How reliable/repeatable is this for you?
I have been hammering a machine for multiple days and not been able to
trip this once.
I have been using the 4.8 ubuntu kernel the ubuntu-lxc/daily and the
ubuntu-lxc/stable ppas. Any more info you can provide?
--
You received this bug notification
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: linux (Ubuntu Yakkety)
Assignee: (unassigned) => John Johansen (jjohansen)
** Changed in: linux (Ubuntu Zesty)
Assignee: (unassigned) => John Johansen (jjohansen)
*
I have done some light testing on this, trying to develop a none snap
based test to verify it. The test is no where near as reliable as the
snappy test. I haven't been able to trigger the bug on the new kernel
yet, with the caveat that it could just be the test. I am inclined to
declare this
note: that for xenial there are several pieces that must land as
different SRUs. Just using the xenial SRU kernel is not sufficient.
There is an apparmor userspace SRU that is required, and squashfuse sru
...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This appears to be a problem with the test
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification
This appears to be an issue with the test.
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification
Alright I have replicated and there is indeed a problem here. It will
work if the first profile starts with a / but fails when it doesn't
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => John Johansen (jjo
Yuqiong Sun,
the parser is sensitive to white space. If your profile has white space
in the name you will need to use quotes around it
/root/test/read px -> "readtest1 //& readtest2",
otherwise you will need to remove the white space and specify it as
/root/test/read px -> readtest1//,
I need more information about what else is going on, on the system when
the this triggers
is there profile replacement happening, what kind of load, ...
so far I have been unable to trigger this, and the code looks good
** Changed in: linux (Ubuntu)
Status: In Progress => Incomplete
--
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: linux (Ubuntu)
Status: Confirmed => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are
** Changed in: linux (Ubuntu Yakkety)
Status: Triaged => Invalid
** Also affects: linux (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Trusty)
Status: New => Triaged
** Also affects: linux (Ubuntu Precise)
Importance: Undecided
** Also affects: apparmor (Ubuntu Yakkety)
Importance: Critical
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released
** Also affects: linux (Ubuntu Yakkety)
Importance: Critical
Assignee: John Johansen (jjohansen)
Status: Fix Released
** Also affects: lxd (Ubuntu
** Changed in: apparmor
Status: New => Fix Committed
** Changed in: linux (Ubuntu Yakkety)
Status: Incomplete => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630069
I'm not sure what messed up the settings, but there isn't enough of a
trail to say if it was the unity update, compiz update or some other
random change.
So moving to invalid
** Changed in: unity (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a
Got it. It required that I install ccsm and toggle the Desktop Wall
setting
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630354
Title:
can not switch workspaces using keyboard short cuts
To
Public bug reported:
16.04 - fully updated
keyboard short cuts to switch workspaces used to work. After last reboot
they don't. Checked in system settings, keyboard short cuts are set.
Tried resetting them, no go. Tried alternate keys short cuts, no go.
Tried rebooting they still don't work.
but it results in the test breaking
for everyone using upstream releases against pre 4.8 kernels.
** Affects: apparmor
Importance: Undecided
Assignee: John Johansen (jjohansen)
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: John Johansen (jjohansen
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Importance: Undecided => Critical
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (
slight revision
/sys/kernel/security/apparmor/features/domain/ns_stacked contains
yes/no if stacked across policy namespace
/sys/kernel/security/apparmor/features/domain/ns_name contains the
name of the namespace
as long as lxc sets up a detectable namespace ns_name can be used to
In testing I have not been able to reproduce.
But from the oops it looks either like potentially like memory corruption, or
corruption of the cred. The oops reports
invalid opcode: [#1] SMP
however the piece of code triggering this is used all the time, so the
more likely scenario is
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615881
Title:
The label build for onexec when stacking is wrong
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615882
Title:
dfa is missing a bounds check which can cause an
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1593874
Title:
warning stack trace while playing with apparmor
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615878
Title:
__label_update proxy comparison test is wrong
To
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615880
Title:
The inherit check for new to old label comparison
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615889
Title:
label vec reductions can result in reference labels
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615892
Title:
deleted files outside of the namespace are not being
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615895
Title:
apparmor module parameters can be changed after the
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615887
Title:
profiles from different namespaces can block other
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615893
Title:
change_hat is logging failures during expected hat
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
AppArmor profile reloading causes an intermittent
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615890
Title:
stacking to unconfined in a child namespace confuses
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status:
)
Importance: Critical
Assignee: John Johansen (jjohansen)
Status: Incomplete
** Also affects: linux (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Yakkety)
Status:
I believe I have finally tracked this one down. It only occurs when an
fd is shared between 9 or more separate profile domains and one of those
profiles is removed. The removal part can happen during the apparmor
reload phase, if a profile was renamed which is more likely on touch and
snappy.
*** This bug is a duplicate of bug 1579135 ***
https://bugs.launchpad.net/bugs/1579135
Note: there is a new test kernel using +jj61 at
http://people.canonical.com/~jj/linux+jj/
This should be the final fix for this issue
--
You received this bug notification because you are a member of
could you try reproducing with the kernel in
http://people.canonical.com/~jj/linux+jj/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
can you try the kernel in
http://people.canonical.com/~jj/linux+jj/
yes it is a xenial kernel but it should still work on trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
Title:
The apparmor profile is tailored for the default dovecot install if you
have a custom build or have tweaked the configuration the apparmor
profile may need to be modified.
Can you tell how/where your dovecot came from, apt/snap/custom build
Can you please attach your dovecot configs so we can
possibly. There isn't actually enough information in that bug to be sure
if it is an actual namespacing issue or it is a separate bug to do with
unix domain sockets.
Unfortunately the workaround of attach_disconnect is still required to
deal with these issues.
--
You received this bug
This should be fixed in Xenial, there is a large patchset (30 or so
patches) that can be SRUed to vivids 3.16 kernel
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1378123
Title:
Is the snap removed and then reinstalled?
Has this been triggered just by running the snap?
When was the kernel rebooted since the snap was installed? Since the snap was
removed?
...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have been unable to trigger the first bug reported. Can you attach a
flattened versions of your profile set?
apparmor_parser -p your_profile > flattened_profile
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have been unable to trigger this bug can you please provide more
information?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
To
I have updated the debug kernel at
http://people.canonical.com/~jj/lp1581990/
it adds more debug and fixes the 2nd issue you encountered.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
That sadly was not very helpful, it died in a completely different place
and didn't trip any of the additional debug.
Would it be possible to try it again?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have uploaded a debug kernels to
http://people.canonical.com/~jj/lp1581990/
If you could install that and test, hopefully it has enough debug to
track this issue down
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Are the oops warnings reliable for you? It appears to be a ref count bug
or race and I have not been able to track it down yet. If it is some
what reliable would you be willing to try a debug kernel to help track
the issue down?
--
You received this bug notification because you are a member of
No, which means its a race of some kind
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
To manage notifications about this bug go to:
The deny modifier has been fixed in the 2.11 parser. However, the audit
modifier is not properly supported by the backend permission format and
will result in equality.sh failing
With the above patch to equality.sh, the failures all involve audit
which is being silently dropped in permission
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581202
Title:
CVE-2016-0758
To manage notifications about this bug go to:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581201
Title:
CVE-2016-3713
To manage notifications about this bug go to:
are these custom/modified dovecot profiles?
what other profiles are loaded?
can you provide the output of aa-status?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1581990
Title:
Profile reload
*** This bug is a security vulnerability ***
Private security bug reported:
Placeholder
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu)
*** This bug is a security vulnerability ***
Private security bug reported:
Placeholder
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-ti-omap4 (Ubuntu)
On 05/11/2016 11:46 AM, Tyler Hicks wrote:
> On 05/11/2016 10:22 AM, Jamie Strandboge wrote:
> ...
>>
>> We then have dbus-session-strict:
>> unix (connect, receive, send)
>>type=stream
>>peer=(addr="@/tmp/dbus-*"),
>>
>> There is a problem with this policy though; that access is
What kernel (full version) did this occur on?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1579135
Title:
kernel BUG on snap disconnect from within a snap
To manage notifications about this bug
To be clear we are not talking about removing support for
flags=(complain) from the parser or the language. Just defaulting to
using the symlink for aa-complain because of broken packaging systems :P
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Hrmmm, I thought this was fixed in the parser. Maybe its only part 1 or
a 2 part fix that was done, we will have to check but the cached policy
know stores a flag in the header that it was built with complain mode
making it possible to detect this condition without having to parse the
whole cache
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot permit some operations for sssd
To manage
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1528139
Title:
serialize_profile_from_old_profile() crash if file contains
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1534405
Title:
Regression in parser compiling/loading a directory
To manage
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1324608
Title:
when aa-logprof processed file access rules with mask of "c" the
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1540562
Title:
aa-genprof crashes in logparser NoneType has no "replace"
To
It needs to be set in the profile file
/etc/apparmor.d/sbin.dhclient
apply the following change
--- a/sbin.dhclient 2016-02-25 06:32:17.0 -0800
+++ b/sbin.dhclient 2016-04-10 12:41:41.826906424 -0700
@@ -3,7 +3,7 @@
# Author: Jamie Strandboge
#include
For the record it is this commit that made the change
https://gitlab.com/procps-
ng/procps/commit/5da390422d2b58902731655ddd12439126a051da
it was previously terminating the string when it hit the space before
the mode. Now it is using isprint(outbuf[len]) and space is a printable
character.
--
The apparmor /proc/ interface has always included the mode info, so the
change must be in how ps handles the security label
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1561330
Title:
ps security
@Jamie, I had assumed we would be using --skip-kernel-load. I was just
bringing up that policy versioning is not just about having different
versions of policy for different kernels but also about dealing with
failure cases.
--
You received this bug notification because you are a member of
Versioned policy is needed on touch if the compile is going to be done
before reboot. You do not want to blow away currently enforcing policy
and install the new version and then run into a situation where you
fail, or don't reboot. So at the very least for the failure case we
need to support
Correct.
There are actually several ways to get disconnected paths and this
specific one is being caused by the new file ns. The proper fix for this
is delegating access to the object that would not normally be
accessible, however delegation is not available in the current releases
of apparmor
Alessio,
so from the boot chart I am not able to say what is causing the delay. What I
do see is a large gap in activity for both the cpu and i/o.
That gap lines up roughly with the start of pulse audio, but that doesn't
necessarily make it the culprit. We then get a large gap of little to no
Please note, this will require future backport kernels to be patched to
maintain this semantic for the LTS release. Upstream kernels and future
ubuntu kernels will not retain the broken semantic.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
To clarify "necessary to open up".
1. the old behavior was wrong. It allowed introspection of policy in situation
that it should not have.
2. In order to open up the profiles file so that more than the system root
could introspect it, DAC restrictions needed to be removed and the permission
This is not an issue. It is working as designed and is necessary to open
up the file for the stacking work.
This patch should be reverted immediately as it opens up a policy
introspection hole.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Summary changed:
- namespace stacking
+ policy namespace stacking
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1379535
Title:
policy namespace stacking
To manage notifications about this bug
** Description changed:
- Tracking bug for supporting stacked namesapaces (ie, different profiles
- on host, container, container in a container, etc)
+ Tracking bug for supporting stacked policy namesapaces (ie, different
+ profiles on host, container, container in a container, etc)
--
You
** Attachment added: "Log of failure"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1554002/+attachment/4591441/+files/log.gz
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1554002
Title:
This is a failure/regression on ppc64el. A full list of all runs
including retries is available at
http://autopkgtest.ubuntu.com/packages/l/linux/vivid/ppc64el/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Yes kicking off a policy compile as part of an update should be
possible. It certainly is for .debs, I am not sure of the exact details
for click or snappy.
As mentioned above, this compile could even be done as a low priority
background task so that the user update wouldn't pick up the cost.
Sure we want a good user experience.
We need to land the 2.11 version of apparmor which provides several
performance improvements. Its can be up to about 35% faster.
Another potential solution not discussed so far is kicking off a low
priority background process. This has its own issues, it
*** This bug is a duplicate of bug 1350598 ***
https://bugs.launchpad.net/bugs/1350598
The duplicate status is not wrong but the information in that bug is
dense. Please read it for a more in depth answer
1. a simple change does not necessarily cause all policy to be
recompiled. Only policy
*** This bug is a duplicate of bug 1546455 ***
https://bugs.launchpad.net/bugs/1546455
** This bug has been marked a duplicate of bug 1546455
Many instances of 'apparmor="DENIED" operation="create"
profile="/usr/sbin/ntpd" pid=15139 comm="ntpd" family="unspec"
sock_type="dgram"
Toby,
what distro, release and kernel are you using?
And would you be willing to try a custom test kernel?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1428490
Title:
AppArmor vs
Toby,
what distro, release and kernel are you using?
And would you be willing to try a custom test kernel?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1428490
Title:
AppArmor vs unix socket
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor/2.10
Status: New => Fix Committed
** Changed in: apparmor/master
Status: New => Fix Committed
** Also affects: apparmor (Ubuntu Wily)
Importance: Undecided
Status: New
Kernels with version 3 of the fix can be found at
http://people.canonical.com/~jj/lp1446906/
please test and leave feedback as to whether this fixes the issue
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
Kernels with version 3 of the fix can be found at
http://people.canonical.com/~jj/lp1446906/
please test and leave feedback as to whether this fixes the issue
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1527374
Title:
privilege escalation on attach through ptrace
To manage
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1527374
Title:
privilege escalation on attach through ptrace
To
Please try the test kernels at
http://people.canonical.com/~jj/lp1446906/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with postfix, permission denied on mailq
To
401 - 500 of 8095 matches
Mail list logo