subject:"\[Kernel\-packages\] \[Bug 1746463\] Re\: apparmor profile load in stacked policy container fails"

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-04-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-gcp - 4.13.0-1012.16

---
linux-gcp (4.13.0-1012.16) xenial; urgency=medium

  * linux-gcp: 4.13.0-1012.16 -proposed tracker (LP: #1755771)

  [ Ubuntu: 4.13.0-38.43 ]

  * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762)
  * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408)
- i40e: Fix memory leak related filter programming status
- i40e: Add programming descriptors to cleaned_count
  * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347)
- platform/x86: ideapad-laptop: Increase timeout to wait for EC answer
  * fails to dump with latest kpti fixes (LP: #1750021)
- kdump: write correct address of mem_section into vmcoreinfo
  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines
- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
  * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572)
- CIFS: make IPC a regular tcon
- CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
- CIFS: dump IPC tcon in debug proc file
  * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
- i2c: octeon: Prevent error message on bus error
  * hisi_sas: Add disk LED support (LP: #1752695)
- scsi: hisi_sas: directly attached disk LED feature for v2 hw
  * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs
entries with KNL SNC2/SNC4 mode) (LP: #1743856)
- EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode
  * [regression] Colour banding and artefacts appear system-wide on an Asus
Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420)
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
  * DVB Card with SAA7146 chipset not working (LP: #1742316)
- vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
  * [Asus UX360UA] battery status in unity-panel is not changing when battery is
being charged (LP: #1661876) // AC adapter status not detected on Asus
ZenBook UX410UAK (LP: #1745032)
- ACPI / battery: Add quirk for Asus UX360UA and UX410UAK
  * ASUS UX305LA - Battery state not detected correctly (LP: #1482390)
- ACPI / battery: Add quirk for Asus GL502VSK and UX305LA
  * support thunderx2 vendor pmu events (LP: #1747523)
- perf pmu: Extract function to get JSON alias map
- perf pmu: Pass pmu as a parameter to get_cpuid_str()
- perf tools arm64: Add support for get_cpuid_str function.
- perf pmu: Add helper function is_pmu_core to detect PMU CORE devices
- perf vendor events arm64: Add ThunderX2 implementation defined pmu core
  events
- perf pmu: Add check for valid cpuid in perf_pmu__find_map()
  * lpfc.ko module doesn't work (LP: #1746970)
- scsi: lpfc: Fix loop mode target discovery
  * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498)
- powerpc/mm/book3s64: Make KERN_IO_START a variable
- powerpc/mm/slb: Move comment next to the code it's referring to
- powerpc/mm/hash64: Make vmalloc 56T on hash
  * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
- net: hns: add ACPI mode support for ethtool -p
  * CVE-2017-17807
- KEYS: add missing permission check for request_key() destination
  * [Artful SRU] Fix capsule update regression (LP: #1746019)
- efi/capsule-loader: Reinstate virtual capsule mapping
  * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746)
- Ubuntu: [Config] enable EDAC_GHES for ARM64
  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
- SAUCE: tools -- add ability to disable libbfd
- [Packaging] correct disablement of libbfd
  * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769)
- delayacct: Account blkio completion on the correct task
  * Error in CPU frequency reporting when nominal and min pstates are same
(cpufreq) (LP: #1746174)
- cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
  * retpoline abi files are empty on i386 (LP: #1751021)
- [Packaging] retpoline-extract -- instantiate retpoline files for i386
- [Packaging] final-checks -- sanity checking ABI contents
- [Packaging] final-checks -- check for empty retpoline files
  * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping
different pmu events using perf fuzzer . (perf:) (LP: #1746225)
- powerpc/perf: Fix oops when grouping different pmu events
  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-126
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware
  * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition
table (LP: #1736145)
- powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
  *

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-04-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-gcp - 4.13.0-1012.16

---
linux-gcp (4.13.0-1012.16) xenial; urgency=medium

  * linux-gcp: 4.13.0-1012.16 -proposed tracker (LP: #1755771)

  [ Ubuntu: 4.13.0-38.43 ]

  * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762)
  * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408)
- i40e: Fix memory leak related filter programming status
- i40e: Add programming descriptors to cleaned_count
  * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347)
- platform/x86: ideapad-laptop: Increase timeout to wait for EC answer
  * fails to dump with latest kpti fixes (LP: #1750021)
- kdump: write correct address of mem_section into vmcoreinfo
  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines
- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
  * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572)
- CIFS: make IPC a regular tcon
- CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
- CIFS: dump IPC tcon in debug proc file
  * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
- i2c: octeon: Prevent error message on bus error
  * hisi_sas: Add disk LED support (LP: #1752695)
- scsi: hisi_sas: directly attached disk LED feature for v2 hw
  * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs
entries with KNL SNC2/SNC4 mode) (LP: #1743856)
- EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode
  * [regression] Colour banding and artefacts appear system-wide on an Asus
Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420)
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
  * DVB Card with SAA7146 chipset not working (LP: #1742316)
- vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
  * [Asus UX360UA] battery status in unity-panel is not changing when battery is
being charged (LP: #1661876) // AC adapter status not detected on Asus
ZenBook UX410UAK (LP: #1745032)
- ACPI / battery: Add quirk for Asus UX360UA and UX410UAK
  * ASUS UX305LA - Battery state not detected correctly (LP: #1482390)
- ACPI / battery: Add quirk for Asus GL502VSK and UX305LA
  * support thunderx2 vendor pmu events (LP: #1747523)
- perf pmu: Extract function to get JSON alias map
- perf pmu: Pass pmu as a parameter to get_cpuid_str()
- perf tools arm64: Add support for get_cpuid_str function.
- perf pmu: Add helper function is_pmu_core to detect PMU CORE devices
- perf vendor events arm64: Add ThunderX2 implementation defined pmu core
  events
- perf pmu: Add check for valid cpuid in perf_pmu__find_map()
  * lpfc.ko module doesn't work (LP: #1746970)
- scsi: lpfc: Fix loop mode target discovery
  * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498)
- powerpc/mm/book3s64: Make KERN_IO_START a variable
- powerpc/mm/slb: Move comment next to the code it's referring to
- powerpc/mm/hash64: Make vmalloc 56T on hash
  * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
- net: hns: add ACPI mode support for ethtool -p
  * CVE-2017-17807
- KEYS: add missing permission check for request_key() destination
  * [Artful SRU] Fix capsule update regression (LP: #1746019)
- efi/capsule-loader: Reinstate virtual capsule mapping
  * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746)
- Ubuntu: [Config] enable EDAC_GHES for ARM64
  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
- SAUCE: tools -- add ability to disable libbfd
- [Packaging] correct disablement of libbfd
  * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769)
- delayacct: Account blkio completion on the correct task
  * Error in CPU frequency reporting when nominal and min pstates are same
(cpufreq) (LP: #1746174)
- cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
  * retpoline abi files are empty on i386 (LP: #1751021)
- [Packaging] retpoline-extract -- instantiate retpoline files for i386
- [Packaging] final-checks -- sanity checking ABI contents
- [Packaging] final-checks -- check for empty retpoline files
  * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping
different pmu events using perf fuzzer . (perf:) (LP: #1746225)
- powerpc/perf: Fix oops when grouping different pmu events
  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-126
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware
  * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition
table (LP: #1736145)
- powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
  *

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-04-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.13.0-38.43

---
linux (4.13.0-38.43) artful; urgency=medium

  * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762)

  * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408)
- i40e: Fix memory leak related filter programming status
- i40e: Add programming descriptors to cleaned_count

  * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347)
- platform/x86: ideapad-laptop: Increase timeout to wait for EC answer

  * fails to dump with latest kpti fixes (LP: #1750021)
- kdump: write correct address of mem_section into vmcoreinfo

  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines
- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines

  * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572)
- CIFS: make IPC a regular tcon
- CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
- CIFS: dump IPC tcon in debug proc file

  * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
- i2c: octeon: Prevent error message on bus error

  * hisi_sas: Add disk LED support (LP: #1752695)
- scsi: hisi_sas: directly attached disk LED feature for v2 hw

  * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs
entries with KNL SNC2/SNC4 mode) (LP: #1743856)
- EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode

  * [regression] Colour banding and artefacts appear system-wide on an Asus
Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420)
- drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA

  * DVB Card with SAA7146 chipset not working (LP: #1742316)
- vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems

  * [Asus UX360UA] battery status in unity-panel is not changing when battery is
being charged (LP: #1661876) // AC adapter status not detected on Asus
ZenBook UX410UAK (LP: #1745032)
- ACPI / battery: Add quirk for Asus UX360UA and UX410UAK

  * ASUS UX305LA - Battery state not detected correctly (LP: #1482390)
- ACPI / battery: Add quirk for Asus GL502VSK and UX305LA

  * support thunderx2 vendor pmu events (LP: #1747523)
- perf pmu: Extract function to get JSON alias map
- perf pmu: Pass pmu as a parameter to get_cpuid_str()
- perf tools arm64: Add support for get_cpuid_str function.
- perf pmu: Add helper function is_pmu_core to detect PMU CORE devices
- perf vendor events arm64: Add ThunderX2 implementation defined pmu core
  events
- perf pmu: Add check for valid cpuid in perf_pmu__find_map()

  * lpfc.ko module doesn't work (LP: #1746970)
- scsi: lpfc: Fix loop mode target discovery

  * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498)
- powerpc/mm/book3s64: Make KERN_IO_START a variable
- powerpc/mm/slb: Move comment next to the code it's referring to
- powerpc/mm/hash64: Make vmalloc 56T on hash

  * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
- net: hns: add ACPI mode support for ethtool -p

  * CVE-2017-17807
- KEYS: add missing permission check for request_key() destination

  * [Artful SRU] Fix capsule update regression (LP: #1746019)
- efi/capsule-loader: Reinstate virtual capsule mapping

  * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746)
- Ubuntu: [Config] enable EDAC_GHES for ARM64

  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
- SAUCE: tools -- add ability to disable libbfd
- [Packaging] correct disablement of libbfd

  * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769)
- delayacct: Account blkio completion on the correct task

  * Error in CPU frequency reporting when nominal and min pstates are same
(cpufreq) (LP: #1746174)
- cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin

  * retpoline abi files are empty on i386 (LP: #1751021)
- [Packaging] retpoline-extract -- instantiate retpoline files for i386
- [Packaging] final-checks -- sanity checking ABI contents
- [Packaging] final-checks -- check for empty retpoline files

  * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping
different pmu events using perf fuzzer . (perf:) (LP: #1746225)
- powerpc/perf: Fix oops when grouping different pmu events

  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-126
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware

  * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition
table (LP: #1736145)
- powerpc/64s: Initialize ISAv3 MMU registers before setting partition table

  * powerpc/powernv: Flush console before platform error reboot (LP: #1735159)
-

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-03-19 Thread Stefan Bader

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
artful' to 'verification-done-artful'. If the problem still exists,
change the tag 'verification-needed-artful' to 'verification-failed-
artful'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-artful

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463

Title:
  apparmor profile load in stacked policy container fails

Status in snapd:
  Triaged
Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in linux-gcp package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Won't Fix
Status in linux source package in Xenial:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed
Status in apparmor source package in Artful:
  Fix Committed
Status in linux source package in Artful:
  Fix Committed
Status in linux-gcp source package in Artful:
  Invalid
Status in apparmor source package in Bionic:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux-gcp source package in Bionic:
  Fix Released

Bug description:
  LXD containers on an artful or bionic host with aa namespaces, should
  be able to load the lxc policies. However /lib/apparmor/profile-load
  skips that part when running in a container.

  aa-status shows 0 policies

  /lib/apparmor/profile-load is failing due to
  is_container_with_internal_policy() failing

  due to

  /sys/kernel/security/apparmor/.ns_name being empty which causes

if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi

  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-03-14 Thread Stefan Bader

** Changed in: linux (Ubuntu Artful)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463

Title:
  apparmor profile load in stacked policy container fails

Status in snapd:
  Triaged
Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in linux-gcp package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Won't Fix
Status in linux source package in Xenial:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed
Status in apparmor source package in Artful:
  Fix Committed
Status in linux source package in Artful:
  Fix Committed
Status in linux-gcp source package in Artful:
  Invalid
Status in apparmor source package in Bionic:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux-gcp source package in Bionic:
  Fix Released

Bug description:
  LXD containers on an artful or bionic host with aa namespaces, should
  be able to load the lxc policies. However /lib/apparmor/profile-load
  skips that part when running in a container.

  aa-status shows 0 policies

  /lib/apparmor/profile-load is failing due to
  is_container_with_internal_policy() failing

  due to

  /sys/kernel/security/apparmor/.ns_name being empty which causes

if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi

  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-03-06 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-gcp - 4.15.0-1001.1

---
linux-gcp (4.15.0-1001.1) bionic; urgency=medium

  * linux-gcp: 4.15.0-1001.1 -proposed tracker (LP: #1752101)

  * linux xenial derivatives fail to build (LP: #1691814) // Prepare linux-gcp
for bionic (LP: #1752069)
- [Packaging] Set do_tools_common in common vars

  * Prepare linux-gcp for bionic (LP: #1752069)
- linux-gcp: Update base kernel version
- [Config] linux-gcp: Reset config annotations to master
- [Config] linux-gcp: Add annotations overlay
- [Config] linux-gcp: updateconfigs after rebase to Ubuntu-4.15.0-10.11
- Ubuntu: linux-gcp: Revert build_arch=x86
- [Packaging] linux-gcp: Update Vcs-Git for bionic

  * CVE-2017-5715 (Spectre v2 retpoline)
- [Config] linux-gcp: disable retpoline checks for first upload

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
- [Packaging] config-check: allow overlay annotations files

  [ Ubuntu: 4.15.0-10.11 ]

  * linux: 4.15.0-10.11 -proposed tracker (LP: #1749250)
  * "swiotlb: coherent allocation failed" dmesg spam with linux 4.15.0-9.10
(LP: #1749202)
- swiotlb: suppress warning when __GFP_NOWARN is set
- drm/ttm: specify DMA_ATTR_NO_WARN for huge page pools
  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
- SAUCE: tools -- add ability to disable libbfd
- [Packaging] correct disablement of libbfd
  * [Artful] Realtek ALC225: 2 secs noise when a headset plugged in
(LP: #1744058)
- ALSA: hda/realtek - update ALC225 depop optimize
  * [Artful] Support headset mode for DELL WYSE (LP: #1723913)
- SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE
  * headset mic can't be detected on two Dell machines (LP: #1748807)
- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
- ALSA: hda - Fix headset mic detection problem for two Dell machines
  * Bionic update to v4.15.3 stable release (LP: #1749191)
- ip6mr: fix stale iterator
- net: igmp: add a missing rcu locking section
- qlcnic: fix deadlock bug
- qmi_wwan: Add support for Quectel EP06
- r8169: fix RTL8168EP take too long to complete driver initialization.
- tcp: release sk_frag.page in tcp_disconnect
- vhost_net: stop device during reset owner
- ipv6: addrconf: break critical section in addrconf_verify_rtnl()
- ipv6: change route cache aging logic
- Revert "defer call to mem_cgroup_sk_alloc()"
- net: ipv6: send unsolicited NA after DAD
- rocker: fix possible null pointer dereference in
  rocker_router_fib_event_work
- tcp_bbr: fix pacing_gain to always be unity when using lt_bw
- cls_u32: add missing RCU annotation.
- ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
- soreuseport: fix mem leak in reuseport_add_sock()
- net_sched: get rid of rcu_barrier() in tcf_block_put_ext()
- net: sched: fix use-after-free in tcf_block_put_ext
- media: mtk-vcodec: add missing MODULE_LICENSE/DESCRIPTION
- media: soc_camera: soc_scale_crop: add missing
  MODULE_DESCRIPTION/AUTHOR/LICENSE
- media: tegra-cec: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
- gpio: uniphier: fix mismatch between license text and MODULE_LICENSE
- crypto: tcrypt - fix S/G table for test_aead_speed()
- Linux 4.15.3
  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
CVE-2018-126
- net: create skb_gso_validate_mac_len()
- bnx2x: disable GSO where gso_size is too big for hardware
  * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
- net: hns: add ACPI mode support for ethtool -p
  * CVE-2017-5715 (Spectre v2 Intel)
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files
  * [Feature] PXE boot with Intel Omni-Path (LP: #1712031)
- d-i: Add hfi1 to nic-modules
  * CVE-2017-5715 (Spectre v2 retpoline)
- [Packaging] retpoline -- add call site validation
- [Config] disable retpoline checks for first upload
  * Do not duplicate changelog entries assigned to more than one bug or CVE
(LP: #1743383)
- [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  [ Ubuntu: 4.15.0-9.10 ]

  * linux: 4.15.0-9.10 -proposed tracker (LP: #1748244)
  * Miscellaneous Ubuntu changes
- [Debian] tests -- remove gcc-multilib dependency for arm64

  [ Ubuntu: 4.15.0-8.9 ]

  * linux: 4.15.0-8.9 -proposed tracker (LP: #1748075)
  * Bionic update to v4.15.2 stable release (LP: #1748072)
- KVM: x86: Make indirect calls in emulator speculation safe
- KVM: VMX: Make indirect call speculation safe
- module/retpoline: Warn about missing retpoline in module
- x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
- x86/cpufeatures: Add Intel feature bits for Speculation Control
- x86/cpufeatures: Add AMD feature bits for Speculation Control
- x86/msr: Add definitions for new speculation control MSRs
- x86/pti: Do

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-02-27 Thread Jamie Strandboge

FYI, the following kernels are also affected (all 4.13 based):
* linux-azure
* linux-hwe
* linux-hwe-edge
* linux-oem
* linux-raspi2

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463

Title:
  apparmor profile load in stacked policy container fails

Status in snapd:
  Triaged
Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in linux-gcp package in Ubuntu:
  Invalid
Status in apparmor source package in Xenial:
  Won't Fix
Status in linux source package in Xenial:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed
Status in apparmor source package in Artful:
  Fix Committed
Status in linux source package in Artful:
  Confirmed
Status in linux-gcp source package in Artful:
  Invalid
Status in apparmor source package in Bionic:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux-gcp source package in Bionic:
  Invalid

Bug description:
  LXD containers on an artful or bionic host with aa namespaces, should
  be able to load the lxc policies. However /lib/apparmor/profile-load
  skips that part when running in a container.

  aa-status shows 0 policies

  /lib/apparmor/profile-load is failing due to
  is_container_with_internal_policy() failing

  due to

  /sys/kernel/security/apparmor/.ns_name being empty which causes

if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi

  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-02-27 Thread Jamie Strandboge

Since this is going to be fixed in 'linux' and 'linux-gcp', adding tasks
for those.

** Changed in: apparmor (Ubuntu Artful)
   Status: Won't Fix => Fix Committed

** Changed in: linux (Ubuntu Artful)
   Status: Fix Committed => Confirmed

** Also affects: linux-gcp (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: linux-gcp (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: apparmor (Ubuntu Xenial)
   Status: New => Won't Fix

** Changed in: linux (Ubuntu Xenial)
   Status: New => Invalid

** Changed in: linux-gcp (Ubuntu Artful)
   Status: New => Invalid

** Changed in: linux-gcp (Ubuntu Bionic)
   Status: New => Invalid

** Changed in: linux-gcp (Ubuntu Xenial)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463

Title:
  apparmor profile load in stacked policy container fails

Status in snapd:
  Triaged
Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in linux-gcp package in Ubuntu:
  Invalid
Status in apparmor source package in Xenial:
  Won't Fix
Status in linux source package in Xenial:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed
Status in apparmor source package in Artful:
  Fix Committed
Status in linux source package in Artful:
  Confirmed
Status in linux-gcp source package in Artful:
  Invalid
Status in apparmor source package in Bionic:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux-gcp source package in Bionic:
  Invalid

Bug description:
  LXD containers on an artful or bionic host with aa namespaces, should
  be able to load the lxc policies. However /lib/apparmor/profile-load
  skips that part when running in a container.

  aa-status shows 0 policies

  /lib/apparmor/profile-load is failing due to
  is_container_with_internal_policy() failing

  due to

  /sys/kernel/security/apparmor/.ns_name being empty which causes

if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi

  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

2018-02-27 Thread Jamie Strandboge

Add a snapd task so that when the https://launchpad.net/ubuntu/+source
/linux-gcp is Fix Released, snapd can re-enable the tests/main/lxd test
on GCE.

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Artful)
   Status: New => Fix Committed

** Changed in: apparmor (Ubuntu Artful)
   Status: Fix Committed => Won't Fix

** Changed in: linux (Ubuntu Bionic)
   Status: New => Confirmed

** Tags added: aa-kernel

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1746463

Title:
  apparmor profile load in stacked policy container fails

Status in snapd:
  Triaged
Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in linux-gcp package in Ubuntu:
  Invalid
Status in apparmor source package in Xenial:
  Won't Fix
Status in linux source package in Xenial:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed
Status in apparmor source package in Artful:
  Fix Committed
Status in linux source package in Artful:
  Confirmed
Status in linux-gcp source package in Artful:
  Invalid
Status in apparmor source package in Bionic:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux-gcp source package in Bionic:
  Invalid

Bug description:
  LXD containers on an artful or bionic host with aa namespaces, should
  be able to load the lxc policies. However /lib/apparmor/profile-load
  skips that part when running in a container.

  aa-status shows 0 policies

  /lib/apparmor/profile-load is failing due to
  is_container_with_internal_policy() failing

  due to

  /sys/kernel/security/apparmor/.ns_name being empty which causes

if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
   [ "${ns_name#lxc-*}" = "$ns_name" ]; then
return 1
fi

  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

[Kernel-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails

9 matches

Site Navigation

Mail list logo

Footer information