python-opencv v4l2loopback-dkms python-yaml xfonts-100dpi | xfonts-75dpi The following packages will be REMOVED: ubuntu-desktop xorg xserver-xorg-core-hwe-18.04 xserver-xorg-hwe-18.04 xserver-xorg-input-all-hwe-18.04 xserver-xorg-input-libinput-hwe-18.04 xserver-xorg-input-wacom-hwe-18.04 xserver-xorg-video-all-hwe-18.04 xserver-xorg-video-amdgpu-hwe-18.04 xserver-xorg-video-ati-hwe-18.04 xserver-xorg-video-fbdev-hwe-18.04 xserver-xorg-video-intel-hwe-18.04 xserver-xorg-video-nouveau-hwe-18.04 xserver-xorg-video-qxl-hwe-18.04 xserver-xorg-video-radeon-hwe-18.04 xserver-xorg-video-vesa-hwe-18.04 xserver-xorg-video-vmware-hwe-18.04 The following NEW packages will be installed: freeglut3 libgtkglext1 libpango1.0-0 libpangox-1.0-0 libpython-stdlib python python-cairo python-dbus python-gi python-gi-cairo python-gobject-2 python-gtk2 python-gtkglext1 python-lz4 python-lzo python-minimal python-olefile python-opengl python-pil python-rencode python2.7 python2.7-minimal ssh-askpass xpra xserver-xorg-core xserver-xorg-input-void xserver-xorg-video-dummy 0 upgraded, 27 newly installed, 17 to remove and 0 not upgraded. Need to get 7,215 kB of archives. After this operation, 21.6 MB of additional disk space will be used. Do you want to continue? [Y/n] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1691025 Title: Installing xpra on HWE-enabled LTS breaks system To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xpra/+bug/1691025/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1496548] [NEW] evince no longer built with -PIE
Public bug reported: It seems that evince is no longer built with -PIE in 15.04: $ hardening-check /usr/bin/evince /usr/bin/evince: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: no, not found! >From 14.04: $ hardening-check /usr/bin/evince /usr/bin/evince: Position Independent Executable: yes Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: yes evince is a targeted package for 'Built as PIE' here: https://wiki.ubuntu.com/Security/Features#Built_as_PIE ** Affects: evince (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1496548 Title: evince no longer built with -PIE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1496548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs