[Kernel-packages] [Bug 1507959] Re: Regression: Kernel update breaks all lxc-containers lxc-start failing with (apparmor="DENIED" operation="mount")
Same problem here.
Problem surfaced moving from 3.16.0-50-generic to 3.16.0-51-generic
Linux soup-HP-ProBook-4530s-SSD 3.16.0-50-generic #67~14.04.1-Ubuntu SMP
Fri Oct 2 22:07:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1507959
Title:
Regression: Kernel update breaks all lxc-containers lxc-start failing
with (apparmor="DENIED" operation="mount")
Status in linux package in Ubuntu:
Confirmed
Bug description:
Hello,
The following recent kernel update completely break our lxc-start usage on
precise both with precise original kernel 3.2 + also the trusty-lts-stack using
3.13
After installing those new kernel updates all lxc-start of a container fail
with:
"Permission denied - mount failed '/dev/pts/ptmx'->'/dev/ptmx'"
with strace pointing to:
13695 mount("/dev/pts/ptmx", "/dev/ptmx", 0x7f4d68c85d37, MS_BIND, NULL) = -1
EACCES (Permission denied)
and dmesg showing:
Oct 20 10:59:00 titan226 kernel: [ 663.508664] type=1400
audit(1445331540.807:29): apparmor="DENIED" operation="mount"
info="failed type match" error=-13
profile="/usr/bin/lxc-start"
name="/dev/ptmx" pid=2897 comm="lxc-start"
srcname="/dev/pts/ptmx" flags="rw, bind"
After downgrading kernel version the problem immediately dissappeared
and the lxc-start for containers works again as before.
Bad versions:
ii linux-image-3.13.0-66-generic3.13.0-66.108~precise1Linux
kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-92-generic 3.2.0-92.130 Linux
kernel image for version 3.2.0 on 64 bit x86 SMP
Good versions:
ii linux-image-3.13.0-61-generic3.13.0-61.100~precise1Linux
kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.2.0-88-generic 3.2.0-88.126 Linux
kernel image for version 3.2.0 on 64 bit x86 SMP
From kernel changelog maybe this other issue here maybe causing it but not
verified:
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version
k3.13.0-61-generic.
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.0.1-0ubuntu17.11
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path',
'/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D3p', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.values: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 12.04
HibernationDevice: RESUME=UUID=ee5d3bc2-531d-4fbf-ba3f-033c27498274
IwConfig: Error: [Errno 2] No such file or directory
MachineType: FUJITSU PRIMERGY MX130 S1
MarkForUpload: True
Package: linux (not installed)
ProcEnviron:
LANGUAGE=en_US
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 radeondrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-61-generic
root=UUID=8c11de07-6403-46cf-994b-15750a7404ba ro rootdelay=80
ProcVersionSignature: Ubuntu 3.13.0-61.100~precise1-generic 3.13.11-ckt22
RelatedPackageVersions:
linux-restricted-modules-3.13.0-61-generic N/A
linux-backports-modules-3.13.0-61-generic N/A
linux-firmware 1.79.18
RfKill: Error: [Errno 2] No such file or directory
Tags: precise
Uname: Linux 3.13.0-61-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
dmi.bios.date: 01/18/2011
dmi.bios.vendor: FUJITSU // Phoenix Technologies Ltd.
dmi.bios.version: 6.00 R1.01.2974.A1
dmi.board.asset.tag: -
dmi.board.name: D2974
dmi.board.vendor: FUJITSU
dmi.board.version: S26361-D2974-A1
dmi.chassis.type: 3
dmi.chassis.vendor: FUJITSU
dmi.chassis.version: MX130S1F
dmi.modalias:
dmi:bvnFUJITSU//PhoenixTechnologiesLtd.:bvr6.00R1.01.2974.A1:bd01/18/2011:svnFUJITSU:pnPRIMERGYMX130S1:pvr:rvnFUJITSU:rnD2974:rvrS26361-D2974-A1:cvnFUJITSU:ct3:cvrMX130S1F:
dmi.product.name: PRIMERGY MX130 S1
dmi.sys.vendor: FUJITSU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1507959/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1328965] Re: 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail
Here's the fix as committed to the 3.14.6 kernel: ( Taken from https://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.6 ) commit 461a8fe47232a42c5ba9e2ac57eed37df331a2e3 Author: Linus Torvalds torva...@linux-foundation.org Date: Wed May 14 16:33:54 2014 -0700 x86-64, modify_ldt: Make support for 16-bit segments a runtime option commit fa81511bb0bbb2b1aace3695ce869da9762624ff upstream. Checkin: b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels disabled 16-bit segments on 64-bit kernels due to an information leak. However, it does seem that people are genuinely using Wine to run old 16-bit Windows programs on Linux. A proper fix for this (espfix64) is coming in the upcoming merge window, but as a temporary fix, create a sysctl to allow the administrator to re-enable support for 16-bit segments. It adds a /proc/sys/abi/ldt16 sysctl that defaults to zero (off). If you hit this issue and care about your old Windows program more than you care about a kernel stack address information leak, you can do echo 1 /proc/sys/abi/ldt16 as root (add it to your startup scripts), and you should be ok. The sysctl table is only added if you have COMPAT support enabled on x86-64, but I assume anybody who runs old windows binaries very much does that ;) Signed-off-by: H. Peter Anvin h...@linux.intel.com Link: http://lkml.kernel.org/r/ca%2b55afw9bpod10u1lfhbomphwzkvjtkmcfcs9s3urpr1yyw...@mail.gmail.com Signed-off-by: Greg Kroah-Hartman gre...@linuxfoundation.org -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1328965 Title: 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail Status in “linux” package in Ubuntu: Incomplete Bug description: Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available. For this reason, I cannot move forward to new kernel releases until this is fixed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-29-generic 3.13.0-29.53 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: soup 1783 F pulseaudio CurrentDesktop: Unity Date: Wed Jun 11 12:01:26 2014 HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4 InstallationDate: Installed on 2014-04-26 (46 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Release amd64 (20140417) MachineType: Hewlett-Packard HP ProBook 4530s ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro RelatedPackageVersions: linux-restricted-modules-3.13.0-27-generic N/A linux-backports-modules-3.13.0-27-generic N/A linux-firmware 1.127.2 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/11/2011 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: 68SRR Ver. F.20 dmi.board.name: 167C dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 22.21 dmi.chassis.asset.tag: CNU1412MC3 dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP ProBook 4530s dmi.product.version: A0001D02 dmi.sys.vendor: Hewlett-Packard To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1328965/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1328965] [NEW] 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail
Public bug reported: Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available. For this reason, I cannot move forward to new kernel releases until this is fixed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-29-generic 3.13.0-29.53 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: soup 1783 F pulseaudio CurrentDesktop: Unity Date: Wed Jun 11 12:01:26 2014 HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4 InstallationDate: Installed on 2014-04-26 (46 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Release amd64 (20140417) MachineType: Hewlett-Packard HP ProBook 4530s ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro RelatedPackageVersions: linux-restricted-modules-3.13.0-27-generic N/A linux-backports-modules-3.13.0-27-generic N/A linux-firmware 1.127.2 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/11/2011 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: 68SRR Ver. F.20 dmi.board.name: 167C dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 22.21 dmi.chassis.asset.tag: CNU1412MC3 dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP ProBook 4530s dmi.product.version: A0001D02 dmi.sys.vendor: Hewlett-Packard ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1328965 Title: 3.13.0-29 kernel includes backport of 3.14 16-bit app restrictions but not override method causing wine win9x to fail Status in “linux” package in Ubuntu: New Bug description: Kernel 3.13.0-29 evidently contains a backport of the 3.14 kernel security workaround that disables 16-bit binaries from running. This causes all wine Windows 95 and Windows 98 applications to fail. The 3.14 kernel also includes a feature to re-enable support for 16-bit binaries by providing the /proc/sys/abi/ldt16 interface. This part of the kernel patch was evidently not backported, so this ability to override the 16-bit application prohibition is not available. For this reason, I cannot move forward to new kernel releases until this is fixed. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.13.0-29-generic 3.13.0-29.53 ProcVersionSignature: Ubuntu 3.13.0-27.50-generic 3.13.11 Uname: Linux 3.13.0-27-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: soup 1783 F pulseaudio CurrentDesktop: Unity Date: Wed Jun 11 12:01:26 2014 HibernationDevice: RESUME=UUID=8dcf6a87-59e8-4af8-9e1f-cbbcc64ca7a4 InstallationDate: Installed on 2014-04-26 (46 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Release amd64 (20140417) MachineType: Hewlett-Packard HP ProBook 4530s ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-27-generic root=UUID=b0984c90-6bc2-4dfb-978b-a508cbaff6a9 ro RelatedPackageVersions: linux-restricted-modules-3.13.0-27-generic N/A linux-backports-modules-3.13.0-27-generic N/A linux-firmware 1.127.2 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/11/2011 dmi.bios.vendor: Hewlett-Packard dmi.bios.version: 68SRR Ver. F.20 dmi.board.name: 167C dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 22.21 dmi.chassis.asset.tag: CNU1412MC3 dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.modalias: dmi:bvnHewlett-Packard:bvr68SRRVer.F.20:bd10/11/2011:svnHewlett-Packard:pnHPProBook4530s:pvrA0001D02:rvnHewlett-Packard:rn167C:rvrKBCVersion22.21:cvnHewlett-Packard:ct10:cvr: dmi.product.name: HP ProBook 4530s dmi.product.version: A0001D02 dmi.sys.vendor: Hewlett-Packard To manage notifications about this bug go to:
