@mvo - this is probably obvious, but if you used '#include' instead of
'include', it would side-step the issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1734038
Commenting out the sync command in the generate_initramfs function of
/usr/sbin/update-initramfs worked for me.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
G.M. the first denial is because evince doesn't have the necessary rule
for using libproxy (a GNOME 2 technology), but the ntpd denial is
something different. Can you file a separate bug for ntpd?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Again, +1 to remove.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click-apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1713710
Title:
RM: obsolete product
Status in click-apparmor package in Ubuntu:
Triaged
Bug
This would indeed be perfect for this situation.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other
Note that this is rather tricky. If the user disabled the evince
profile, using Px means that the exec will fail with 'profile not
found'. There is no way to specify 'use P if it exists, otherwise C'.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Here is the upstream patch as a debdiff that I compiled locally.
Preliminary testing shows that it fixes the gnome-terminal issue. I
won't be chasing this all the way through the SRU process, but hope that
you consider it in a future 17.10 SRU.
** Patch added:
https://git.gnome.org/browse/gtk%2B/commit/?id=db49d12 has the fix for
this.
** Project changed: gnome-terminal => gtk
** Package changed: gnome-terminal (Ubuntu) => gtk+3.0 (Ubuntu)
** Changed in: gtk+3.0 (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification
John,
It sounds like we should backport r3700 to all Ubuntu releases?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1721278
Title:
apparmor="DENIED" operation="create"
This isn't really an *Ubuntu* issue per se as we've never claimed to
support apparmor profiles with non-Ubuntu kernels. I do think it is
interesting that there are 'unix' denials on a kernel that isn't
supposed to support unix rules.
John, can you comment on this?
--
You received this bug
Public bug reported:
In the power settings, the option to suspend when the lid is closed is
selected. However, when the lid closes the laptop stays awake and the
battery is then drained.
Laptop details: Intel® Core™ i7-7500U CPU @ 2.70GHz × 4, Intel® HD
Graphics 620 (Kabylake GT2) (actually, I
** Changed in: ufw (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1719211
Title:
Bad interface name
Status in ufw package in
(Ubuntu)
Importance: Undecided => Medium
** Changed in: ufw (Ubuntu)
Status: New => Triaged
** Changed in: ufw (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packag
The forum thread is enough IMO for this improvement (as opposed to bug
fix) and it is in trello.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1710637
Title:
Input falls
@Mathieu, while I understand the wayland gnome-shell desktop session is
not supported on zesty or xenial, I wonder if this should be SRU'd to
those releases?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
Closing the snappy task-- while we might want to adjust its use of
udevadm trigger, it is clear that running this command should not break
the wayland desktop, just like it doesn't under X.
** Changed in: snappy
Status: New => Opinion
** Changed in: snappy
Status: Opinion => Won't
I just now upgraded to 1.166ubuntu5 and no longer see the issue. To
ogra's point, I use encrypted lvm and was able to enter a password and
have everything work like normal.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
I still have console-setup 1.166ubuntu4 so decided to poke at this more.
I can confirm that 'sudo udevadm trigger' causes the ctrl+c to logout of
Wayland. It does not cause a logout of gnome-shell under X. I then found
that 'udevadm trigger --subsystem-nomatch=tty' does not cause the issue
under
Big +1. I tried to have this removed before but it was too soon. I had
to settle (at the time) for demoting to universe and updating the LP
project to state it was abandoned.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Note I was seeing this in zesty for a while (then didn't):
https://bugzilla.gnome.org/show_bug.cgi?id=772476
** Bug watch added: GNOME Bug Tracker #772476
https://bugzilla.gnome.org/show_bug.cgi?id=772476
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Thank you for using Ubuntu and filing a bug. There are a number of
issues in the dpkg log. Eg:
сен 11 11:42:18 hostname classicmenu-indicator.desktop[12623]: dpkg:
warning: files list file for package 'iptables' missing; assuming
package has no files currently installed
It seems this is
Marking as "Won't Fix" for the bluez deb -- the postinst is doing the
right thing, there just happens to be something installed outside of
dpkg/apt that is getting in the way.
** Changed in: bluez (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you
Looking at the logs I see:
Sep 13 07:51:08 agda-HP-Pavilion-dv6500-Notebook-PC audit[1221]: AVC
apparmor="STATUS" operation="profile_replace" profile="unconfined"
name="snap.bluez.bluetoothctl" pid=1221 comm="apparmor_parser"
This indicates you have the bluez snap installed. This bug is about
Uploaded apparmor and evince to artful.
** Changed in: apparmor (Ubuntu)
Status: Triaged => Fix Committed
** Changed in: evince (Ubuntu)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
(Ubuntu)
Status: New => Triaged
** Changed in: evince (Ubuntu)
Importance: Undecided => High
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packag
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Triaged
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ap
@intrigeri - you're right. I'll fix this in the citrain branch and in
2.11.0-2ubuntu14.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1598759
Title:
AppArmor
** Changed in: iputils (Ubuntu)
Status: New => Triaged
** Changed in: iputils (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iputils in Ubuntu.
** Changed in: pulseaudio (Ubuntu Xenial)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1583057
Title:
Deny audio recording
t seem to be the case.
jamie@ubik:~$ uname -a
Linux ubik 4.11.0-10-generic #15-Ubuntu SMP Thu Jun 29 15:03:41 UTC 2017 x86_64
x86_64 x86_64 GNU/Linux
jamie@ubik:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu Artful Aardvark (development branch)
R
FYI, people using rsync for backups might be interested in the --sparse
(-S) option.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1707645
Title:
system with high
Public bug reported:
I was investigating the use of a single high UID user (ie, 20)
and discovered that /var/log/lastlog grew to an enormously large sparse
file:
$ ls -lh /var/log/lastlog
-rw-rw-r-- 1 root utmp 544G Jul 27 12:35 /var/log/lastlog
The file is actually quite small though:
Public bug reported:
Using AMDGPU-Pro
dpkg -l amdgpu-pro
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
I suggest a variation on A where before rm_conffile you checksum
/etc/apparmor.d/local/usr.sbin.libvirtd, if different safely save that
off, call rm_conffile, then move the saved off file into place.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
@Frode, I can yes, when I file them. I need to do a bit of work for
simple reproducers/etc/etc to file them. I've added an item to add a
comment to this bug when I do.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor
Bug watch added: Debian Bug tracker #809556
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809556
** Changed in: libseccomp (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
** Changed in: libseccomp (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: lib
@sles, yes, this is expected behavior. The child profile 'inside' is
still a separate profile and therefore needs to have its own flags.
Marking this bug as Invalid based on reporter's feedback. If you feel
this is in error, please reopen.
Thanks for filing a bug and please feel free to file bugs
This is what someone needs to backport: http://bazaar.launchpad.net
/~apparmor-dev/apparmor/master/revision/3658. If you want the security
team to do it, please use the stakeholder process to get this
prioritized.
--
You received this bug notification because you are a member of Ubuntu
Touch
** Changed in: ntp (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1647586
Title:
apparmor errors with current ntp
Status in ntp
As mentioned in other comments, this is fixed in 17.04, so marking the
tor task as Invalid (it is an issue in the apparmor abstractions, not
tor) and marking the apparmor task as Fix Released. If someone wants to
perform the SRU or supply debdiffs, please open tasks against the
particular releases
Thanks for getting back to me. I'll mark this as Invalid based on your
feedback. Please feel free to report other bugs you may find.
** Changed in: ufw (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Thank you for using ufw and reporting a bug. I cannot reproduce this:
$ sudo ufw allow OpenSSH
$ sudo ufw enable
$ sudo ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
$ sudo ufw allow in on eth0 to any port 8080 proto tcp
Rule added
Rule added (v6)
$
Is this still an issue with 1.2.6-0ubuntu0.16.04.3 in 16.04? I see that
Ken applied the patch I identified in
https://bugzilla.gnome.org/show_bug.cgi?id=767317 to fix
https://bugs.launchpad.net/ubuntu/+source/network-manager-
applet/+bug/1641889, which references a different upstream bug.
--
You
@Luke, you could modify backend_iptables.py as mentioned in comment #5
or you could perhaps use 'man 1 flock' or implement a lock wrapper
around your invocation of ufw.
That said, since didn't hear back from Christopher, I'll take a look at
implementing this for 0.36.
** Changed in: ufw
** Changed in: ufw
Milestone: None => 0.36
** Changed in: ufw
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.ne
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1520551
Title:
Profiling
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity-scope-mediascanner
in Ubuntu.
https://bugs.launchpad.net/bugs/1562183
Title:
No way to
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1319546
Title:
Remove
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1606595
Title:
Default
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1609616
Title:
This appears to be a transient error:
May 06 18:49:31 hostname update-notifier.desktop[2677]: Traceback (most recent
call last):
May 06 18:49:31 hostname update-notifier.desktop[2677]: File
"/usr/lib/python3/dist-packages/defer/__init__.py", line 483, in
_inline_callbacks
May 06 18:49:31
In the meantime, users can workaround this by adjusting
/etc/apparmor.d/local/usr.sbin.cupsd to have:
capability net_admin,
and then reloading the profile with:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.cupsd
--
You received this bug notification because you are a member of Ubuntu
@Till, see 'man 7 capabilities' for what net_admin grants. We need to
understand why the access is needed before granting it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
Actually, I marked the MAAS task as incomplete in case people want to
give feedback.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1408106
Title:
attach_disconnected
Closing the MAAS task as it the referenced bug is marked Fix Release. If
there are issues there still, please see my previous comment and look at
the code in that snap-- there are viable ways to use overlayfs with
chroot and an apparmor alias rule, or overlayfs with private mount,
chroot and
Ok, I spent quite a bit of time evaluating this and believe this bug can
be closed, but other bugs open.
In looking at this I created https://code.launchpad.net/~jdstrand/+git
/test-overlay (to build simply git clone, run 'snapcraft', install the
snap and then run 'test-overlay' for instructions
"Asking someone to know about that:
echo -n "" > /sys/kernel/security/apparmor/.remove
Is asking too much IMHO and increases the friction between sysadmins and
Apparmor in general."
Of course. I listed this as something that could be considered for the
openntpd/ntpd case, not for a sysadmin.
Christian is right and this is precisely why dh_apparmor intentionally
does not unload the profile. Marking the apparmor task as Won't Fix
since this has been discussed several times in the past (if apparmor
upstream wants to revisit, we can open the bug).
The ntp package is still in a position
Are all of these unsupported? I know that the signage effort was
initially using webapp-container (part of webbrowser-app) with mir. Even
if webbrowser-app were removed, oxide-qt might still be interesting for
signage/etc since it can be used with upstream Qt.
I've not heard an official statement
Host:
$ uname -a
Linux sec-xenial-amd64 4.4.0-77-generic #98-Ubuntu SMP Wed Apr 26 08:34:02 UTC
2017 x86_64 x86_64 x86_64 GNU/Linux
$ apparmor_parser -V
AppArmor parser version 2.10.95
Copyright (C) 1999-2008 Novell Inc.
Copyright 2009-2012 Canonical Ltd.
Container:
root@xen:~# uname -a
Linux
FYI, http://bazaar.launchpad.net/~apparmor-
dev/apparmor/master/revision/3658 fixes the /run/systemd/journal/stdout
denials. It seems like the real cause of this bug is this denial:
[95224.610046] audit: type=1400 audit(1484230178.466:1014):
apparmor="DENIED" operation="file_mmap"
"Once I have a list of things, I was planning to file individual bugs
with a tag repeal-act-2019 (or similar)"
Can you add click-apparmor and apparmor-easyprof-ubuntu to your list if
they aren't there already?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
urgency. In other popular DEs critical urgency notifications time out.
We should adjust the urgency to 'normal' to obtain intended behavior
across DEs.
** Affects: apparmor (Ubuntu)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Changed
** Description changed:
In an up to date Ubuntu 17.04 amd64 vm, if I:
1. install ubuntu-gnome-desktop
2. select lightdm as the default
3. sudo service lightdm stop ; sudo service lightdm start
4. login choosing 'GNOME Wayland'
the screen goes black with a flashing cursor in the
Public bug reported:
The following script works fine on 16.04 LTS:
#!/usr/bin/python3
import magic
import os
dir = "/usr/share/ca-certificates/mozilla"
mime = magic.open(magic.MAGIC_MIME)
mime.load()
for root, dirnames, filenames in os.walk(dir):
for f in filenames:
fn =
FYI, I noticed Ubuntu was in sync with Debian so I filed
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858571.
** Bug watch added: Debian Bug tracker #858571
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858571
--
You received this bug notification because you are a member of Ubuntu
** Changed in: cups (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1675503
Title:
cups and cups-pdf denials in snapd
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1536201
Title:
cupsctl can corrupt cupsd.conf if invoked by member of lpadmin group
Status in cups
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1572489
Title:
Canon MF4330d needs usb-no-reattach-default=true
Status in cups package in Ubuntu:
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1671420
Title:
package cups-daemon 2.0.2-1ubuntu3 failed to install/upgrade: le sous-
processus
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1526010
Title:
Duplex not working
Status in cups package in Ubuntu:
New
Bug description:
I
The apparmor denials have since been fixed. Removing the apparmor tag.
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1526415
Title:
after upgrade
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1523395
Title:
package cups-daemon 2.0.2-1ubuntu3 failed to install/upgrade: 子程序 已安裝的
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1526586
Title:
package cups 1.7.2-0ubuntu1.6 failed to install/upgrade: subprocess
installed
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1532551
Title:
no response from printer
Status in cups package in Ubuntu:
New
Bug description:
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1354596
Title:
Internal Server Error accessing localhost:631/admin
Status in cups package in
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1351036
Title:
Printer starts job from beginning after system suspend/resume
Status in cups package
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1357529
Title:
Magenta Toner Icon is yellow and Yellow Toner Icon is magenta
Status in cups package
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1477002
Title:
Working printer not printing
Status in cups package in Ubuntu:
New
Bug
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1418326
Title:
"lpr -p -P PDF" (prettyprint) hangs print job with sample string
Status in cups
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1516352
Title:
printer does not print
Status in cups package in Ubuntu:
New
Bug description:
The apparmor denials have since been fixed. Removing the apparmor tag.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1086303
Title:
Cups server can't listen - accept
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1310192
Title:
package cups 1.6.1-0ubuntu11.5 failed to install/upgrade: subprocess
installed
The apparmor denials have since been fixed, removing the apparmor tag.
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1089628
Title:
Print first
The apparmor denials were fixed in 1.7.1-1.
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1378438
Title:
Printer dialog stuck on "Getting printer
The apparmor denials are unrelated to this issue.
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1582251
Title:
CUPS does not find network Samsung
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1076347
Title:
two-sided printing not working on my pc, no problem on another one.
Status in cups
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1583997
Title:
cannot print correctly on HP Deskjet 840C
Status in cups package in Ubuntu:
New
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1636747
Title:
Printer canon MF3010.
Status in cups package in Ubuntu:
New
Bug description:
The kernel log contains many denials of the form:
[ 1729.383907] audit: type=1400 audit(1482428730.641:24):
apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd"
name="/home/.ecryptfs/megatron/.ecryptfs/Private.mnt" pid=1048
comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000
net_admin is a very powerful capability. What is lpd trying to do?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1660316
Title:
apparmor denial of CUPS
Status in cups
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1663647
Title:
cannot add printer
Status in cups package in Ubuntu:
Incomplete
Bug description:
** Changed in: cups (Ubuntu)
Importance: Undecided => Medium
** Changed in: cups (Ubuntu)
Status: New => In Progress
** Changed in: cups (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Tags added: apparmor
--
You received this bug notification be
>From the denials, it seems like adding this to the cups profile:
unix peer=(label=/usr/lib/cups/backend/cups-pdf),
and this to cups-pdf:
/etc/cups/ppd/*.ppd r,
/var/log/cups/cups-pdf-*_log rw,
unix peer=(label=/usr/sbin/cupsd),
should fix the issue (untested).
--
You received this
Public bug reported:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-zesty/zesty/amd64/s/snapd/20170323_131353_98370@/log.gz:
[ 1146.168148] audit: type=1400 audit(1490272816.901:880): apparmor="DENIED"
operation="file_inherit"
I just want to chime in here and say this bug has cost our company
thousands of dollars in lost revenue, and not to mention the unnecessary
cost of debugging time, because it broke two of the most important API
endpoints we use... Stripe for payments and the API for email delivery
with SendGrid,
For the ibus denial you need:
#include
For nvidia, you need:
#include
@{PROC}/driver/nvidia/params r,
/dev/nvidia* rw,
unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
(the apparmor abstraction needs to be updated for newer nvidia).
What happens if you add the above
FYI, IIRC this would happen on Touch but on Touch we would explicitly
deny access to network manager in the networking policy group which
suppressed the apparmor denial. Due to the way apparmor works and how
snappy builds up interfaces, we use explicit denials extremely
sparingly, which is why you
Thank you for using Ubuntu and filing a bug!
While /etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files is
shipped by apparmor, it is actually /etc/apparmor.d/abstractions/ubuntu-
browsers.d/firefox that #include's it, and this file is managed by the
firefox package, so moving this bug
** Changed in: ufw (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1660040
Title:
old-fashioned ufw structure reduces usability
501 - 600 of 1891 matches
Mail list logo
