[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 4.13.0-11.12

---
linux (4.13.0-11.12) artful; urgency=low

  * linux: 4.13.0-11.12 -proposed tracker (LP: #1716699)

  * kernel panic -not syncing: Fatal exception: panic_on_oops (LP: #1708399)
- s390/mm: fix local TLB flushing vs. detach of an mm address space
- s390/mm: fix race on mm->context.flush_mm

  * CVE-2017-1000251
- Bluetooth: Properly check L2CAP config option output buffer length

 -- Seth Forshee   Tue, 12 Sep 2017 10:18:38
-0500

** Changed in: linux (Ubuntu)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000251

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Seth Forshee]

** Changed in: linux (Ubuntu)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[John Johansen]

sort of. The code was broken into patches and upstreamed piece meal, so
the tighter restrictions when a give patch went it made sense. They also
better reflect some of the internal permissions that were being
enforced, ie. while profiles was  you needed cap mac admin to actual
see it. It looks like opening some of those back up dropped of the todo
queue.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Tyler Hicks]

@jjohansen are the more restrictive file permissions intentional? I see
quite a few apparmorfs permissions changes between xenial and upstream:

-static struct aa_fs_entry aa_fs_entry_apparmor[] = {
-   AA_FS_FILE_FOPS(".access", 0666, _fs_access),
-   AA_FS_FILE_FOPS(".stacked", 0666, _fs_stacked),
-   AA_FS_FILE_FOPS(".ns_stacked", 0666, _fs_ns_stacked),
-   AA_FS_FILE_FOPS(".ns_level", 0666, _fs_ns_level),
-   AA_FS_FILE_FOPS(".ns_name", 0666, _fs_ns_name),
-   AA_FS_FILE_FOPS("profiles", 0444, _fs_profiles_fops),
-   AA_FS_DIR("features", aa_fs_entry_features),
+static struct aa_sfs_entry aa_sfs_entry_apparmor[] = {
+   AA_SFS_FILE_FOPS(".access", 0640, _sfs_access),
+   AA_SFS_FILE_FOPS(".stacked", 0444, _ns_stacked_fops),
+   AA_SFS_FILE_FOPS(".ns_stacked", 0444, _ns_nsstacked_fops),
+   AA_SFS_FILE_FOPS(".ns_level", 0666, _ns_level_fops),
+   AA_SFS_FILE_FOPS(".ns_name", 0640, _ns_name_fops),
+   AA_SFS_FILE_FOPS("profiles", 0440, _sfs_profiles_fops),
+   AA_SFS_DIR("features", aa_sfs_entry_features),
{ }
 };

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Tyler Hicks]

The apparmorfs kernel query interface file has more restrictive file
permissions in the upstream kernel versus what we've had in the Ubuntu
sauce patches.

In Artful (Ubuntu 4.11.0-13.19-generic 4.11.12):
$ ls -al /sys/kernel/security/apparmor/.access 
-rw-rw-rw- 1 root root 0 Aug 15 17:38 /sys/kernel/security/apparmor/.access

In linux-next (4.13.0-rc6-next-20170824):
$ ls -al /sys/kernel/security/apparmor/.access
-rw-r- 1 root root 0 Aug 24 21:26 /sys/kernel/security/apparmor/.access

This means that the D-Bus session bus cannot perform AppArmor policy
queries because it can't open the .access file.

** Package changed: snapd (Ubuntu) => linux (Ubuntu)

** Changed in: linux (Ubuntu)
   Importance: Undecided => High

** Changed in: linux (Ubuntu)
   Status: New => Triaged

** Changed in: linux (Ubuntu)
 Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Seth Forshee]

+ su -l -c 'test-snapd-upower-observe-consumer.upower --dump' test

(upower:19791): UPower-WARNING **: Cannot connect to upowerd:
GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Failed to query
AppArmor policy: Permission denied

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Seth Forshee]

+ su -l -c test-snapd-system-observe-consumer.dbus-introspect test
Traceback (most recent call last):
  File "/snap/test-snapd-system-observe-consumer/6/bin/dbus-introspect", line 
10, in 
sys.exit(run())
  File "/snap/test-snapd-system-observe-consumer/6/bin/dbus-introspect", line 
6, in run
obj = dbus.SystemBus().get_object("org.freedesktop.hostname1", 
"/org/freedesktop/hostname1")
  File 
"/snap/test-snapd-system-observe-consumer/6/usr/lib/python3/dist-packages/dbus/_dbus.py",
 line 194, in __new__
private=private)
  File 
"/snap/test-snapd-system-observe-consumer/6/usr/lib/python3/dist-packages/dbus/_dbus.py",
 line 100, in __new__
bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)
  File 
"/snap/test-snapd-system-observe-consumer/6/usr/lib/python3/dist-packages/dbus/bus.py",
 line 122, in __new__
bus = cls._new_for_bus(address_or_type, mainloop=mainloop)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Failed 
to query AppArmor policy: Permission denied

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Seth Forshee]

+ CONNECTED_PATTERN=':avahi-observe +generic-consumer'
+ DISCONNECTED_PATTERN='^\- +generic-consumer:avahi-observe'
+ avahi_dbus_call='dbus-send --system --print-reply 
--dest=org.freedesktop.Avahi / org.freedesktop.Avahi.Server.GetHostName'
+ echo 'Then the plug is disconnected by default'
Then the plug is disconnected by default
+ MATCH '^\- +generic-consumer:avahi-observe'
+ snap interfaces
++ snap debug confinement
+ '[' strict = strict ']'
+ echo 'And the snap is not able to access avahi provided info'
And the snap is not able to access avahi provided info
+ generic-consumer.cmd dbus-send --system --print-reply 
--dest=org.freedesktop.Avahi / org.freedesktop.Avahi.Server.GetHostName
+ MATCH org.freedesktop.DBus.Error.AccessDenied
+ cat avahi.error
error: pattern not found, got:
Failed to open connection to "system" message bus: Failed to query AppArmor 
policy: Permission denied

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1713103] Re: snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

[Seth Forshee]

+ su -l -c shutdown-introspection-consumer test
Failed to open connection to "system" message bus: Failed to query AppArmor 
policy: Permission denied

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1713103

Title:
  snapd 2.27.3+17.10 ADT test failure with linux 4.13.0-6.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1713103/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs