This was fixed upstream in 61c27d8808f0589beb6a319cc04073e8bb32d860
** Changed in: apparmor
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
This bug was fixed in the package linux - 5.0.0-15.16
---
linux (5.0.0-15.16) disco; urgency=medium
* CVE-2019-11683
- udp: fix GRO reception in case of length mismatch
- udp: fix GRO packet of death
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
-
This bug was fixed in the package linux - 5.0.0-15.16
---
linux (5.0.0-15.16) disco; urgency=medium
* CVE-2019-11683
- udp: fix GRO reception in case of length mismatch
- udp: fix GRO packet of death
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
-
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD
Ordering was important:
$ modprobe shiftfs
$ sudo snap set lxd shiftfs.enable=true
$ sudo systemctl restart snap.lxd.daemon
Now it is enabled:
$ lxc info | grep shiftfs
shiftfs: "true"
$ lxc exec
I have not seen/triggered the kernel issue mentioned in here (identified by
jdstrand).
But on request I'll try it at least.
Testing on Disco with Host Having:
5.0.0-13-generic
# Create container and trigger the issue:
lxc launch ubuntu-daily:d d-testapparmor
# update the container to not have
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
disco' to 'verification-done-disco'. If the problem still exists, change
the tag
** Changed in: linux (Ubuntu Disco)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD containers
** Also affects: libvirt (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Disco)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
Status: New
** No longer affects: libvirt (Ubuntu Disco)
This bug was fixed in the package apparmor - 2.13.2-9ubuntu6
---
apparmor (2.13.2-9ubuntu6) disco; urgency=medium
* lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
since it is sometimes called independently of is_apparmor_loaded()
- LP: #1824812
** Tags added: shiftfs
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD containers
Status in AppArmor:
Triaged
Status in apparmor
The attachment "UBUNTU: SAUCE: shiftfs: use correct llseek method for"
seems to be a patch. If it isn't, please remove the "patch" flag from
the attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by
When running a test kernel with Christian's patch, the dir-seek test
case passes:
$ ./dir-seek
PASS: orig_count (9) == new_count (9)
Unfortunately, I can't be sure that apparmor policy is loaded correctly
when creating a new LXD container due to the apparmor portion of this
bug report.
I was able to narrow down this apparmor_parser error to shiftfs:
AppArmor parser error for /etc/apparmor.d/sbin.dhclient in
/etc/apparmor.d/tunables/home at line 25: Could not process include
directory '/etc/apparmor.d/tunables/home.d' in 'tunables/home.d'
The problem stems from shiftfs not
Okay, I have a fix for the shiftfs side I think. Attached here.
** Patch added: "UBUNTU: SAUCE: shiftfs: use correct llseek method for"
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1824812/+attachment/5256074/+files/0001-UBUNTU-SAUCE-shiftfs-use-correct-llseek-method-for-d.patch
--
Uploaded 2.13.2-9ubuntu6 with the SFS_MOUNTPOINT change.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD containers
Status in
I noticed that confinement inside of LXD containers works fine when
shiftfs is disabled:
$ sudo rmmod shiftfs
$ sudo mv /lib/modules/5.0.0-11-generic/kernel/fs/shiftfs.ko .
$ sudo systemctl restart snap.lxd.daemon
$ lxc launch ubuntu-daily:d noshift
Creating noshift
Starting
Since the apparmor SFS_MOUNTPOINT change is small, I'll prepare an
upload for that immediately. We may need another parser update for the
other issue.
** Changed in: apparmor (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Kernel
The following will reproduce the issue in a disco VM with disco LXD
container:
Initial setup:
1. have an up to date disco vm
$ cat /proc/version_signature
Ubuntu 5.0.0-11.12-generic 5.0.6
2. sudo snap install lxd
3. sudo adduser `id -un` lxd
4. newgrp lxd
5. sudo lxd init # use defaults
6. .
20 matches
Mail list logo
