[Touch-packages] [Bug 1970731] Re: iptables empty when using firewalld

2022-04-28 Thread Jamie Strandboge
Reassigning to firewalld as the description mentions that ufw is disabled. This is not a bug though because iptables relies on certain tables/chains being used and it looks like firewalld doesn't use those (which is fine for firewalld to do). You should be able to see all netfilter firewall rules

[Touch-packages] [Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

2022-04-18 Thread Jamie Strandboge
** Changed in: isc-dhcp (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current

[Touch-packages] [Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

2022-04-17 Thread Jamie Strandboge
** Changed in: ifupdown (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1896772 Title: systemd-resolved configures no Current

[Touch-packages] [Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

2022-04-17 Thread Jamie Strandboge
** Also affects: ifupdown (Ubuntu) Importance: Undecided Status: New ** Also affects: isc-dhcp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in

[Touch-packages] [Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

2022-04-17 Thread Jamie Strandboge
I grep'd for 'netif' in /etc and noticed: $ sudo grep -r netif /etc /etc/network/if-down.d/resolved:statedir=/run/systemd/resolve/netif /etc/network/if-up.d/resolved:statedir=/run/systemd/resolve/netif /etc/dhcp/dhclient-exit-hooks.d/resolved:statedir=/run/systemd/resolve/netif

[Touch-packages] [Bug 1896772] Re: systemd-resolved configures no Current Scopes on start

2022-04-17 Thread Jamie Strandboge
I see this on 22.04 after upgrading from 20.04. $ journalctl |grep 'Failed to save link data' Apr 17 15:25:52 hostname systemd-resolved[19095]: Failed to save link data /run/systemd/resolve/netif/3: Permission denied Apr 17 15:25:52 hostname systemd-resolved[19095]: Failed to save link data

[Touch-packages] [Bug 1968608] Re: networking/firewall issues after upgrade when using iptables-nft

2022-04-11 Thread Jamie Strandboge
I filed https://github.com/docker-snap/docker-snap/issues/68 for the docker snap unconditionally using xtables. ** Bug watch added: github.com/docker-snap/docker-snap/issues #68 https://github.com/docker-snap/docker-snap/issues/68 ** Also affects: iptables (Ubuntu) Importance: Undecided

[Touch-packages] [Bug 1968608] Re: networking/firewall issues after upgrade when using iptables-nft

2022-04-11 Thread Jamie Strandboge
** Description changed: Filing this issue in the hopes that it will help people who are upgrading from a system that previously used xtables to one that is using netfilter. ufw uses the 'iptables' suite of commands under the hood. As of iptables 1.8, iptables ships with two different

[Touch-packages] [Bug 1968608] [NEW] networking/firewall issues after upgrade when using iptables-nft

2022-04-11 Thread Jamie Strandboge
Public bug reported: Filing this issue in the hopes that it will help people who are upgrading from a system that previously used xtables to one that is using netfilter. ufw uses the 'iptables' suite of commands under the hood. As of iptables 1.8, iptables ships with two different backends for

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2022-01-05 Thread Jamie Strandboge
** Tags removed: block-proposed block-proposed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking network

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2022-01-05 Thread Jamie Strandboge
https://launchpad.net/ubuntu/+source/ufw/0.36.1-3ubuntu1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle, breaking

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2022-01-05 Thread Jamie Strandboge
** Changed in: ufw (Ubuntu) Status: New => Triaged ** Changed in: cloud-init (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2022-01-05 Thread Jamie Strandboge
Oh! I missed from the initial report that network-pre was deleted which clears up things considerably on my end (since I wasn't able to reproduce, I didn't see it locally either). :) Preparing an upload now. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1956029] Re: ufw remains inactive at boot time

2022-01-04 Thread Jamie Strandboge
Thanks for the response and glad you got it worked out. It reminds me that I would like to document using fail2ban with ufw more. ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2022-01-04 Thread Jamie Strandboge
> This makes me want to understand the cloud-init configuration that is in play. Can you share it? I'm thinking I should upload: DefaultDependencies=no Before=network-pre.target Wants=network-pre.target local-fs.target After=local-fs.target Do you have any objections? This would remove the

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2022-01-04 Thread Jamie Strandboge
> I don't believe your reproducer is valid - cloud-init is not installed anymore, as autopkgtest-buildvm-ubuntu-cloud removes it when building the VM, whereas it remains on the cloud images, as it's needed there to actually get the IP address during boot. Note, in

[Touch-packages] [Bug 1956029] Re: ufw remains inactive at boot time

2021-12-30 Thread Jamie Strandboge
> How to I ensure that ufw is fully up and initialised BEFORE the fail2ban service starts? This line from your existing fail2ban.service should be sufficient: After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service ufw.service See

[Touch-packages] [Bug 1956029] Re: ufw remains inactive at boot time

2021-12-30 Thread Jamie Strandboge
> 4. you didn't mention which distro you are using This would be good to know since some distros are using iptables 1.8.x which has two different backends that are in play. Which distro are you using and what is the output of `iptables --version` -- You received this bug notification because

[Touch-packages] [Bug 1956029] Re: ufw remains inactive at boot time

2021-12-30 Thread Jamie Strandboge
Thanks for the bug report. A few things: 1. I'm not sure what 'networking stops' means precisely in the context of this bug report. Does 'ufw disable' restore the network? Is the network torn down? Something else (you are using a lot of limit rules instead of allow rules, I wonder if you are

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-12-29 Thread Jamie Strandboge
** Attachment added: "plot-2.svg" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+attachment/5550320/+files/plot-2.svg -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-12-29 Thread Jamie Strandboge
** Attachment added: "plot-3.svg" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1950039/+attachment/5550321/+files/plot-3.svg -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-12-29 Thread Jamie Strandboge
Attached are two 'systemd-analyze plot's for the autopktest jammy system with cloud-init and ufw installed. plot-2.svg is for booting the system with 0.36.1-2 (current jammy) and plot-3.svg is 0.36.1-3 (proposed jammy). Notice how plot-2.svg, ufw and systemd-networkd start quite a bit earlier than

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-12-29 Thread Jamie Strandboge
@juliank - note I wasn't so much talking about 'blame' as much as understanding, so I apologize if it came across that way. Since I wasn't able to reproduce, I was trying to reason through my thoughts to help the discussion go further since I'm not able to diagnose it myself. In a nutshell, I

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-12-29 Thread Jamie Strandboge
** Changed in: ufw (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1950039 Title: ufw 0.36.1-3 introduces ordering cycle,

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-12-29 Thread Jamie Strandboge
@juliank - where did you see these errors? I booted with a freshly created autopkgtest jammy vm, installed the package from proposed and it worked fine. Please see my previous comments-- this does not seem to be a bug in ufw since it is using the documented unit setup that systemd recommends for

[Touch-packages] [Bug 1726856] Re: ufw does not start automatically at boot

2021-12-29 Thread Jamie Strandboge
@Stefan, I suggest you try the fix that is in Debian. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834#27 @Myron, yours sounds like a different issue. I suggest you file a new bug, downloading https://git.launchpad.net/ufw/tree/tests/check- requirements and including the output of

[Touch-packages] [Bug 1951018] Re: No ability to discern IPv4 vs IPv6 rules through Python

2021-11-17 Thread Jamie Strandboge
** Also affects: ufw Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1951018 Title: No ability to discern IPv4 vs IPv6 rules

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-11-06 Thread Jamie Strandboge
Also, to be clear, when I say I can't look at the ufw portions 'for a while', I mean ~10 days (doing this from my phone). Thinking about this, my thinking is this is less about the Before/Wants on network-pre and the removal of DefaultDependencies and more about Before=network being removed

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-11-06 Thread Jamie Strandboge
I mention firewalld cause while ufw could be reverted, firewalld users would presumably also hit it, as well as any other software that does it. If the ufw change is reverted, IME someone should audit the archive for other occurrences of this pattern and update the units accordingly). -- You

[Touch-packages] [Bug 1950039] Re: ufw 0.36.1-3 introduces ordering cycle, breaking network

2021-11-06 Thread Jamie Strandboge
Fyi, the current configuration is the same as firewalld upstream and what is in Debian, Moreover it is following systemd documentation for firewall software so I wonder if the change simply uncovered a latent bug Fyi, I won't be able to look at this for a while so if you need to back it out,

[Touch-packages] [Bug 1946804] Re: ufw breaks boot on network root filesystem

2021-11-03 Thread Jamie Strandboge
Tested 0.36-0ubuntu0.18.04.2 on bionic. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I didn't test on an iSCSI system so won't add verification-done-focal at this time, but I think the testing

[Touch-packages] [Bug 1946804] Re: ufw breaks boot on network root filesystem

2021-11-03 Thread Jamie Strandboge
Tested 0.36-6ubuntu1 on focal. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I didn't test on an iSCSI system so won't add verification-done-focal at this time, but I think the testing is

[Touch-packages] [Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule

2021-11-03 Thread Jamie Strandboge
Tested 0.36-0ubuntu0.18.04.2 on bionic. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order and I spot-checked allowed and deny traffic. I was able to verify the this bug is fixed via the test steps. ** Tags removed: verification-needed-bionic

[Touch-packages] [Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule

2021-11-03 Thread Jamie Strandboge
Tested 0.36-6ubuntu1 on focal. apt upgrade succeeded and after reboot the firewall came up with the expected rules in the expected order. I was able to verify the this bug is fixed via the test steps. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You

[Touch-packages] [Bug 1726856] Re: ufw does not start automatically at boot

2021-11-02 Thread Jamie Strandboge
I've looked at this issue again in reference to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990834 and while I still cannot reproduce, I plan to change to the following (I won't ship the commented out lines of course): [Unit] Description=Uncomplicated firewall Documentation=man:ufw(8)

[Touch-packages] [Bug 1946804] Re: ufw breaks boot on network root filesystem

2021-10-13 Thread Jamie Strandboge
Ah, I hadn't checked that yet. Yes, please feel free to do the Impish SRU and the 0.36.1-2 that I just uploaded to Debian will float into 'J' after it opens. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1946804] Re: ufw breaks boot on network root filesystem

2021-10-13 Thread Jamie Strandboge
For Impish, lets update debian/master, then I'll upload there and sync to Ubuntu. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw breaks boot on network

[Touch-packages] [Bug 1946804] Re: ufw breaks boot on network root filesystem

2021-10-13 Thread Jamie Strandboge
I merged the changes into master. Thanks Mauricio! ** Changed in: ufw Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1946804 Title: ufw

[Touch-packages] [Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap

2021-10-07 Thread Jamie Strandboge
Olivier, yes, I shouldn't be assigned. Ian, you're right the profile is suboptimal (it's also old so likely needs updating). Do note that this is a separate named profile and evince (and if this is put in an abstraction, anything that uses the abstraction) only has the

[Touch-packages] [Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap

2021-10-07 Thread Jamie Strandboge
** Changed in: evince (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1794064 Title: Click

[Touch-packages] [Bug 1933117] Re: ufw delete can confuse protocol-specific rule with otherwise matching 'proto any' rule

2021-09-18 Thread Jamie Strandboge
** Also affects: ufw (Ubuntu) Importance: Undecided Status: New ** Changed in: ufw (Ubuntu) Status: New => In Progress ** Changed in: ufw (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a

[Touch-packages] [Bug 1726856] Re: ufw does not start automatically at boot

2021-09-18 Thread Jamie Strandboge
@cajicas215 - your comment is not helpful. If you look at the other comments in this bug, there has been nothing to fix in ufw. I suggest looking at the comments in this bug and seeing if any of the issues others have seen apply to you. If not, please report a new bug with steps to reproduce. --

[Touch-packages] [Bug 1726856] Re: ufw does not start automatically at boot

2021-09-18 Thread Jamie Strandboge
@Fabian - your change both makes the firewall start after networking, brings python into the boot process (which can slow down boot) and changes the intent of 'systemctl stop ufw' from unloading the firewall to disabling the firewall in the moment and forever in the future, which is inappropriate

[Touch-packages] [Bug 1934931] Re: (X)ubuntu 20.04: GUFW and MS-Teams slow down traffic intermittently

2021-09-18 Thread Jamie Strandboge
It is unclear from the description that this has anything to do with networking. Are there any firewall denials in the logs (eg, /var/log/ufw.log or /var/log/kern.log)? If you disable ufw (sudo ufw disable) does the problem go away? As an aside, IIRC, MS-Teams is not a lightweight application and

[Touch-packages] [Bug 1921350] Re: UFW hangs indefinitely on any action

2021-09-18 Thread Jamie Strandboge
There is another bug related to ansible in https://bugs.launchpad.net/ufw/+bug/1911637. I suggest following that one. Leaving this one as Expired. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1909373] Re: package ufw 0.36-0ubuntu0.18.04.1 failed to install/upgrade: installed ufw package post-installation script subprocess returned error exit status 10

2021-09-18 Thread Jamie Strandboge
There isn't anything in the logs the indicates that there what happened. Do you have any other information? ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in

[Touch-packages] [Bug 1898696] Re: add some deliminiter between ipv4 and ipv6 in ufw status

2021-09-18 Thread Jamie Strandboge
Thanks you for the report. It is difficult to convey ipv4 vs ipv6 vs both in list form and currently ufw lists any ipv6 rules with '(v6)' as part of the To and From (as seen in your paste). It isn't clear to me how adding an 'IPv6' break would improve this... I'm going to mark this as wishlist

[Touch-packages] [Bug 1911637] Re: Another app is currently holding the xtables lock

2021-09-18 Thread Jamie Strandboge
** Changed in: ufw Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1911637 Title: Another app is currently holding the xtables lock Status in

[Touch-packages] [Bug 1911637] Re: Another app is currently holding the xtables lock

2021-09-18 Thread Jamie Strandboge
Actually, in thinking about this, ufw could use 'iptables -w' under the hood. I recall having troubles with this approach when providing the fix for https://bugs.launchpad.net/ufw/+bug/1204579. I suggest following my advice in my last comment to avoid the issue while using 'iptables -w' is

[Touch-packages] [Bug 1911637] Re: Another app is currently holding the xtables lock

2021-09-18 Thread Jamie Strandboge
Thanks for the report. I read the ansible bug but this issue is actually coming from the underlying iptables tool. Something on the system is manipulating the firewall via iptables at the same time that the ufw command is being run. As described, this would happen with any firewall software. If

[Touch-packages] [Bug 1938005] Re: ufw ignores rules

2021-08-16 Thread Jamie Strandboge
Recall that ufw uses connection tracking so if you add a deny rule, you may need to expire the connection tracking. One way to do this is to run: `conntrack -D -d ` (see man conntrack for details). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1938005] Re: ufw ignores rules

2021-08-07 Thread Jamie Strandboge
/etc/default/ufw has: DEFAULT_OUTPUT_POLICY="ACCEPT" This means that all outgoing traffic is allowed. If you would like to change that, you can use: $ sudo ufw deny outgoing This will make it more difficult for you to manage the firewall since you'll have to add rules like: $ sudo ufw allow

[Touch-packages] [Bug 1938005] Re: ufw ignores rules

2021-08-06 Thread Jamie Strandboge
Thank you for the bug report. You mentioned that the problem happens after running `iptables -F`. This command removes all the rules from the firewall (see man iptables) so it would be expected that the firewall would not work correctly after running this. I'm going to mark this as Invalid, but

[Touch-packages] [Bug 1921350] Re: UFW hangs indefinitely on any action

2021-03-25 Thread Jamie Strandboge
Thanks you for reporting a bug. Are there other ufw commands running at the same time? Eg, what is the output of: $ ps auxww|grep ufw ** Changed in: ufw (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused

2021-03-01 Thread Jamie Strandboge
Thanks for the additional information! :) ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1914816 Title: ufw

[Touch-packages] [Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused

2021-03-01 Thread Jamie Strandboge
The check is not free, but it is an interesting idea to do this. I've created a wishlist bug for it: https://bugs.launchpad.net/ufw/+bug/1917325 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules

2021-02-13 Thread Jamie Strandboge
CzBiX, ufw does not yet manage the nat table (though there have been a couple of false starts). However, it does manage the FORWARD chain with 'ufw route' so it is possible for you to create a chain in the nat table in /etc/ufw/before.rules, and then use ufw route for other things. This is

[Touch-packages] [Bug 1914816] Re: ufw not logging if it decides to stop all traffic ? Confused

2021-02-13 Thread Jamie Strandboge
Hi. A few things: ufw is capable of logging (see 'man ufw' the part about 'ufw logging' as well as per rule logging with 'ufw ... log' or 'ufw ... log-all'. It is also capable of ipv6 (see /etc/default/ufw. Also, gufw is a different project than ufw, but it sounds like the issue you saw may be

[Touch-packages] [Bug 1897369] Re: apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)

2020-12-01 Thread Jamie Strandboge
Till, it allows quite a few things (from man capabilities): CAP_SYS_NICE * Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes; * set real-time scheduling policies for calling process, and set scheduling

[Touch-packages] [Bug 1904192] Re: ebtables can not rename just created chain

2020-11-18 Thread Jamie Strandboge
FYI, sponsored Alex's upload to hirsute-proposed where it is building. Did the same for groovy-proposed and it is sitting in unapproved waiting for the next steps of the SRU process. ** Changed in: iptables (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: iptables (Ubuntu)

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-04 Thread Jamie Strandboge
FYI, 1.8.5-3ubuntu3 was uploaded to hirsute-proposed yesterday. 1.8.5-3ubuntu2.20.10.1 is in the unapproved queue for groovy-proposed. Alex said he'd do the SRU paperwork. ** Changed in: iptables (Ubuntu Hirsute) Status: Triaged => Fix Committed -- You received this bug notification

[Touch-packages] [Bug 1899218] Re: Incorrect warning from apparmor_parser on force complained profiles

2020-10-12 Thread Jamie Strandboge
FYI, this is part of the groovy upload in unapproved. ** Changed in: apparmor (Ubuntu) Status: New => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1899046] Re: /usr/bin/aa-notify:ModuleNotFoundError:/usr/bin/aa-notify@39

2020-10-12 Thread Jamie Strandboge
This has been uploaded to groovy and is currently in unapproved. ** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Emilia Torino (emitorino) -- You received this bug notification because you are a member

[Touch-packages] [Bug 1726856] Re: ufw does not start automatically at boot

2020-10-05 Thread Jamie Strandboge
@Muhammad - can you run: $ sudo /usr/share/ufw/check-requirements and paste the results? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1726856 Title: ufw does not start

[Touch-packages] [Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)

2020-09-25 Thread Jamie Strandboge
** Changed in: iptables (Ubuntu) Status: New => Fix Committed ** Changed in: iptables (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in

[Touch-packages] [Bug 1887577] Re: DEP8: Invalid capability setuid

2020-09-23 Thread Jamie Strandboge
Removed the update_excuse and update_excuses tags based on Steve and Alex's comments. ** Tags removed: update-excuse update-excuses -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-23 Thread Jamie Strandboge
FYI, I removed the block-proposed tag since ubuntu6 fixes this bug. ** Tags removed: block-proposed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895967 Title:

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-22 Thread Jamie Strandboge
I uploaded 3.0.0~beta1-0ubuntu6 just now that should address this issue. Thanks Christian for your debugging! ** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

2020-09-22 Thread Jamie Strandboge
This was fixed in snapd in 2.44 via https://github.com/snapcore/snapd/pull/8467 ** Changed in: snapd (Ubuntu) Status: In Progress => Fix Released ** Changed in: snapd (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-22 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: Confirmed => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ap

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-22 Thread Jamie Strandboge
FYI, there was a components mismatch where apparmor-notify pulled python3-notify2 (and its Depends) into main. For now, I've demoted apparmor-notify to universe and adjusted the seed (in practical terms, the security team will fix bugs in apparmor-notify regardless of where it lives). We might

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-21 Thread Jamie Strandboge
Thanks! Uploaded: https://launchpad.net/ubuntu/+source/apparmor/3.0.0~beta1-0ubuntu5 ** Changed in: apparmor (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu)

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-18 Thread Jamie Strandboge
FYI, I accidentally violated the FFe process and uploaded (with a subsequent binary copy) to groovy-proposed. None of that migrated, so I deleted what was in groovy-proposed and am now attaching the debdiff, which has patches to pass proposed migration (we believe). Sorry for the snafu. ** Patch

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-18 Thread Jamie Strandboge
FYI, 3.0.0~beta1-0ubuntu3 should address the dbus autopkgtest issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-17 Thread Jamie Strandboge
FYI, the fix for the dbus issue is https://gitlab.com/apparmor/apparmor/-/merge_requests/625. We're preparing an ubuntu2 upload now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-16 Thread Jamie Strandboge
FYI, we're looking at the autopkgtest dbus issue now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release Status in apparmor

[Touch-packages] [Bug 1880841] Re: usr.sbin.nscd needs unix socket access to @userdb-*

2020-09-09 Thread Jamie Strandboge
This will be fixed in the next apparmor upload. ** Changed in: apparmor (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1880841

[Touch-packages] [Bug 1887577] Re: DEP8: Invalid capability setuid

2020-09-09 Thread Jamie Strandboge
This will be fixed in the next apparmor upload. ** Changed in: apparmor (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1887577

[Touch-packages] [Bug 1889699] Re: Brave is not included in the Ubuntu helpers

2020-09-09 Thread Jamie Strandboge
Thanks for the patch! I'll get this incorporated into the next apparmor upload. ** Changed in: apparmor (Ubuntu) Status: New => In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification becau

[Touch-packages] [Bug 1891338] Re: apparmor misconfigured for envice

2020-09-09 Thread Jamie Strandboge
You are right that there are two places this is defined: in /etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration and in /etc/apparmor.d/usr.bin.evince. I'll adjust apparmor to fix ubuntu-integration to use the exo-open abstraction. There is an evince task though because we don't

[Touch-packages] [Bug 1895060] [NEW] [FFe] apparmor 3 upstream release

2020-09-09 Thread Jamie Strandboge
Public bug reported: To be filled in ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060

[Touch-packages] [Bug 1385013] Re: proper fix for apparmor mediation of lower (encrypted) filesystem

2020-08-26 Thread Jamie Strandboge
I'm bumping the priority down to Undecided as its been almost 6 years-- it clearly isn't critical. :) ** Changed in: apparmor (Ubuntu) Assignee: NYEIN LIN THU (mgnyein) => (unassigned) ** Changed in: apparmor (Ubuntu) Importance: Critical => Undecided ** Changed in: ecryptfs-utils

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2020-08-17 Thread Jamie Strandboge
** Also affects: libseccomp (Ubuntu Groovy) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: New ** Also affects: libseccomp (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: libseccomp (Ubuntu Bionic) Importance: Undecided

[Touch-packages] [Bug 1580463] Re: Snap blocks access to system input methods (ibus, fcitx, ...)

2020-08-04 Thread Jamie Strandboge
I agree that a new bug should be filed. When doing so, please attach any relevant policy violations from journalctl to the bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ibus in Ubuntu.

[Touch-packages] [Bug 1751677] Re: apparmor fails to start

2020-07-11 Thread Jamie Strandboge
** Project changed: apparmor => apparmor (Ubuntu) ** Changed in: apparmor (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1751677

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-07 Thread Jamie Strandboge
This seems related: * https://bugzilla.redhat.com/show_bug.cgi?id=1653068 * https://github.com/systemd/systemd/pull/11157 I can't say why the libseccomp update would change anything, though the redhat bug shows an AVC denial, so I wonder if you see anything related to systemd-resolved with

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-07 Thread Jamie Strandboge
Note that 2.4.1-0ubuntu0.18.04.2 was previously in bionic and had been since May of 2019 (2.3.1-2.1ubuntu4 is what bionic was released with, but later updated to 2.4.1-0ubuntu0.18.04.2). 2.4.1-0ubuntu0.18.04.2 can be found here:

[Touch-packages] [Bug 1413410] Re: Unable to match embedded NULLs in unix bind rule for abstract sockets

2020-06-23 Thread Jamie Strandboge
We released UC16/xenial with a new enough apparmor (which was also backported to trusty) so we can mark the snapd task as Invalid, which I did just now. ** Changed in: snappy Status: Incomplete => Invalid ** Changed in: snappy Assignee: Jamie Strandboge (jdstrand) => (unas

[Touch-packages] [Bug 1872106] Re: isc-dhcp-server crashing constantly [Ubuntu 20.04]

2020-06-15 Thread Jamie Strandboge
@mm - that probably isn't the issue, but you can adjust /etc/apparmor.d/local/usr.sbin.dhcpd to have: @{PROC}/sys/net/ipv4/ip_local_port_range r, and then do: sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.dhcpd # yes, without local/ -- You received this bug notification because you are a

[Touch-packages] [Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong

2020-06-15 Thread Jamie Strandboge
Marking as Invalid since the default firewall policy is working as intended. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong

2020-06-15 Thread Jamie Strandboge
Thank you for filing a bug. The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in

[Touch-packages] [Bug 1882314] Re: Firewall rule in before6.rules for dhcp6 is wrong

2020-06-15 Thread Jamie Strandboge
Marking as Invalid since the default firewall policy is working as intended. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu.

[Touch-packages] [Bug 1882314] Re: Firewall rule in before6.rules for dhcp6 is wrong

2020-06-15 Thread Jamie Strandboge
Thank you for filing a bug. The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-10 Thread Jamie Strandboge
Sorry, I reran bionic and *focal* autopkgtests and there are now no regressions. Running eoan again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1876055 Title: SRU:

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-10 Thread Jamie Strandboge
FYI, I reran the bionic and eoan autopkgtests and there are now no regressions. ** Tags removed: verification-needed-bionic verification-needed-eoan verification-needed-focal verification-needed-xenial ** Tags added: verification-done-bionic verification-done-eoan verification-done-focal

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
FYI, I reran the bionic and eoan autopkgtests and there are now no regressions. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title: libseccomp 2.4.3 (and

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
Sorry, I reran bionic and *focal* autopkgtests and there are now no regressions. Running eoan again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title:

[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-10 Thread Jamie Strandboge
There isn't a snapd task (snap-seccomp is compiled against libseccomp but it can't influence this behavior), so unassigning Ian and marking that task as Invalid. ** Changed in: snapd Status: Triaged => Invalid ** Changed in: snapd Assignee: Ian Johnson (anonymouse67) => (unassigned)

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-10 Thread Jamie Strandboge
FYI, I reran the xenial autopkgtests and they now pass. ** Tags removed: verification-done-focal ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu.

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-10 Thread Jamie Strandboge
FYI, I reran the xenial autopkgtests and there are now no regressions. ** Tags removed: verification-done-bionic verification-done-eoan verification-done-focal verification-done-xenial ** Tags added: verification-needed-bionic verification-needed-eoan verification-needed-focal

  1   2   3   4   5   6   7   8   9   10   >