To make this generic so that it will work on older and newer hosts we
should probably change the peer expression to
signal (receive) peer={runc,unconfined},
or possibly, define an @{runc} variable in the preamble and use that.
This really only is advantageous, in that it shows semantic intent,
I will note that current snap behavior is by design. Not saying that
they couldn't make this easier but the snap side is functioning the way
it was desiged.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
unfortunately Joplin is only shipped as an appimage for Linux. Which
means we can not ship a profile for it by default that will allow it to
use capabilities within the unprivileged user namespace that the
electron embedded browser is attempting to use.
This means that the user is required to
the kernel team is already rolling kernels with the fix for 2061851 but
it is also building in https://launchpad.net/~apparmor-
dev/+archive/ubuntu/apparmor-devel ppa
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor
This is likely a dup of
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2061851
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2061869
Title:
Snaps unable to
More applications will be getting confinement, on an individual level I
don't think it will be everything from debs. In this case its because it
uses unprivileged user namespaces. Which is now being restricted and
treated as a semi-privileged because it gives access to several
privileged kernel
There are vague plans, yes. The time line of it has not been scoped, but
it would be something akin to what happens on macos when you try to run
a downloaded application for the first time and you have to go into
their security config to allow it.
The application will still be "confined" but it
The fix has been merged upstream in
https://gitlab.com/apparmor/apparmor/-/merge_requests/1209
it will be in the next release.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
-
@arraybolt3 is correct. Both unshare and bwrap will not get a unconfined
profile, as that allows for an arbitrary by-pass of the restriction.
There is a potential solution in the works that will allow for bwrap and
unshare to function as long as the child task does not require
permissions but at
@arraybolt3: Answer to your question. bwrap requires capabilities within
the user namespace. unshare is a little more forgiving in that what it
requires depends on the options passed but most of the options also
require capabilities within the user namespace.
The potential solution I mention is
It is in the SRU queue and the current ETA is April 15 to land in the
proposed pocket (archive proposed not security proposed ppa), there is a
caveat that the recent xz backdoor has caused some "fun" on the archive
side and could potentially cause some delays.
--
You received this bug
Fixed by MR https://gitlab.com/apparmor/apparmor/-/merge_requests/1196
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2060100
Title:
denials from sshd in noble
Status
Public bug reported:
2024-03-27T00:10:28.929314-04:00 image-ubuntu64 kernel: audit: type=1400
audit(1711512628.920:155): apparmor="DENIED" operation="bind"
class="net" profile="/usr/sbin/sshd" pid=1290 comm="sshd" family="unix"
sock_type="stream" protocol=0 requested_mask="bind"
We have an update of the firefox profile coming that supports the
/opt/firefox/firefox location used as the default install for the
firefox downloaded directly from mozilla.org
If you are running firefox out of your home directory, that will not be
directly supported and you will need to chose to
@coeur-noir:
Are you installing firefox to /opt/ as recommended or using it local in
your user account?
as for bwarp, maybe it is known to be problematic. It is allowed to run and to
create a user namespace but it is denied all capabilities within the namespace.
Can you run
sudo dmesg |
So what I think is going on from a first pass look at this is that
We are seeing a change in kernel behavior around exec. The 6.8 has a
known change here, that doesn't normally trigger because unconfined is
delegating access into the profile. However in the lxd case, unconfined
can is not
Do we know if there is a difference in the kernel between the runs?
The 2.0.0.0~0ubuntu3 autopackage run log I was pointed at was on a
Linux 5.4.0-170-generic #188-Ubuntu
Do we know what kernel that 2.0.0-0ubuntu7 is failing on? There was a
change to when security checks were made in on the
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
propo
@ajg-charlbury: no apparmor beta3 has not landed in proposed yet, we are
working on the upload now. firefox separately have added a bug fix that
will detect when the user namespace/capabilities are denied and fallback
without crashing but it disables the full sandbox.
the apparmor-beta3 fix
@ajg-charlbury: yes, firefox we are well aware of the problem, the
firefox profile has been tweaked for beta3 (landing this week) so that
it should work with the new deb.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
@arraybolt3: qutebrowser should be fixed in beta3
** Changed in: qutebrowser (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: qmapshack (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: notepadqq (Ubuntu)
Assignee: (unas
@kc2bez: qmapshack should be fixed in beta3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
@kc2bez: I have been able to verify that privacybrowser is not working.
However it is not due to the apparmor user namespace restrictions.
I get the following segfault out of dmesg
[ 1591.466016] privacybrowser[7743]: segfault at 8 ip 70bb4dd11ccc sp
7ffd5c6587e0 error 4 in
@kc2bez: pageedit should be fixed in beta3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
@kc2bez: notepadqq should be fixed in beta3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
@kc2bez:
there are no updated deb packages in the ppa for kiwix.
the kiwix appimage worked for me.
kiwix flatpak worked for me.
I am not sure what you were seeing. But I we are going to need more
information.
** Changed in: kiwix (Ubuntu)
Status: Confirmed => Incomplete
--
You
hi @vvaleryan-24,
I have been able to replicate the crash you are seeing but it is not do
to the user namespace restriction. The restrictions logging does not
happen, and I can put it in an unconfined profile and it still doesn't
help. From dmesg I find the following segfault
[79854.520976]
this will be fixed in Beta
** Changed in: kchmviewer (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: rssguard (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: supercollider (Ubuntu)
Assignee: (unassigned) => John
sorry this won't be fixed in Beta3 that note was for goldendict
** Changed in: gnome-packagekit (Ubuntu)
Assignee: John Johansen (jjohansen) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to appar
Will be fixed in Beta3
** Changed in: goldendict-webengine (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/b
we will be fixed in Beta3
** Changed in: gnome-packagekit (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/b
I have tested gnome-packagekit and it never trigger unprivileged user
namespace mediation. Can you please provide more information on how you
triggered it.
** Changed in: gnome-packagekit (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a
** Changed in: loupe (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: geary (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
** Changed in: firefox (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug
supercollider will work on current noble. Since it is using QTWebEngine
it has a graceful fallback when capabilities within the user namespace
are denied.
supercollider will have a profile and be fixed in Beta3, so it doesn't
even have to do the fallback.
--
You received this bug notification
I have tried freecad and unprivileged user namespace restrictions are
not the problem. freecad snap works, freecad ppa does not have a noble
build yet but the mantic build can be made to work.
freecad daily appimage: works
freecad appimage: stable fails with mesa or qt errors depending on
@sudipmuk loupe should be fixed in Beta3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
@eeickmeyer geary should be fixed in Beta3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation restrictions cause many
@guyster, @eldmannen+launchpad, @valeryan-24
Firefox dailies now have a work around, by detecting and disabling the
user namespace. The proper fix that should allow firefox to still use
the user namespace for its sandbox will land in Beta3, landing early
next week.
--
You received this bug
@pitti: yes this intended. At this stage we are essentially enumerating
the known users of unprivileged user namespaces. We can ship the profile
for you or you are welcome to ship it.
In the future this is going to gradually tighten, some of the
"unconfined" profiles will be developed into real
It solves several problems, but not all.
With regard to unprivileged user namespace mediation it should fix
- mscode
- nautilis
- devhelp
- element-desktop
- piphany
- evolution
- keybase
- opam
the element-desktop is still known to have some issues, which are on the snapd
side. It
@valeryan-24 ModuleNotFoundError: No module named 'imp'" says that your
Gpodder issue is not related to this bug. You are missing a dependency
the 'imp' module. If Gpodder is packaged it will need to add that as
part of its install dependencies.
--
You received this bug notification because you
the plasmashell profile is necessary for it to work under unprivileged
user namespace restrictions.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056696
Title:
All
** Changed in: steam (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation
the rejects here are all from the snap.element-desktop.element-desktop
profile. We will need to dig into that profiles permissions. If its
getting all the right paths correct then I suspect the peer_label match
might be the issue.
--
You received this bug notification because you are a member of
If you are admin of your system, you can manually replace snap profiles.
But there are some caveats in that snapd doesn't really want this. It
manages its profiles, dynamically regenerates and replaces them etc.
You are correct that the tooling doesn't work here. It expects the
abstractions to be
Yes, will do I added both reference you provided to the upstream merge
commit and all fixes/closes references will be going into the changelog.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
@gvarouchas, you need to be more specific. There are a couple interrelated
issues in this bug. What is the exact Denial message you are getting. The will
look something like the denial messages in comment 5. You can find them using
sudo dmesg | grep DENIED
or
journalctl -g apparmor
--
You
This is now moving forward and should show up in proposed soon.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056517
Title:
VS Code profile still broken.
Status in
I won't promise we will get to fixing PHPStorm or Jetbrains before
release, but without a bug they certainly won't get fixed, so yes it is
worth filing a bug for them.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor
The fix for vscode is currently in apparmor 4.0.0-beta2-0ubuntu3 pending
a Feature Freeze exception. If the feature freeze exception is not
granted then the fix will be moved to a bug patch on the current
apparmor 4.0.0-alpha4
Atm the fix is available via ppa https://launchpad.net/~apparmor-
** Description changed:
AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from
landing pre feature freeze.
Landing AppArmor 4.0-beta's will enable us to more easily track upstream
bug fixes, and is needed to support network rules in prompting. The
addition of the
** Description changed:
AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from
landing pre feature freeze.
Landing AppArmor 4.0-beta's will enable us to more easily track upstream
bug fixes, and is needed to support network rules in prompting. The
addition of the
Public bug reported:
AppArmor 4.0-beta2 contains fixes that prevented AppArmor 4.0-beta1 from
landing pre feature freeze.
Landing AppArmor 4.0-beta's will enable us to more easily track upstream
bug fixes, and is needed to support network rules in prompting. The
addition of the prompting patch
Captured output of QRT test run on updated noble using Linux
6.8.0-11-generic #11-Ubuntu kernel and 4.0.0~beta2-0ubuntu3
** Attachment added: "Captured output of QRT test run"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056496/+attachment/5753923/+files/qrt.output
--
You
@scarlet I think it is fair to mark these as Fixed released as they are
part of apparmor-alpha4 that is in noble.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
This is part of the apparmor alpha4 release in noble
** Changed in: plasma-desktop (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
This is part of the alpha4 release in noble
** Changed in: kdeplasma-addons (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Changed apparmor task to invalid as lightdm is broken with apparmor
disabled (apparmor=0). We can change status if apparmor is a problem
after the current lightdm issue is fixed.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because
** Changed in: steam (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
AppArmor user namespace creation
So appimages are interesting. They don't all need a profile. I have run
several that are not using user namespaces, or only need to be able to
create the user namespace and don't need capabilities so the default
unpriviled_userns profile works for them.
It is applications that need privileges
Erich,
yes the archive version is based on the ppa, with a couple small fixes
in the packaging. The ppa is going to get updated based the new archive
version + a few more patches.
Do you have some higher priority electron apps that you can point us at.
We will look into the Visual Studo and
responding to @intrigeri (sorry this got lost some how).
tldr: yes we are basically on the same page.
AppArmor does not fit into the 1400 range formats, every one of our
messages have some custom fields. Some of them could be
reformated/reworked to share more, but we would still need custom
One more addition, the current state of how unconfined deals with
unprivileged user namespaces is a temporary limitation. The afore
mentioned improvement will allow for more customization at the policy
level. The current fixed behavior will be the default.
--
You received this bug notification
So the answer is it depends on how they are using unprivileged user
namespaces and how they react to them being denied, not every
application needs to patched separately.
Generally speaking gnome has been better tested than KDE had because
gnome being the Ubuntu default saw a lot more opt in
Public bug reported:
Currently the prompting interface does not allow userspace to specify
the execmode to use, even if there is no matching exec rule in policy
(case caused by prompt flag).
Nor does it allow specifying the target profile (needed for certain exec
modes).
It also does not allow
Public bug reported:
When a prompt rule that specifies an exec transition. The transition is
not handled correctly in several cases. Resulting in denials even if the
prompt is allowed.
When prompting is triggered by the prompt flag, the behavior depends if
an exec rule is matched (behavior
Note: snap now vendors apparmor so reinstalling/removing the system
apparmor package with not affect snapd's use of apparmor.
You can temporarily (for the boot) disable apparmor in the grub command
line by adding apparmor=0 to the kernel parameters.
>From the logs the following adjustments need
We have found that allowing the user namespace creation, and then
denying capabilities is in general handled much better by KDE. The the
case of the plasmashell and the browswer widget denying the creation of
the user namespace would cause a crash with a SIGTRAP backtrace, where
allowing the
A slightly revised version of this kernel should be showing up in the
Ubuntu unstable kernel builds this week.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2051454
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
The surfshark profile has been uploaded to the
https://launchpad.net/~apparmor-dev/+archive/ubuntu/unprivileged-userns
ppa for testing
--
You received this bug notification because you are a member of
the adjusted steam profile has been uploaded to
https://launchpad.net/~apparmor-dev/+archive/ubuntu/unprivileged-userns
ppa for testing
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Sorry for the delay on this, we had some bugs to chase down. The
following PPA has an update to how user namespace mediation is being
handled. For the unconfined case there are two options
1. If the unprivileged_userns profile does not exist, unprivileged user
namespace creation is denied as
We will get this updated with requested information soon. We are
currently working on a revision that provides more flexibility and will
support some cases that break today.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
The following profile worked for me, if it works for you I will get it
uploaded asap. You can just drop it in a file and do
sudo apparmor_parser -r /path/to/your/file
to test it.
# This profile allows everything and only exists to give the
# application a name instead of having the label
kdeplasma should be a fairly easy fix without prompting. I'll work on a
profile for it and its add-ons
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046844
Title:
There is another improvement coming before prompt that may (it will
depend on the sandbox) also take care of many of the browser sandbox
issues, as well as a few other uses of unprivileged user namespaces. On
user namespace creation we will be able to transition the profile to a
new profile with a
Agreed we can't ask for a user to create a profile for every
application, apparmor profiles can be shared, and having a generic
profile that can be opted into makes sense. We are working towards it,
this is just the first iteration. One of the things we are working on is
abstracting what the
RE: security.apparmor attribute attachment not working
Sorry for the current version of apparmor in Ubuntu requires a path
attachment as well, you need to change the profile to (caveat untested
so I may have made another mistake too)
profile falkon /** xattrs=(security.apparmor=falkon)
Unfortunately it has to be a privileged operation, otherwise any
application could set the attribute and then have access to user
namespaces. The problem with unprivileged user namespaces is that it
makes privileged interfaces available to the user in ways that they
weren't designed for, leading
It does work for AppImages, but it is weird in that they don't have an
install location, so that has to be adjusted for where they are placed
on the system, or we have to set a security xattr on the executable at
the time it is chmoded to +x
Admittedly orcaslicer doesn't use unprivileged user
Yes it is known that Electron based apps are broken by this, it is
unfortunate but there is no getting around it if we are going to tighten
security around unprivileged user namespaces.
As for apps that we don't specifically support (Electron or otherwise),
we are still adding profiles for as
Hey Aaron, yes there are many packages that now require an apparmor
profile. There is a shortcut, in between profile that can be used atm so
that a full profile doesn't need to be developed to get applications
that require unprivileged user namespaces working. I will get a patch
together to add
Also for others that might find this bug, there is documentation around
userns mediation in the apparmor wiki
https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
@1fallen did you can you update this bug with the exact profile you used
so we can add it to the set of profiles that is being installed by
default.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Can you include the output of
sudo dmesg | grep DENIED
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624
Title:
apparmor breaks surfshark vpn
Status in apparmor
Ideally yes. It will become
profile runc /usr/sbin/runc flags=(default_allow) { }
Ubuntu will have to distro patch for awhile.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
I have added docker to this report, and we will need to report this to
upstream docker, it likely for the time look at distro patching docker.
Locally you should be able to add the rule you need and use
apparmor_parser -r to replace the profile until the bug is fixed. To
allow all signals you can
the docker-default profile is shipped with/part of docker. It is generated and
loaded by docker, you can see the docker apparmor code here
https://github.com/moby/moby/tree/master/profiles/apparmor
and the docker-default profile in particular is in
Closing this FFe, it needs to wait on the next LXD releases in a few
weeks and it is already too late to land this in Mantic.
If it is to land it will have to be done via an SRU after the LXD
releases, and verification that all is good with LXD.
Marking as invalid and unsubscribing the release
Fix for the ptrace issue
** Patch added:
"0001-UBUNTU-SAUCE-no-up-apparmor-disable-1ea37b26d720-UBU.patch"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2038567/+attachment/5707461/+files/0001-UBUNTU-SAUCE-no-up-apparmor-disable-1ea37b26d720-UBU.patch
--
You received this bug
Thanks John,
it has been confirmed that
1ea37b26d720 UBUNTU: SAUCE: apparmor4.0.0 [73/76]: userns - allow
restricting unprivileged change_profile
is causing the issue. It has a sysctl to disable its behavior, but the sysctl
can't be defaulted to off in the kernel. So to disable the sysctl,
To test if 1ea37b26d720 UBUNTU: SAUCE: apparmor4.0.0 [73/76]: userns -
allow restricting unprivileged change_profile is the cause of the ptrace
denials. You can disable it using
sudo bash -c "echo 0 >
/proc/sys/kernel/apparmor_restrict_unprivileged_unconfined"
--
You received this bug
Oct 05 21:25:27 novel-ram kernel: audit: type=1400
audit(1696541127.240:6185): apparmor="DENIED" operation="ptrace"
class="ptrace" profile="lxd-current-iguana_"
pid=12702 comm="systemctl" requested_mask="read" denied_mask="read"
peer="lxd-current-iguana_//"
indicates 1ea37b26d720 UBUNTU: SAUCE:
apparmor side there are 2 immediate suspects.
1. kernel
0191e8433f76 UBUNTU: SAUCE: apparmor4.0.0: apparmor: Fix regression in mount
mediation
2. userspace mount work to fix the mount CVE
https://bugs.launchpad.net/apparmor/+bug/1597017
The static analysis has been tracked in jira and some google sheets. I
will copy the information below. Let me better break down where static
analysis is sufficient and insufficient.
The limitations of the static analysis
The code search for clone and unshare should show up all direct uses of
As discussed in today's Product meeting, re-opening as we are going to
push ahead with this change for mantic.
** Changed in: apparmor (Ubuntu)
Status: Won't Fix => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
The kernel patches are in the mantic/master-next branch. The
availability depends on when the kernel team are ready to release the
next kernel, which we expect will happen next week (Sep 18-22).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
This should be fixed by upstream commit
ec6851ae0ab4 apparmor: fix: kzalloc perms tables for shared dfas
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2024599
Title:
This is released in upstream. The question becomes when do we switch to
released for Ubuntu. When it is in the vendored version in snap, current
ubuntu release, or are we going to open tasks and SRU to older releases.
--
You received this bug notification because you are a member of Ubuntu
Touch
** Changed in: apparmor
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2016908
Title:
udev fails to make prctl() syscall with
1 - 100 of 414 matches
Mail list logo
