** Changed in: lxc (Ubuntu Xenial)
Status: Confirmed => Invalid
** No longer affects: lxc (Ubuntu Vivid)
** No longer affects: lxc (Ubuntu Wily)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/linux-lts-wily
/trusty-proposed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with postfix,
** Branch linked: lp:ubuntu/trusty-proposed/linux-lts-vivid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with postfix, permission denied on
This bug was fixed in the package linux - 3.19.0-51.57
---
linux (3.19.0-51.57) vivid; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials
This bug was fixed in the package linux - 3.19.0-51.57
---
linux (3.19.0-51.57) vivid; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials
This bug was fixed in the package linux - 4.2.0-30.35
---
linux (4.2.0-30.35) wily; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials
This bug was fixed in the package linux - 4.2.0-30.35
---
linux (4.2.0-30.35) wily; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
vivid' to 'verification-done-vivid'.
If verification is not done by 5 working days from
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
wily' to 'verification-done-wily'.
If verification is not done by 5 working days from
This bug was fixed in the package linux - 4.4.0-2.16
---
linux (4.4.0-2.16) xenial; urgency=low
[ Andy Whitcroft ]
* Release Tracking Bug
- LP: #1539090
* SAUCE: hv: hv_set_ifconfig -- convert to python3
- LP: #1506521
* SAUCE: dm: introduce a target_ioctl op to
** Changed in: linux (Ubuntu Vivid)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Wily)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with postfix, permission
** Description changed:
+ [Impact]
+
+ * Users may encounter situations where they use applications, confined by
+AppArmor, that hit EACESS failures when attempting to operate on AF_UNIX
+stream sockets.
+
+ * These failures typically occur when the confined applications attempts to
+
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: lxc (Ubuntu Xenial)
Importance: Medium
Status: Confirmed
** Also affects: linux (Ubuntu Vivid)
Importance:
@jjohansen, I've tested your build and can confirm it fixes the issue.
root@host:~# uname -a
Linux host 3.19.0-31-generic #36+lp1446906v3 SMP Fri Dec 18 08:37:50 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
root@lxc:~# mailq
Mail queue is empty
--
You received this bug notification because you are
Kernels with version 3 of the fix can be found at
http://people.canonical.com/~jj/lp1446906/
please test and leave feedback as to whether this fixes the issue
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
I encountered this problem too on Ubuntu 15.04 running 3.19.0-39 kernel.
Fixed it by turned off apparmor profile for LXC container by adding
"lxc.aa_profile = unconfined" into container's config. In my case
increased security risk is acceptable, but it's desirable to fix it the
right way. Is
@astatutov,
Could you please test the kernels posted in comment #28?
@jjohansen, confused, why is this bug not marked as affecting linux? Is
there a reason?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
Please try the test kernels at
http://people.canonical.com/~jj/lp1446906/
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with postfix,
Making this bug NOT a duplicate of Bug 1390223, which will be for just
the bad unix_fs macro fix that has already been committed. This one will
track the deleted entry/socket shutdown revalidation issue.
** This bug is no longer a duplicate of bug 1390223
Apparmor related regression on access
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
Alright, so this is not the disconnected path issue I thought it was, I
am looking into it more.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
Alright, this is failing the way it is because it is a race on the
socket being shutdown. If the mediate_deleted flag was removed from the
profile, an additional info flag would show up in the DENIED
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
yes, sorry I'm not sure why I missed adding the leading /
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
nearly correct - the rule needs to be
/public/showq r,
(note the leading "/")
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
The issue is that the path is disconnected from the namespace. Currently
the only way to deal with this is by using the attach_disconnect flag in
the profile, and then place rules for the attached files
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
This is not actually a container problem but an apparmor3 problem. You can
reproduce it by using aa-exec on the host (with any profile) starting with
commit b3c3d641f1de (UBUNTU: SAUCE: (no-up) apparmor:
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
So I ran postfix' master process with strace to see what it does, didn't find
anything out of the ordinary, however, this way the read() succeeded 15 out of
20 times, only 5 EACCES. The strace output of
*** This bug is a duplicate of bug 1390223 ***
https://bugs.launchpad.net/bugs/1390223
** Changed in: lxc (Ubuntu)
Status: Incomplete = Confirmed
** This bug has been marked a duplicate of bug 1390223
Apparmor related regression on access to unix sockets on a candidate 3.16
Q: What's status incomplete? Thanks
** Package changed: linux (Ubuntu) = lxc (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with
29 matches
Mail list logo
