[Touch-packages] [Bug 1899334] Re: firejail AppArmor profile not compatible with AA 3.0
** Changed in: apparmor (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1899334 Title: firejail AppArmor profile not compatible with AA 3.0 Status in apparmor package in Ubuntu: Fix Released Status in firejail package in Ubuntu: Fix Released Bug description: firejail installation logs: > Found reference to variable run, but is never declared On system startup or "systemctl restart apparmor", this leads to a service fail: > root@sys:~# systemctl restart apparmor > Job for apparmor.service failed because the control process exited with error code. > See "systemctl status apparmor.service" and "journalctl -xe" for details. It helps to add "include " to /etc/apparmor.d/firejail- default Description: Ubuntu Groovy Gorilla (development branch) Release: 20.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1899334/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1899334] Re: firejail AppArmor profile not compatible with AA 3.0
** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1899334 Title: firejail AppArmor profile not compatible with AA 3.0 Status in apparmor package in Ubuntu: New Status in firejail package in Ubuntu: New Bug description: firejail installation logs: > Found reference to variable run, but is never declared On system startup or "systemctl restart apparmor", this leads to a service fail: > root@sys:~# systemctl restart apparmor > Job for apparmor.service failed because the control process exited with error code. > See "systemctl status apparmor.service" and "journalctl -xe" for details. It helps to add "include " to /etc/apparmor.d/firejail- default Description: Ubuntu Groovy Gorilla (development branch) Release: 20.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1899334/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832333] Re: There is no firejail-default profile in Ubuntu
The AppArmor local override file is generated since 0.9.58.2-1. ** Changed in: firejail (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1832333 Title: There is no firejail-default profile in Ubuntu Status in AppArmor: New Status in apparmor package in Ubuntu: New Status in firejail package in Ubuntu: Fix Released Bug description: Firejail requires the firejail-default apparmor profile in /etc/apparmor.d to work together with apparmor but that doesn't exist in Ubuntu 19.04. After I had added firejail-default to /etc/apparmor.d and firejail-local to /etc/apparmor.d/local everything was OK. Could this be default in Ubuntu? To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1832333/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1784023] Re: Update profiles for usrmerge
Fixed in 2.0+git20181009-2.
** Changed in: surf (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1784023
Title:
Update profiles for usrmerge
Status in apparmor package in Ubuntu:
Fix Released
Status in apparmor-profiles-extra package in Ubuntu:
New
Status in dhcpcanon package in Ubuntu:
New
Status in ejabberd package in Ubuntu:
New
Status in firefox package in Ubuntu:
In Progress
Status in fwknop package in Ubuntu:
New
Status in i2p package in Ubuntu:
New
Status in isc-dhcp package in Ubuntu:
Fix Released
Status in kopanocore package in Ubuntu:
New
Status in libvirt package in Ubuntu:
Fix Released
Status in lightdm package in Ubuntu:
Fix Released
Status in lightdm-remote-session-freerdp2 package in Ubuntu:
Fix Released
Status in lightdm-remote-session-x2go package in Ubuntu:
Fix Released
Status in man-db package in Ubuntu:
Fix Released
Status in strongswan package in Ubuntu:
Fix Released
Status in surf package in Ubuntu:
Fix Released
Status in telepathy-mission-control-5 package in Ubuntu:
Fix Released
Status in strongswan package in Debian:
Fix Released
Bug description:
this is about / and /usr merge.
/bin & /sbin merge is out of scope. Anything that was in /sbin/ will
remain in /{,usr/}sbin/.
= src:apparmor =
usr.bin.chromium-browser appears to be out of date w.r.t. apparmor-profiles
upstream git tree
/usr/share/apparmor/extra-profiles/usr.sbin.useradd needs update
upstream https://gitlab.com/apparmor/apparmor/merge_requests/152/diffs
= other packages =
Slightly more complete list: https://paste.ubuntu.com/p/4zDJ8mTc5Z/
$ sudo grep '[[:space:]]/bin' -r .
./usr.bin.man: /bin/bzip2 rmCx -> _filter,
./usr.bin.man: /bin/gzip rmCx -> _filter,
./usr.bin.man: /bin/bzip2 rm,
./usr.bin.man: /bin/gzip rm,
./usr.sbin.libvirtd: /bin/* PUx,
./abstractions/lightdm: /bin/ rmix,
./abstractions/lightdm: /bin/fusermount Px,
./abstractions/lightdm: /bin/** rmix,
./abstractions/libvirt-qemu: /bin/uname rmix,
./abstractions/libvirt-qemu: /bin/grep rmix,
./usr.bin.chromium-browser: /bin/ps Uxr,
./usr.bin.chromium-browser:/bin/dash ixr,
./usr.bin.chromium-browser:/bin/grep ixr,
./usr.bin.chromium-browser:/bin/readlink ixr,
./usr.bin.chromium-browser:/bin/sed ixr,
./usr.bin.chromium-browser:/bin/which ixr,
./usr.bin.chromium-browser:/bin/mkdir ixr,
./usr.bin.chromium-browser:/bin/mv ixr,
./usr.bin.chromium-browser:/bin/touch ixr,
./usr.bin.chromium-browser:/bin/dash ixr,
./usr.bin.firefox: /bin/which ixr,
./usr.bin.firefox: /bin/ps Uxr,
./usr.bin.firefox: /bin/uname Uxr,
./usr.bin.firefox:/bin/dash ixr,
./sbin.dhclient: /bin/bash mr,
$ sudo grep '[[:space:]]/sbin' -r .
./usr.lib.telepathy:deny /sbin/ldconfig x,
./usr.sbin.libvirtd: /sbin/* PUx,
./abstractions/lightdm: /sbin/ r,
./abstractions/lightdm: /sbin/** rmixk,
./usr.bin.firefox: /sbin/killall5 ixr,
./sbin.dhclient: /sbin/dhclient mr,
./sbin.dhclient: # daemon to run arbitrary code via /sbin/dhclient-script,
it would need to be
./sbin.dhclient: /sbin/dhclient-script Uxr,
$ sudo grep '[[:space:]]/lib' -r .
./snap.core.4917.usr.lib.snapd.snap-confine:/lib/udev/snappy-app-dev ixr,
# drop
./usr.lib.snapd.snap-confine.real:/lib/udev/snappy-app-dev ixr, # drop
./abstractions/lightdm: /lib/ r,
./abstractions/lightdm: /lib/** rmixk,
./abstractions/lightdm: /lib32/ r,
./abstractions/lightdm: /lib32/** rmixk,
./abstractions/lightdm: /lib64/ r,
./abstractions/lightdm: /lib64/** rmixk,
./usr.bin.chromium-browser:/lib/libgcc_s.so* mr,
./usr.bin.chromium-browser:/lib/@{multiarch}/libgcc_s.so* mr,
./usr.bin.chromium-browser:/lib{,32,64}/libm-*.so* mr,
./usr.bin.chromium-browser:/lib/@{multiarch}/libm-*.so* mr,
./usr.bin.chromium-browser:/lib{,32,64}/libpthread-*.so* mr,
./usr.bin.chromium-browser:/lib/@{multiarch}/libpthread-*.so* mr,
./usr.bin.chromium-browser:/lib{,32,64}/libc-*.so* mr,
./usr.bin.chromium-browser:/lib/@{multiarch}/libc-*.so* mr,
./usr.bin.chromium-browser:/lib{,32,64}/libld-*.so* mr,
./usr.bin.chromium-browser:/lib/@{multiarch}/libld-*.so* mr,
./usr.bin.chromium-browser:/lib{,32,64}/ld-*.so* mr,
./usr.bin.chromium-browser:/lib/@{multiarch}/ld-*.so* mr,
./usr.bin.chromium-browser:/lib/tls/*/{cmov,nosegneg}/libm-*.so* mr,
./usr.bin.chromium-browser:/lib/tls/*/{cmov,nosegneg}/libpthread-*.so* mr,
./usr.bin.chromium-browser:/lib/tls/*/{cmov,nosegneg}/libc-*.so* mr,
above list might be incomplete
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784023/+subscriptions
--
Mailing list:
[Touch-packages] [Bug 369630] Re: awesome depends on libxcb-keysyms0, but xcb-util now has libxcb-keysyms1
** Changed in: awesome (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xcb-util in Ubuntu. https://bugs.launchpad.net/bugs/369630 Title: awesome depends on libxcb-keysyms0, but xcb-util now has libxcb- keysyms1 Status in awesome package in Ubuntu: Fix Released Status in xcb-util package in Ubuntu: Invalid Bug description: Binary package hint: awesome awesome 3.2.1-1 (synced from sid) depends on libxcb-keysyms0 (and build-depends on libxcb-keysyms0-dev), but the xcb-util synced from sid, 0.3.4-1, has bumped the keysyms version and replaced libxcb- keysyms0 with libxcb-keysyms1. This prevents awesome from building. I don't know if there are any ABI differences between libxcb-keysyms0 and libxcb-keysyms1 that need to be accounted for before bumping the awesome depends to libxcb-keysyms1. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/awesome/+bug/369630/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
