[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-07-16 Thread Launchpad Bug Tracker
This bug was fixed in the package quassel - 1:0.12.4-3ubuntu1.18.04.2

---
quassel (1:0.12.4-3ubuntu1.18.04.2) bionic; urgency=medium

  * d/usr.bin.quasselcore:
- Update apparmor profile to allow running in lxd (LP: #1814302)

 -- Dan Streetman   Sun, 28 Jun 2020 11:01:19
-0400

** Changed in: quassel (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  Fix Released
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  Fix Released
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  Fix Released
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  Fix Released

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100

  [regression potential]

  this expands the apparmor profile, so any regression would likely
  involve problems while starting due to apparmor.

  [scope]

  this is needed for b/f/g.

  this is also needed for e, but that is EOL in weeks and this is not
  important enough to bother there.

  [original description]

  
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 
container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-07-16 Thread Launchpad Bug Tracker
This bug was fixed in the package quassel - 1:0.13.1-3ubuntu2.1

---
quassel (1:0.13.1-3ubuntu2.1) focal; urgency=medium

  * d/usr.bin.quasselcore:
- Update apparmor profile to allow running in lxd (LP: #1814302)

 -- Dan Streetman   Sun, 28 Jun 2020 11:01:19
-0400

** Changed in: quassel (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  Fix Released
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  Fix Committed
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  Fix Released
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  Fix Released

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100

  [regression potential]

  this expands the apparmor profile, so any regression would likely
  involve problems while starting due to apparmor.

  [scope]

  this is needed for b/f/g.

  this is also needed for e, but that is EOL in weeks and this is not
  important enough to bother there.

  [original description]

  
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 
container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-07-08 Thread Dan Streetman
bionic:

ubuntu@lp1814302-b:~$ systemd-detect-virt 
lxc
ubuntu@lp1814302-b:~$ dpkg -l|grep quassel
ii  quassel-core   1:0.12.4-3ubuntu1.18.04.1   amd64
distributed IRC client - core component
ubuntu@lp1814302-b:~$ /usr/bin/quasselcore 
Segmentation fault
ubuntu@lp1814302-b:~$ systemctl status quasselcore.service 
● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Wed 2020-07-08 17:27:46 UTC; 1min 53s 
ago
 Docs: man:quasselcore(1)
  Process: 2381 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 2381 (code=killed, signal=SEGV)

Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Service hold-off 
time over, scheduling restart.
Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Scheduled restart 
job, restart counter is at 6.
Jul 08 17:27:46 lp1814302-b systemd[1]: Stopped distributed IRC client using a 
central core component.
Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Start request 
repeated too quickly.
Jul 08 17:27:46 lp1814302-b systemd[1]: quasselcore.service: Failed with result 
'signal'.
Jul 08 17:27:46 lp1814302-b systemd[1]: Failed to start distributed IRC client 
using a central core component.


ubuntu@lp1814302-b:~$ systemd-detect-virt 
lxc
ubuntu@lp1814302-b:~$ dpkg -l|grep quassel
ii  quassel-core   1:0.12.4-3ubuntu1.18.04.2   amd64
distributed IRC client - core component
ubuntu@lp1814302-b:~$ /usr/bin/quasselcore 
Unable to create Quassel config directory: /home/ubuntu/.config/quassel-irc.org
...etc...
ubuntu@lp1814302-b:~$ systemctl status quasselcore.service 
● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: active (running) since Wed 2020-07-08 17:31:50 UTC; 18s ago
 Docs: man:quasselcore(1)
 Main PID: 2881 (quasselcore)
Tasks: 1 (limit: 115273)
   CGroup: /system.slice/quasselcore.service
   └─2881 /usr/bin/quasselcore --configdir=/var/lib/quassel 
--logfile=/var/log/quassel/core.log --loglevel=Info --port=4242 
--listen=::,0.0.0.0

Jul 08 17:31:50 lp1814302-b systemd[1]: Started distributed IRC client
using a central core component.


** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  Fix Released
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  Fix Committed
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  Fix Committed
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  Fix Released

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" 

[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-07-08 Thread Dan Streetman
focal:

ubuntu@lp1814302-f:~$ systemd-detect-virt 
lxc
ubuntu@lp1814302-f:~$ dpkg -l|grep quassel-core
ii  quassel-core   1:0.13.1-3ubuntu2 amd64  
  distributed IRC client - core component
ubuntu@lp1814302-f:~$ /usr/bin/quasselcore 
Segmentation fault
ubuntu@lp1814302-f:~$ systemctl status quasselcore.service 
● quasselcore.service - distributed IRC client using a central core component
 Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
 Active: activating (auto-restart) (Result: signal) since Wed 2020-07-08 
17:24:12 UTC; 168ms ago
   Docs: man:quasselcore(1)
Process: 4867 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
   Main PID: 4867 (code=killed, signal=SEGV)

Jul 08 17:24:13 lp1814302-f systemd[1]: quasselcore.service: Scheduled restart 
job, restart counter is at 5.
Jul 08 17:24:13 lp1814302-f systemd[1]: Stopped distributed IRC client using a 
central core component.
Jul 08 17:24:13 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
Jul 08 17:24:13 lp1814302-f systemd[1]: quasselcore.service: Failed with result 
'signal'.
Jul 08 17:24:13 lp1814302-f systemd[1]: Failed to start distributed IRC client 
using a central core component.


ubuntu@lp1814302-f:~$ systemd-detect-virt 
lxc
ubuntu@lp1814302-f:~$ dpkg -l |grep quassel
ii  quassel-core   1:0.13.1-3ubuntu2.1amd64 
   distributed IRC client - core component
ubuntu@lp1814302-f:~$ /usr/bin/quasselcore 
2020-07-08 17:26:00 [Error] Unable to create Quassel config directory:
...etc...
ubuntu@lp1814302-f:~$ systemctl status quasselcore.service 
● quasselcore.service - distributed IRC client using a central core component
 Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
 Active: active (running) since Wed 2020-07-08 17:25:22 UTC; 43s ago
   Docs: man:quasselcore(1)
   Main PID: 5832 (quasselcore)
  Tasks: 1 (limit: 115273)
 Memory: 1.6M
 CGroup: /system.slice/quasselcore.service
 └─5832 /usr/bin/quasselcore --configdir=/var/lib/quassel 
--logfile=/var/log/quassel/core.log --loglevel=Info --port=4242 
--listen=::,0.0.0.0

Jul 08 17:25:22 lp1814302-f systemd[1]: Started distributed IRC client
using a central core component.


** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  Fix Released
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  Fix Committed
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  Fix Committed
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  Fix Released

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100

  [regression potential]

  this expands the apparmor 

[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-07-07 Thread Brian Murray
Hello Yancy, or anyone else affected,

Accepted quassel into focal-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/quassel/1:0.13.1-3ubuntu2.1 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: quassel (Ubuntu Focal)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-focal

** Changed in: quassel (Ubuntu Bionic)
   Status: In Progress => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  Fix Released
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  Fix Committed
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  Fix Committed
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  Fix Released

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100

  [regression potential]

  this expands the apparmor profile, so any regression would likely
  involve problems while starting due to apparmor.

  [scope]

  this is needed for b/f/g.

  this is also needed for e, but that is EOL in weeks and this is not
  important enough to bother there.

  [original description]

  
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 
container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : 

[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-06-30 Thread Launchpad Bug Tracker
This bug was fixed in the package quassel - 1:0.13.1-3ubuntu3

---
quassel (1:0.13.1-3ubuntu3) groovy; urgency=medium

  * 
d/p/lp1885436/0001-common-Disable-enum-type-stream-operators-for-Qt-5.1.patch,

d/p/lp1885436/0002-common-Always-let-QVariant-fromValue-deduce-the-type.patch,

d/p/lp1885436/0003-qa-Replace-deprecated-qVariantFromValue-by-QVariant-.patch,

d/p/lp1885436/0004-qa-Avoid-deprecation-warnings-for-QList-QSet-convers.patch,

d/p/lp1885436/0005-qa-Replace-deprecated-QString-sprintf-by-QString-asp.patch:
- Fix FTBFS due to QT 5.14 changes (LP: #1885436)
  * d/usr.bin.quasselcore:
- Update apparmor profile to allow running in lxd (LP: #1814302)

 -- Dan Streetman   Sun, 28 Jun 2020 10:54:49
-0400

** Changed in: quassel (Ubuntu Groovy)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  Fix Released
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  In Progress
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  In Progress
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  Fix Released

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100

  [regression potential]

  this expands the apparmor profile, so any regression would likely
  involve problems while starting due to apparmor.

  [scope]

  this is needed for b/f/g.

  this is also needed for e, but that is EOL in weeks and this is not
  important enough to bother there.

  [original description]

  
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 
container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-06-30 Thread Dan Streetman
** Description changed:

- Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04
- container. Everything up todate via apt.
+ [impact]
+ 
+ quasselcore cannot start inside lxd container
+ 
+ [test case]
+ 
+ create lxd container, install quassel-core, check quasselcore service:
+ 
+ $ systemctl status quasselcore
+ ● quasselcore.service - distributed IRC client using a central core component
+  Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
+  Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
+Docs: man:quasselcore(1)
+ Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
+Main PID: 3853 (code=killed, signal=SEGV)
+ 
+ Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
+ Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
+ Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
+ Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
+ Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.
+ 
+ 
+ Also, the binary will segfault when run directly due to apparmor denials:
+ 
+ $ /usr/bin/quasselcore 
+ Segmentation fault
+ 
+ [760149.590802] audit: type=1400 audit(1593542073.962:1058):
+ apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
+ lp1814302-f_" profile="/usr/bin/quasselcore"
+ name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
+ requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100
+ 
+ [regression potential]
+ 
+ this expands the apparmor profile, so any regression would likely
+ involve problems while starting due to apparmor.
+ 
+ [scope]
+ 
+ this is needed for b/f/g.
+ 
+ this is also needed for e, but that is EOL in weeks and this is not
+ important enough to bother there.
+ 
+ [original description]
+ 
+ 
+ Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 
container. Everything up todate via apt.
  
  Install quassel-core. Service will not start.
  
  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.
  
  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".
  
  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.
  
  Quasselcore service now starts and I can connect to it.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  In Progress
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  In Progress
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  In Progress
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  In Progress

Bug description:
  [impact]

  quasselcore cannot start inside lxd container

  [test case]

  create lxd container, install quassel-core, check quasselcore service:

  $ systemctl status quasselcore
  ● quasselcore.service - distributed IRC client using a central core component
   Loaded: loaded (/lib/systemd/system/quasselcore.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
 Docs: man:quasselcore(1)
  Process: 3853 ExecStart=/usr/bin/quasselcore --configdir=${DATADIR} 
--logfile=${LOGFILE} --loglevel=${LOGLEVEL} --port=${PORT} --listen=${LISTEN} 
(code=killed, signal=SEGV)
 Main PID: 3853 (code=killed, signal=SEGV)

  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Scheduled 
restart job, restart counter is at 7.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using 
a central core component.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Start request 
repeated too quickly.
  Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.service: Failed with 
result 'signal'.
  Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC 
client using a central core component.

  
  Also, the binary will segfault when run directly due to apparmor denials:

  $ /usr/bin/quasselcore 
  Segmentation fault

  [760149.590802] audit: type=1400 audit(1593542073.962:1058):
  apparmor="DENIED" operation="file_mmap" namespace="root//lxd-
  lp1814302-f_" profile="/usr/bin/quasselcore"
  name="/usr/bin/quasselcore" pid=2006430 comm="quasselcore"
  requested_mask="r" denied_mask="r" fsuid=1000110 ouid=100

  

[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2020-06-30 Thread Dan Streetman
** Also affects: apparmor (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: quassel (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu Groovy)
   Importance: Undecided
   Status: Confirmed

** Also affects: quassel (Ubuntu Groovy)
   Importance: Undecided
   Status: Confirmed

** Also affects: apparmor (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: quassel (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: apparmor (Ubuntu Bionic)
   Status: New => Invalid

** Changed in: apparmor (Ubuntu Focal)
   Status: New => Invalid

** Changed in: apparmor (Ubuntu Groovy)
   Status: Confirmed => Invalid

** Changed in: apparmor
   Status: New => Invalid

** Changed in: quassel (Ubuntu Focal)
   Status: New => In Progress

** Changed in: quassel (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: quassel (Ubuntu Groovy)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: quassel (Ubuntu Focal)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: quassel (Ubuntu Bionic)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: quassel (Ubuntu Groovy)
   Importance: Undecided => Medium

** Changed in: quassel (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: quassel (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: quassel (Ubuntu Groovy)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Invalid
Status in quassel package in Ubuntu:
  In Progress
Status in apparmor source package in Bionic:
  Invalid
Status in quassel source package in Bionic:
  In Progress
Status in apparmor source package in Focal:
  Invalid
Status in quassel source package in Focal:
  In Progress
Status in apparmor source package in Groovy:
  Invalid
Status in quassel source package in Groovy:
  In Progress

Bug description:
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04
  container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2019-07-27 Thread Robert Pendell
The above workaround isn't enough to totally resolve the issues with
AppArmor and this application inside LXD.  I also had to switch to aa-
complain for PostgreSQL migration so features will have to be thoroughly
tested to identify it.  I'm willing to setup a secondary instance to do
any testing that is necessary but I don't know anything about AppArmor
to fix the profile.

Added note: It seems that migration may be broken in Quassel-Core in
general but I'm reporting that on their tracker as it seems to be a bug
on their end but setting up for PostgreSQL seemed to work in complain
mode.  It is untested in enforce mode.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  Confirmed
Status in quassel package in Ubuntu:
  Confirmed

Bug description:
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04
  container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2019-02-25 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: quassel (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  Confirmed
Status in quassel package in Ubuntu:
  Confirmed

Bug description:
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04
  container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2019-02-25 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  Confirmed
Status in quassel package in Ubuntu:
  Confirmed

Bug description:
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04
  container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1814302] Re: Quasselcore apparmor profile issue in lxd container.

2019-02-01 Thread Yancy Burns
** Also affects: apparmor
   Importance: Undecided
   Status: New

** Also affects: quassel (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1814302

Title:
  Quasselcore apparmor profile issue in lxd container.

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in quassel package in Ubuntu:
  New

Bug description:
  Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04
  container. Everything up todate via apt.

  Install quassel-core. Service will not start.

  Set "aa-complain /usr/bin/quasselcore" allows quasselcore to start.

  I then added "/usr/bin/quasselcore rm," to
  "/etc/apparmor.d/usr.bin.quasselcore".

  Set "aa-enforce /usr/bin/quasselcore". Restarted main host.

  Quasselcore service now starts and I can connect to it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1814302/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp