[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
** Changed in: dnsmasq (Ubuntu) Assignee: (unassigned) => audrey reed (mrsperkins74) ** Changed in: dnsmasq (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Fix Released Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
** Changed in: dnsmasq (Ubuntu) Importance: Undecided = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: New Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
Did you install a profile yourself for dnsmasq? Could you show the result of sudo aa-status ? By default dnsmasq ships without a profile, but since you say it happens intermittently I assume you do have a custom profile... Please also show the result of: lsb_release -r ls -l /sbin/init ** Changed in: dnsmasq (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Incomplete Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
The dnsmasq apparmor profile comes from package apparmor-profiles. My installed version is apparmor-profiles 2.8.95~2430-0ubuntu5.1. It recently updated (June 16). I have only rebooted my machine three times since, and saw the unconfined only once. I will continue to watch to see if it occurs again. $ lsb_release -r Release:14.04 $ ls -l /sbin/init -rwxr-xr-x 1 root root 265848 Jul 18 2014 /sbin/init aa-status is uploaded as attachment ** Attachment added: Output from aa-status https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+attachment/4416907/+files/aa-status.txt -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Incomplete Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
I don't think stopped apparmor is going to do it -- the generic apparmor profiles are loaded via a sysv-init compatibility script. I think the job file that starts this dnsmasq instance needs to use apparmor load before starting the process: http://upstart.ubuntu.com/cookbook/#apparmor-load I hope this helps -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Triaged Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
** Changed in: dnsmasq (Ubuntu) Status: Incomplete = Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Triaged Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
Thanks. Can you show a list of the running dnsmasqs? Which dnsmasq starts unconfined? Is it the one started by network-manager, or by a custom script, or something else? I think adding stopped apparmor to the 'start on' conditions of the job which starts dnsmasq should suffice to fix the problem for you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Triaged Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
My currently running dnsmasq (which is confined the way it should be) was started by NetworkManager: $ ps axjf PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND 1 1873 1873 1873 ? -1 Ssl 0 0:00 NetworkManager 1873 2047 2047 1873 ? -1 S65534 0:00 \_ /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.1.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=0 --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: Triaged Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1466103] Re: dnsmasq runs unconfined due to starting before apparmor on boot
Additional info: Only happens intermittently. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466103 Title: dnsmasq runs unconfined due to starting before apparmor on boot Status in dnsmasq package in Ubuntu: New Bug description: Description and behavior are identical to Bug #573315. However, the solution to that bug was to make a change to /etc/apparmor.d/usr.sbin.libvirtd. There is no longer an apparmor profile /etc/apparmor.d/usr.sbin.libvirtd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
