[Touch-packages] [Bug 2063976] Re: Apparmor breaking nsjail in AOSP
To clarify, this is not something that can be solved upstream in apparmor, and a profile can't be accepted due to the nature of the path location? I'm really trying to avoid a situation where we need to add additional instructions after syncing AOSP just for Ubuntu users. One idea for this was to take nsjail and package it in Debian and remove it from AOSP prebuilts, that way a proper profile could be upstreamed since the path would be static, but that wouldn't address all previous versions of Android. Google has also been trying to move all binaries required for AOSP compile into the tree itself for more reproducible builds, so I'm not even sure if they'd accept that. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2063976 Title: Apparmor breaking nsjail in AOSP Status in apparmor package in Ubuntu: New Bug description: Build sandboxing in AOSP is broken after updating to 24.04 with the following denials: [ 182.439078] audit: type=1400 audit(1714265880.641:449): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=8514 comm="nsjail" requested="userns_create" target="unprivileged_userns" [ 182.439945] audit: type=1400 audit(1714265880.642:450): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=8515 comm="nsjail" capability=6 capname="setgid" [ 182.439972] audit: type=1400 audit(1714265880.642:451): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="unprivileged_userns" name="/" pid=8515 comm="nsjail" flags="rw, rprivate" This seems to come from the following change earlier this year: https://gitlab.com/apparmor/apparmor/-/commit/789cda2f089b3cd3c8c4ca387f023a36f7f1738a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2063976] Re: Apparmor breaking nsjail in AOSP
Thanks, I took a look at creating a profile for nsjail, but I'm a bit
confused on how to associate it with the app?
Because nsjail is a prebuilt in AOSP's source code that means it could be
litteraly anywhere on the user's system, e.g:
~/android-14.0.0_r1/prebuilts/build-tools/linux-x86/bin/nsjail
~/android-13.0.0_r1/prebuilts/build-tools/linux-x86/bin/nsjail
~/android-12.0.0_r1/prebuilts/build-tools/linux-x86/bin/nsjail
```
profile nsjail /**/prebuilts/build-tools/linux-x86/bin/nsjail
flags=(unconfined) {
```
I tested the above and it works, but is there a better way to do this?
Feels dirty and not what apparmor people would want.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2063976
Title:
Apparmor breaking nsjail in AOSP
Status in apparmor package in Ubuntu:
New
Bug description:
Build sandboxing in AOSP is broken after updating to 24.04 with the
following denials:
[ 182.439078] audit: type=1400 audit(1714265880.641:449): apparmor="AUDIT"
operation="userns_create" class="namespace" info="Userns create - transitioning
profile" profile="unconfined" pid=8514 comm="nsjail" requested="userns_create"
target="unprivileged_userns"
[ 182.439945] audit: type=1400 audit(1714265880.642:450): apparmor="DENIED"
operation="capable" class="cap" profile="unprivileged_userns" pid=8515
comm="nsjail" capability=6 capname="setgid"
[ 182.439972] audit: type=1400 audit(1714265880.642:451): apparmor="DENIED"
operation="mount" class="mount" info="failed mntpnt match" error=-13
profile="unprivileged_userns" name="/" pid=8515 comm="nsjail" flags="rw,
rprivate"
This seems to come from the following change earlier this year:
https://gitlab.com/apparmor/apparmor/-/commit/789cda2f089b3cd3c8c4ca387f023a36f7f1738a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2063976] [NEW] Apparmor breaking nsjail in AOSP
Public bug reported: Build sandboxing in AOSP is broken after updating to 24.04 with the following denials: [ 182.439078] audit: type=1400 audit(1714265880.641:449): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=8514 comm="nsjail" requested="userns_create" target="unprivileged_userns" [ 182.439945] audit: type=1400 audit(1714265880.642:450): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=8515 comm="nsjail" capability=6 capname="setgid" [ 182.439972] audit: type=1400 audit(1714265880.642:451): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="unprivileged_userns" name="/" pid=8515 comm="nsjail" flags="rw, rprivate" This seems to come from the following change earlier this year: https://gitlab.com/apparmor/apparmor/-/commit/789cda2f089b3cd3c8c4ca387f023a36f7f1738a ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Tags: noble -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2063976 Title: Apparmor breaking nsjail in AOSP Status in apparmor package in Ubuntu: New Bug description: Build sandboxing in AOSP is broken after updating to 24.04 with the following denials: [ 182.439078] audit: type=1400 audit(1714265880.641:449): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=8514 comm="nsjail" requested="userns_create" target="unprivileged_userns" [ 182.439945] audit: type=1400 audit(1714265880.642:450): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=8515 comm="nsjail" capability=6 capname="setgid" [ 182.439972] audit: type=1400 audit(1714265880.642:451): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="unprivileged_userns" name="/" pid=8515 comm="nsjail" flags="rw, rprivate" This seems to come from the following change earlier this year: https://gitlab.com/apparmor/apparmor/-/commit/789cda2f089b3cd3c8c4ca387f023a36f7f1738a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2049684] [NEW] libncurses5 missing in mantic/noble
Public bug reported: This package being missing breaks several packages people currently use, and breaks compilation of the Android Open Source Project for every current release. https://answers.launchpad.net/ubuntu/+source/ncurses/+question/707838 Google has started work on deprecating libncurses5 host usage internally (see https://groups.google.com/g/android-building/c/Sv_v2ApJZug), but that will not happen until at least Android 15 (later this year), and does not at all address the previous Android releases that are still supported and get security tags. We need this package to continue building AOSP for those previous releases. ** Affects: ncurses (Ubuntu) Importance: Undecided Status: New ** Tags: mantic noble ** Tags added: mantic noble -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ncurses in Ubuntu. https://bugs.launchpad.net/bugs/2049684 Title: libncurses5 missing in mantic/noble Status in ncurses package in Ubuntu: New Bug description: This package being missing breaks several packages people currently use, and breaks compilation of the Android Open Source Project for every current release. https://answers.launchpad.net/ubuntu/+source/ncurses/+question/707838 Google has started work on deprecating libncurses5 host usage internally (see https://groups.google.com/g/android- building/c/Sv_v2ApJZug), but that will not happen until at least Android 15 (later this year), and does not at all address the previous Android releases that are still supported and get security tags. We need this package to continue building AOSP for those previous releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/2049684/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2004552] Re: Sound doesn't work on ASUS X670E-E motherboard.
Fixed as of Ubuntu 23.10 (due to updated alsa-ucm-conf package). ** Changed in: alsa-driver (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2004552 Title: Sound doesn't work on ASUS X670E-E motherboard. Status in alsa-driver package in Ubuntu: Fix Committed Bug description: None of the outputs work for my digital optical output on my ASUS ROG STRIX X670E-E GAMING WIFI motherboard since updating the ALC4080/ALC4082 firmware. The issue is resolved in the upstream package of alsa-ucm-conf (https://github.com/alsa-project/alsa-ucm-conf). When I applied the newer configs sound started working again. ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-29.30-generic 5.19.17 Uname: Linux 5.19.0-29-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Thu Feb 2 06:08:15 2023 InstallationDate: Installed on 2023-01-08 (24 days ago) InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alsa-driver Symptom: audio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/04/2022 dmi.bios.release: 8.5 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0805 dmi.board.asset.tag: Default string dmi.board.name: ROG STRIX X670E-E GAMING WIFI dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0805:bd11/04/2022:br8.5:svnASUS:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnROGSTRIXX670E-EGAMINGWIFI:rvrRev1.xx:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: ASUS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2004552/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2004552] Re: Sound doesn't work on ASUS X670E-E motherboard.
Just following up, this also affects the 23.04 release when I tested the 04-17-23 daily image for lunar, which is to my understanding going to be the release build for Thursday. This has been resolved for a little over 5 months now upstream, could it please be picked into the Ubuntu package? https://github.com/alsa-project/alsa-ucm- conf/commit/88f232dffd54e1b9222ea76c7885445efebaa74d -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2004552 Title: Sound doesn't work on ASUS X670E-E motherboard. Status in alsa-driver package in Ubuntu: New Bug description: None of the outputs work for my digital optical output on my ASUS ROG STRIX X670E-E GAMING WIFI motherboard since updating the ALC4080/ALC4082 firmware. The issue is resolved in the upstream package of alsa-ucm-conf (https://github.com/alsa-project/alsa-ucm-conf). When I applied the newer configs sound started working again. ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-29.30-generic 5.19.17 Uname: Linux 5.19.0-29-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Thu Feb 2 06:08:15 2023 InstallationDate: Installed on 2023-01-08 (24 days ago) InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alsa-driver Symptom: audio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/04/2022 dmi.bios.release: 8.5 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0805 dmi.board.asset.tag: Default string dmi.board.name: ROG STRIX X670E-E GAMING WIFI dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0805:bd11/04/2022:br8.5:svnASUS:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnROGSTRIXX670E-EGAMINGWIFI:rvrRev1.xx:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: ASUS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2004552/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2004552] [NEW] Sound doesn't work on ASUS X670E-E motherboard.
Public bug reported: None of the outputs work for my digital optical output on my ASUS ROG STRIX X670E-E GAMING WIFI motherboard since updating the ALC4080/ALC4082 firmware. The issue is resolved in the upstream package of alsa-ucm-conf (https://github.com/alsa-project/alsa-ucm-conf). When I applied the newer configs sound started working again. ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-29.30-generic 5.19.17 Uname: Linux 5.19.0-29-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Thu Feb 2 06:08:15 2023 InstallationDate: Installed on 2023-01-08 (24 days ago) InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alsa-driver Symptom: audio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/04/2022 dmi.bios.release: 8.5 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0805 dmi.board.asset.tag: Default string dmi.board.name: ROG STRIX X670E-E GAMING WIFI dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0805:bd11/04/2022:br8.5:svnASUS:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnROGSTRIXX670E-EGAMINGWIFI:rvrRev1.xx:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: ASUS ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug kinetic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2004552 Title: Sound doesn't work on ASUS X670E-E motherboard. Status in alsa-driver package in Ubuntu: New Bug description: None of the outputs work for my digital optical output on my ASUS ROG STRIX X670E-E GAMING WIFI motherboard since updating the ALC4080/ALC4082 firmware. The issue is resolved in the upstream package of alsa-ucm-conf (https://github.com/alsa-project/alsa-ucm-conf). When I applied the newer configs sound started working again. ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-29.30-generic 5.19.17 Uname: Linux 5.19.0-29-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Thu Feb 2 06:08:15 2023 InstallationDate: Installed on 2023-01-08 (24 days ago) InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alsa-driver Symptom: audio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/04/2022 dmi.bios.release: 8.5 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0805 dmi.board.asset.tag: Default string dmi.board.name: ROG STRIX X670E-E GAMING WIFI dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0805:bd11/04/2022:br8.5:svnASUS:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnROGSTRIXX670E-EGAMINGWIFI:rvrRev1.xx:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: ASUS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2004552/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
