Re-opening as until linux-kvm is deprecated or the CPC team moves over
to using linux-virtual for KVM images, this is the kernel we're dealing
with and that kernel should be functional.
** Changed in: linux-kvm (Ubuntu)
Status: Invalid => Triaged
--
You received this bug notification
Ah yeah, that could be. I figured I'd test what's in -proposed but if
-proposed is a security only fix on top of -37, that wouldn't help much.
It's a bit frustrating because users would have gotten the busted kernel
as part of -37 which includes a security fix but then the only real
option to get
This repeats in a loop and fills tens of GBs of space with kernel logs
in just a few minutes before crashing the entire system.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1966499
Mar 25 16:18:30 abydos kernel: [ 1319.549186] [ cut here
]
Mar 25 16:18:30 abydos kernel: [ 1319.549191] WARNING: CPU: 12 PID: 15052 at
arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 25 16:18:30 abydos kernel: [ 1319.549213] Modules linked in:
Public bug reported:
Upgrading to 5.13.0-37 or 5.13.0-39 immediately crashes my production servers
as they hit:
https://lore.kernel.org/all/f1ea22d3-cff8-406a-ad6a-cb8e0124a...@leemhuis.info/T/#md1f5c8c4aa01130a449a47f3e7559f06b0372f55
It looks like we need to get e90e51d5f01d included in those
Adding linux-kvm to the bug. It looks like if we can have the commit
above backported, it would take care of this issue for most users.
** Also affects: linux-kvm (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux-kvm (Ubuntu)
Status: New => Confirmed
--
You
Closing the LXC task for now as that seems to be unrelated to a LXC
change (we haven't uploaded in a while) and not related to a new kernel
release which could actually cause such a change.
If you track this down to something other than an issue in your test
environment, please add lxc to this
** Changed in: lxc (Ubuntu)
Status: Incomplete => Invalid
** Changed in: lxc (Ubuntu Focal)
Status: Incomplete => Invalid
** No longer affects: lxc (Ubuntu)
** No longer affects: lxc (Ubuntu Focal)
--
You received this bug notification because you are a member of Kernel
I think the strlcat thing is a red herring or an indication that the
test environment is somehow in a bad shape. This could be explained if
there was two versions of liblxc on the system for example.
Outside of that, I'm also seeing:
```
lxc-start tmp.KEpxw2rh0e 20220205081512.354 ERROR
Closing the LXC side of this bug as there's nothing we can really do here.
It's either a kernel issue (needs support for their socket option within a
network namespace) or an open-iscsi issue where they could have some kind of
fallback mechanism.
** Changed in: lxc (Ubuntu)
Status:
Moving over to the kernel as a userspace process shouldn't be able to
cause such a hang regardless of what it does so this looks like a kernel
bug (lock related by the looks of it).
** Package changed: lxc (Ubuntu) => linux (Ubuntu)
--
You received this bug notification because you are a member
** Package changed: lxd (Ubuntu) => linux-raspi (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-raspi in Ubuntu.
https://bugs.launchpad.net/bugs/1948573
Title:
Failure to start container “Failed to start device “eth0”:
Your `dmesg` output shows some serious kernel errors related to ZFS, I
bet that's the source of this.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1946437
Title:
snap install lxd
Removing the LXD task as this isn't a LXD bug, the error is coming from
snapd when setting up the apparmor profiles. Most likely explanation is
that there's something pretty wrong going on with your /etc/apparmor.d
on your system. The errors indicate a variety of missing abstractions
files.
**
In my case I was constantly getting corruption of /etc/apparmor.d with
the matching zfs PANIC. I'd fix that directory and it'd break again on
next boot.
System is impish with 5.13 kernel (same on 5.11) using zfs encryption.
After fighting with this for over a day, I just gave the 2.1.0 dkms a go
Let's close this as our kernels pretty much all support ZFS and LXD is a
snap and therefore does not need additional userspace tools.
** Changed in: zfs-linux (Ubuntu)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages,
** Changed in: linux (Ubuntu)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1063354
Title:
[Dell Studio XPS 1640] Sudden Read-Only Filesystems
** Changed in: linux (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1940083
Title:
zfs send encrypt causes kernel NULL pointer dereference
** Package changed: zfs-linux (Ubuntu) => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1940083
Title:
zfs send encrypt causes kernel NULL pointer dereference
Status in
Public bug reported:
Reported here: https://github.com/lxc/lxd/issues/8735
After investigation, the issue is:
```
# CONFIG_NFT_FIB_INET is not set
```
As found on current 5.11 raspberry pi kernel.
Generic Ubuntu kernel has:
```
CONFIG_NFT_FIB_INET=m
```
The rest of the config related to
Confirmed that on a working system, just updating to the new kernel breaks it.
So that SRU kernel is definitely broken and should not be shipped.
[8.996651] BUG: unable to handle kernel NULL pointer dereference at
e12c1a77
[8.998738] IP: []
When a single test fails occasionally, it can be an issue with LXD or
with the test, but when a bugfix release of a stable kernel suddenly
causes one of the most trivial tests to fail on all architectures, this
strongly suggests that the kernel is the issue.
--
You received this bug notification
This looks like a kernel regression to me.
** Package changed: lxd (Ubuntu) => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1921969
Title:
lxd 2.0.11-0ubuntu1~16.04.4
We weren't planning to as the previous releases (xenial and bionic) did
not have "-kvm" image and their default image includes an initrd making
them boot just fine under LXD.
So it's really just groovy+focal that we need before we can start using those
images.
focal has been taken care of so
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1884767
Title:
shiftfs: fix btrfs regression
Status in linux
Confirmed, 1018 boots fine here under Secure Boot, all good!
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
@smb what's the state of groovy, did you push the config update there
too?
For the cloud images, we'll want to switch over to those using linux-kvm
in groovy first, then focal, so just want to make sure we'll get a
working kernel on there too!
--
You received this bug notification because you
Good to hear. I just ran into this today when working on a LXD appliance based
on Ubuntu Core.
btrfs isn't exactly great as an alternative and the 8GB Pi is definitely ZFS
capable so would be great to have :)
--
You received this bug notification because you are a member of Kernel
Packages,
It's not the log above clearly shows the kernel loading an initrd.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1873809
Title:
Make linux-kvm bootable in LXD VMs
Status in
"""
stgraber@castiana:~$ lxc launch images:ubuntu/focal f1 --vm
Creating f1
Starting f1
stgraber@castiana:~$ lxc exec f1 bash
root@f1:~# echo "deb http://archive.ubuntu.com/ubuntu focal-proposed main
restricted universe multiverse" >> /etc/apt/sources.list
root@f1:~# apt-get update
Hit:1
https://paste.ubuntu.com/p/7yHDCFt75m/ for additional proof that the
initrd is never executed (break=top would immediately drop to a shell).
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
@smb Can you confirm that your system indeed goes through the initrd and
isn't just silently falling back to directly mounting and booting /?
Booting with break=mount would likely be a valid way to test this
(should drop you in a shell).
--
You received this bug notification because you are a
Hmm, actually no luck at booting either 1015 or 1017 on
security.secureboot=false here, poked at grub and it does load both
kernel and initrd...
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
"""
Loading Linux 5.4.0-1015-kvm ...
Loading initial ramdisk ...
Linux version 5.4.0-1015-kvm (buildd@lcy01-amd64-027) (gcc version 9.3.0
(Ubuntu 9.3.0-10ubuntu2)) #15-Ubuntu SMP Fri Jun 5 00:55:20 UTC 2020 (Ubuntu
5.4.0-1015.15-kvm 5.4.41)
Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-1015-kvm
Yeah, I think you're right, I also had the exact same panic happen now
on 1015, so it's likely some grub weirdness rather than kernel
regression.
It just so happened that in my last test I managed to get a working grub
config after moving to 1015 and not with 1017. Looks like we'll need to
poke
@Stefan, so actually this is an actual regression.
1015 will boot just fine in LXD with secureboot disabled.
1017 will not boot at all in LXD with or without secureboot disabled.
I don't know if it's switching to a signed kernel which causes the lz4
issue but the result is a clear regression so
All LXD virtual machines are hitting this too.
Run:
- lxc launch images:ubuntu/focal/cloud f1 && lxc console f1
And you'll see it show that message. As mentioned above, boot then still
goes ahead and you get a login prompt, but as that may not always be the
case.
For example in linux-kvm, that
"""
Jun 18 13:56:15 f1 kernel: [0.383207] Trying to unpack rootfs image as
initramfs...
Jun 18 13:56:15 f1 kernel: [0.463102] Initramfs unpacking failed: Decoding
failed
"""
Is what we're getting on current generic kernel, though boot continues after
that.
I don't know if when that
Trying to boot the proposed kernel in LXD:
"""
BdsDxe: loading Boot0007 "ubuntu" from
HD(1,GPT,25633192-5DBD-412A-8A50-E29B79F72A50,0x800,0x32000)/\EFI\ubuntu\shimx64.efi
BdsDxe: starting Boot0007 "ubuntu" from
HD(1,GPT,25633192-5DBD-412A-8A50-E29B79F72A50,0x800,0x32000)/\EFI\ubuntu\shimx64.efi
Public bug reported:
This is another case of linux-kvm having unexplained differences
compared to linux-generic in areas that aren't related to hardware
drivers (see other bug we filed for missing nft).
This time, CPC is reporting that LXD no longer works on linux-kvm as we
now set vlan
** No longer affects: apparmor (Ubuntu)
** No longer affects: linux (Ubuntu Xenial)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1645037
Title:
apparmor_parser hangs indefinitely
Pinged in #ubuntu-kernel today for an update. It'd be good to have
groovy signed soon so we can then roll this out to focal users.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
** No longer affects: apparmor (Ubuntu Xenial)
** No longer affects: apparmor (Ubuntu Yakkety)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Right, I've sent a tweak to LXD upstream to detect such kernel setup and
fallback to xtables, but that's obviously not a situation we'd like to
rely on.
nftables is the current supported way of doing firewalling and is what
Ubuntu uses by default (through shim packages) as of 20.04, so we need
to
Re-opening as I'm not seeing any mention of this being signed now.
** Changed in: linux-kvm (Ubuntu)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
/var/log/audit.log on Suse logs the same:
type=AVC msg=audit(1590086639.489:8595): apparmor="DENIED"
operation="open" profile="snap.docker.dockerd" name="/entrypoint.sh"
pid=5656 comm="entrypoint.sh" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
--
You received this bug notification
To confirm that this isn't shiftfs related and that we were just causing
the issue to be hidden, I've run the same test on OpenSuse tumbleweed.
I chose that distro because it's apparmor-enabled, has snapd and a 5.4
kernel.
```
localhost:~ # snap install docker
docker 18.09.9 from Canonical*
@Khaled yes, it is and we have it now. What's still needed is for the
kernel to be signed so it can be used under secureboot.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1873809
Ok, fixed the bug tasks and re-opened the bug as we still need this
kernel to get signed.
** Changed in: linux-kvm (Ubuntu)
Status: Fix Released => Triaged
** Changed in: cloud-images
Assignee: Roufique Hossain (roufique) => (unassigned)
** Changed in: linux-kvm (Ubuntu)
Hmm, actually, CONFIG_EFI_STUB is the one we were missing and I'm not
seeing that in your VM either, which makes me wonder how it was booted
in the first place :)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
Thanks Louis, so our testing may in fact have been accurate and things
regressed afterwards :)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1873809
Title:
Make linux-kvm bootable
Just tested it now, confirmed that this still boots fine and that this
time the LXD agent successfully starts too.
So this config seems suitable for us. That + enabling kernel signing
will get us working images.
Thanks!
--
You received this bug notification because you are a member of Kernel
** Description changed:
The `disk-kvm.img` images which are to be preferred when run under
- virtualization, completely fail to boot under UEFI.
+ virtualization, currently completely fail to boot under UEFI.
- This is a critical issue as those are the images that LXD is now pulling
- by
Marking cloud-images side of this as Invalid since the images themselves are
built correctly.
Re-packing with an updated kernel boots just fine, so we only need to track
this against linux-kvm.
** Changed in: cloud-images
Status: New => Invalid
** Summary changed:
- disk-kvm.img aren't
I've tested a kernel with CONFIG_EFI_STUB added (thanks cking!).
This does boot with secureboot enabled, though the LXD agent fails to
start due to lack of vsock.
So in addition to CONFIG_EFI_STUB, it looks like we also need:
- CONFIG_VSOCKETS
- CONFIG_VIRTIO_VSOCKETS
-
Ok, so the fact that we thought this worked is clearly the result from
bad testing on our part, probably because of our simplestreams parsing
code we fixed yesterday...
We obviously still need to move LXD onto this images as booting the non-
kvm images takes twice as long as it should (due to
** Changed in: lxc (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1684481
Title:
KVM guest execution start apparmor blocks on
** No longer affects: lxc (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-goldfish in Ubuntu.
https://bugs.launchpad.net/bugs/1527374
Title:
CVE-2015-8709
Status in linux package in Ubuntu:
Fix Released
Status in
** Changed in: lxc (Ubuntu)
Status: Confirmed => Invalid
** Changed in: upstart (Ubuntu)
Status: New => Won't Fix
** Changed in: linux (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is
Moved the bug over to the kernel.
Those log messages are caused by reference issues in a network namespace
preventing it from being flushed, in turn preventing the LXC monitor
from exiting, holding everything up.
** Package changed: lxd (Ubuntu) => linux (Ubuntu)
--
You received this bug
** Changed in: linux-5.4 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-5.4 in Ubuntu.
https://bugs.launchpad.net/bugs/1864303
Title:
Removing the e1000e module causes a crash
Status in
Moving this bug to the kernel as investigation discovered a kernel regression
in overmounting protection behavior in 5.3 rc1.
So not a LXC bug but a kernel one.
** Package changed: lxc (Ubuntu) => linux (Ubuntu)
** Changed in: linux (Ubuntu)
Status: New => Triaged
--
You received this
We've changed some of those timings in 3.0.4 which will make it in
Ubuntu in the next month or so, but those tests can still be slightly
flaky even in our CI as we're testing cluster recovery during random
node losses, sometimes things take a bit longer than the 30s timeout to
recover, especially
** Tags added: shiftfs
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD containers
Status in AppArmor:
Triaged
Status in apparmor
** Changed in: linux (Ubuntu)
Status: Incomplete => Triaged
** Tags added: shiftfs
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824719
Title:
shiftfs: Allow stacking
Public bug reported:
Shiftfs right now prevents stacking overlayfs on top of it which
unfortunately means all users of Docker as well as some nested LXC users
which aren't using btrfs are going to break when they get switched over
to shiftfs.
** Affects: linux (Ubuntu)
Importance: Undecided
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1789746
Title:
getxattr: always handle namespaced
Marking the LXD side of this fixed as we're now shipping as a snap by
default and the snap contains zfs.
** Changed in: lxd (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in
The verification of the Stable Release Update for lxd has completed
successfully and the package has now been released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a
Oh, I am also using zram-config on the affected machine.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1799497
Title:
4.15 kernel hard lockup about once a week
Status in linux package
Just happened again, though the machine wouldn't reboot at all
afterwards, leading to the hosting provider going for a motherboard
replacement, so I guess better luck next week with debugging this.
--
You received this bug notification because you are a member of Kernel
Packages, which is
The server doesn't respond to pings when locked up.
I do have IPMI and console redirection going for my server and have
enabled all sysrq now though it's unclear whether I can send those
through the BMC yet (as just typing them would obviously send them to my
laptop...).
I've setup debug console
apport information
** Attachment added: "ProcInterrupts.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204636/+files/ProcInterrupts.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
apport information
** Attachment added: "ProcModules.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204637/+files/ProcModules.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Note that I've deleted the wifisyslog and currentdmesg as they're not
relevant (current boot) and included information that I'd rather not
have exposed publicly.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
apport information
** Attachment added: "WifiSyslog.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204639/+files/WifiSyslog.txt
** Attachment removed: "CurrentDmesg.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1799497/+attachment/5204633/+files/CurrentDmesg.txt
apport information
** Attachment added: "UdevDb.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204638/+files/UdevDb.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
apport information
** Attachment added: "CRDA.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204632/+files/CRDA.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1799497
apport information
** Attachment added: "ProcCpuinfoMinimal.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204635/+files/ProcCpuinfoMinimal.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
apport information
** Attachment added: "Lspci.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204634/+files/Lspci.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1799497
Well, kinda, this is a production server running a lot of publicly
visible services, so I can run test kernels on it so long as they don't
regress system security.
There's also the unfortunate problem that it takes over a week for me to
see the problem in most cases and that my last known good
apport information
** Attachment added: "CurrentDmesg.txt"
https://bugs.launchpad.net/bugs/1799497/+attachment/5204633/+files/CurrentDmesg.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Oh and whatever kernel I boot needs to have support for ZFS 0.7 or I
won't be able to read my drives.
** Tags added: apport-collected
** Description changed:
My main server has been running into hard lockups about once a week ever
since I switched to the 4.15 Ubuntu 18.04 kernel.
When
Public bug reported:
My main server has been running into hard lockups about once a week ever
since I switched to the 4.15 Ubuntu 18.04 kernel.
When this happens, nothing is printed to the console, it's effectively
stuck showing a login prompt. The system is running with panic=1 on the
cmdline
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1789746
Title:
getxattr: always handle namespaced
The new liblxc has now migrated, so may be worth retrying.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1790521
Title:
lxd 3.0.2-0ubuntu3 ADT test failure with linux 4.18.0-7.8
** Changed in: linux (Ubuntu)
Status: Confirmed => Triaged
** Also affects: linux (Ubuntu Cosmic)
Importance: High
Status: Triaged
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Were you maybe using a privileged container before? Those aren't
affected by the /sys ownership issue.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1784501
Title:
libvirtd is unable
Closing the zfs task as this will be fixed in s390-tools.
** Changed in: zfs-linux (Ubuntu)
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1788314
Public bug reported:
Not sure which of the two needs fixing, but there's a path conflict
between zfs-linux and s390-tools which effectively prevents installing
ZFS on s390x in cosmic.
(Reading database ... 83042 files and directories currently installed.)
Preparing to unpack
Adding a task for bionic as we'll want this fix to be available for our 18.04
users.
No need to backport it to anything older than that though.
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Bionic)
Status: New => Triaged
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1778286
Title:
Backport namespaced fscaps to xenial 4.4
Status in linux package in Ubuntu:
Fix
Installing the LXD snap from edge channel (for fscaps support), on the
current 4.4 kernel:
root@djanet:~# lxc launch ubuntu-daily:cosmic c1
To start your first container, try: lxc launch ubuntu:18.04
Creating c1
Starting c1
root@djanet:~# lxc exec c1 -- setcap
I tested on two systems, one clean xenial and one clean bionic, both
running the current stable LXD snap with latest ArchLinux and Debian
containers. On both of them, upgrading to the kernels provided by John
fixed the file_lock denials and made the containers boot again.
So as far as I'm
Ok, thanks for the update. I've now updated the bug once again to move
all the tasks over to the kernel. Can you attach the kernel patch here
when you can, I'm sure some of the subscribers may want to test this
ahead of the Ubuntu kernel fixes :)
** Changed in: linux (Ubuntu)
Importance:
@John any update on the point releases?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1780227
Title:
locking sockets broken due to missing AppArmor socket mediation
patches
Status
Per discussion above:
- Closing the kernel tasks
- Raising priority on apparmor tasks to Critical (to match what kernel had)
- Assigning to jjohansen as the AppArmor maintainer
As we care about xenial, bionic and cosmic, we need point releases (or
cherry-pick) for:
- AppArmor 2.10 (2.10.95
In preparation for an SRU, here is a minimal C testcase provided by
Wolfgang Bumiller:
```
/*
# apparmor_parser -r /etc/apparmor.d/bug-profile
# (tested without the flags here as well btw.)
profile bug-profile flags=(attach_disconnected,mediate_deleted) {
network,
file,
unix,
}
# gcc
Not really, no. You can use systemd-detect-virt which is systemd
specific but should work as a regular user, otherwise you can try to add
some specialized checks like looking if /dev in the mount table is
devtmpfs or not.
--
You received this bug notification because you are a member of Kernel
That's because an attached process ("lxc-attach" or "lxc exec") isn't a
child of init, it's spawned directly by liblxc and so does have our env
variable set.
Any process which is a direct or indirect child of PID1 in the container
will be inheriting its environment through that path and as init
1 - 100 of 255 matches
Mail list logo
