[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Ubuntu 17.10 (Artful Aardvark) has reached end of life, so this bug will not be fixed for that specific release. ** Changed in: apparmor (Ubuntu Artful) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Fix Released Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Fix Released Status in apparmor source package in Artful: Won't Fix Status in linux source package in Artful: Fix Released Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Fix Released Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
This bug was fixed in the package linux-gcp - 4.13.0-1012.16 --- linux-gcp (4.13.0-1012.16) xenial; urgency=medium * linux-gcp: 4.13.0-1012.16 -proposed tracker (LP: #1755771) [ Ubuntu: 4.13.0-38.43 ] * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762) * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408) - i40e: Fix memory leak related filter programming status - i40e: Add programming descriptors to cleaned_count * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347) - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer * fails to dump with latest kpti fixes (LP: #1750021) - kdump: write correct address of mem_section into vmcoreinfo * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572) - CIFS: make IPC a regular tcon - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl - CIFS: dump IPC tcon in debug proc file * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076) - i2c: octeon: Prevent error message on bus error * hisi_sas: Add disk LED support (LP: #1752695) - scsi: hisi_sas: directly attached disk LED feature for v2 hw * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode) (LP: #1743856) - EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode * [regression] Colour banding and artefacts appear system-wide on an Asus Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA * DVB Card with SAA7146 chipset not working (LP: #1742316) - vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems * [Asus UX360UA] battery status in unity-panel is not changing when battery is being charged (LP: #1661876) // AC adapter status not detected on Asus ZenBook UX410UAK (LP: #1745032) - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK * ASUS UX305LA - Battery state not detected correctly (LP: #1482390) - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA * support thunderx2 vendor pmu events (LP: #1747523) - perf pmu: Extract function to get JSON alias map - perf pmu: Pass pmu as a parameter to get_cpuid_str() - perf tools arm64: Add support for get_cpuid_str function. - perf pmu: Add helper function is_pmu_core to detect PMU CORE devices - perf vendor events arm64: Add ThunderX2 implementation defined pmu core events - perf pmu: Add check for valid cpuid in perf_pmu__find_map() * lpfc.ko module doesn't work (LP: #1746970) - scsi: lpfc: Fix loop mode target discovery * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498) - powerpc/mm/book3s64: Make KERN_IO_START a variable - powerpc/mm/slb: Move comment next to the code it's referring to - powerpc/mm/hash64: Make vmalloc 56T on hash * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567) - net: hns: add ACPI mode support for ethtool -p * CVE-2017-17807 - KEYS: add missing permission check for request_key() destination * [Artful SRU] Fix capsule update regression (LP: #1746019) - efi/capsule-loader: Reinstate virtual capsule mapping * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746) - Ubuntu: [Config] enable EDAC_GHES for ARM64 * linux-tools: perf incorrectly linking libbfd (LP: #1748922) - SAUCE: tools -- add ability to disable libbfd - [Packaging] correct disablement of libbfd * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769) - delayacct: Account blkio completion on the correct task * Error in CPU frequency reporting when nominal and min pstates are same (cpufreq) (LP: #1746174) - cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin * retpoline abi files are empty on i386 (LP: #1751021) - [Packaging] retpoline-extract -- instantiate retpoline files for i386 - [Packaging] final-checks -- sanity checking ABI contents - [Packaging] final-checks -- check for empty retpoline files * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping different pmu events using perf fuzzer . (perf:) (LP: #1746225) - powerpc/perf: Fix oops when grouping different pmu events * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) // CVE-2018-126 - net: create skb_gso_validate_mac_len() - bnx2x: disable GSO where gso_size is too big for hardware * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition table (LP: #1736145) - powerpc/64s: Initialize ISAv3 MMU registers before setting partition table * powerp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
This bug was fixed in the package linux-gcp - 4.13.0-1012.16 --- linux-gcp (4.13.0-1012.16) xenial; urgency=medium * linux-gcp: 4.13.0-1012.16 -proposed tracker (LP: #1755771) [ Ubuntu: 4.13.0-38.43 ] * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762) * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408) - i40e: Fix memory leak related filter programming status - i40e: Add programming descriptors to cleaned_count * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347) - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer * fails to dump with latest kpti fixes (LP: #1750021) - kdump: write correct address of mem_section into vmcoreinfo * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572) - CIFS: make IPC a regular tcon - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl - CIFS: dump IPC tcon in debug proc file * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076) - i2c: octeon: Prevent error message on bus error * hisi_sas: Add disk LED support (LP: #1752695) - scsi: hisi_sas: directly attached disk LED feature for v2 hw * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode) (LP: #1743856) - EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode * [regression] Colour banding and artefacts appear system-wide on an Asus Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA * DVB Card with SAA7146 chipset not working (LP: #1742316) - vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems * [Asus UX360UA] battery status in unity-panel is not changing when battery is being charged (LP: #1661876) // AC adapter status not detected on Asus ZenBook UX410UAK (LP: #1745032) - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK * ASUS UX305LA - Battery state not detected correctly (LP: #1482390) - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA * support thunderx2 vendor pmu events (LP: #1747523) - perf pmu: Extract function to get JSON alias map - perf pmu: Pass pmu as a parameter to get_cpuid_str() - perf tools arm64: Add support for get_cpuid_str function. - perf pmu: Add helper function is_pmu_core to detect PMU CORE devices - perf vendor events arm64: Add ThunderX2 implementation defined pmu core events - perf pmu: Add check for valid cpuid in perf_pmu__find_map() * lpfc.ko module doesn't work (LP: #1746970) - scsi: lpfc: Fix loop mode target discovery * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498) - powerpc/mm/book3s64: Make KERN_IO_START a variable - powerpc/mm/slb: Move comment next to the code it's referring to - powerpc/mm/hash64: Make vmalloc 56T on hash * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567) - net: hns: add ACPI mode support for ethtool -p * CVE-2017-17807 - KEYS: add missing permission check for request_key() destination * [Artful SRU] Fix capsule update regression (LP: #1746019) - efi/capsule-loader: Reinstate virtual capsule mapping * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746) - Ubuntu: [Config] enable EDAC_GHES for ARM64 * linux-tools: perf incorrectly linking libbfd (LP: #1748922) - SAUCE: tools -- add ability to disable libbfd - [Packaging] correct disablement of libbfd * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769) - delayacct: Account blkio completion on the correct task * Error in CPU frequency reporting when nominal and min pstates are same (cpufreq) (LP: #1746174) - cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin * retpoline abi files are empty on i386 (LP: #1751021) - [Packaging] retpoline-extract -- instantiate retpoline files for i386 - [Packaging] final-checks -- sanity checking ABI contents - [Packaging] final-checks -- check for empty retpoline files * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping different pmu events using perf fuzzer . (perf:) (LP: #1746225) - powerpc/perf: Fix oops when grouping different pmu events * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) // CVE-2018-126 - net: create skb_gso_validate_mac_len() - bnx2x: disable GSO where gso_size is too big for hardware * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition table (LP: #1736145) - powerpc/64s: Initialize ISAv3 MMU registers before setting partition table * powerp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
This bug was fixed in the package linux - 4.13.0-38.43 --- linux (4.13.0-38.43) artful; urgency=medium * linux: 4.13.0-38.43 -proposed tracker (LP: #1755762) * Servers going OOM after updating kernel from 4.10 to 4.13 (LP: #1748408) - i40e: Fix memory leak related filter programming status - i40e: Add programming descriptors to cleaned_count * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347) - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer * fails to dump with latest kpti fixes (LP: #1750021) - kdump: write correct address of mem_section into vmcoreinfo * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572) - CIFS: make IPC a regular tcon - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl - CIFS: dump IPC tcon in debug proc file * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076) - i2c: octeon: Prevent error message on bus error * hisi_sas: Add disk LED support (LP: #1752695) - scsi: hisi_sas: directly attached disk LED feature for v2 hw * EDAC, sb_edac: Backport 1 patch to Ubuntu 17.10 (Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode) (LP: #1743856) - EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode * [regression] Colour banding and artefacts appear system-wide on an Asus Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA * DVB Card with SAA7146 chipset not working (LP: #1742316) - vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems * [Asus UX360UA] battery status in unity-panel is not changing when battery is being charged (LP: #1661876) // AC adapter status not detected on Asus ZenBook UX410UAK (LP: #1745032) - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK * ASUS UX305LA - Battery state not detected correctly (LP: #1482390) - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA * support thunderx2 vendor pmu events (LP: #1747523) - perf pmu: Extract function to get JSON alias map - perf pmu: Pass pmu as a parameter to get_cpuid_str() - perf tools arm64: Add support for get_cpuid_str function. - perf pmu: Add helper function is_pmu_core to detect PMU CORE devices - perf vendor events arm64: Add ThunderX2 implementation defined pmu core events - perf pmu: Add check for valid cpuid in perf_pmu__find_map() * lpfc.ko module doesn't work (LP: #1746970) - scsi: lpfc: Fix loop mode target discovery * Ubuntu 17.10 crashes on vmalloc.c (LP: #1739498) - powerpc/mm/book3s64: Make KERN_IO_START a variable - powerpc/mm/slb: Move comment next to the code it's referring to - powerpc/mm/hash64: Make vmalloc 56T on hash * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567) - net: hns: add ACPI mode support for ethtool -p * CVE-2017-17807 - KEYS: add missing permission check for request_key() destination * [Artful SRU] Fix capsule update regression (LP: #1746019) - efi/capsule-loader: Reinstate virtual capsule mapping * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746) - Ubuntu: [Config] enable EDAC_GHES for ARM64 * linux-tools: perf incorrectly linking libbfd (LP: #1748922) - SAUCE: tools -- add ability to disable libbfd - [Packaging] correct disablement of libbfd * Cherry pick c96f5471ce7d for delayacct fix (LP: #1747769) - delayacct: Account blkio completion on the correct task * Error in CPU frequency reporting when nominal and min pstates are same (cpufreq) (LP: #1746174) - cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin * retpoline abi files are empty on i386 (LP: #1751021) - [Packaging] retpoline-extract -- instantiate retpoline files for i386 - [Packaging] final-checks -- sanity checking ABI contents - [Packaging] final-checks -- check for empty retpoline files * [P9,Power NV][WSP][Ubuntu 1804] : "Kernel access of bad area " when grouping different pmu events using perf fuzzer . (perf:) (LP: #1746225) - powerpc/perf: Fix oops when grouping different pmu events * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) // CVE-2018-126 - net: create skb_gso_validate_mac_len() - bnx2x: disable GSO where gso_size is too big for hardware * Ubuntu16.04.03: ISAv3 initialize MMU registers before setting partition table (LP: #1736145) - powerpc/64s: Initialize ISAv3 MMU registers before setting partition table * powerpc/powernv: Flush console before platform error reboot (LP: #1735159) - po
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- artful' to 'verification-done-artful'. If the problem still exists, change the tag 'verification-needed-artful' to 'verification-failed- artful'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-artful -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Fix Released Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Confirmed Status in apparmor source package in Artful: Fix Committed Status in linux source package in Artful: Fix Committed Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Fix Released Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
** Changed in: linux (Ubuntu Artful) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Fix Released Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Confirmed Status in apparmor source package in Artful: Fix Committed Status in linux source package in Artful: Fix Committed Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Fix Released Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
This bug was fixed in the package linux-gcp - 4.15.0-1001.1 --- linux-gcp (4.15.0-1001.1) bionic; urgency=medium * linux-gcp: 4.15.0-1001.1 -proposed tracker (LP: #1752101) * linux xenial derivatives fail to build (LP: #1691814) // Prepare linux-gcp for bionic (LP: #1752069) - [Packaging] Set do_tools_common in common vars * Prepare linux-gcp for bionic (LP: #1752069) - linux-gcp: Update base kernel version - [Config] linux-gcp: Reset config annotations to master - [Config] linux-gcp: Add annotations overlay - [Config] linux-gcp: updateconfigs after rebase to Ubuntu-4.15.0-10.11 - Ubuntu: linux-gcp: Revert build_arch=x86 - [Packaging] linux-gcp: Update Vcs-Git for bionic * CVE-2017-5715 (Spectre v2 retpoline) - [Config] linux-gcp: disable retpoline checks for first upload * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: allow overlay annotations files [ Ubuntu: 4.15.0-10.11 ] * linux: 4.15.0-10.11 -proposed tracker (LP: #1749250) * "swiotlb: coherent allocation failed" dmesg spam with linux 4.15.0-9.10 (LP: #1749202) - swiotlb: suppress warning when __GFP_NOWARN is set - drm/ttm: specify DMA_ATTR_NO_WARN for huge page pools * linux-tools: perf incorrectly linking libbfd (LP: #1748922) - SAUCE: tools -- add ability to disable libbfd - [Packaging] correct disablement of libbfd * [Artful] Realtek ALC225: 2 secs noise when a headset plugged in (LP: #1744058) - ALSA: hda/realtek - update ALC225 depop optimize * [Artful] Support headset mode for DELL WYSE (LP: #1723913) - SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE * headset mic can't be detected on two Dell machines (LP: #1748807) - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 - ALSA: hda - Fix headset mic detection problem for two Dell machines * Bionic update to v4.15.3 stable release (LP: #1749191) - ip6mr: fix stale iterator - net: igmp: add a missing rcu locking section - qlcnic: fix deadlock bug - qmi_wwan: Add support for Quectel EP06 - r8169: fix RTL8168EP take too long to complete driver initialization. - tcp: release sk_frag.page in tcp_disconnect - vhost_net: stop device during reset owner - ipv6: addrconf: break critical section in addrconf_verify_rtnl() - ipv6: change route cache aging logic - Revert "defer call to mem_cgroup_sk_alloc()" - net: ipv6: send unsolicited NA after DAD - rocker: fix possible null pointer dereference in rocker_router_fib_event_work - tcp_bbr: fix pacing_gain to always be unity when using lt_bw - cls_u32: add missing RCU annotation. - ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only - soreuseport: fix mem leak in reuseport_add_sock() - net_sched: get rid of rcu_barrier() in tcf_block_put_ext() - net: sched: fix use-after-free in tcf_block_put_ext - media: mtk-vcodec: add missing MODULE_LICENSE/DESCRIPTION - media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - media: tegra-cec: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - gpio: uniphier: fix mismatch between license text and MODULE_LICENSE - crypto: tcrypt - fix S/G table for test_aead_speed() - Linux 4.15.3 * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) // CVE-2018-126 - net: create skb_gso_validate_mac_len() - bnx2x: disable GSO where gso_size is too big for hardware * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567) - net: hns: add ACPI mode support for ethtool -p * CVE-2017-5715 (Spectre v2 Intel) - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files * [Feature] PXE boot with Intel Omni-Path (LP: #1712031) - d-i: Add hfi1 to nic-modules * CVE-2017-5715 (Spectre v2 retpoline) - [Packaging] retpoline -- add call site validation - [Config] disable retpoline checks for first upload * Do not duplicate changelog entries assigned to more than one bug or CVE (LP: #1743383) - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better [ Ubuntu: 4.15.0-9.10 ] * linux: 4.15.0-9.10 -proposed tracker (LP: #1748244) * Miscellaneous Ubuntu changes - [Debian] tests -- remove gcc-multilib dependency for arm64 [ Ubuntu: 4.15.0-8.9 ] * linux: 4.15.0-8.9 -proposed tracker (LP: #1748075) * Bionic update to v4.15.2 stable release (LP: #1748072) - KVM: x86: Make indirect calls in emulator speculation safe - KVM: VMX: Make indirect call speculation safe - module/retpoline: Warn about missing retpoline in module - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - x86/pti: Do
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
FYI, the following kernels are also affected (all 4.13 based): * linux-azure * linux-hwe * linux-hwe-edge * linux-oem * linux-raspi2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Invalid Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Confirmed Status in apparmor source package in Artful: Fix Committed Status in linux source package in Artful: Confirmed Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Invalid Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Since this is going to be fixed in 'linux' and 'linux-gcp', adding tasks for those. ** Changed in: apparmor (Ubuntu Artful) Status: Won't Fix => Fix Committed ** Changed in: linux (Ubuntu Artful) Status: Fix Committed => Confirmed ** Also affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Also affects: apparmor (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux-gcp (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: apparmor (Ubuntu Xenial) Status: New => Won't Fix ** Changed in: linux (Ubuntu Xenial) Status: New => Invalid ** Changed in: linux-gcp (Ubuntu Artful) Status: New => Invalid ** Changed in: linux-gcp (Ubuntu Bionic) Status: New => Invalid ** Changed in: linux-gcp (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Invalid Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Confirmed Status in apparmor source package in Artful: Fix Committed Status in linux source package in Artful: Confirmed Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Invalid Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Here are more details on the snapd test failure: https://forum.snapcraft.io/t/lxd-issue-due-to-snap-confine-apparmor- profile/4203/18 ** Also affects: snapd Importance: Undecided Status: New ** Changed in: snapd Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Invalid Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Confirmed Status in apparmor source package in Artful: Fix Committed Status in linux source package in Artful: Confirmed Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Invalid Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Add a snapd task so that when the https://launchpad.net/ubuntu/+source /linux-gcp is Fix Released, snapd can re-enable the tests/main/lxd test on GCE. ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Artful) Status: New => Fix Committed ** Changed in: apparmor (Ubuntu Artful) Status: Fix Committed => Won't Fix ** Changed in: linux (Ubuntu Bionic) Status: New => Confirmed ** Tags added: aa-kernel -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in snapd: Triaged Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in linux-gcp package in Ubuntu: Invalid Status in apparmor source package in Xenial: Won't Fix Status in linux source package in Xenial: Invalid Status in linux-gcp source package in Xenial: Confirmed Status in apparmor source package in Artful: Fix Committed Status in linux source package in Artful: Confirmed Status in linux-gcp source package in Artful: Invalid Status in apparmor source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-gcp source package in Bionic: Invalid Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
This is affected snapd spread tests in GCE, where they have a xenial userspace and 4.13 kernel: # cat /proc/version_signature Ubuntu 4.13.0-1011.15-gcp 4.13.13 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Artful: Fix Committed Status in apparmor source package in Bionic: Confirmed Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
** Changed in: apparmor (Ubuntu Artful) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Artful: Fix Committed Status in apparmor source package in Bionic: Confirmed Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu Artful) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Artful: Confirmed Status in apparmor source package in Bionic: Confirmed Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1746463] Re: apparmor profile load in stacked policy container fails
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1746463 Title: apparmor profile load in stacked policy container fails Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Artful: Confirmed Status in apparmor source package in Bionic: Confirmed Bug description: LXD containers on an artful or bionic host with aa namespaces, should be able to load the lxc policies. However /lib/apparmor/profile-load skips that part when running in a container. aa-status shows 0 policies /lib/apparmor/profile-load is failing due to is_container_with_internal_policy() failing due to /sys/kernel/security/apparmor/.ns_name being empty which causes if [ "${ns_name#lxd-*}" = "$ns_name" ] && \ [ "${ns_name#lxc-*}" = "$ns_name" ]; then return 1 fi to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1746463/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp