im-config 0.29-1ubuntu12.2 is uploaded to xenial-proposed and ensures
the newer apparmor is installed. Please see the updated description for
im-config in Test Case and Regression Potential for details.
** Description changed:
IMPORTANT: SRU Team, see comment #25 for why this bug is
I'm going to mark this as "Won't Fix"-- this is really up to the
uploader to make sure it looks correct on the device. That said, if
someone wanted to provide an MP, I would review it.
** Changed in: click-reviewers-tools
Status: Triaged => Won't Fix
--
You received this bug notification
This was fixed long ago in the review tools.
** Changed in: click-reviewers-tools
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
** Changed in: click-reviewers-tools
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1366266
Title:
Images with transparency look wrong in the
The explicit /dev/ denial was to fix a noisy denial that was confusing
users and so we decided to silence the denial. Due to the way apparmor
'deny' works, you can't undo an explicit deny rule (deny rules are
evaluated after allow rules).
There are a few ways forward:
1. fix webbrowser-app's sed
/etc/ld.so.preload should be a site-specific file (ie, it shouldn't come
from Ubuntu). I wouldn't want to break people by adding an explicit
deny, but I'd prefer users encountering this to update their
/etc/apparmor.d/local/usr.sbin.cupsd file to have:
/etc/ld.so.preload r,
Or if people just
The lttng denials are https://bugs.launchpad.net/ubuntu/+source
/apparmor-easyprof-ubuntu/+bug/1260491 and should not affect the
functionality of the app. Also, you filed this against the apparmor
project and this isn't a bug there but with Ubuntu's policy.
How did you install the music player?
Downgrading dpkg on a 16.10 system to 1.18.4ubuntu1.1 does not help.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click in Ubuntu.
https://bugs.launchpad.net/bugs/1615757
Title:
click install fails on 16.10, causing
** Attachment added: "com.example.click-apparmor-test_0.1_all.click"
https://bugs.launchpad.net/ubuntu/+source/click/+bug/1615757/+attachment/4728458/+files/com.example.click-apparmor-test_0.1_all.click
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Running the command manually from the output results in:
$ sudo dpkg --force-not-root --force-bad-path --force-architecture --instdir
/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1 --admindir
/opt/click.ubuntu.com/com.example.click-apparmor-test/0.1/.click --path-exclude
Downgrading click on a 16.10 system to 0.4.43+16.04.20160203-0ubuntu2
does not help.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click in Ubuntu.
https://bugs.launchpad.net/bugs/1615757
Title:
click crashed with
This bug also affects the click-apparmor autopkgtests. I'm surprised
that click was promoted if click-apparmor's autopkgtest failed. Here are
steps to reproduce in a clean VM:
$ sudo apt-get install click ubuntu-sdk-libs
$ sudo click install --user=jamie
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click in Ubuntu.
https://bugs.launchpad.net/bugs/1615757
Title:
click crashed with subprocess.CalledProcessError in run():
** Attachment added: "apparmor.profile"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1612393/+attachment/4719283/+files/apparmor.profile
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
This is the type of rule I'm striving to have:
mount fstype=fuse.* [^/]** ->
@{HOME}/snap/@{SNAP_NAME}/@{SNAP_REVISION}/{,**/},
That doesn't work, but his does:
mount fstype=fuse.* [^/]** ->
/home/*/snap/@{SNAP_NAME}/@{SNAP_REVISION}/{,**/},
--
You received this bug notification because you
Public bug reported:
When using apparmor variables for the mountpoint in mount rules, the
parser will parse the rule but the kernel blocks it.
Eg, this works:
# works
mount -> /home/*/mnt/,
This doesn't:
mount -> @{HOME}/mnt/,
audit: type=1400 audit(1470943929.750:482): apparmor="DENIED"
** Attachment added: "fusexmp.c"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1612393/+attachment/4719282/+files/fusexmp.c
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Annoying-- it happened to 3 people today but still no reliable
reproducer.
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
@Michael - can you attach the snap of the version you upgraded from as
well as to? I suspect the reproducer becomes:
$ sudo snap install --devmode /path/to/previous/udf
$ sudo snap install --devmode /path/to/updated/udf
Do we need to do something like this instead? (not sure what a fetch from
** Changed in: apparmor (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within
FYI, this is a requirement for snapd, but it was deprioritized in favor
of namespace stacking in support of LXD, upstreaming and other work in
support of snappy (eg, gsettings mediation). A lot of work was done to
support this, but the soonest it would be delivered given current
priorities is
Could this be related to https://bugs.launchpad.net/bugs/1604872 ?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1603904
Title:
X apps that use dbus (GTK, Firefox) either
Pat had the idea of implementing a variation of '8'. Essentially, look
inside the tar file and see if apparmor, click-apparmor or apparmor-
easyprof-ubuntu changed, then say something along the lines of "Security
policy will be updated after the device is restarted. This process may
take several
@Simon, thanks for the updates. It looks I did not have the module-
snappy-policy module loaded and appreciate the update to default.pa and
the updated patch that addresses the other issues.
The only remaining issue is making sure that recording continues to work
in devmode. I think you will want
** Description changed:
- [Impact]
+ [Impact]
Currently snaps on Ubuntu Classic may declare in their snap.yaml that they
want access to pulseaudio. When installed, snapd will auto-connect the
pulseaudio interface giving the snap access to the pulseaudio server for
playback and recording.
@Simon, per the SRU process, I've done the paperwork to pursue the SRU
but leaving this as 'In Progress' due to my comments. Please attach an
updated debdiff and I'll review and adjust the bug as appropriate.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
@Simon, finally, in reading the patch this will affect both strict and
devmode and so the patch should "if startswith 'snap.' and process is in
enforce mode ; then block recording".
This will be needed for the phase 2 implementation as well, so it is not
wasted effort. I've asked the apparmor
** Description changed:
- Until we have a proper trust-store implementation with snappy and on the
- desktop/ubuntu core we want pulseaudio to simply deny any audio
- recording request coming from an app shipped as part of a snap.
+ [Impact]
+ Currently snaps on Ubuntu Classic may declare in
I should mention that when testing this installed test packages then
logged out of my session, killed my user's pulseaudio then logged back
in. I suppose I could have also done 'killall pulseaudio' and have it
restart automatically instead.
--
You received this bug notification because you are a
The functionality does not work as expected and I am able to record when
running parecord under an apparmor profile that starts with 'snap.' (see
attached).
** Attachment added: "1583057-test.sh"
The functionality does not work as expected and I am able to record when
running parecord under an apparmor profile that starts with 'snap.' (see
attached).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in
** Changed in: pulseaudio (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: pulseaudio (Ubuntu Xenial)
Assignee: (unassigned) => Simon Fels (morphis)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
@Simon, couple of small things:
* you should use 8.0-0ubuntu3.1 as the version instead of 8.0-0ubuntu4
* the changelog has a date of 'Tue, 17 May 2016 17:59:58 +0200' which is quite
old, yet the diff was only recently uploaded. You can use 'dch -r' to update
the date
More importantly:
* the
** Changed in: pulseaudio (Ubuntu Xenial)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057
Title:
Deny audio recording for
@Simon, thanks, I'll work on sponsoring this.
@Zygmunt, I'm not sure this is the patch to upstream-- it is the phase 1
approach and the phase 2 approach is pulseaudion/trust-store/snappy
interfaces which we will be discussing this week.
--
You received this bug notification because you are a
2.0.8 generates the new input methods policy and it correctly compiles.
Marking verification-done.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Ping, who will be providing this update to xenial?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057
Title:
Deny audio recording for all snap applications
Status
Thank you for reporting a bug. The MAC in the log entry comes from the
kernel and contains several pieces of information: the src MAC, the dst
MAC and the TYPE. See http://logi.cc/en/2010/07/netfilter-log-format/
** Information type changed from Private Security to Public
** Package changed: ufw
** Changed in: snapd (Ubuntu Yakkety)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1580463
Title:
Snap blocks access to
Marking the bug as Triaged since comment #8 describes how to fix the
bug.
** Changed in: lightdm (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
Ok, I looked at this quite a bit today. I'll summarize some stuff that
was already said to justify the path forward.
1. bug #1509829 reports that the lightdm guest session fails to start fcitx and
mozc input methods
2. the fix as implemented was to create apparmor abstractions for fcitx and
Based on comment #15 I removed im-config 0.29-1ubuntu12.1 from xenial-
proposed so it doesn't accidentally get promoted.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
FYI, fcitx uses dbus-daemon (as opposed to ibus-daemon, which does not)
and so apparmor dbus mediation can be used with 'dbus bus=fcitx,'. As
such, im-config does not need an update for fcitx.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
** Changed in: pulseaudio (Ubuntu Xenial)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057
Title:
Deny audio recording for all snap
Adding xenial task and marking triaged since a fix is available in
yakkety. Who will be providing this update?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057
Thanks for working on this! Per the snappy team, this will also need a
SRU for xenial.
** Also affects: pulseaudio (Ubuntu Yakkety)
Importance: High
Assignee: Luke Yelavich (themuso)
Status: Fix Released
** Also affects: pulseaudio (Ubuntu Xenial)
Importance: Undecided
** Description changed:
I use the calendar-app with my work google calendar. For that calendar I
have alarms setup to automatically send an email 24 hours, 4 hours and
30 minutes before any event and I choose email as the reminder (as
opposed to popup) so that I wouldn't be bombarded with
Tyler said that he would update the apparmor ibus abstraction for this
change, which will be required to not break ibus in evince and
webbrowser-app. As such, I'm going to mark this as 'verification-failed'
then adjust im-config to Breaks with apparmor less than the version
Tyler is uploading.
**
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu Xenial)
Status: New => Triaged
** Changed in: apparmor (Ubuntu Yakkety)
Status: New => In Progress
** Changed in: apparmor (Ubuntu Xenial)
Importance: Undecided =>
sharecash1023, you closed this bug by mistake.
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Fix Released => Confirmed
** Changed in: lxc-android-config (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch
I think the Ubuntu UX and the ubuntu-ui-toolkit tasks can be closed--
permy is successfully using SuruDark with Nekhelesh's MP. Thanks
everyone! :)
** Changed in: permy
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch
While this bug is still open, developers may either:
* install snaps with --devmode (eg, snap install --devmode /path/to/snap)
* add 'socketcall' to /var/lib/snapd/seccomp/profiles/snap.your.app
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Perhaps:
/opt/google/chrome*/PepperFlash/ r,
/opt/google/chrome*/PepperFlash/** r,
/opt/google/chrome*/PepperFlash/**.so m,
** Tags added: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in
An apparmor-easyprof-ubuntu task was added, but I'm not sure why. If
this is only for webbrowser-app, just add the aforementioned rules (or
similar) to the webbrowser-app policy. These rules won't work on Touch
(which is what apparmor-easyprof-ubuntu is primarily for) since those
paths aren't
click-apparmor/0.3.13.1 passed the test plan using the following image:
$ system-image-cli -i
current build number: 16
device name: mako
channel: ubuntu-touch/staging/ubuntu
last update: 2016-05-23 19:25:11
version version: 16
version ubuntu: 20160521
version device: 20160402
version custom:
*** This bug is a duplicate of bug 1204579 ***
https://bugs.launchpad.net/bugs/1204579
Thank you for reporting a bug. I believe this is a duplicate of bug
#1204579.
** This bug has been marked a duplicate of bug 1204579
ufw doesn't support concurrent updates
--
You received this bug
In my first attempt I didn't use --devmode.
However, I can't seem to make the snap work in a xenial amd64 VM.
I tried the original snap with:
$ sudo snap install --devmode ./snappy-tests_0.1_amd64.snap
$ snappy-tests -check.f homeInterfaceSuite
...
... Error reading config: open
@Paul, I tried to test this in a snappy VM with:
$ snappy-tests -check.f homeInterfaceSuite
Bad system call
--
FAIL: :46: homeInterfaceSuite.SetUpSuite
Uploaded 0.3.13.1 to xenial-proposed.
** Changed in: click-apparmor (Ubuntu Xenial)
Status: Triaged => In Progress
** Changed in: click-apparmor (Ubuntu Xenial)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a
** Description changed:
- [Impact]
- * aa-clickhook fails with wily frameworks because of this:
apparmor.easyprof.AppArmorException: "Could not find templates directory
'/usr/share/apparmor/easyprof/templates/ubuntu/15.1'". It is reading the json
15.10 number for policy version as 15.1.
- *
** Description changed:
- aa-clickhook fails with wily frameworks because of this:
- apparmor.easyprof.AppArmorException: "Could not find templates directory
- '/usr/share/apparmor/easyprof/templates/ubuntu/15.1'". It is reading the
- json 15.10 number for policy version as 15.1.
+ [Impact]
+ *
** Changed in: click-apparmor (Ubuntu Yakkety)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click-apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1581097
Title:
*** This bug is a duplicate of bug 1486841 ***
https://bugs.launchpad.net/bugs/1486841
** This bug has been marked a duplicate of bug 1517642
package click-apparmor 0.2 failed to install/upgrade: subprocess new
pre-removal script returned error exit status 1
** This bug is no longer a
*** This bug is a duplicate of bug 1486841 ***
https://bugs.launchpad.net/bugs/1486841
** This bug has been marked a duplicate of bug 1517642
package click-apparmor 0.2 failed to install/upgrade: subprocess new
pre-removal script returned error exit status 1
** This bug is no longer a
Note that the "15 minutes or more" is no longer the case and has not
been for a long time. AppArmor policy compilation for 150 profiles or so
should be in the 2-3 minute range (obviously, we still need feedback for
the user).
--
You received this bug notification because you are a member of
FYI, more discussion of this topic is in
https://bugs.launchpad.net/ubuntu/+source/click-apparmor/+bug/1350598.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click-apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1385410
k-apparmor (Ubuntu)
Importance: High
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Affects: click-apparmor (Ubuntu Xenial)
Importance: High
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Affects: click-apparmor (Ubuntu Yakkety)
*** This bug is a duplicate of bug 1486841 ***
https://bugs.launchpad.net/bugs/1486841
** This bug has been marked a duplicate of bug 1517642
package click-apparmor 0.2 failed to install/upgrade: subprocess new
pre-removal script returned error exit status 1
** This bug is no longer a
*** This bug is a duplicate of bug 1486841 ***
https://bugs.launchpad.net/bugs/1486841
** This bug has been marked a duplicate of bug 1517642
package click-apparmor 0.2 failed to install/upgrade: subprocess new
pre-removal script returned error exit status 1
** This bug is no longer a
*** This bug is a duplicate of bug 1486841 ***
https://bugs.launchpad.net/bugs/1486841
** This bug has been marked a duplicate of bug 1486841
from click import commands: ImportError: cannot import name 'commands'
--
You received this bug notification because you are a member of Ubuntu
*** This bug is a duplicate of bug 1486841 ***
https://bugs.launchpad.net/bugs/1486841
** This bug has been marked a duplicate of bug 1517642
package click-apparmor 0.2 failed to install/upgrade: subprocess new
pre-removal script returned error exit status 1
** This bug is no longer a
ntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click-apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1238007
Title:
aa-clickhook -f does not properly consider c
Closing this bug since click-apparmor will not gain new features since
Touch will eventually move to snapd, where click-apparmor is no longer
used.
** Changed in: click-apparmor (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
FYI, this is ready for QA signoff: https://requests.ci-
train.ubuntu.com/#/ticket/1404
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1569582
Title:
Add
To test these clicks, we either need new clicks that specify the
'bluetooth' reserved policy or, modify /var/lib/apparmor/clicks/...json
to add "bluetooth" to the policy_groups, then rm -f
/var/lib/apparmor/profiles/click_..., then do 'sudo aa-clickhook' (this
modifies the installed security
FYI, vivid packages are here: https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/landing-015
I'm still turning the crank on xenial and the landings.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Ok, I examined all the policy and created a very broad profile called
"bluetooth": http://bazaar.launchpad.net/~ubuntu-security/apparmor-
easyprof-ubuntu/trunk/view/head:/data/policygroups/ubuntu/1.3/bluetooth
This gives all access to bluez and is therefore reserved. I was able to
successfully
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1569582
Title:
Add
FYI, we decided on IRC that we would add a single reserved policy group
for now, named 'bluetooth'. This will allow full access to bluez. This
will be reserved in the first iteration because there are information
leaks and the device can be placed into discovery mode. Other accesses
were not
FYI, I'm working through the policy in a very fine-grained manner to
understand it and will post my results here. I can say that the first
click example seems to work ok on the sender, but all transfers fails--
either to my laptop (even after enabling bluetooth and visibility and
using
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1569582
Title:
Add
Based on your comments, I will leave this as Incomplete for now so that
other may comment but if they do not, it will autoclose.
I've not seen any other upgrade bugs related to this and not sure how
the policy might've gotten messed up on your system.
--
You received this bug notification
I'm told home-consumer is https://github.com/ubuntu-
core/snappy/blob/master/integration-tests/data/snaps/home-consumer/ so
reproducing with a snap would be to checkout that branch, run 'snapcraft
snap .' then installing the resulting snap (eg, 'sudo snap install
/path/to/snap' adding --devmode if
I cannot reproduce with the following:
$ mkdir /tmp/cache
$ tar -zxvf ./profiles.tgz
$ cd profiles
$ while /bin/true ; do sudo apparmor_parser --replace --write-cache -O
no-expr-simplify --cache-loc=/tmp/cache ./* ; done
The above apparmor_parser options are what snapd uses (see
It looks like you installed the snap with --devmode. Can you confirm?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from
Is '/etc/xdg/lxsession/Lubuntu/* cx, # LP1273524' actually part of the
file? If so, remove that. This is what it should look like on 16.04:
$ cat /etc/apparmor.d/lightdm-guest-session
# vim:syntax=apparmor
# Profile for restricting lightdm guest session
#include
** Changed in: ufw (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1578032
Title:
package ufw 0.35-0ubuntu2 failed to
/etc/apparmor.d/abstractions/mozc_server is another local change. I
suggest removing it too. I see Debian has https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=818527.
** Bug watch added: Debian Bug tracker #818527
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818527
--
You received this
Is there a click I can use to play with this? Will it work on mako? Do I
need rc-proposed, silos, etc?
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu)
Importance: Undecided => High
** Package changed: ap
No. *If* the /lib/ufw/user*.rules files are already symlinks to the
files in /etc/ufw, then this is how you can resolve this:
$ sudo rm -f /lib/ufw/user*.rules# remove the existing symlinks
$ sudo mv /etc/ufw/user*.rules /lib/ufw # move your real user files back to
/lib/ufw
$ sudo
Thank you for reporting a bug. /etc/apparmor.d/abstractions/fcitx is not
shipped by apparmor in Ubuntu and the lightdm-guest-session profile does
not refer to it. This seems like a local configuration issue-- if you
edit /etc/apparmor.d/lightdm-guest-session you can remove '#include
' then run
It sounds like at some point in the past you moved /lib/ufw/user*.rules
into /etc/ufw and then created symlinks from /lib/ufw/user*.rules to
/lib/ufw. Does this sound plausible?
** Changed in: ufw (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a
Ubuntu Xenial)
Status: New => Triaged
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu Xenial)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu)
Status: New
** Changed in: libseccomp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1567597
Title:
implement 'complain mode' in seccomp
After looking at the denials more closely, you need
content_exchange_source (export vs import).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1557566
Have you specified the content_exchange policy group?
** Tags added: application-confinement
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1557566
Title:
hello-world.sh that is.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall() syscall, causing seccomp problems
Status in
Note, this affects even hello-world.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall() syscall, causing seccomp problems
** Changed in: libseccomp (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1576066
Title:
32bit glibc calls old socketcall()
nce: Undecided => High
** Changed in: libseccomp (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: libseccomp (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which i
601 - 700 of 1810 matches
Mail list logo