[Touch-packages] [Bug 1644654] Re: PCI/internal sound card not detected

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1644654 Title: PCI/internal sound card not detected Status

[Touch-packages] [Bug 1644335] Re: Do not know

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1644335 Title: Do not know Status in xorg package in Ubuntu:

[Touch-packages] [Bug 1643668] Re: package cups-daemon 2.1.3-4 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1643668 Title: package cups-daemon 2.1.3-4 failed to

[Touch-packages] [Bug 1644162] Re: package cups-daemon 2.1.3-4ubuntu0.1 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1644162 Title: package cups-daemon 2.1.3-4ubuntu0.1 failed to

[Touch-packages] [Bug 1643592] Re: package cups-daemon 2.1.3-4 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1643592 Title: package cups-daemon 2.1.3-4 failed to

[Touch-packages] [Bug 1644592] Re: package libssl-dev 1.0.2g-1 failed to install/upgrade: trying to overwrite shared '/usr/include/openssl/opensslv.h', which is different from other instances of packa

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1644592 Title: package libssl-dev 1.0.2g-1 failed to

[Touch-packages] [Bug 1645117] Re: package gconf2 3.2.6-3ubuntu7 failed to install/upgrade: dependency problems - leaving triggers unprocessed

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gconf in Ubuntu. https://bugs.launchpad.net/bugs/1645117 Title: package gconf2 3.2.6-3ubuntu7 failed to

[Touch-packages] [Bug 1646149] Re: package pulseaudio-module-bluetooth 1:9.0-2ubuntu2.1 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1646149 Title: package pulseaudio-module-bluetooth

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

** Description changed: = apparmor SRU = [Rationale] For backporting snapd to 14.04 LTS, we need to provide proper AppArmor confinement for snaps when running under the 16.04 hardware enablement kernel. The apparmor userspace package in 14.04 is missing support key mediation features

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

Moving the apparmor task back to "incomplete" while I gather info for https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1628285/comments/10. ** Description changed: + = apparmor SRU = [Rationale] For backporting snapd to 14.04 LTS, we need to provide proper AppArmor confinement for

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

On 11/12/2016 12:36 PM, Steve Langasek wrote: >> IMPORTANT: There is a known regression that may be seen by >> users of `lxc exec`. See bug #1641243 for details. > > I don't see any mention of an lxc exec regression in bug #1641243. > Please explain here what the known regression is, and why this

Re: [Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

On 11/12/2016 12:24 PM, Steve Langasek wrote: > Tyler, are there any packages shipping apparmor profiles in 14.04 that > have /not/ been covered by this test plan? There are some that are not covered. Using the output of `reverse-depends -br trusty dh-apparmor`, the remainders are: akonadi

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

** Description changed: [Rationale] For backporting snapd to 14.04 LTS, we need to provide proper AppArmor confinement for snaps when running under the 16.04 hardware enablement kernel. The apparmor userspace package in 14.04 is missing support key mediation features such as UNIX domain

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

** Description changed: [Rationale] For backporting snapd to 14.04 LTS, we need to provide proper AppArmor confinement for snaps when running under the 16.04 hardware enablement kernel. The apparmor userspace package in 14.04 is missing support key mediation features such as UNIX domain

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

** Description changed: [Rationale] For backporting snapd to 14.04 LTS, we need to provide proper AppArmor confinement for snaps when running under the 16.04 hardware enablement kernel. The apparmor userspace package in 14.04 is missing support key mediation features such as UNIX domain

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

** Description changed: [Rationale] For backporting snapd to 14.04 LTS, we need to provide proper AppArmor confinement for snaps when running under the 16.04 hardware enablement kernel. The apparmor userspace package in 14.04 is missing support key mediation features such as UNIX domain

[Touch-packages] [Bug 1639345] Re: lxc-attach to malicious container allows access to host

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1639345 Title: lxc-attach to malicious container allows

[Touch-packages] [Bug 1619600] Re: [SRU] New stable release 1.8.3

Since this SRU is targeted against many source packages, I should clarify that the last comment was specifically about gst-plugins-bad1.0 in xenial-security. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gst-plugins-bad1.0

[Touch-packages] [Bug 1619600] Re: [SRU] New stable release 1.8.3

This SRU needs to be updated to incorporate the security update changes made in 1.8.2-1ubuntu0.2 for CVE-2016-9445. Marking this bug as verification-failed. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-9445 ** Tags removed: verification-needed ** Tags added:

[Touch-packages] [Bug 1611078] Re: Support snaps inside of lxd containers

signed) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1611078 Title: Support snaps inside of lxd containers Status in Snappy: Fix Releas

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

** Changed in: dbus (Ubuntu Trusty) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1641243 Title: Provide full AppAr

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

** Description changed: + =apparmor and upstart 14.04 SRU= + [Impact] + A recent 16.04 kernel (4.4.0-46.67) and the lxd (2.0.5-0ubuntu1~ubuntu16.04.1) allows us to enable stacked/namespaced AppArmor policy for 14.04 lxd containers. This means that the container can have an overall confinement

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

signee: (unassigned) => Tyler Hicks (tyhicks) ** Also affects: upstart (Ubuntu) Importance: Undecided Status: New ** No longer affects: upstart (Ubuntu Xenial) ** Changed in: upstart (Ubuntu) Status: New => Invalid ** Changed in: upstart (Ubuntu Trusty) Status: New =&

[Touch-packages] [Bug 1641243] Re: Provide full AppArmor confinement for snaps on 14.04

in: apparmor (Ubuntu) Assignee: Tyler Hicks (tyhicks) => (unassigned) ** Changed in: apparmor (Ubuntu Trusty) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmo

[Touch-packages] [Bug 1641243] [NEW] Provide full AppArmor confinement for snaps on 14.04

rules, AppArmor policy namespaces, and AppArmor profile stacking. UNIX domain socket mediation is needed by nearly all snaps. AppArmor policy namespaces and profile stacking are needed by the lxd snap. ** Affects: apparmor (Ubuntu) Importance: High Assignee: Tyler Hicks (tyhicks

[Touch-packages] [Bug 1640868] Re: network-interface-security upstart job is not container aware

** Description changed: The network-interface-security upstart job unconditionally loads the usr.sbin.dhclient AppArmor profile even if the job is running in a LXC/LXD container that cannot load AppArmor policy. I don't see any negative side effects from this behavior, so I don't

[Touch-packages] [Bug 1640868] [NEW] network-interface-security upstart job is not container aware

Public bug reported: The network-interface-security upstart job unconditionally loads the usr.sbin.dhclient AppArmor profile even if the job is running in a LXC/LXD container that cannot load AppArmor policy. I don't see any negative side effects from this behavior, so I don't think this is a

[Touch-packages] [Bug 1636747] Re: Printer canon MF3010.

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1637291] Re: package python-gi 3.22.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 239

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pygobject in Ubuntu. https://bugs.launchpad.net/bugs/1637291 Title: package python-gi 3.22.0-1 failed to

[Touch-packages] [Bug 1637624] Re: having some abnormal working

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1637624 Title: having some abnormal working Status in xorg

[Touch-packages] [Bug 1637030] Re: hostnamectl changes hostname without password

Thanks for the bug report. I'm making this bug a public security bug since it has been discussed on the public forum that you linked to. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1637030] Re: hostnamectl changes hostname without password

I've only had a chance to take a quick look at this issue. I can reproduce it using my admin account (account is in the sudo group). I am prompted to authenticate when I attempt to change the hostname from a non-admin account. I suspect that PolicyKit is in play here. -- You received this bug

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

** Description changed: [Impact] The kernel in xenial-proposed (4.4.0-46.67) and the lxd that has recently migrated from xenial-proposed (2.0.5-0ubuntu1~ubuntu16.04.1) allows us to enable stacked/namespaced AppArmor policy for lxd containers. This means that the container can have an

[Touch-packages] [Bug 1628745] Re: Change in kernel exec transition behavior causes regression tests to fail

I've completed the AppArmor test plan: https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor I've also manually verified the AppArmor portion of this SRU with the kernel currently in xenial-updates (4.4.0-45.66) and the kernel in xenial-proposed (4.4.0-46.67), which contains a number of

[Touch-packages] [Bug 1630069] Re: Regression tests can not detect binfmt_elf mmpa semantic change

I've completed the AppArmor test plan: https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor I've also manually verified the AppArmor portion of this SRU with the kernel currently in xenial-updates (4.4.0-45.66) and the kernel in xenial-proposed (4.4.0-46.67), which contains a number of

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

or snapd inside LXD as without this, snap-confine and snapd itself will not be confined after container restart. ** Changed in: apparmor (Ubuntu Xenial) Importance: Undecided => High ** Changed in: apparmor (Ubuntu Xenial) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** T

[Touch-packages] [Bug 1628295] Re: Change in kernel stacking behavior causes regression tests to fail

I've completed the AppArmor test plan: https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor I've also manually verified the AppArmor portion of this SRU with the kernel currently in xenial-updates (4.4.0-45.66) and the kernel in xenial-proposed (4.4.0-46.67), which contains a number of

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

I've completed the AppArmor test plan: https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor I've also manually verified the AppArmor portion of this SRU. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member

[Touch-packages] [Bug 1614215] Re: "md5sums differ" message seems to indicate an install problem

I've completed the AppArmor test plan: https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor I've also manually verified the AppArmor portion of this SRU. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a

[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolved

in: apparmor Status: In Progress => Triaged ** Changed in: apparmor Assignee: Tyler Hicks (tyhicks) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.ne

[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolved

This change looks to be working as expected. I've done the manual verification in the bug description and I've also went through the desktop/server related portions of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. ** Tags removed: verification-needed ** Tags added: verification-done

[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolved

** Description changed: + [ Impact ] + + Processes confined by AppArmor profiles making use of the nameservice + AppArmor abstraction are unable to access the systemd-resolved network + name resolution service. The nsswitch.conf file shipped in Yakkety puts + the nss-resolve plugin to use which

[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolved

I forgot to mention what brought me to this bug. I am seeing this denial when running tcpdump in Ubuntu Yakkety: apparmor="DENIED" operation="connect" profile="/usr/sbin/tcpdump" name="/run/dbus/system_bus_socket" pid=25098 comm="tcpdump" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 After

[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolved

Fix sent upstream for review: https://lists.ubuntu.com/archives/apparmor/2016-October/010130.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1598759 Title: AppArmor

[Touch-packages] [Bug 1598759] Re: AppArmor nameservice abstraction doesn't allow communication with systemd-resolve

straction doesn't allow communication with systemd-resolved ** Changed in: apparmor Status: New => In Progress ** Changed in: apparmor Importance: Undecided => High ** Changed in: apparmor Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notifi

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

** Description changed: IMPORTANT: SRU Team, see comment #25 for why this bug is temporarily marked verification-failed = SRU im-config = [Impact] ibus-daemon by default uses a unix socket name of /tmp/dbus-... that is indistinguishable from dbus-daemon abstract sockets. While

[Touch-packages] [Bug 1628295] Re: Change in kernel stacking behavior causes regression tests to fail

** Description changed: [Impact] - * Two regression tests fail due to a behavior change in recent Xenial +  * Two regression tests fail due to a behavior change in recent Xenial and Yakkety kernels - * Adjusting the regression tests appropriately allows the kernel and +  * Adjusting

[Touch-packages] [Bug 1628745] Re: Change in kernel exec transition behavior causes regression tests to fail

** Description changed: [Impact]  * The exec_stack.sh regression test fails due to a behavior change in 4.8 kernels from this patch:    commit 9f834ec18defc369d73ccf9e87a2790bfa05bf46    Author: Linus Torvalds    Date: Mon Aug 22 16:41:46 2016

[Touch-packages] [Bug 1630069] Re: Regression tests can not detect binfmt_elf mmpa semantic change

** Description changed: == apparmor SRU == [Impact] - * The exec_stack.sh regression test fails due to a behavior change in 4.8 -kernels from this patch: +  * The exec_stack.sh regression test fails due to a behavior change in 4.8 +    kernels from this patch: -commit

[Touch-packages] [Bug 1630069] Re: Regression tests can not detect binfmt_elf mmpa semantic change

hanged in: apparmor (Ubuntu Yakkety) Status: New => Won't Fix ** Changed in: apparmor (Ubuntu Xenial) Status: New => In Progress ** Changed in: apparmor (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: apparmor (Ubuntu Xenial) Assignee: (unassigned) => Ty

[Touch-packages] [Bug 1611078] Re: Support snaps inside of lxd containers

apparmor 2.10.95-4ubuntu5 has landed in Yakkety. ** Changed in: apparmor (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1611078] Re: Support snaps inside of lxd containers

ntu Security Team (ubuntu-security) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1611078 Title: Support snaps inside of lxd containers Status

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1628285 Title: apparmor should be allowed to

[Touch-packages] [Bug 1627304] Re: User locking problems - guest login crashing

Assigning the lightdm task to Robert for now since he's already fixed it upstream. ** Changed in: lightdm (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => Robert Ancell (robert-ancell) -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1627304] Re: User locking problems - guest login crashing

@robert-ancell I tested your proposed change to the lightdm AppArmor abstraction and can confirm that it allows the guest session to start for me. Thanks for looking into the denials and getting that fixed! I see that you committed the fix upstream. Do you plan on making another lightdm upload

[Touch-packages] [Bug 1628745] Re: Change in kernel exec transition behavior causes regression tests to fail

unchpad.net/~apparmor- + dev/apparmor/master/revision/3509 ** Also affects: apparmor Importance: Undecided Status: New ** Changed in: apparmor Status: New => Fix Committed ** Changed in: apparmor Importance: Undecided => Low ** Changed in: apparmor Assignee: (unassigne

[Touch-packages] [Bug 1628745] [NEW] Change in kernel exec transition behavior causes regression tests to fail

mmand should result in no output and return value of 0 once the regression test is properly updated. [Regression Potential] * This is an extremely low risk change since it only touches regression testing code that is not user-facing. ** Affects: apparmor (Ubuntu) Importance: Low Assigne

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

** Changed in: apparmor (Ubuntu) Status: New => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in

[Touch-packages] [Bug 1628285] Re: apparmor should be allowed to start in containers

I'm willing to update the apparmor init script to fix this bug. What pattern should I check for when examining ns_name to decide if it is an LXC container? ** Changed in: apparmor (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1628295] [NEW] Change in kernel stacking behavior causes regression tests to fail

de that is not user-facing. [Other Info] * This bug has already been fixed upstream: https://bazaar.launchpad.net/~apparmor- dev/apparmor/master/revision/3505 ** Affects: apparmor (Ubuntu) Importance: Low Assignee: Tyler Hicks (tyhicks) Status: In Progress ** Affects: appar

[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop

** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New => Invalid ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1627304] Re: User locking problems - guest login crashing

Thanks, I gave it a shot (after putting the profile into complain mode) and here are the unique denials that I see when starting the guest session: operation="mknod" profile="/usr/lib/lightdm/lightdm-guest-session" name="/proc/1295/fd/2" pid=1295 comm="lightdm-session" requested_mask="c"

[Touch-packages] [Bug 1627304] Re: User locking problems - guest login crashing

Marking the apparmor task as invalid since the changes will likely need to be made to the profile shipped by lightdm. ** Changed in: apparmor (Ubuntu) Status: Incomplete => Invalid ** Changed in: lightdm (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) --

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

Swapping verification-failed for verification-needed now that bug 1579135 has been fixed for ~1 week. ** Tags removed: verification-failed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1627304] Re: User locking problems - guest login crashing

Hi - are there any AppArmor denials in the syslog? To check, you can trigger this bug and then look in /var/log/syslog for lines that contain 'apparmor="DENIED"'. Thanks! ** Changed in: apparmor (Ubuntu) Importance: Critical => Undecided ** Changed in: apparmor (Ubuntu) Status:

[Touch-packages] [Bug 1625319] Re: [LTCTest] SR-IOV VF hotplug failing: cannot limit locked memory of process

As Seth mentioned, this unofficial kernel may be missing some AppArmor fixes that are included in the official Ubuntu kernels. Can you please try 4.8.0-11.12 from yakkety-proposed and let us know if this bug is still present? https://launchpad.net/ubuntu/+source/linux/4.8.0-11.12 Thanks! **

[Touch-packages] [Bug 1507025] Re: Shell Command Injection with the hostname

This issue was assigned CVE-2016-0634. See the oss-security notice here: http://openwall.com/lists/oss-security/2016/09/16/8 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu.

[Touch-packages] [Bug 1624108] Re: ¿?

Hi Juan - Please see this page on how to upgrade Ubuntu: http://www.ubuntu.com/download/desktop/upgrade If you need additional help, please see this page for a number of support resources: https://community.ubuntu.com/help-information/ ** Changed in: xorg (Ubuntu) Status: New =>

[Touch-packages] [Bug 1622206] Re: package account-plugin-google not installed failed to install/upgrade: trying to overwrite /usr/share/accounts/services/google-im.service , which is also in package

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to account-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1622206 Title: package account-plugin-google not

[Touch-packages] [Bug 1622211] Re: package systemd 229-4ubuntu8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1622211 Title: package systemd 229-4ubuntu8 failed to

[Touch-packages] [Bug 1584069] Re: change_profile rules need a modifier to allow non-secureexec transitions

This bug was fixed in Ubuntu 16.04 with apparmor 2.10.95-0ubuntu2.2 ** Changed in: apparmor (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for file rules containing the "owner" conditional

Triaging this bug lead me to discover bug #1620791. This bug will need to be fixed before, or at the same time as, bug #1620791 is fixed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for file rules containing the "owner" conditional

Important is high as we'll need a fix soon in order for thumbnailer- service to run as a snap. ** Changed in: apparmor Importance: Undecided => High ** Changed in: apparmor (Ubuntu) Importance: Undecided => Critical ** Changed in: apparmor (Ubuntu) Importance: Critical => High **

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for file rules containing the "owner" conditional

** Tags added: aa-feature aa-kernel -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1620635 Title: libapparmor's aa_query_label() always returns allowed = 0 for file

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for file rules containing the "owner" conditional

After thinking this through some more and discussing with John Johansen, the current query interface is not sufficient to support querying of permissions granted by owner file rules. The reason is that, when dealing with owner file rules, the decision to allow or not depends on two objects. The

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for snaps

Marking the Snappy task as "Wont't Fix" for now. This theoretically could be fixed in snapd's home interface by dropping the "owner" prefix but I don't think that's the correct fix for this bug. Either libapparmor or the kernel need to handle the owner conditional better or the calling application

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for snaps

I think that the problem here stems from the fact that the home interface's rules use the "owner" prefix: # Allow read access to toplevel $HOME for the user owner @{HOME}/ r, # Allow read/write access to all non-hidden files that aren't in ~/snap/ owner @{HOME}/[^s.]** rwk,

[Touch-packages] [Bug 1620635] Re: libapparmor's aa_query_label() always returns allowed = 0 for snaps

** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Also affects: apparmor Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

I'm temporarily marking this SRU bug as verification-failed so that it doesn't get let through until kernel bug 1579135 is fixed. Without the kernel bug fix for bug 1579135, this SRU has the potential for oopsing the kernel of some users. Lets sit on this SRU until the Xenial kernel currently in

[Touch-packages] [Bug 1489489] Re: The org.freedesktop.DBus.GetConnectionAppArmorSecurityContext() method is deprecated

I've completed the backport and prepared an upload. I've spent more time on this than I should have and will not be able to see it through the landing process at this time. If someone can take this forward and land it, please go ahead and do so. The backport includes unit tests that run at build

[Touch-packages] [Bug 1489489] Re: The org.freedesktop.DBus.GetConnectionAppArmorSecurityContext() method is deprecated

) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-system-settings- online-accounts in Ubuntu. https://bugs.launchpad.net/bugs/1489489 Ti

[Touch-packages] [Bug 1618537] Re: Update breaks Ctrl-ALt-L by changing gsetting

** Summary changed: - Apparmor update breaks Ctrl-ALt-L + Update breaks Ctrl-ALt-L by changing gsetting -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1618537 Title:

[Touch-packages] [Bug 1618537] Re: Apparmor update breaks Ctrl-ALt-L

Thanks for responding. The lack of apparmor denials means that it is highly unlikely that the apparmor update is the cause. I'm going to redirect this bug report and adjust the title. ** Also affects: unity (Ubuntu) Importance: Undecided Status: New ** Changed in: apparmor (Ubuntu)

[Touch-packages] [Bug 1618537] Re: Apparmor update breaks Ctrl-ALt-L

Hi Dylan - Sorry to hear about your lock screen issue but thanks for the bug report. I am doubtful that any of the changes that I included in the apparmor update would have affected the lock screen. Additionally, I have the apparmor update installed and I can still lock my screen with CTRL-

[Touch-packages] [Bug 1618537] Re: Apparmor update breaks Ctrl-ALt-L

** Information type changed from Private Security to Public Security ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1614215] Re: "md5sums differ" message seems to indicate an install problem

** Also affects: apparmor (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu Yakkety) Importance: Low Assignee: Tyler Hicks (tyhicks) Status: In Progress ** Changed in: apparmor (Ubuntu Xenial) Importance: Undecided => Low ** Chan

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

** Description changed: = SRU im-config = [Impact] ibus-daemon by default uses a unix socket name of /tmp/dbus-... that is indistinguishable from dbus-daemon abstract sockets. While dbus-daemon has AppArmor mediation, ibus-daemon does not so it is important that its abstract socket not

[Touch-packages] [Bug 1614215] Re: "md5sums differ" message seems to indicate an install problem

* Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1614215 Title: "md5sums diff

[Touch-packages] [Bug 1614215] Re: "md5sums differ" message seems to indicate an install problem

That message is harmless but admittedly confusing. It is coming from a call out to `diff` to see if we need to update debsums files that we save off for packaging purposes. I'll quiet the output from diff and may possibly print a less scary message or I may just not print anything. -- You

[Touch-packages] [Bug 1614215] Re: "md5sums differ" message seems to indicate an install problem

This is a bug in the packaging and doesn't affect the upstream AppArmor project. ** Changed in: apparmor Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1609919] Re: Need "pivot_root" and "change_profile" exceptions for the unconfined template

Any update on shipping the Libtertine Manager UI as a deb? ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu.

[Touch-packages] [Bug 1614459] Re: daily upgrade on 16.04 hangs

*** This bug is a duplicate of bug 1579135 *** https://bugs.launchpad.net/bugs/1579135 ** This bug has been marked a duplicate of bug 1579135 AppArmor profile reloading causes an intermittent kernel BUG -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1579135] Re: AppArmor profile reloading causes an intermittent kernel BUG

The 14.04 stable release update for apparmor 2.10.95-0ubuntu2.2 is causing a lot of users to hit this oops during the upgrade process due to the upgrade triggering a profile reload. ** Summary changed: - kernel BUG on snap disconnect from within a snap + AppArmor profile reloading causes an

[Touch-packages] [Bug 1581990] Re: Profile reload leads to kernel NULL pointer dereference

*** This bug is a duplicate of bug 1579135 *** https://bugs.launchpad.net/bugs/1579135 ** This bug has been marked a duplicate of bug 1579135 kernel BUG on snap disconnect from within a snap -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1579135] Re: AppArmor profile reloading causes an intermittent kernel BUG

John has been working on a fix but could use some testing. Please see comment 27. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1579135 Title: AppArmor profile

[Touch-packages] [Bug 1612316] Re: Browser is out of date

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1612316 Title: Browser is out of date Status in

[Touch-packages] [Bug 1612339] Re: package libc6:i386 2.19-0ubuntu6.9 [modified: usr/share/doc/libc6/NEWS.Debian.gz usr/share/doc/libc6/NEWS.gz usr/share/doc/libc6/changelog.Debian.gz usr/share/doc/li

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1612339 Title: package libc6:i386 2.19-0ubuntu6.9 [modified:

[Touch-packages] [Bug 1613043] Re: package libglib2.0-dev 2.48.1-1~ubuntu16.04.1 failed to install/upgrade: подпроцесс установлен сценарий pre-removal возвратил код ошибки 1

** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1613043 Title: package libglib2.0-dev 2.48.1-1~ubuntu16.04.1

[Touch-packages] [Bug 1581990] Re: Profile reload leads to kernel NULL pointer dereference

Bug #1579135 looks to be the same kernel trace. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1581990 Title: Profile reload leads to kernel NULL pointer dereference

[Touch-packages] [Bug 1579135] Re: kernel BUG on snap disconnect from within a snap

Bug #1581990 looks to be the same kernel trace. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1579135 Title: kernel BUG on snap disconnect from within a snap Status in

<    1   2   3   4   5   6   >