[Kernel-packages] [Bug 1507959] Re: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")
Same problem here. Problem surfaced moving from 3.16.0-50-generic to 3.16.0-51-generic Linux soup-HP-ProBook-4530s-SSD 3.16.0-50-generic #67~14.04.1-Ubuntu SMP Fri Oct 2 22:07:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1507959 Title: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount") Status in linux package in Ubuntu: Confirmed Bug description: Hello, The following recent kernel update completely break our lxc-start usage on precise both with precise original kernel 3.2 + also the trusty-lts-stack using 3.13 After installing those new kernel updates all lxc-start of a container fail with: "Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'" with strace pointing to: 13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1 EACCES (Permission denied) and dmesg showing: Oct 20 10:59:00 titan226 kernel: [ 663.508664] type=1400 audit(1445331540.807:29): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/dev/ptmx" pid=2897 comm="lxc-start" srcname="/dev/pts/ptmx" flags="rw, bind" After downgrading kernel version the problem immediately dissappeared and the lxc-start for containers works again as before. Bad versions: ii linux-image-3.13.0-66-generic3.13.0-66.108~precise1Linux kernel image for version 3.13.0 on 64 bit x86 SMP ii linux-image-3.2.0-92-generic 3.2.0-92.130 Linux kernel image for version 3.2.0 on 64 bit x86 SMP Good versions: ii linux-image-3.13.0-61-generic3.13.0-61.100~precise1Linux kernel image for version 3.13.0 on 64 bit x86 SMP ii linux-image-3.2.0-88-generic 3.2.0-88.126 Linux kernel image for version 3.2.0 on 64 bit x86 SMP From kernel changelog maybe this other issue here maybe causing it but not verified: * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths - LP: #1496430 --- AlsaVersion: Advanced Linux Sound Architecture Driver Version k3.13.0-61-generic. AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.0.1-0ubuntu17.11 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D3p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory Card0.Amixer.info: Error: [Errno 2] No such file or directory Card0.Amixer.values: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 12.04 HibernationDevice: RESUME=UUID=ee5d3bc2-531d-4fbf-ba3f-033c27498274 IwConfig: Error: [Errno 2] No such file or directory MachineType: FUJITSU PRIMERGY MX130 S1 MarkForUpload: True Package: linux (not installed) ProcEnviron: LANGUAGE=en_US TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 radeondrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-61-generic root=UUID=8c11de07-6403-46cf-994b-15750a7404ba ro rootdelay=80 ProcVersionSignature: Ubuntu 3.13.0-61.100~precise1-generic 3.13.11-ckt22 RelatedPackageVersions: linux-restricted-modules-3.13.0-61-generic N/A linux-backports-modules-3.13.0-61-generic N/A linux-firmware 1.79.18 RfKill: Error: [Errno 2] No such file or directory Tags: precise Uname: Linux 3.13.0-61-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: dmi.bios.date: 01/18/2011 dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd. dmi.bios.version: 6.00 R1.01.2974.A1 dmi.board.asset.tag: - dmi.board.name: D2974 dmi.board.vendor: FUJITSU dmi.board.version: S26361-D2974-A1 dmi.chassis.type: 3 dmi.chassis.vendor: FUJITSU dmi.chassis.version: MX130S1F dmi.modalias: dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr6.00R1.01.2974.A1:bd01/18/2011:svnFUJITSU:pnPRIMERGYMX130S1:pvr:rvnFUJITSU:rnD2974:rvrS26361-D2974-A1:cvnFUJITSU:ct3:cvrMX130S1F: dmi.product.name: PRIMERGY MX130 S1 dmi.sys.vendor: FUJITSU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1328965] Re: 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail
Here's the fix as committed to the 3.14.6 kernel: ( Taken from https://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.6 ) commit 461a8fe47232a42c5ba9e2ac57eed37df331a2e3 Author: Linus Torvalds torva...@linux-foundation.org Date: Wed May 14 16:33:54 2014 -0700 x86-64, modify_ldt: Make support for 16-bit segments a runtime option commit fa81511bb0bbb2b1aace3695ce869da9762624ff upstream. Checkin: b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels disabled 16-bit segments on 64-bit kernels due to an information leak. However, it does seem that people are genuinely using Wine to run old 16-bit Windows programs on Linux. A proper fix for this (espfix64) is coming in the upcoming merge window, but as a temporary fix, create a sysctl to allow the administrator to re-enable support for 16-bit segments. It adds a /proc/sys/abi/ldt16 sysctl that defaults to zero (off). If you hit this issue and care about your old Windows program more than you care about a kernel stack address information leak, you can do echo 1 /proc/sys/abi/ldt16 as root (add it to your startup scripts), and you should be ok. The sysctl table is only added if you have COMPAT support enabled on x86-64, but I assume anybody who runs old windows binaries very much does that ;) Signed-off-by: H. Peter Anvin h...@linux.intel.com Link: http://lkml.kernel.org/r/ca%2b55afw9bpod10u1lfhbomphwzkvjtkmcfcs9s3urpr1yyw...@mail.gmail.com Signed-off-by: Greg Kroah-Hartman gre...@linuxfoundation.org -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1328965 Title: 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail Status in “linux” package in Ubuntu: Incomplete Bug description: Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available. For this reason, I cannot move forward to new kernel releases until this is fixed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-29-generic 3.13.0-29.53 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: soup 1783 F pulseaudio CurrentDesktop: Unity Date: Wed Jun 11 12:01:26 2014 HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4 InstallationDate: Installed on 2014-04-26 (46 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Release amd64 (20140417) MachineType: Hewlett-Packard HP ProBook 4530s ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro RelatedPackageVersions: linux-restricted-modules-3.13.0-27-generic N/A linux-backports-modules-3.13.0-27-generic N/A linux-firmware 1.127.2 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/11/2011 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: 68SRR Ver. F.20 dmi.board.name: 167C dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 22.21 dmi.chassis.asset.tag: CNU1412MC3 dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP ProBook 4530s dmi.product.version: A0001D02 dmi.sys.vendor: Hewlett-Packard To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1328965/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1328965] [NEW] 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail
Public bug reported: Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available. For this reason, I cannot move forward to new kernel releases until this is fixed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-29-generic 3.13.0-29.53 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: soup 1783 F pulseaudio CurrentDesktop: Unity Date: Wed Jun 11 12:01:26 2014 HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4 InstallationDate: Installed on 2014-04-26 (46 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Release amd64 (20140417) MachineType: Hewlett-Packard HP ProBook 4530s ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro RelatedPackageVersions: linux-restricted-modules-3.13.0-27-generic N/A linux-backports-modules-3.13.0-27-generic N/A linux-firmware 1.127.2 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/11/2011 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: 68SRR Ver. F.20 dmi.board.name: 167C dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 22.21 dmi.chassis.asset.tag: CNU1412MC3 dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP ProBook 4530s dmi.product.version: A0001D02 dmi.sys.vendor: Hewlett-Packard ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1328965 Title: 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail Status in “linux” package in Ubuntu: New Bug description: Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available. For this reason, I cannot move forward to new kernel releases until this is fixed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-29-generic 3.13.0-29.53 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: soup 1783 F pulseaudio CurrentDesktop: Unity Date: Wed Jun 11 12:01:26 2014 HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4 InstallationDate: Installed on 2014-04-26 (46 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Release amd64 (20140417) MachineType: Hewlett-Packard HP ProBook 4530s ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro RelatedPackageVersions: linux-restricted-modules-3.13.0-27-generic N/A linux-backports-modules-3.13.0-27-generic N/A linux-firmware 1.127.2 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/11/2011 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: 68SRR Ver. F.20 dmi.board.name: 167C dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 22.21 dmi.chassis.asset.tag: CNU1412MC3 dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP ProBook 4530s dmi.product.version: A0001D02 dmi.sys.vendor: Hewlett-Packard To manage notifications about this bug go to: