This bug was fixed in the package privoxy - 3.0.34-3ubuntu1
---
privoxy (3.0.34-3ubuntu1) noble; urgency=medium
* debian/apparmor/usr.sbin.privoxy: attempt on fixing the denial on
containers (LP: #2058866).
-- Łukasz 'sil2100' Zemczak Tue, 26 Mar
2024 17:16:43 +0100
**
The fix is similar for privoxy. I attached the debdiff that fixes it.
** Patch added: "privoxy_3.0.34-3ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/cups-browsed/+bug/2058866/+attachment/5759689/+files/privoxy_3.0.34-3ubuntu2.debdiff
--
You received this bug notification
Ah, sorry, Łukasz. I didn't see you were working on it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for cups-browsed 2.0.0-0ubuntu8
** Changed in: privoxy (Ubuntu)
Assignee: (unassigned) => Łukasz Zemczak (sil2100)
** Changed in: privoxy (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
privoxy rebuild fails in containers with the same issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for cups-browsed 2.0.0-0ubuntu8
Thanks! Since this issue was seen only with the package in -proposed,
I'm closing this bug.
There are other unrelated test failures now blocking the build on
armhf. I will open a separate bug for these.
** Changed in: cups-browsed (Ubuntu)
Status: Fix Committed => Fix Released
**
Sponsored!
** Changed in: cups-browsed (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for
I'll take care of the sponsoring.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for cups-browsed 2.0.0-0ubuntu8
Status in apparmor
The attachment "apparmor-add-execmap.patch" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
So what I think is going on from a first pass look at this is that
We are seeing a change in kernel behavior around exec. The 6.8 has a
known change here, that doesn't normally trigger because unconfined is
delegating access into the profile. However in the lxd case, unconfined
can is not
On Mon, Mar 25, 2024 at 05:16:57AM -, John Johansen wrote:
> Do we know if there is a difference in the kernel between the runs?
> The 2.0.0.0~0ubuntu3 autopackage run log I was pointed at was on a
> Linux 5.4.0-170-generic #188-Ubuntu
> Do we know what kernel that 2.0.0-0ubuntu7 is
Do we know if there is a difference in the kernel between the runs?
The 2.0.0.0~0ubuntu3 autopackage run log I was pointed at was on a
Linux 5.4.0-170-generic #188-Ubuntu
Do we know what kernel that 2.0.0-0ubuntu7 is failing on? There was a
change to when security checks were made in on the
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
cupsd 2.0.0-0ubuntu8 contains no sourceful changes vs 2.0.0-0ubuntu3 in
noble release; these are no-change rebuilds only.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
Reproducible on amd64.
[6037055.006277] audit: type=1400 audit(1711335561.053:35916):
apparmor="DENIED" operation="file_mmap" class="file"
namespace="root//lxd-noble_"
profile="/usr/sbin/cups-browsed" name="/usr/sbin/cups-browsed"
pid=788055 comm="cups-browsed" requested_mask="r" denied_mask="r"
[1724567.629003] audit: type=1400 audit(1711133926.877:813):
apparmor="DENIED" operation="file_mmap" class="file"
namespace="root//lxd-noble-armhf_"
profile="/usr/sbin/cups-browsed" name="/usr/sbin/cups-browsed"
pid=876865 comm="cups-browsed" requested_mask="rm" denied_mask="rm"
fsuid=1000110
16 matches
Mail list logo