[Touch-packages] [Bug 1816811] [NEW] iptables package doesn't flush table on removal of package

2019-02-20 Thread Christopher Warner 
Public bug reported:

The iptables package isn't flushing all tables on removal of the package
and the tables still exist until reboot. Intended behavior should be to
flush all tables via a dpkg pre-removal script. I'm not sure of any use
case where the intended behavior would be to keep the current rules in
place but not have iptables available.

root@ip-10-224-187-201:/home/cwarner# iptables -L
Chain INPUT (policy DROP)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
DROP   all  --  127.0.0.0/8  anywhere
ACCEPT tcp  --  anywhere anywhere state ESTABLISHED
ACCEPT udp  --  anywhere anywhere state ESTABLISHED
ACCEPT icmp --  anywhere anywhere state ESTABLISHED
ACCEPT tcp  --  anywhere anywhere tcp dpt:ssh state 
NEW
ACCEPT udp  --  anywhere anywhere udp dpt:bootpc 
state NEW
ACCEPT udp  --  anywhere anywhere udp dpt:ntp state 
NEW
ACCEPT udp  --  anywhere anywhere udp dpt:323 state 
NEW

Chain FORWARD (policy DROP)
target prot opt source   destination

Chain OUTPUT (policy DROP)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
ACCEPT tcp  --  anywhere anywhere state 
NEW,ESTABLISHED
ACCEPT udp  --  anywhere anywhere state 
NEW,ESTABLISHED
ACCEPT icmp --  anywhere anywhere state 
NEW,ESTABLISHED


root@ip-10-224-187-201:/home/cwarner# apt remove iptables
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  iptables
0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded.
After this operation, 1,663 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 91459 files and directories currently installed.)
Removing iptables (1.6.0-2ubuntu3) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...

*Rules are still in place*

root@ip-10-224-187-201:/home/cwarner# apt install iptables
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  iptables
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 266 kB of archives.
After this operation, 1,663 kB of additional disk space will be used.
Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 iptables 
amd64 1.6.0-2ubuntu3 [266 kB]
Fetched 266 kB in 0s (7,629 kB/s)
Selecting previously unselected package iptables.
(Reading database ... 91286 files and directories currently installed.)
Preparing to unpack .../iptables_1.6.0-2ubuntu3_amd64.deb ...
Unpacking iptables (1.6.0-2ubuntu3) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up iptables (1.6.0-2ubuntu3) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...


root@ip-10-224-187-201:/home/cwarner# iptables -L
Chain INPUT (policy DROP)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
DROP   all  --  127.0.0.0/8  anywhere
ACCEPT tcp  --  anywhere anywhere state ESTABLISHED
ACCEPT udp  --  anywhere anywhere state ESTABLISHED
ACCEPT icmp --  anywhere anywhere state ESTABLISHED
ACCEPT tcp  --  anywhere anywhere tcp dpt:ssh state 
NEW
ACCEPT udp  --  anywhere anywhere udp dpt:bootpc 
state NEW
ACCEPT udp  --  anywhere anywhere udp dpt:ntp state 
NEW
ACCEPT udp  --  anywhere anywhere udp dpt:323 state 
NEW

Chain FORWARD (policy DROP)
target prot opt source   destination

Chain OUTPUT (policy DROP)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
ACCEPT tcp  --  anywhere anywhere state 
NEW,ESTABLISHED
ACCEPT udp  --  anywhere anywhere state 
NEW,ESTABLISHED
ACCEPT icmp --  anywhere anywhere state 
NEW,ESTABLISHED

Same rules, still in place.

** Affects: iptables (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1816811

Title:
  iptables package doesn't flush table on removal of package

Status in iptables package in Ubuntu:
  New

Bug description:
  The iptables package isn't flushing all tables on removal of the
  package and the tables still exist until reboot. Intended behavior

[Touch-packages] [Bug 1627769] Re: limits.conf not applied

2017-06-06 Thread Christopher Warner 
So i'm just going to add on here instead of opening a new bug report.
The problem is that in most cases when you're setting the limits, you're
doing so for a process/user that isn't going to login. So the default is
to set it in login, cron, sshd, su etc. Unfortunately, for a process
that isn't going to login via normal methods. Such as a server process
or the like this will be ignored because pam_limits.so will never be
activated.

We need to put pam_limits.so in /etc/pam.d/common-session and /etc/pam.d
/common-session-noninteractive as required by default, or, update the
documentation somewhere that notes that limits.conf will not be
activated by pam_limits.so otherwise. Since everything is already
commented out by limits.conf per default it should be a straight-forward
change.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1627769

Title:
  limits.conf not applied

Status in jackd2 package in Ubuntu:
  New
Status in lightdm package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  New

Bug description:
  Since upgraded to 16.10 Yakkety, modifications in
  /etc/security/limits.conf are not taken into consideration when
  logging in the graphical interface.

  
  /etc/security/limits.conf:
  @audio   -  rtprio 99
  @audio   -  memlockunlimited

  I tried the same settings in /etc/security/limits.d/audio.conf, to the
  same results.

  
  After logging in Unity, opening a console, the limits are not set:
  blablack@ideaon:~$ ulimit -l -r
  max locked memory   (kbytes, -l) 64
  real-time priority  (-r) 0

  
  Reloging to my user via bash DOES apply the limits:
  blablack@ideaon:~$ ulimit -l -r
  max locked memory   (kbytes, -l) 64
  real-time priority  (-r) 0
  blablack@ideaon:~$ su blablack
  Password: 
  blablack@ideaon:~$ ulimit -l -r
  max locked memory   (kbytes, -l) unlimited
  real-time priority  (-r) 95

  
  Switching to a console (ctrl+alt+f1) and logging in would apply the limits as 
well.



  The exact same setup used to work fine on Xenial 16.04 before upgrade.

  
  If you need any more information, please let me know.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: lightdm 1.19.4-0ubuntu1
  ProcVersionSignature: Ubuntu 4.8.0-16.17-generic 4.8.0-rc7
  Uname: Linux 4.8.0-16-generic x86_64
  ApportVersion: 2.20.3-0ubuntu7
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Sep 26 17:27:10 2016
  SourcePackage: lightdm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jackd2/+bug/1627769/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp