[Touch-packages] [Bug 1899218] Re: Incorrect warning from apparmor_parser on force complained profiles

2020-10-12 Thread Jamie Strandboge
FYI, this is part of the groovy upload in unapproved. ** Changed in: apparmor (Ubuntu) Status: New => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1899046] Re: /usr/bin/aa-notify:ModuleNotFoundError:/usr/bin/aa-notify@39

2020-10-12 Thread Jamie Strandboge
This has been uploaded to groovy and is currently in unapproved. ** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Emilia Torino (emitorino) -- You received this bug notification because you are a member

[Touch-packages] [Bug 1726856] Re: ufw does not start automatically at boot

2020-10-05 Thread Jamie Strandboge
@Muhammad - can you run: $ sudo /usr/share/ufw/check-requirements and paste the results? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1726856 Title: ufw does not start

[Touch-packages] [Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)

2020-09-25 Thread Jamie Strandboge
** Changed in: iptables (Ubuntu) Status: New => Fix Committed ** Changed in: iptables (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in

[Touch-packages] [Bug 1887577] Re: DEP8: Invalid capability setuid

2020-09-23 Thread Jamie Strandboge
Removed the update_excuse and update_excuses tags based on Steve and Alex's comments. ** Tags removed: update-excuse update-excuses -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-23 Thread Jamie Strandboge
FYI, I removed the block-proposed tag since ubuntu6 fixes this bug. ** Tags removed: block-proposed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895967 Title:

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-22 Thread Jamie Strandboge
I uploaded 3.0.0~beta1-0ubuntu6 just now that should address this issue. Thanks Christian for your debugging! ** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-09-22 Thread Jamie Strandboge
This was fixed in snapd in 2.44 via https://github.com/snapcore/snapd/pull/8467 ** Changed in: snapd (Ubuntu) Status: In Progress => Fix Released ** Changed in: snapd (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-22 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: Confirmed => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ap

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-22 Thread Jamie Strandboge
FYI, there was a components mismatch where apparmor-notify pulled python3-notify2 (and its Depends) into main. For now, I've demoted apparmor-notify to universe and adjusted the seed (in practical terms, the security team will fix bugs in apparmor-notify regardless of where it lives). We might

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-21 Thread Jamie Strandboge
Thanks! Uploaded: https://launchpad.net/ubuntu/+source/apparmor/3.0.0~beta1-0ubuntu5 ** Changed in: apparmor (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu)

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-18 Thread Jamie Strandboge
FYI, I accidentally violated the FFe process and uploaded (with a subsequent binary copy) to groovy-proposed. None of that migrated, so I deleted what was in groovy-proposed and am now attaching the debdiff, which has patches to pass proposed migration (we believe). Sorry for the snafu. ** Patch

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-18 Thread Jamie Strandboge
FYI, 3.0.0~beta1-0ubuntu3 should address the dbus autopkgtest issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-17 Thread Jamie Strandboge
FYI, the fix for the dbus issue is https://gitlab.com/apparmor/apparmor/-/merge_requests/625. We're preparing an ubuntu2 upload now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-16 Thread Jamie Strandboge
FYI, we're looking at the autopkgtest dbus issue now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release Status in apparmor

[Touch-packages] [Bug 1880841] Re: usr.sbin.nscd needs unix socket access to @userdb-*

2020-09-09 Thread Jamie Strandboge
This will be fixed in the next apparmor upload. ** Changed in: apparmor (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1880841

[Touch-packages] [Bug 1887577] Re: DEP8: Invalid capability setuid

2020-09-09 Thread Jamie Strandboge
This will be fixed in the next apparmor upload. ** Changed in: apparmor (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1887577

[Touch-packages] [Bug 1889699] Re: Brave is not included in the Ubuntu helpers

2020-09-09 Thread Jamie Strandboge
Thanks for the patch! I'll get this incorporated into the next apparmor upload. ** Changed in: apparmor (Ubuntu) Status: New => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification becau

[Touch-packages] [Bug 1891338] Re: apparmor misconfigured for envice

2020-09-09 Thread Jamie Strandboge
You are right that there are two places this is defined: in /etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration and in /etc/apparmor.d/usr.bin.evince. I'll adjust apparmor to fix ubuntu-integration to use the exo-open abstraction. There is an evince task though because we don't

[Touch-packages] [Bug 1895060] [NEW] [FFe] apparmor 3 upstream release

2020-09-09 Thread Jamie Strandboge
Public bug reported: To be filled in ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060

[Touch-packages] [Bug 1385013] Re: proper fix for apparmor mediation of lower (encrypted) filesystem

2020-08-26 Thread Jamie Strandboge
I'm bumping the priority down to Undecided as its been almost 6 years-- it clearly isn't critical. :) ** Changed in: apparmor (Ubuntu) Assignee: NYEIN LIN THU (mgnyein) => (unassigned) ** Changed in: apparmor (Ubuntu) Importance: Critical => Undecided ** Changed in: ecryptfs-utils

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2020-08-17 Thread Jamie Strandboge
** Also affects: libseccomp (Ubuntu Groovy) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: New ** Also affects: libseccomp (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: libseccomp (Ubuntu Bionic) Importance: Undecided

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

2020-08-04 Thread Jamie Strandboge
I agree that a new bug should be filed. When doing so, please attach any relevant policy violations from journalctl to the bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ibus in Ubuntu.

[Touch-packages] [Bug 1751677] Re: apparmor fails to start

2020-07-11 Thread Jamie Strandboge
** Project changed: apparmor => apparmor (Ubuntu) ** Changed in: apparmor (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1751677

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-07 Thread Jamie Strandboge
This seems related: * https://bugzilla.redhat.com/show_bug.cgi?id=1653068 * https://github.com/systemd/systemd/pull/11157 I can't say why the libseccomp update would change anything, though the redhat bug shows an AVC denial, so I wonder if you see anything related to systemd-resolved with

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-07 Thread Jamie Strandboge
Note that 2.4.1-0ubuntu0.18.04.2 was previously in bionic and had been since May of 2019 (2.3.1-2.1ubuntu4 is what bionic was released with, but later updated to 2.4.1-0ubuntu0.18.04.2). 2.4.1-0ubuntu0.18.04.2 can be found here:

[Touch-packages] [Bug 1413410] Re: Unable to match embedded NULLs in unix bind rule for abstract sockets

2020-06-23 Thread Jamie Strandboge
We released UC16/xenial with a new enough apparmor (which was also backported to trusty) so we can mark the snapd task as Invalid, which I did just now. ** Changed in: snappy Status: Incomplete => Invalid ** Changed in: snappy Assignee: Jamie Strandboge (jdstrand) => (unas

[Touch-packages] [Bug 1872106] Re: isc-dhcp-server crashing constantly [Ubuntu 20.04]

2020-06-15 Thread Jamie Strandboge
@mm - that probably isn't the issue, but you can adjust /etc/apparmor.d/local/usr.sbin.dhcpd to have: @{PROC}/sys/net/ipv4/ip_local_port_range r, and then do: sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.dhcpd # yes, without local/ -- You received this bug notification because you are a

[Touch-packages] [Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong

2020-06-15 Thread Jamie Strandboge
Marking as Invalid since the default firewall policy is working as intended. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong

2020-06-15 Thread Jamie Strandboge
Thank you for filing a bug. The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in

[Touch-packages] [Bug 1882314] Re: Firewall rule in before6.rules for dhcp6 is wrong

2020-06-15 Thread Jamie Strandboge
Marking as Invalid since the default firewall policy is working as intended. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1882314] Re: Firewall rule in before6.rules for dhcp6 is wrong

2020-06-15 Thread Jamie Strandboge
Thank you for filing a bug. The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-10 Thread Jamie Strandboge
Sorry, I reran bionic and *focal* autopkgtests and there are now no regressions. Running eoan again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1876055 Title: SRU:

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-10 Thread Jamie Strandboge
FYI, I reran the bionic and eoan autopkgtests and there are now no regressions. ** Tags removed: verification-needed-bionic verification-needed-eoan verification-needed-focal verification-needed-xenial ** Tags added: verification-done-bionic verification-done-eoan verification-done-focal

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
FYI, I reran the bionic and eoan autopkgtests and there are now no regressions. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title: libseccomp 2.4.3 (and

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
Sorry, I reran bionic and *focal* autopkgtests and there are now no regressions. Running eoan again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title:

[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-10 Thread Jamie Strandboge
There isn't a snapd task (snap-seccomp is compiled against libseccomp but it can't influence this behavior), so unassigning Ian and marking that task as Invalid. ** Changed in: snapd Status: Triaged => Invalid ** Changed in: snapd Assignee: Ian Johnson (anonymouse67) => (unassigned)

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
FYI, I reran the xenial autopkgtests and they now pass. ** Tags removed: verification-done-focal ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu.

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-10 Thread Jamie Strandboge
FYI, I reran the xenial autopkgtests and there are now no regressions. ** Tags removed: verification-done-bionic verification-done-eoan verification-done-focal verification-done-xenial ** Tags added: verification-needed-bionic verification-needed-eoan verification-needed-focal

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
FYI, I copied xenial-focal from the security-proposed ppa to -proposed. Borrowing from the ubuntu-sru team's SRU verification text: Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-09 Thread Jamie Strandboge
FYI, I copied xenial-focal from the security-proposed ppa to -proposed. Borrowing from the ubuntu-sru team's SRU verification text: Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback

[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-09 Thread Jamie Strandboge
FYI, a 2.4.3 SRU is in flight (by amurray), but looking at https://github.com/seccomp/libseccomp/pull/180 (the fix for the bug), https://github.com/seccomp/libseccomp/issues/187 (2.4.3 backports), and code inspection, the fix for the bug is not in 2.4.3 and will come in 2.5. The security team is

[Touch-packages] [Bug 1872564] Re: /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

2020-06-01 Thread Jamie Strandboge
FYI, those re-runs passed and the package is green in https://people.canonical.com/~ubuntu-archive/pending-sru.html. When ubuntu-sru goes through the queue, this will be published. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1868720] Re: backport time64 syscalls whitelist

2020-05-28 Thread Jamie Strandboge
There is actually an SRU in progress for libseccomp: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu.

[Touch-packages] [Bug 1872564] Re: /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

2020-05-28 Thread Jamie Strandboge
The autopkgtest failures seem unrelated. I triggered reruns just now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1872564 Title: /proc/sys/kernel/random/boot_id rule

[Touch-packages] [Bug 1872564] Re: /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

2020-05-28 Thread Jamie Strandboge
@Marco, this issue is not yet fixed in Focal. Marking back to Fix Committed. ** Changed in: apparmor (Ubuntu Focal) Status: Fix Released => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in

[Touch-packages] [Bug 1872564] Re: /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

2020-05-19 Thread Jamie Strandboge
@Sergio - assuming you are ok with my patch, do you still plan to follow through on the SRU verification once it is accepted into focal-proposed? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1872564] Re: /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

2020-05-19 Thread Jamie Strandboge
@Sergio, I didn't see that you uploaded anything to the queue so to expedite the SRU since there are a number of duplicates, I created a smaller backport of the fix and uploaded it to focal-proposed just now:

[Touch-packages] [Bug 1721704] Re: Printer settings stuck on loading drivers database

2020-05-19 Thread Jamie Strandboge
@Till, the boot_id issue is being tracked here: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1872564 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1721704

[Touch-packages] [Bug 1878814] Re: apparmor stays active even when the service is disabled

2020-05-15 Thread Jamie Strandboge
I'm not familiar with mysql-workbench-community, but looking at the logs I see: May 14 17:44:33 owen-AOD255 kernel: [ 181.312508] audit: type=1400 audit(1589474673.710:1024): apparmor="DENIED" operation="connect" profile="snap.mysql-workbench-community.mysql-workbench-community"

[Touch-packages] [Bug 1878862] Re: AppArmor - Cannot move snap packages from enforce to complain

2020-05-15 Thread Jamie Strandboge
snapd manages the security policies for snaps (and it will rewrite the profiles at some point if you modify them yourself). You may install a snap in devmode which puts apparmor in complain. Eg: sudo snap install --devmode mysql-workbench-community ** Changed in: apparmor (Ubuntu) Status:

[Touch-packages] [Bug 1870729] Re: DHCP Server regularly killed code=killed, status=6/ABRT

2020-05-14 Thread Jamie Strandboge
This bug is marked fixed release. As I suggested in comment #13, please file a new bug. This will allow you to use apport to upload any crash information/etc that will assist developers in fixing this. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-05-13 Thread Jamie Strandboge
** Changed in: libseccomp (Ubuntu Focal) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title: libseccomp 2.4.3 (and

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-05-12 Thread Jamie Strandboge
Thanks for the debdiff Alex. Uploaded to groovy-proposed. ** Changed in: libseccomp (Ubuntu Groovy) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu.

[Touch-packages] [Bug 1876065] Re: After unplug headphones and plug them again no sound can be heard

2020-05-12 Thread Jamie Strandboge
Rather than superseding 1:13.99.1-1ubuntu4 in groovy-proposed, I instead based the changes in 1:13.99.1-1ubuntu5 on top of 1:13.99.1-1ubuntu4 to address the CVE that was fixed in https://usn.ubuntu.com/4355-1/. ** Also affects: pulseaudio (Ubuntu Groovy) Importance: High Assignee:

[Touch-packages] [Bug 1877102] Re: snap policy module can be unloaded, circumventing audio recording restrictions for snaps

2020-05-12 Thread Jamie Strandboge
Uploaded https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu5 to groovy based on 1:13.99.1-1ubuntu4 from groovy-proposed. ** Changed in: pulseaudio (Ubuntu Groovy) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1877102] Re: snap policy module can be unloaded, circumventing audio recording restrictions for snaps

2020-05-12 Thread Jamie Strandboge
I'll apply the focal patch to what is in groovy-proposed. ** Changed in: pulseaudio (Ubuntu Groovy) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Changed in: pulseaudio (Ubuntu Groovy) Status: Triaged => In Progress -- You received this bug notification becau

[Touch-packages] [Bug 1869819] Re: [SRU] System can't detect external headset in the codec of Conexant

2020-05-12 Thread Jamie Strandboge
FYI, the upload to bionic-proposed was superseded by https://usn.ubuntu.com/4355-1/. Please rebase your changes on that and reupload. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.

[Touch-packages] [Bug 1876065] Re: After unplug headphones and plug them again no sound can be heard

2020-05-12 Thread Jamie Strandboge
FYI, the upload to focal-proposed was superseded by https://usn.ubuntu.com/4355-1/. Please rebase your changes on that and reupload. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.

[Touch-packages] [Bug 1877102] Re: snap policy module can be unloaded, circumventing audio recording restrictions for snaps

2020-05-12 Thread Jamie Strandboge
** Changed in: pulseaudio (Ubuntu Groovy) Importance: High => Medium ** Changed in: pulseaudio (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: pulseaudio (Ubuntu Eoan) Importance: Undecided => Medium ** Changed in: pulseaudio (Ubuntu Bionic) Importance: Undecided =>

[Touch-packages] [Bug 1878175] Re: Abstraction needs access to @{PROC}/sys/kernel/random/boot_id

2020-05-12 Thread Jamie Strandboge
*** This bug is a duplicate of bug 1872564 *** https://bugs.launchpad.net/bugs/1872564 ** Changed in: apparmor (Ubuntu) Status: New => Confirmed ** This bug has been marked a duplicate of bug 1872564 /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice --

[Touch-packages] [Bug 1873764] Re: CUPS Apparmor Error opening /proc/sys/kernel/random/boot_id

2020-05-11 Thread Jamie Strandboge
*** This bug is a duplicate of bug 1872564 *** https://bugs.launchpad.net/bugs/1872564 This is a dupe of https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1872564 which, AIUI, the server team will be performing an SRU for. ** This bug has been marked a duplicate of bug 1872564

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-05-08 Thread Jamie Strandboge
** Description changed: - This was reported via the snapcraft forum: + This was reported via the snapcraft forum[1]: On bionic amd64, libseccomp 2.4.1-0ubuntu0.18.04.2 $ lsb_release -d Description: Ubuntu 18.04.4 LTS $ scmp_sys_resolver -a aarch64 163 getrlimit $

[Touch-packages] [Bug 1877633] [NEW] libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-05-08 Thread Jamie Strandboge
Public bug reported: This was reported via the snapcraft forum: On bionic amd64, libseccomp 2.4.1-0ubuntu0.18.04.2 $ lsb_release -d Description:Ubuntu 18.04.4 LTS $ scmp_sys_resolver -a aarch64 163 getrlimit $ scmp_sys_resolver -a aarch64 getrlimit 163 focal amd64, libseccomp

[Touch-packages] [Bug 1869819] Re: [SRU] System can't detect external headset in the codec of Conexant

2020-05-06 Thread Jamie Strandboge
FYI, there is a pending update that will go out either tomorrow or early next week. Please base your next upload on this update. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.

[Touch-packages] [Bug 1781428] Re: please enable snap mediation support

2020-04-17 Thread Jamie Strandboge
I confirmed that https://people.canonical.com/~ubuntu-archive/proposed- migration/xenial/update_excuses.html shows no autopkgtest regression for xenial. I also ran through the TEST CASE for this bug and xenial passed. Marking verification-done-xenial ** Tags removed: verification-failed-xenial

[Touch-packages] [Bug 1781428] Re: please enable snap mediation support

2020-04-17 Thread Jamie Strandboge
I confirmed that https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html shows no autopkgtest regression for bionic. I also ran through the TEST CASE for this bug and bionic passed. Marking verification-done-bionic. ** Tags removed: verification-failed

[Touch-packages] [Bug 1781428] Re: please enable snap mediation support

2020-04-17 Thread Jamie Strandboge
** Description changed: [Impact] Ubuntu 16.10 added rudimentary snap support to disable audio recording if the connecting process was a snap. By Ubuntu 18.04, something changed in the build resulting in 'Enable Snappy support: no' with audio recording no longer being mediated by pulseaudio

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-10 Thread Jamie Strandboge
Adding a snapd Ubuntu task, marking as In Progress and assigning to mvo since he is preparing a 20.04 upload. ** Also affects: snapd (Ubuntu) Importance: Undecided Status: New ** Changed in: snapd (Ubuntu Focal) Assignee: (unassigned) => Michael Vogt (mvo) ** Changed in: snapd

[Touch-packages] [Bug 1869024] Re: add support for DynamicUser feature of systemd

2020-04-10 Thread Jamie Strandboge
The abstraction is meant to cover the client, not systemd internal specifics. A client simply accessing that DBus API won't need it and a client simply accessing those sockets won't need it. It very well might be that a profiled application is using some *ctl command from systemd that would need

[Touch-packages] [Bug 1870729] Re: DHCP Server regularly killed code=killed, status=6/ABRT

2020-04-10 Thread Jamie Strandboge
I will update the policy for the write access. I suggest removing the crash file in /var/crash, then if you see the crash again, file a new bug with the crash information (eg, apport-cli if on a server) so it can be analyzed. -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1871615] Re: package apparmor 2.13.3-7ubuntu4 failed to install/upgrade: end of file on stdin at conffile prompt

2020-04-10 Thread Jamie Strandboge
Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1871615 Title: package apparmor 2.13.3-7ubuntu4 failed to install/upgrade: end of file on stdin at

[Touch-packages] [Bug 1871615] Re: package apparmor 2.13.3-7ubuntu4 failed to install/upgrade: end of file on stdin at conffile prompt

2020-04-09 Thread Jamie Strandboge
Foundations, it seems like unattended-upgrades should be smarter with conffile changes (honestly, I thought it was)? Note, the security also saw this in https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1871261. Is this a regression? ** Also affects: unattended-upgrades (Ubuntu) Importance:

[Touch-packages] [Bug 1871615] Re: package apparmor 2.13.3-7ubuntu4 failed to install/upgrade: end of file on stdin at conffile prompt

2020-04-09 Thread Jamie Strandboge
Per https://launchpadlibrarian.net/473598993/DpkgHistoryLog.txt, unattended-upgrades is running on this system. Per https://launchpadlibrarian.net/473598999/modified.conffile..etc.apparmor.d.abstractions.base.txt, /etc/apparmor.d/abstraction/base was modified to include: # adds networking to

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-09 Thread Jamie Strandboge
Adding a snapd bug task. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1871148 Title: services start before apparmor profiles are loaded Status in AppArmor: Invalid

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-09 Thread Jamie Strandboge
Daniel, this is a different cause but same result: zfs-load-module.service (2ms) zfs-import-cache.service (8ms) zfs-import.target ... var-lib.mount (69ms) ... snap-multipass-1869.mount (1.358s) ... apparmor.service (279ms) ... In this case, apparmor correctly waited for var.lib.mount, but

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-08 Thread Jamie Strandboge
Daniel responded on irc and said after several reboots with the new apparmor, everything was fine on every boot (though his critical-chain has var.lib.mount listed). My attached systemd-analyze plot svg shows that apparmor.service is indeed starting after var.lib.mount on the VM where the

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-08 Thread Jamie Strandboge
Here is an 'sudo systemd-analyze plot > ./1871148-vm-no-varlib- mount.svg' on a focal VM that reports the following critical-chain: $ sudo systemd-analyze critical-chain apparmor.service The time when unit became active or started is printed after the "@" character. The time the unit took to

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-08 Thread Jamie Strandboge
All that said, Daniel and Jean-Baptiste, I installed 20.04 in a vm and tried to reproduce this and could not. The apparmor change was about correctness of the unit so I performed the upload, but I also hoped that it would address the issue you are seeing. I'm not certain it will. On one boot,

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-08 Thread Jamie Strandboge
Marking the zsys task back to New based on my last comment. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1871148 Title: services start before apparmor profiles are

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-08 Thread Jamie Strandboge
Seth, the service starts fine if snapd is not installed and the mountpoint is not present. $ sudo systemctl status apparmor ‚óŹ apparmor.service - Load AppArmor profiles Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: active (exited) since

[Touch-packages] [Bug 1870729] Re: DHCP Server regularly killed code=killed, status=6/ABRT

2020-04-07 Thread Jamie Strandboge
Now that there are no apparmor denials, this sounds like something for the server team to take a look at. Can you file a new bug since this one was used to address the apparmor denials? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1871261] Re: package ufw 0.36-6 failed to install/upgrade: end of file on stdin at conffile prompt

2020-04-07 Thread Jamie Strandboge
Thank you for reporting a bug and helping to make Ubuntu better. Based on https://launchpadlibrarian.net/473334677/DpkgTerminalLog.txt: Preparing to unpack .../archives/ufw_0.36-6_all.deb ... Unpacking ufw (0.36-6) over (0.36-5) ... Setting up ufw (0.36-6) ... Configuration file

[Touch-packages] [Bug 1796911] Re: libnss-systemd was denied talking to pid1

2020-04-07 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1796911 Title: libnss-systemd was denied

[Touch-packages] [Bug 1870729] Re: DHCP Server regularly killed code=killed, status=6/ABRT

2020-04-07 Thread Jamie Strandboge
4.4.1-2.1ubuntu4 was uploaded for the above. Please let us know if it doesn't fix the issue for you. ** Changed in: isc-dhcp (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1869629] Re: please add /etc/mdns.allow to /etc/apparmor.d/abstractions/mdns

2020-04-06 Thread Jamie Strandboge
FYI, I submitted https://github.com/snapcore/snapd/pull/8443 for this. ** Changed in: snapd Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1869024] Re: add support for DynamicUser feature of systemd

2020-04-06 Thread Jamie Strandboge
FYI, I added these accesses in https://github.com/snapcore/snapd/pull/8443 ** Also affects: snapd Importance: Undecided Status: New ** Changed in: snapd Status: New => In Progress ** Changed in: snapd Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You re

[Touch-packages] [Bug 1870729] Re: DHCP Server regularly killed code=killed, status=6/ABRT

2020-04-06 Thread Jamie Strandboge
. ** Changed in: isc-dhcp (Ubuntu) Importance: Undecided => High ** Changed in: isc-dhcp (Ubuntu) Status: New => In Progress ** Changed in: isc-dhcp (Ubuntu) Milestone: None => ubuntu-20.04 ** Changed in: isc-dhcp (Ubuntu) Assignee: (unassigned) => Jamie Strandbo

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-06 Thread Jamie Strandboge
I uploaded 2.13.3-7ubuntu4 to address this: https://launchpad.net/ubuntu/+source/apparmor/2.13.3-7ubuntu4 There might be other fixes for zsys, but this should address the issue in snapd. It is currently in unapproved, but a member of the release team will hopefully approve it soon. ** Changed

[Touch-packages] [Bug 1848919] Re: [snap] Permission denied on Private encrypted folder

2020-04-06 Thread Jamie Strandboge
** Changed in: snapd Status: In Progress => Fix Released ** Changed in: snapd (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1848919] Re: [snap] Permission denied on Private encrypted folder

2020-04-06 Thread Jamie Strandboge
* Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1848919 Title: [snap] Permi

[Touch-packages] [Bug 1796911] Re: libnss-systemd was denied talking to pid1

2020-04-06 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: Confirmed => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Changed in: apparmor (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are

[Touch-packages] [Bug 1869024] Re: add support for DynamicUser feature of systemd

2020-04-06 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: New => Fix Committed ** Changed in: apparmor (Ubuntu) Status: Fix Committed => In Progress ** Changed in: apparmor (Ubuntu) Importance: Undecided => High ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jami

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-04-06 Thread Jamie Strandboge
pparmor (Ubuntu Focal) Importance: Undecided => Critical ** Changed in: apparmor (Ubuntu Focal) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to appa

[Touch-packages] [Bug 1867647] Re: ufw neglects to define chain ufw-user-output

2020-04-02 Thread Jamie Strandboge
I cannot reproduce this. $ sudo ufw allow 22 $ sudo ufw enable $ sudo iptables-save && echo SUCCESS ... SUCCESS I can see in the output: $ sudo iptables-save|grep ufw-user-output :ufw-user-output - [0:0] -A ufw-before-output -j ufw-user-output There seems to be something on your system that is

[Touch-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated

2020-04-02 Thread Jamie Strandboge
The linux task can be marked as Fix Released since net/netfilter/nf_conntrack_helper has defaulted to 0 since 4.7. ** Changed in: ufw (Ubuntu) Status: Triaged => In Progress ** Changed in: linux (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification

[Touch-packages] [Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated

2020-04-02 Thread Jamie Strandboge
Users seeing this issue should modify IPT_MODULES in /etc/defaults/ufw to be empty. Ubuntu 20.04 will do this be default and future releases of ufw will introduce rule syntax for working with helper rules. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1869629] Re: please add /etc/mdns.allow to /etc/apparmor.d/abstractions/mdns

2020-04-01 Thread Jamie Strandboge
; 2.45 ** Changed in: snapd Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1869629 Title: please add /etc/m

[Touch-packages] [Bug 1865531] Re: ip6tables alternate is not setup correctly

2020-03-02 Thread Jamie Strandboge
: In Progress => Invalid ** Changed in: iptables (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) ** Changed in: iptables (Ubuntu) Importance: Medium => Undecided -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is s

[Touch-packages] [Bug 1865519] Re: apparmor depends on python3

2020-03-02 Thread Jamie Strandboge
We've discussed this in the past and it was determined that 'aa-status' is to be part of every apparmor minimal install (which is why it is in apparmor and all the other python tools are in apparmor-utils) so splitting out of apparmor-minimal doesn't really work with this thinking. Perhaps moving

  1   2   3   4   5   6   7   8   9   10   >