** Tags added: champagne
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1860826
Title:
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or
directory
Status
Public bug reported:
Hello, after upgrading to focal I found the following in my journalctl
output:
Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open
/etc/securetty: No such file or directory
Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open
My machine did not reboot successfully; because I followed The Guide, my
system has a root password, and I was prompted for it at the systemd
emergency shell. (Which is super-confusing, because I forgot I had set a
password.)
The error message appeared to be along the lines of "bpool failed to
I was able to fix this error:
E: mkinitramfs failure cpio 141 lz4 -9 -l 24
by deleting the snapshots that sanoid made *during* the installation
process:
sarnold@millbarge:/boot$ sudo zfs destroy
bpool@autosnap_2020-01-24_04:00:05_hourly%autosnap_2020-01-24_08:45:05_frequently
[sudo] password
I'm surprised the snapshots showed up, I've got the snapdirs hidden:
$ zfs list -oname,snapdir
NAME SNAPDIR
bpool hidden
bpool/BOOT hidden
bpool/BOOT/ubuntu hidden
rpool hidden
Hello Mitch, excellent report, thanks.
This is working as intended.
The Unix process model is complicated, and Linux has added a few
additional complications on top; I'll try to summarize it but it's just
not going to be easy.
When a parent process exits, child processes are not notified by
** Information type changed from Private Security to Public
** Changed in: bash (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1857210
I thought we were going to some effort to reduce the number of systems
where resolveconf was going to be used, or even remove it from the
distro entirely.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in
Maciej, that looks like javascript polkit and I believe we're staying on
the pre-javascript version of polkit.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Hello Douglas, thanks for the report. AppArmor is one of several tools
the snap packaging system uses to enforce confinement on packages. The
AppArmor project doesn't supply the policy though, just the enforcement
mechanism. I believe you'll need to talk to whoever wrote the snap
package, as they
I've selected the most likely packages to be involved, based on a guess.
Without knowing how the user attempted to set their password though,
this is going to be pretty impossible to track down.
/etc/passwd hasn't had passwords stored in it by default for something
like 25 years. My best guess at
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Seems to work fine on disco:
sarnold@millbarge:~$ sudo apt install libssl1.1 openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-image-5.0.0-20-generic
Seems to work fine from disco:
sarnold@millbarge:~$ sudo apt install libssl1.1 openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-image-5.0.0-20-generic
Hello Federico,
Wietse is correct. You will not get security benefits from your proposed
changes.
Public key authentication, combined with a 2FA mechanism such as TOTP
for interactive users, is the current best practice.
IP filtering is a useful tool; you can already have good benefits from
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tcp-wrappers in Ubuntu.
https://bugs.launchpad.net/bugs/1839598
Title:
tcp_wrappers does not whitelisting of
Hello,
It appears the source.codeaurora.org site has not correctly configured
their TLS certificate chain:
https://www.ssllabs.com/ssltest/analyze.html?d=source.codeaurora.org
"Chain issues Incomplete, Extra certs"
If you can contact the admins for this site, please ask them to include
all
*** This bug is a duplicate of bug 1836236 ***
https://bugs.launchpad.net/bugs/1836236
** Information type changed from Private Security to Public
** This bug has been marked a duplicate of bug 1836236
9.4ubuntu4.9: Broken package because of missing "#" @
I read through Bionic's systemd-random-seed.service source (src/random-
seed/random-seed.c) and didn't see any references to RNDADDTOENTCNT or
RNDADDENTROPY, the ioctl(2)s that are used to indicate to the kernel
that added entropy should be used for the random(4) device. Maybe
they're hidden
** Changed in: libpgm (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpgm in Ubuntu.
https://bugs.launchpad.net/bugs/1820203
Title:
[MIR]
** Also affects: lubuntu-meta (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1835095
Title:
Lubuntu initrd
*** This bug is a duplicate of bug 1835095 ***
https://bugs.launchpad.net/bugs/1835095
** Information type changed from Private Security to Public Security
** This bug has been marked a duplicate of bug 1835095
Lubuntu initrd images leaking cryptographic secret when disk encryption is
*** This bug is a duplicate of bug 1832919 ***
https://bugs.launchpad.net/bugs/1832919
** This bug has been marked a duplicate of bug 1832919
installed libssl1.1:amd64 package post-installation script subprocess
returned error exit status 10
--
You received this bug notification because
*** This bug is a duplicate of bug 1832919 ***
https://bugs.launchpad.net/bugs/1832919
** This bug is no longer a duplicate of bug 1495302
subprocess installed post-installation script returned error exit status 10
** This bug has been marked a duplicate of bug 1832919
installed
*** This bug is a duplicate of bug 1832919 ***
https://bugs.launchpad.net/bugs/1832919
** This bug is no longer a duplicate of bug 1495302
subprocess installed post-installation script returned error exit status 10
** This bug has been marked a duplicate of bug 1832919
installed
I'm not sure how to do SRU verification on this update. I don't know a
set of steps to take to see the update notification when running X11.
Upgrading and downgrading among several packages did NOT show the update
notification:
sarnold@hunt:/tmp$ sudo dpkg -i
Stephen, AMD invented the 64 bit extensions to the x86 instruction set
and brought their processors to market well before Intel brought theirs
to market. Thus AMD won a huge amount of name recognition. Debian
standardized on "amd64" to name packages for the architecture many years
ago.
Thanks
--
** Attachment added: "Coverity results"
https://bugs.launchpad.net/ubuntu/+source/libpgm/+bug/1820203/+attachment/5270475/+files/coverity.txt
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpgm in Ubuntu.
Public bug reported:
Hello, the openssl library postinst file is using pidof /usr/bin/X, but
that doesn't appear to be the path to the X11 server any more:
debian/libssl1.1.postinst:
# Only issue the reboot notification for servers; we proxy this by
# testing that the X server
Hello Robert, thanks for this; could you please file this bug against
the man-db package, and mention that this needs to be adjusted similar
to https://usn.ubuntu.com/4008-2/ ?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Can you run apport-collect 1831490 on this machine to collect additional
logs and data?
Thanks
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
** Package changed: alsa-driver (Ubuntu) => linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1831301
Title:
sound doesn't works in both kernel. no one
Hi Michael, thanks for reporting back the solution -- we're fine here,
nothing needs doing.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1713435
Title:
package
** Description changed:
- I want to do some SRU testing but I have to look up how to add the
- -proposed lines to apt sources every time I want to do this task. The
- wiki page for it is pretty verbose and includes text like: "Replace
- "xenial" with "trusty", "vivid", "utopic", "precise", or
The wiki page does have the software properties method documented:
https://wiki.ubuntu.com/Testing/EnableProposed
I don't have software-properties-gtk installed (and until now didn't
know the name of the command to launch it), so apt-add-repository was my
first attempt.
Thanks
--
You received
pito, it'd probably be best to head to https://askubuntu.com/ or #ubuntu
on irc.freenode.net to try to figure out where exactly your slow
performance is coming from.
Install the systemd-bootchart package, then at grub's kernel command
line, add init=/lib/systemd/systemd-bootchart
Attach the
Hello, can you please provide the output of:
head -1 /usr/bin/pyclean
ls -l /usr/bin/python
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1829857
Title:
Probably this represents an LVM2 or hardware error instead of something
specific to certificates.
Thanks
** Package changed: ca-certificates (Ubuntu) => ubuntu
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates
The error message from the terminal log:
(Reading database ... 1522438 files and directories currently installed.)
Preparing to unpack .../python-django_1.6.11-0ubuntu1.3_all.deb ...
File "/usr/bin/pyclean", line 63
except (IOError, OSError), e:
^
SyntaxError:
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross
Public bug reported:
I want to do some SRU testing but I have to look up how to add the
-proposed lines to apt sources every time I want to do this task. The
wiki page for it is pretty verbose and includes text like: "Replace
"xenial" with "trusty", "vivid", "utopic", "precise", or "lucid"
Use CVE-2018-20839.
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20839
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1803993
Title:
Vibhu, please see https://usn.ubuntu.com/3943-1/ for information on the
most recent wget security update we performed.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wget in Ubuntu.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to evolution-data-server in
Ubuntu.
https://bugs.launchpad.net/bugs/1828124
Title:
Incidentally, there's nothing for the AppArmor project to do here -- any
confined program will include or not include the fingerprint data as
specified in the profile.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
I'll include as a comment my reply to an email from the reporter:
Hello,
Note that the Ubuntu security team considers fingerprints to be akin to
usernames, rather than passwords. They cannot be changed, they are left on
thousands of objects daily, and repeated demonstrations of sensors being
Probably related:
https://bugzilla.redhat.com/show_bug.cgi?id=1336308
and probably related:
https://sourceware.org/git/?p=glibc.git;a=commit;h=b11643c21c5c9d67a69c8ae952e5231ce002e7f1
Thanks
** Bug watch added: Red Hat Bugzilla #1336308
https://bugzilla.redhat.com/show_bug.cgi?id=1336308
--
Hello, this is pretty confusing: coreutils in both 18.10 and 19.04 have
mv -Z support, so regardless of which coreutils package was unpacked at
the time, the command should have succeeded.
Could you do some investigation?
which mv
mv --help | grep Z
ls -l `which mv`
dpkg -S `which mv`
debsums
Thanks Jann
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1814596
Title:
DynamicUser can create
** Also affects: language-pack-de-base (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to language-pack-de in
Ubuntu.
https://bugs.launchpad.net/bugs/1824724
Title:
Hello German translators, what's involved in fixing translations and
pushing an updated translation package to users? The new strings have
broken some AppArmor utilities.
I believe the lines that need fixing:
language-pack-de_18.04+20190117/data/de/LC_MESSAGES/apparmor-utils.po:msgid
"(V)iew
** Also affects: ubuntu-translations
Importance: Undecided
Status: New
** Changed in: ubuntu-translations
Assignee: (unassigned) => Ubuntu German Translators (ubuntu-l10n-de)
** Also affects: language-pack-de (Ubuntu)
Importance: Undecided
Status: New
--
You received
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1812316
Title:
systemd: lack of seat verification in
On Wed, Apr 10, 2019 at 08:34:47AM -, Lars wrote:
> [root@myhost:~]↥ 1 # namei -l /test/var/lib/dhcp/dhcpd.leases
> f: /test/var/lib/dhcp/dhcpd.leases
> drwxr-xr-x root root /
> drwxr-xr-x dhcpd dhcpd test
> drwxr-xr-x dhcpd dhcpd var
> drwxr-xr-x dhcpd dhcpd lib
> drwxr-xr-x dhcpd dhcpd
On Tue, Apr 09, 2019 at 03:15:26PM -, Lars wrote:
> I set a custom leases file in the dhcpd.conf:
> lease-file-name "/test/var/lib/dhcp/dhcpd.leases";
>
> and created a custom apparmor profile for that in
> /etc/apparmor.d/local/usr.sbin.dhcpd:
> /test/var/lib/dhcp/dhcpd{,6}.leases* lrw,
>
Vital, just scanning version banners is what leads to this problem.
Inspecting the package database would be far more reliable.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
Root, that script is suitable for timing attacks against ssh. This issue
is easier to use to enumerate users, but does require a different
approach. There was a tool posted to oss-security for this:
https://www.openwall.com/lists/oss-security/2018/08/16/1
Thanks
--
You received this bug
Hmm, also ugly:
test-normalize.c: In function ‘main’:
test-normalize.c:159:49: warning: ‘__builtin___snprintf_chk’ output may be
truncated before the last format character [-Wformat-truncation=]
snprintf(longname, sizeof(longname), "%s/%s", srcdir, filename);
Root, aha! We've finally uncovered the root of the problem. (Sorry. I
can't help myself. It's Friday afternoon.)
While Qualys' TLS scanner is a top-notch tool that I use regularly,
their "security scanner" is sadly not. They have built a tool that
checks version numbers. This is not ideal,
You should use sudo -i to get a clean root login without your local user
configuration seeping into the shell.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1823202
This appears to be the missing context:
╭─rkm@Khadas ~
╰─➤ sudo -s
[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x 11 rkm rkm 4096 Mar 30 19:19 /home/rkm/.oh-my-zsh
drwxr-xr-x 266 rkm rkm 12288 Mar 30 19:19 /home/rkm/.oh-my-zsh/plugins
drwxr-xr-x 2 rkm rkm 4096
Steve Langasek has pointed out that I missed the point of the bug.
I'm not comfortable with OPENSSL_TLS_SECURITY_LEVEL=0 in bionic. (Or,
indeed, in cosmic either.)
We shipped 18.04 LTS with OPENSSL_TLS_SECURITY_LEVEL=1, correct? I don't
recall seeing more than a handful of complaints about
I'm slightly concerned about raising the TLS minimums in our next LTS
release without some exposure to it in the 19.10 release. But this plan
sounds better than waiting until 20.10 to raise the minimums -- and
19.10 may be too soon to take the step.
But we don't have to decide on 19.10 defaults
Root, version 1:7.6p1-4ubuntu0.1 included the fix for CVE-2018-15473.
Version 1:7.6p1-4ubuntu0.2 is included in the disc image ubuntu-18.04.2
-server-amd64:
$ sha256sum ubuntu-18.04.2-server-amd64.iso
a2cb36dc010d98ad9253ea5ad5a07fd6b409e3412c48f1860536970b073c98f5
Hello,
Are there any messages in dmesg that look related? Can you ping those
hosts? Do you get ssh banners if you run:
echo "" | nc x.x.x.x 22
?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
root, version 1:7.6p1-4ubuntu0.1 was published to the archive on
November 6th 2018:
https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1
https://lists.ubuntu.com/archives/bionic-changes/2018-November/017000.html
https://usn.ubuntu.com/3809-1/
A default configuration of Ubuntu 18.04
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1822335
Title:
test general
Status in xorg package in Ubuntu:
root: sudo apt update && sudo apt upgrade
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1794629
Title:
CVE-2018-15473 - User enumeration vulnerability
Status in
I added apport for the python2 -> python3 bug.
Thanks
** Also affects: apport (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
I'm sorry Riccardo, I didn't notice the two separate BASH_CMDS issues when
I filed the request. The only mention in the changelog is:
> This document details the changes between this version, bash-4.4-beta2,
> and the previous version, bash-4.4-rc1.
>$
> [...]
>$
> d. Fixed a bug that allowed
Public bug reported:
I have apt configured to load a wide variety of sources; my apt is using
a local squid-deb-proxy on the same system, and the source that is
failing is hosted on an archive mirror on my LAN.
Today I noticed unexpected results from apt-get update:
# apt-get update
Hit:1
CVE-2019-9924
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9924
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1803441
Title:
BASH_CMDS is
** Package changed: dbus (Ubuntu) => xfce4 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1821364
Title:
xfce4 install on Ubuntu 18.04 has no polkit agent
Status
Use CVE-2019-9923.
Thanks
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9923
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1810241
Title:
NULL
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyboard in Ubuntu.
https://bugs.launchpad.net/bugs/1594863
Title:
OSK consideration for life
On Wed, Mar 20, 2019 at 07:25:35PM -, Edhelharn wrote:
> My sources.list file (updated) :
>
> #deb http://fr.archive.ubuntu.com/ubuntu/ bionic main restricted
> #deb http://fr.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
> #deb http://fr.archive.ubuntu.com/ubuntu/ bionic universe
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1821052
Title:
No connexion with mobile
Hello,
dpkg: ошибка при обработке пакета libselinux1:amd64 (--configure):
пакет libselinux1:amd64 2.7-2build2 не может быть настроен, так как
libselinux1:i386 другой версии (2.2.2-1ubuntu0.1)
You have an i386 version of 14.04's libselinux1 installed and the
upgrade tool tried to install the
On Tue, Mar 12, 2019 at 04:05:45PM -, Dimitri John Ledkov wrote:
> defaults. And all of them however have committed to drop support for
> those in 2020. My expectation is to follow suit, and set default
> security level to 2, and require TLS1.2 shortly after 19.10 release.
Can you expand upon
Hello, can you please run this command and report back the results?
ls -ld /
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1818679
Title:
package openssh-server
Hello, can you please run this command and report back the results?
ls -ld /
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1818691
Title:
package openssh-server
Public bug reported:
Hello, we've received a surprising number of bug reports that include
lines from ufw's sanity checks on / permissions are incorrect; it's been
a recurring feature of systemd-tmpfiles bug reports as well.
I think apport should include a similar report if / /etc /lib /usr /tmp
Public bug reported:
Hello, namei -l gives incorrect error messages if a directory is not
readable:
$ namei -l /etc/ssl/private/ssl-cert-snakeoil.key
f: /etc/ssl/private/ssl-cert-snakeoil.key
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
drwx--x--- root
On Thu, Feb 28, 2019 at 04:08:09AM -, Edson José dos Santos wrote:
> edson@edson-p6540br:~$ dmesg | grep DENIED
> [ 58.334359] audit: type=1400 audit(1551326278.953:59): apparmor="DENIED"
> operation="open" profile="/usr/lib/snapd/snap-confine"
> name="/opt/eset/esets/lib/libesets_pac.so"
On Thu, Feb 28, 2019 at 03:04:00AM -, Edson José dos Santos wrote:
> Hello Arnold
> unix, (connect, send, receive) peer =
(addr="@2F746D702F65736574732E736F636B00*"),
Excellent, here's the mistake. Remove everything after the comma:
unix,
Then try the reboot again.
--
You received
On Wed, Feb 27, 2019 at 12:59:14PM -, Edson José dos Santos wrote:
> Hi, Arnold
>
> At startup the error message is appearing in apparmor and I would like
> to know how to generate a log to introduce them to you or just the boot
> boot log. In the absence of this I got this other log, where
Hello snapd friends, Edson has an antivirus tool that requires all
processes have write access to a unix domain socket. Adding a rule to
/etc/apparmor.d/abstractions/base addressed many profiles but not
snapd's snap-confine profile.
What's the mechanism for admins to add local rules to this file?
Hi Edson.. so, the last idea I've got is:
unix,
in /etc/apparmor.d/abstractions/base
Do the usual reload, and reboot if it worked, dance.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
On Mon, Feb 18, 2019 at 02:45:16PM -, Edson José dos Santos wrote:
> Line replaced successfully:
>
> From: unix (connect, send, receive)
> peer=(addr="@2F746D702F65736574732E736F636B00*"),
>
> To: unix (connect, send, receive) peer = (addr = "@
> 2F746D702F65736574732E736F636B00 *"),
Ah,
On Mon, Feb 18, 2019 at 01:26:02PM -, Edson José dos Santos wrote:
> Is it the same correct procedure?
>
> /etc/apparmor.d/abstractions/base file:
>
> unix (connect, send, receive) peer = (addr = "@
> 2F746D702F65736574732E736F636B00 *")
>
> Then sudo /etc/init.d/apparmor reload
> If that
Alright, I don't know why that line didn't work. Replace it with this
one:
unix,
it's a lot more open than I'd like, but I don't know why the more
specific rule didn't work. So, lets try this.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Hello Edson,
Are all those messages after adding this rule to your abstractions/base?
unix (connect, send, receive)
peer=(addr="@2F746D702F65736574732E736F636B00*"),
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Hello Edson, thanks for the reply; can you re-run this command and paste
back the results?
dmesg | grep DENIED
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Hello Edson,
Please add these lines to your /etc/apparmor.d/abstractions/base file:
/etc/opt/eset/ r,
/etc/opt/eset/** r,
/opt/eset/esets/lib/** mr,
unix (connect, send, receive)
peer=(addr="@2F746D702F65736574732E736F636B00*"),
Then sudo /etc/init.d/apparmor reload
If that appeared
Hello Edson, what's the output of:
dmesg | grep DENIED
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1571531
Title:
cupsd cause apparmor denials for
This message in your logs indicates that your system is improperly
configured:
WARN: uid is 0 but '/' is owned by 1000
I suggest heading to #ubuntu on irc.freenode.net or
https://askubuntu.com to ask for help from someone. If you go to
askubuntu, be sure to paste in the output of ls -l / .
Thanks Christian, very thorough.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1815415
Title:
please update libseccomp for newer kernel syscalls
Status in libseccomp
On Mon, Feb 11, 2019 at 07:38:28AM -, Christian Ehrhardt wrote:
> @Seth / @Tyler - Hi, you asked for the change, but I'd want to ask for
> something as well :-) Do you have any testcases from your security work
> that we could reuse here to check the SRU for SRU verification?
It doesn't
Sorry about the question about s390 syscalls in unrelated syscall
tables; that patch accurately reflected upstream's code.
Looks good to me, thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
301 - 400 of 1527 matches
Mail list logo