[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
Hello Yancy, or anyone else affected, Accepted quassel into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/quassel/1:0.14.0-1ubuntu0.22.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: quassel (Ubuntu Jammy) Status: Confirmed => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Fix Committed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages P
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
This bug was fixed in the package quassel - 1:0.14.0-1ubuntu1 --- quassel (1:0.14.0-1ubuntu1) kinetic; urgency=medium * d/usr.bin.quasselcore: - Update apparmor profile to allow running in lxd (LP: #1814302) -- Dave Jones Sun, 12 Jun 2022 20:52:19 +0100 ** Changed in: quassel (Ubuntu Kinetic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
I've proposed the change to Debian: https://salsa.debian.org/sdeziel- guest/quassel/-/merge_requests/1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Confirmed Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Confirmed Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
I've sponsored/uploaded both the Jammy and Kinetic debdiffs. Kinetic is accepted, jammy-proposed has to go through SRU. Removing Sponsors as there is nothing more to sponsor here. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Confirmed Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Confirmed Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
** Patch added: "1-1814301-jammy.debdiff" https://bugs.launchpad.net/ubuntu/jammy/+source/quassel/+bug/1814302/+attachment/5597063/+files/1-1814301-jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Confirmed Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Confirmed Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
** Patch added: "1-1814301-kinetic.debdiff" https://bugs.launchpad.net/ubuntu/jammy/+source/quassel/+bug/1814302/+attachment/5596890/+files/1-1814301-kinetic.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Confirmed Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Confirmed Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
Looks like this is back in jammy (and beyond); the sync from Debian dropped the patch to d/usr.bin.quasselcore for lxd. ** Also affects: apparmor (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: quassel (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu Kinetic) Importance: Undecided Status: Invalid ** Also affects: quassel (Ubuntu Kinetic) Importance: Medium Assignee: Dan Streetman (ddstreet) Status: Fix Released ** Changed in: apparmor (Ubuntu Jammy) Status: New => Invalid ** Changed in: quassel (Ubuntu Kinetic) Status: Fix Released => Confirmed ** Changed in: quassel (Ubuntu Kinetic) Assignee: Dan Streetman (ddstreet) => Dave Jones (waveform) ** Changed in: quassel (Ubuntu Jammy) Status: New => Confirmed ** Changed in: quassel (Ubuntu Jammy) Assignee: (unassigned) => Dave Jones (waveform) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Confirmed Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Status in apparmor source package in Jammy: Invalid Status in quassel source package in Jammy: Confirmed Status in apparmor source package in Kinetic: Invalid Status in quassel source package in Kinetic: Confirmed Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
This bug was fixed in the package quassel - 1:0.12.4-3ubuntu1.18.04.2 --- quassel (1:0.12.4-3ubuntu1.18.04.2) bionic; urgency=medium * d/usr.bin.quasselcore: - Update apparmor profile to allow running in lxd (LP: #1814302) -- Dan Streetman Sun, 28 Jun 2020 11:01:19 -0400 ** Changed in: quassel (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Released Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
This bug was fixed in the package quassel - 1:0.13.1-3ubuntu2.1 --- quassel (1:0.13.1-3ubuntu2.1) focal; urgency=medium * d/usr.bin.quasselcore: - Update apparmor profile to allow running in lxd (LP: #1814302) -- Dan Streetman Sun, 28 Jun 2020 11:01:19 -0400 ** Changed in: quassel (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Committed Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Released Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
bionic: ubuntu@lp1814302-b:~$ systemd-detect-virt lxc ubuntu@lp1814302-b:~$ dpkg -l|grep quassel ii quassel-core 1:0.12.4-3ubuntu1.18.04.1 amd64 distributed IRC client - core component ubuntu@lp1814302-b:~$ /usr/bin/quasselcore Segmentation fault ubuntu@lp1814302-b:~$ systemctl status quasselcore.service ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Wed 2020-07-08 17:27:46 UTC; 1min 53s ago Docs: man:quasselcore(1) Process: 2381 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 2381 (code=killed, signal=SEGV) Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Service hold-off time over, scheduling restart. Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 6. Jul 08 17:27:46 lp1814302-b systemd[1]: Stopped distributed IRC client using a central core component. Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Start request repeated too quickly. Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Failed with result 'signal'. Jul 08 17:27:46 lp1814302-b systemd[1]: Failed to start distributed IRC client using a central core component. ubuntu@lp1814302-b:~$ systemd-detect-virt lxc ubuntu@lp1814302-b:~$ dpkg -l|grep quassel ii quassel-core 1:0.12.4-3ubuntu1.18.04.2 amd64 distributed IRC client - core component ubuntu@lp1814302-b:~$ /usr/bin/quasselcore Unable to create Quassel config directory: /home/ubuntu/.config/quassel-irc.org ...etc... ubuntu@lp1814302-b:~$ systemctl status quasselcore.service ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-07-08 17:31:50 UTC; 18s ago Docs: man:quasselcore(1) Main PID: 2881 (quasselcore) Tasks: 1 (limit: 115273) CGroup: /system.slice/quasselcore.service └─2881 /usr/bin/quasselcore --configdir=/var/lib/quassel --logfile=/var/log/quassel/core.log --loglevel=Info --port=4242 --listen=::,0.0.0.0 Jul 08 17:31:50 lp1814302-b systemd[1]: Started distributed IRC client using a central core component. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Committed Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Committed Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r"
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
focal: ubuntu@lp1814302-f:~$ systemd-detect-virt lxc ubuntu@lp1814302-f:~$ dpkg -l|grep quassel-core ii quassel-core 1:0.13.1-3ubuntu2 amd64 distributed IRC client - core component ubuntu@lp1814302-f:~$ /usr/bin/quasselcore Segmentation fault ubuntu@lp1814302-f:~$ systemctl status quasselcore.service ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: activating (auto-restart) (Result: signal) since Wed 2020-07-08 17:24:12 UTC; 168ms ago Docs: man:quasselcore(1) Process: 4867 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 4867 (code=killed, signal=SEGV) Jul 08 17:24:13 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 5. Jul 08 17:24:13 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jul 08 17:24:13 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jul 08 17:24:13 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jul 08 17:24:13 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. ubuntu@lp1814302-f:~$ systemd-detect-virt lxc ubuntu@lp1814302-f:~$ dpkg -l |grep quassel ii quassel-core 1:0.13.1-3ubuntu2.1amd64 distributed IRC client - core component ubuntu@lp1814302-f:~$ /usr/bin/quasselcore 2020-07-08 17:26:00 [Error] Unable to create Quassel config directory: ...etc... ubuntu@lp1814302-f:~$ systemctl status quasselcore.service ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-07-08 17:25:22 UTC; 43s ago Docs: man:quasselcore(1) Main PID: 5832 (quasselcore) Tasks: 1 (limit: 115273) Memory: 1.6M CGroup: /system.slice/quasselcore.service └─5832 /usr/bin/quasselcore --configdir=/var/lib/quassel --logfile=/var/log/quassel/core.log --loglevel=Info --port=4242 --listen=::,0.0.0.0 Jul 08 17:25:22 lp1814302-f systemd[1]: Started distributed IRC client using a central core component. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Committed Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Committed Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor p
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
Hello Yancy, or anyone else affected, Accepted quassel into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/quassel/1:0.13.1-3ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: quassel (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal ** Changed in: quassel (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: Fix Committed Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: Fix Committed Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
This bug was fixed in the package quassel - 1:0.13.1-3ubuntu3 --- quassel (1:0.13.1-3ubuntu3) groovy; urgency=medium * d/p/lp1885436/0001-common-Disable-enum-type-stream-operators-for-Qt-5.1.patch, d/p/lp1885436/0002-common-Always-let-QVariant-fromValue-deduce-the-type.patch, d/p/lp1885436/0003-qa-Replace-deprecated-qVariantFromValue-by-QVariant-.patch, d/p/lp1885436/0004-qa-Avoid-deprecation-warnings-for-QList-QSet-convers.patch, d/p/lp1885436/0005-qa-Replace-deprecated-QString-sprintf-by-QString-asp.patch: - Fix FTBFS due to QT 5.14 changes (LP: #1885436) * d/usr.bin.quasselcore: - Update apparmor profile to allow running in lxd (LP: #1814302) -- Dan Streetman Sun, 28 Jun 2020 10:54:49 -0400 ** Changed in: quassel (Ubuntu Groovy) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: Fix Released Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: In Progress Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: In Progress Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: Fix Released Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regression potential] this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor. [scope] this is needed for b/f/g. this is also needed for e, but that is EOL in weeks and this is not important enough to bother there. [original description] Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
** Description changed: - Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 - container. Everything up todate via apt. + [impact] + + quasselcore cannot start inside lxd container + + [test case] + + create lxd container, install quassel-core, check quasselcore service: + + $ systemctl status quasselcore + ● quasselcore.service - distributed IRC client using a central core component + Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) + Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago +Docs: man:quasselcore(1) + Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) +Main PID: 3853 (code=killed, signal=SEGV) + + Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. + Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. + Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. + Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. + Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. + + + Also, the binary will segfault when run directly due to apparmor denials: + + $ /usr/bin/quasselcore + Segmentation fault + + [760149.590802] audit: type=1400 audit(1593542073.962:1058): + apparmor="DENIED" operation="file_mmap" namespace="root//lxd- + lp1814302-f_" profile="/usr/bin/quasselcore" + name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" + requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 + + [regression potential] + + this expands the apparmor profile, so any regression would likely + involve problems while starting due to apparmor. + + [scope] + + this is needed for b/f/g. + + this is also needed for e, but that is EOL in weeks and this is not + important enough to bother there. + + [original description] + + + Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: In Progress Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: In Progress Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: In Progress Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: In Progress Bug description: [impact] quasselcore cannot start inside lxd container [test case] create lxd container, install quassel-core, check quasselcore service: $ systemctl status quasselcore ● quasselcore.service - distributed IRC client using a central core component Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago Docs: man:quasselcore(1) Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} --logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} (code=killed, signal=SEGV) Main PID: 3853 (code=killed, signal=SEGV) Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 7. Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request repeated too quickly. Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with result 'signal'. Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component. Also, the binary will segfault when run directly due to apparmor denials: $ /usr/bin/quasselcore Segmentation fault [760149.590802] audit: type=1400 audit(1593542073.962:1058): apparmor="DENIED" operation="file_mmap" namespace="root//lxd- lp1814302-f_" profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100 [regressi
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
** Also affects: apparmor (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: quassel (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu Groovy) Importance: Undecided Status: Confirmed ** Also affects: quassel (Ubuntu Groovy) Importance: Undecided Status: Confirmed ** Also affects: apparmor (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: quassel (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: apparmor (Ubuntu Bionic) Status: New => Invalid ** Changed in: apparmor (Ubuntu Focal) Status: New => Invalid ** Changed in: apparmor (Ubuntu Groovy) Status: Confirmed => Invalid ** Changed in: apparmor Status: New => Invalid ** Changed in: quassel (Ubuntu Focal) Status: New => In Progress ** Changed in: quassel (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: quassel (Ubuntu Groovy) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: quassel (Ubuntu Focal) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: quassel (Ubuntu Bionic) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: quassel (Ubuntu Groovy) Importance: Undecided => Medium ** Changed in: quassel (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: quassel (Ubuntu Bionic) Status: New => In Progress ** Changed in: quassel (Ubuntu Groovy) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: Invalid Status in apparmor package in Ubuntu: Invalid Status in quassel package in Ubuntu: In Progress Status in apparmor source package in Bionic: Invalid Status in quassel source package in Bionic: In Progress Status in apparmor source package in Focal: Invalid Status in quassel source package in Focal: In Progress Status in apparmor source package in Groovy: Invalid Status in quassel source package in Groovy: In Progress Bug description: Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
The above workaround isn't enough to totally resolve the issues with AppArmor and this application inside LXD. I also had to switch to aa- complain for PostgreSQL migration so features will have to be thoroughly tested to identify it. I'm willing to setup a secondary instance to do any testing that is necessary but I don't know anything about AppArmor to fix the profile. Added note: It seems that migration may be broken in Quassel-Core in general but I'm reporting that on their tracker as it seems to be a bug on their end but setting up for PostgreSQL seemed to work in complain mode. It is untested in enforce mode. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: New Status in apparmor package in Ubuntu: Confirmed Status in quassel package in Ubuntu: Confirmed Bug description: Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: quassel (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: New Status in apparmor package in Ubuntu: Confirmed Status in quassel package in Ubuntu: Confirmed Bug description: Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: New Status in apparmor package in Ubuntu: Confirmed Status in quassel package in Ubuntu: Confirmed Bug description: Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.
** Also affects: apparmor Importance: Undecided Status: New ** Also affects: quassel (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1814302 Title: Quasselcore apparmor profile issue in lxd container. Status in AppArmor: New Status in apparmor package in Ubuntu: New Status in quassel package in Ubuntu: New Bug description: Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt. Install quassel-core. Service will not start. Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start. I then added "/usr/bin/quasselcore rm," to "/etc/apparmor.d/usr.bin.quasselcore". Set "aa-enforce /usr/bin/quasselcore". Restarted main host. Quasselcore service now starts and I can connect to it. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp