On Tue, 2023-09-19 at 07:17 +0200, Salvatore Bonaccorso wrote:
> On Sun, Sep 17, 2023 at 12:01:37PM +0530, intrigeri wrote:
> > In the last month or so, a number of people from various Debian teams
> > and other distributions have been tracking down a regression that
> > affects systems upgraded
Control: tags -1 + confirmed moreinfo
Hi,
On Sun, Sep 17, 2023 at 12:01:37PM +0530, intrigeri wrote:
> Control: reassign -1 src:linux
> Control: retitle -1 AppArmor breaks locking non-fs Unix sockets
> Control: affects -1 src:apparmor src:lxc src:systemd src:pdns src:policykit-1
> Control: found
Hi all,
On 09-09-2023 13:06, Paul Gevers wrote:
All ci.d.n workers (except riscv64) now run the kernel from
bookworm-backports. systemd passes it's autopkgtest again in unstable,
testing and stable.
We're having issues [1] with the (backports and) unstable kernel on our
main amd64 host, so
Dear lxd and systemd maintainers,
Michael Biebl (2023-09-11):
> When you do the reassignment, you should probably merge this bug report
> with #1038315 and #1042880, now that we know what the root cause is.
FTR I did not dare merging these myself: perhaps you want to keep
separate bug reports
Control: reassign -1 src:linux
Control: retitle -1 AppArmor breaks locking non-fs Unix sockets
Control: affects -1 src:apparmor src:lxc src:systemd src:pdns src:policykit-1
Control: found -1 6.1.38-1
Control: found -1 6.1.38-2
Control: notfound -1 6.3.1-1~exp1
Hi Debian Kernel Team,
In the last
On Mon, 2023-09-11 at 13:45 +0200, Michael Biebl wrote:
> Am 09.09.23 um 14:20 schrieb intrigeri:
>
> > At this stage it seems clear that the bug and the corresponding
> > ideal fix are in the AppArmor part of src:linux, and the bug
> > affects at least src:apparmor and src:lxc. I'd like to
On Mon, 2023-09-04 at 12:39 -0700, John Johansen wrote:
> On 9/4/23 12:32, Michael Biebl wrote:
> > John, could you help with getting this fix into 6.1.x?
>
> yes, I am working on a patch.
Hi John,
I wanted to check in to see if you've had a chance to work on that
patch for the 6.1 kernel.
Control: severity -1 important
Am 09.09.23 um 14:20 schrieb intrigeri:
Hi again,
Thank you all for working both on workarounds for Debian CI and on
a proper upstream Linux kernel fix. Impressive cross-team work! :)
+1
At this stage it seems clear that the bug and the corresponding ideal
Hi again,
Thank you all for working both on workarounds for Debian CI and on
a proper upstream Linux kernel fix. Impressive cross-team work! :)
At this stage it seems clear that the bug and the corresponding ideal
fix are in the AppArmor part of src:linux, and the bug affects at
least
Hi,
On 03-09-2023 10:50, Paul Gevers wrote:
I have manually upgraded the s390x host and
rebooted, so that can serve as a test arch.
All ci.d.n workers (except riscv64) now run the kernel from
bookworm-backports. systemd passes it's autopkgtest again in unstable,
testing and stable.
Paul
On 9/4/23 12:32, Michael Biebl wrote:
Am 04.09.23 um 20:23 schrieb Mathias Gibbens:
On Mon, 2023-09-04 at 01:00 -0700, John Johansen wrote:
I took a quick look through v6.1..v6.3.1
there is a patch that I think is the likely fix, it first landed in v6.2
1cf26c3d2c4c apparmor: fix apparmor
Am 04.09.23 um 20:23 schrieb Mathias Gibbens:
On Mon, 2023-09-04 at 01:00 -0700, John Johansen wrote:
I took a quick look through v6.1..v6.3.1
there is a patch that I think is the likely fix, it first landed in v6.2
1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
On Mon, 2023-09-04 at 01:00 -0700, John Johansen wrote:
> I took a quick look through v6.1..v6.3.1
>
> there is a patch that I think is the likely fix, it first landed in v6.2
>
> 1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
Thanks for the pointer John -- I think
Hello,
Am Samstag, 2. September 2023, 01:13:11 CEST schrieb Mathias Gibbens:
> A minimal reproducer is to install bookworm and create a container
> with a systemd service using a hardening option like
> PrivateNetwork=yes. With the latest bookworm kernel (6.1.38-4), the
> service will fail.
I took a quick look through v6.1..v6.3.1
there is a patch that I think is the likely fix, it first landed in v6.2
1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
it matches up the reported audit logs. Unfortunately it does not have a Fixes
tag but as best I can figure
Am 03.09.23 um 10:50 schrieb Paul Gevers:
Hi,
On 03-09-2023 02:56, Michael Biebl wrote:
ng?
Do the debci maintainers / lxc maintainers / release team have any
preference regarding a/, b/ and c/ ?
One part of me likes the ci.d.n infrastructure to run stable as an
example of "eat your own
Hi,
On 03-09-2023 02:56, Michael Biebl wrote:
My main concern is to "stop the bleeding" quickly, so to speak,
especially/mainly for debci.
I agree with you, but also consider that with this issue being there
since ~ April 2023 we don't need to rush.
I guess we have three options here:
a/
Control: severity -1 serious
I'm tentatively raising this to RC, mainly to make this issue more
visible for other maintainers.
OpenPGP_signature.asc
Description: OpenPGP digital signature
Hi everyone
Am 02.09.23 um 13:09 schrieb Antonio Terceiro:
On Fri, Sep 01, 2023 at 11:13:11PM +, Mathias Gibbens wrote:
I don't think we have a good understanding of the root cause of this
issue. Initially we thought this was a known upstream issue with all-
but very recent versions of
On Fri, Sep 01, 2023 at 11:13:11PM +, Mathias Gibbens wrote:
> Control: block 1038315 by -1
> Control: block 1042880 by -1
>
> I don't think we have a good understanding of the root cause of this
> issue. Initially we thought this was a known upstream issue with all-
> but very recent
Control: block 1038315 by -1
Control: block 1042880 by -1
I don't think we have a good understanding of the root cause of this
issue. Initially we thought this was a known upstream issue with all-
but very recent versions of apparmor and a corresponding lxc profile
fix [0]. However, it appears
Am 01.09.23 um 13:23 schrieb Michael Biebl:
The only way to fix the container was to use the aforementioned
`lxc.apparmor.profile = unconfined`.
I think we should do that as the breakage is rather widespread and I
already see individual packages trying to work around that to at least
keep
Am 31.08.23 um 19:54 schrieb Christian Boltz:
Hello,
Am Donnerstag, 31. August 2023, 08:41:59 CEST schrieb Michael Biebl:
What we found so far is, that the AppArmor policy of lxc breaks any
systemd service using PrivateNetwork=yes or PrivateIPC=yes when being
run under lxc (running under
Hello,
Am Donnerstag, 31. August 2023, 08:41:59 CEST schrieb Michael Biebl:
> What we found so far is, that the AppArmor policy of lxc breaks any
> systemd service using PrivateNetwork=yes or PrivateIPC=yes when being
> run under lxc (running under bookworm using the bookworm kernel).
> I
Hello everyone,
On Thu, 2023-08-31 at 08:55 +0200, Michael Biebl wrote:
> >
> > What we found so far is, that the AppArmor policy of lxc breaks any
> > systemd service using PrivateNetwork=yes or PrivateIPC=yes when
> > being
> > run under lxc (running under bookworm using the bookworm kernel).
Am 31.08.23 um 08:41 schrieb Michael Biebl:
On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl wrote:
Source: systemd
Version: 254.1-2
Severity: important
Looking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ ,
systemd has been failing on debci since about the beginning of May.
On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl wrote:
Source: systemd
Version: 254.1-2
Severity: important
Looking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ ,
systemd has been failing on debci since about the beginning of May.
Asking around on #debci, this might be kernel
Am 23.08.23 um 14:32 schrieb Michael Biebl:
I see the following error in the journal:
Aug 23 14:23:50 debian audit[4096]: AVC apparmor="DENIED"
operation="file_lock"
profile="lxc-autopkgtest-lxc-iomhit_" pid=4096
comm="(ostnamed)" family="unix" sock_type="dgram" protocol=0
Control: reassign -1 apparmor
Control: affects -1 src:systemd
Control: retitle -1 apparmor makes systemd autopkgtests fail on bookworm
Control: found -1 3.0.8-3
The plot thickens...
Am 23.08.23 um 13:20 schrieb Michael Biebl:
On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl wrote:
Source:
On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl wrote:
Source: systemd
Version: 254.1-2
Severity: important
Looking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ ,
systemd has been failing on debci since about the beginning of May.
Asking around on #debci, this might be kernel
Source: systemd
Version: 254.1-2
Severity: important
Looking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ ,
systemd has been failing on debci since about the beginning of May.
Asking around on #debci, this might be kernel related, as the debci
related systems were upgraded to
31 matches
Mail list logo
