This was fixed in 2.13.3-5ubuntu1 in Ubunt 19.10
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
@Rex and @Shih-Yuan, I believe Chris is planning to push this through
-security in his morning.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1842651
Title:
Regression: after Uprade from udev_237-3u
> Please reject the packages that are currently in the unapproved queue.
Done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1842651
Title:
Regression: after Uprade from udev_237-3ubuntu10.25 to
u
FYI, this broke me as well. I have an 18.04 multi-nic system that went
through several upgrades and was relying on /etc/udev/rules.d/70
-persistent-net.rules to give me predictable eth* names where each eth*
name was used as part of a bridge. The recent change regressed this
since non-existent eth*
This should just all happen automatically in ufw based on bug feedback,
so marking ufw as "Won't Fix" instead of "Fix Released" since nothing
was needed in ufw (could've used Invalid, but that seemed worse than the
other two...)
** Changed in: ufw (Ubuntu)
Status: Triaged => Won't Fix
--
After discussing with Field, snapd, kernel and the security team, this
will break existing Ubuntu Core devices that use the 4.4 kernel and the
network-manager snap in the default channel (per reporter, the 1.10
channel is unaffected). Therefore, the 4.4 kernels snaps that include
this change (ie, 4
** Changed in: ufw (Ubuntu)
Status: New => Triaged
** Changed in: ufw (Ubuntu)
Importance: Undecided => Medium
** Changed in: ufw (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bu
Can you perform the following:
$ mkdir /tmp/ufw
$ sudo ufw show raw > /tmp/ufw/raw
$ sudo tar -zcvf /tmp/1833719.tar.gz /tmp/ufw /etc/default/ufw /etc/ufw /lib/ufw
then attach to this bug /tmp/1833719.tar.gz?
** Changed in: ufw (Ubuntu)
Status: Expired => Incomplete
--
You received this
Indeed, that is exactly what
https://git.netfilter.org/iptables/commit/?id=e5cab728c40be88c541f68e4601d39178c36111f
did. Are you saying there are other cases where a similar commit is
needed? IMO, those should be patched before 1.8.3 goes into eoan. Unless
I am missing something, iptables is correc
It seems like iptables going into a busy loop as non-root is also a bug
that should be fixed? At the very least, iptables should bail prior to
that condition saying that root is needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
h
Thanks for chasing this down! It seems clear that while the ufw
autopkgtest found the issue, the bug is not in ufw.
** Changed in: ufw (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
Public bug reported:
snapd needs the ability to call 'groupdel --extrausers foo' to clean up
after itself, but --extrausers is currently unsupported.
** Affects: snapd
Importance: Undecided
Assignee: Michael Vogt (mvo)
Status: New
** Affects: shadow (Ubuntu)
Importance: U
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Medium
** Changed in: apparmor (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824384
Title:
libap
This looks to be a local system issue with python3-minimal being removed
and then the prerm scripts from various programs failing due to
debhelper scripts that the package use can't find the required binaries.
Removing python3.6-minimal (3.6.8-1~16.04.york1) ...
Unlinking and removing bytecode for
Public bug reported:
The notmuch package recommends:
Recommends: elpa-notmuch | notmuch-vim | notmuch-mutt | alot, gnupg-
agent, gpgsm
By default it will try to an MUA, and that will be elpa-notmuch if you
don't have any other.
However, if you already installed NeoMutt, that also works with
(nemo:31811): CinnamonDesktop-WARNING **: 01:08:30.200: Error creating
thumbnail for smb://akem-
hp.local/comics_bds_mangas/Scrooge/Uncle%20Scrooge%20(001-100)%20GetComics.INFO/029%20Uncle%20Scrooge.cbr:
Unrecognized image file format
This suggests that the problem is not due to the apparmor profi
FYI, I tested this and 2.13.2-9ubuntu6.1 fixes this bug.
I also executed
https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor (sans dbus
optional bits) and everything passed.
Lastly, I wanted to double check the performance impact of no-expr-
simplify on amd64 especially as it pertains to cl
Thank you for using ufw and filing a bug. Please keep in mind that the
firewall is sensitive to rule order. What is the output of 'sudo ufw
show numbered'?
** Changed in: ufw (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Thanks! FYI, for the udev accesses:
https://github.com/snapcore/snapd/pull/7019
** Changed in: snapd (Ubuntu)
Status: Incomplete => In Progress
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because y
You can 'sudo snap connect chromium:mount-observe' for /etc/fstab.
/run/mount/utab is more complicated and you can read about it here:
https://forum.snapcraft.io/t/namespace-awareness-of-run-mount-utab-and-
libmount/5987
For the /run/udev/data accesses, can you paste the output of:
$ cat /run/ude
** Tags removed: apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826415
Title:
Videos do not play in presentation mode
To manage notifications about this bug go to:
https://bugs.launchpad.n
Ubuntu 14.04 LTS is now out of standard support and evince is not
included in ESM.
** Changed in: evince (Ubuntu Trusty)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
** Description changed:
+ [Impact]
+
+ * AppArmor 2.13 unconditionally invalidates its cache when parser options
are specified. To decrease compile times for ARM systems, -O no-expr-simplify
has been used in Ubuntu for click and snap policy for many years, but was
temporarily disabled during
** Changed in: apparmor
Status: In Progress => Fix Released
** Changed in: apparmor (Ubuntu Disco)
Status: Triaged => In Progress
** Changed in: apparmor
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubun
** Changed in: apparmor (Ubuntu Eoan)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820068
Title:
specifying -O no-expr-simplify results in cache miss
T
riaged
** Also affects: apparmor (Ubuntu Disco)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu Eoan)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu Disco)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
*
** Description changed:
With 2.13.2 and the most recent testsuite patches from the 2.13 branch,
I find that the cache works correctly when no options are specified. Eg
# setup
$ mkdir -p /tmp/aa/cache /tmp/aa/profiles
$ cp /etc/apparmor.d/sbin.dhclient /tmp/aa/profiles/
# no opti
FYI, please note that seccomp 2.4.1 was pushed to bionic in
https://usn.ubuntu.com/4001-1/ on 2019/05/30. It shouldn't affect this
bug report AFAICT because while the 2.4.1 Ubuntu packaging drops these
patches, the upstream commits for lp-1815415-arch-update-syscalls-for-
Linux-4.9.patch and lp-181
Public bug reported:
When setting up deja-dup to backup to Google drive, it says that
dulicity & python-gi are not installed (this is expected). It gives the
option to install these packages, but the system warns that they are
from an untrusted source.
Installing the same packages from terminal r
This was fixed in upstream 2.3.2 which was fixed in cosmic. As of
https://usn.ubuntu.com/4001-1/ pulling back 2.4.1, this is now fixed
everywhere.
** Changed in: libseccomp (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
libseccomp was updated in trusty ESM here:
https://usn.ubuntu.com/4001-2/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1586496
Title:
Upgrade libseccomp library in main
To manage notifications abo
This could be argued as Won't Fix since trusty is out of standard
support, but it did, in the end, receive an upgrade in trusty esm, so
marking Fix Released.
** Changed in: libseccomp (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ub
FYI, libseccomp is now published: https://usn.ubuntu.com/4001-1/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830859
Title:
new libseccomp 2.4 (in proposed) makes rebuilds need but not generate
@Ian - how did you generate this profile? Is this something that snapd
generated (it doesn't look like typical snap-update-ns profiles...)? If
it did, can you attach the snap.yaml (this seems like atypical usage of
the layouts feature)?
--
You received this bug notification because you are a memb
Ah! I followed the same guide, as I also wanted manual disk encryption
so I could dual boot and ran into the same issue.
The fix above works for me too, after specifying `UUID=xxx` you only
need `none luks` and nothing in any of the other 2 files mentioned.
Many thanks!
--
You received this bug
@Christina - I suggest filing a new bug with more specifics. That said,
I suspect you have a .dpkg-dist file in /etc/apparmor.d or
/etc/apparmor.d/abstractions that has changes that need to be merged
into your evince profile.
--
You received this bug notification because you are a member of Ubunt
For what it's worth, I'm still seeing set-name having no affect on a
server's only interface.
Server is using Ubuntu 19.04, with netplan.io-0.96-0ubuntu4.1, AMD64
arch. It's a bare-metal server with a single "e1000e" ethernet device.
No cloud-init installed.
Config file /etc/netplan/01-netcfg.ya
Is there any plan to implement this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1743200
Title:
No support for interface labels
To manage notifications about this bug go to:
https://bugs.launchpa
;Connect to other bus', choose unix:path=/tmp/test-system and see
system bus
$ d-feet # 'Connect to other bus', choose unix:path=/tmp/test-session and see
session bus
$ ls -l /run/user/1000/.dbus-proxy/
total 0
srwxr-xr-x 1 jamie jamie 0 May 10 17:32 a11y-bus-proxy-A5PT1Z
srwxr-xr-x 1
FYI, I used virt-install with --qemu-commandline="--enable-kvm" with
--arch=i686 (and qemu-system-i386) and it was not paused during my setup
of the VM. I then tried again without --qemu-commandline="--enable-kvm"
(ie, just --arch=i686) and it worked fine. I guess the issue with the
pausing was unr
"Also, during the running of my disco i386 vm with qemu-system-i386 it
ended up in a paused state during a big 'apt-get install ubuntu-desktop'
and could not be unpaused. I had to destroy then start, 'sudo dpkg
--configure -a' and then try to resume work. This may be unrelated, but
I mention this a
Let me try that again...
Interestingly I just noticed with my previous i386 VMs, they are started
with qemu-system-x86_64 (via kvm-spice, a symlink to kvm with started
the VM with --enable-kvm), but if I choose --arch=i686 on disco, it is
started with qemu-system-i386 (and no --enable-kvm). I thin
Also, during the running of my disco i386 vm with qemu-system-i386 it
ended up in a paused state during a big 'apt-get install ubuntu-desktop'
and could not be unpaused. I had to destroy then start, 'sudo dpkg
--configure -a' and then try to resume work. This may be unrelated, but
I mention this as
Interestingly I just noticed with my previous i386 VMs, they are started
with qemu-system-x86_64, but if I choose --arch=i686 on disco, it is
started with qemu-system-x86_64 (via kvm-spice, a symlink to kvm with
started the VM with --enable-kvm). I think this suggests that perhaps
libvirt perhaps a
Public bug reported:
For many years I've been able to create x86 VMs on an x86_64 host with a
command line like the following:
$ virt-install --connect=qemu:///system --name=sec-disco-i386
--arch=i386 --cpu=host-passthrough --ram=1280 --disk=path=.../sec-
disco-i386.qcow2,size=10,format=qcow2,spa
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826429
Title:
package apparmor 2.13.2-9ubuntu6 failed to install/upgrade: installed
ap
** Also affects: snapd
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826460
Title:
Every snap gives "create user data directory" after upgrade to 19.04
The error happened again after a snapd upgrade. I suspect it isn't
handling the udev trigger events that snapd does particularly well (even
though that is supposed to be safe).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bu
I'm also seeing this behavior in gnome-shell on disco.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/520546
Title:
Alt+KEY incorrectly behaves like Ctrl+Alt+KEY
To manage notifications about this b
"I guess the question is: Shouldn't we have a python-apport abstraction
that apps (or local admin) can include to make debugging work under
apparmor? It should probably live in apport, I guess, so apport can
define which files it needs."
Perhaps an abstraction makes sense to optionally add it in f
I might also mention on IRC the exact type of thing why we've had these
rules in the profile that ship them:
[119698.000187] audit: type=1400 audit(1555405334.985:222):
apparmor="DENIED" operation="exec" profile="/usr/sbin/kopano-search"
name="/usr/bin/x86_64-linux-gnu-gcc-8" pid=15647 comm="kopan
Traditionally we have actually put these accesses in the packages that
ship the profile, like Marc said, because profilers may not want the
profile to automatically have everything apport requires. These accesses
should *not* be in the python abstraction because the accesses have
nothing to do with
Uploaded 2.13.2-9ubuntu6 with the SFS_MOUNTPOINT change.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does not start in Disco LXD containers
To manage notifications about t
Since the apparmor SFS_MOUNTPOINT change is small, I'll prepare an
upload for that immediately. We may need another parser update for the
other issue.
** Changed in: apparmor (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
B
The following will reproduce the issue in a disco VM with disco LXD
container:
Initial setup:
1. have an up to date disco vm
$ cat /proc/version_signature
Ubuntu 5.0.0-11.12-generic 5.0.6
2. sudo snap install lxd
3. sudo adduser `id -un` lxd
4. newgrp lxd
5. sudo lxd init # use defaults
6. . /et
There are two bugs that are causing trouble for apparmor policy in LXD
containers:
1. the rc.apparmor.functions bug (easy fix: define SFS_MOUNTPOINT at the right
time
2. there is some sort of an interaction with the 5.0.0 kernel that is causing
problems
I'll give complete instructions on how to
** Summary changed:
- apparmor no more starting in Disco LXD containers
+ apparmor does not start in Disco LXD containers
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor does
This is due to a bug in upstream parser/rc.apparmor.functions because
SFS_MOUNTPOINT is only set after is_apparmor_loaded() is called, but
is_container_with_internal_policy() doesn't call it.
/lib/apparmor/apparmor.systemd calls is_container_with_internal_policy()
prior to apparmor_start() and it i
** Also affects: apparmor
Importance: Undecided
Status: New
** Changed in: apparmor
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824812
Title:
apparmor no
** Changed in: libvirt (Ubuntu)
Status: New => Invalid
** Changed in: apparmor (Ubuntu)
Status: New => Triaged
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu)
Importance: Undecided => H
> > Understanding that usbguard is a target for main, I've been running it
> > on my laptop for a little while and can say that there is a real issue
> > with the daemon stopping which causes all USB inserts to fail closed
> > until the daemon is restarted. I've also suspected some external
>
> Di
I've stated my preference for upstream: https://www.redhat.com/archives
/libvir-list/2019-April/msg00750.html
For Ubuntu, if the issue is causing a lot of issues, I'm open to a
distro patch that enables the access by default on the condition that
/etc/libvirt/qemu.conf is adjusted to have a commen
To be clear, when I installed linux-modules-extra-5.0.0-8-generic, I no
longer saw this error message. Of course, it might not strictly be a
duplicate, but I'll let the kernel team figure that out.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
FYI, I saw this when looking at
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823862. In the
other bug, the reporter say a different error message, but I saw
'iptables v1.6.1: can't initialize iptables table `filter': Memory
allocation problem'. If those in this bug do not have linux-module
I can confirm that without linux-modules-extra-*, iptables is broken.
Reduced test case:
$ sudo iptables -L -n
iptables: No chain/target/match by that name.
Full test case:
$ sudo /usr/share/ufw/check-requirements -f
...
ERROR: could not create 'ufw-check-requirements'. Aborting
FAIL: check your
Marking the ufw task as Invalid. The kernel doesn't have what is needed
to run iptables.
** Changed in: ufw (Ubuntu)
Status: New => Invalid
** Changed in: ufw (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification becaus
Understanding that usbguard is a target for main, I've been running it
on my laptop for a little while and can say that there is a real issue
with the daemon stopping which causes all USB inserts to fail closed
until the daemon is restarted. I've also suspected some external
keyboard weirdness afte
"I can only think this is something cloud-image specific."
Can you provide the requested information in the earlier comments?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823862
Title:
disco: una
Another thing that might be useful is attaching a tarball of /lib/ufw,
/etc/ufw, and /etc/default/ufw.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823862
Title:
disco: unable to enable ufw
To ma
FYI, I also tried the above with setting /etc/default/ufw to have
IPV6=no and everything works fine (and the v6 rules are not added).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823862
Title:
dis
You said that the swift charm is disabling ipv6 in certain situations.
Is it updating /etc/default/ufw? Is it disabling it elsewhere? In the
failing instance, before trying to setup swift or run ufw or anything,
what is the output of 'sudo /usr/share/ufw/check-requirements'?
--
You received this
The usefulness of the policy aside (it is configured wide open), I still
can't reproduce with http://cdimage.ubuntu.com/ubuntu-
server/daily/current/disco-server-amd64.iso that I just downloaded:
$ sudo ufw default allow incoming
Default incoming policy changed to 'allow'
(be sure to update your r
Ubuntu)
Status: New => Incomplete
** Changed in: ufw (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823862
T
I've verified this on cosmic using a combination of test-ufw.py from QRT
(which in addition to various smoke/etc tests, runs all the tests in the
testsuite, including root/iptables tests):
ufw:
Installed: 0.36-0ubuntu0.18.10.1
Candidate: 0.36-0ubuntu0.18.10.1
Version table:
*** 0.36-0ubuntu
I've verified this on bionic using a combination of test-ufw.py from QRT
(which in addition to various smoke/etc tests, runs all the tests in the
testsuite, including root/iptables tests):
ufw:
Installed: 0.36-0ubuntu0.18.04.1
Candidate: 0.36-0ubuntu0.18.04.1
Version table:
*** 0.36-0ubuntu
Verified this is fixed in bionic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.04.1
Candidate: 0.36-0ubuntu0.18.04.1
Version table:
*** 0.36-0ubuntu0.18.04.1 500
500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main amd64
Packages
500 http://us.archive.ubu
Verified this is fixed in bionic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.04.1
Candidate: 0.36-0ubuntu0.18.04.1
Version table:
*** 0.36-0ubuntu0.18.04.1 500
500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main amd64
Packages
500 http://us.archive.ubu
Tested this is fixed in cosmic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.10.1
Candidate: 0.36-0ubuntu0.18.10.1
Version table:
*** 0.36-0ubuntu0.18.10.1 500
500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64
Packages
500 http://us.archive.ubunt
Tested this is fixed in cosmic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.10.1
Candidate: 0.36-0ubuntu0.18.10.1
Version table:
*** 0.36-0ubuntu0.18.10.1 500
500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64
Packages
500 http://us.archive.ubunt
Tested this is fixed in cosmic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.10.1
Candidate: 0.36-0ubuntu0.18.10.1
Version table:
*** 0.36-0ubuntu0.18.10.1 500
500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64
Packages
500 http://us.archive.ubunt
Verified this is fixed in bionic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.04.1
Candidate: 0.36-0ubuntu0.18.04.1
Version table:
*** 0.36-0ubuntu0.18.04.1 500
500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main amd64
Packages
500 http://us.archive.ubu
Verified this is fixed in bionic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.04.1
Candidate: 0.36-0ubuntu0.18.04.1
Version table:
*** 0.36-0ubuntu0.18.04.1 500
500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main amd64
Packages
500 http://us.archive.ubu
Tested this is fixed in cosmic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.10.1
Candidate: 0.36-0ubuntu0.18.10.1
Version table:
*** 0.36-0ubuntu0.18.10.1 500
500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64
Packages
500 http://us.archive.ubunt
Verified this is fixed in bionic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.04.1
Candidate: 0.36-0ubuntu0.18.04.1
Version table:
*** 0.36-0ubuntu0.18.04.1 500
500 http://us.archive.ubuntu.com/ubuntu bionic-proposed/main amd64
Packages
500 http://us.archive.ubu
Tested this is fixed in cosmic:
$ apt-cache policy ufw
ufw:
Installed: 0.36-0ubuntu0.18.10.1
Candidate: 0.36-0ubuntu0.18.10.1
Version table:
*** 0.36-0ubuntu0.18.10.1 500
500 http://us.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64
Packages
500 http://us.archive.ubunt
** Description changed:
- While investigating bug #820317 I noticed that firewalld autopkgtests
+ While investigating bug #1820317 I noticed that firewalld autopkgtests
started failing:
2019-03-24 17:30:19 ERROR: COMMAND_FAILED: '/sbin/ipset add foobar
10.1.2.0/22' failed: ipset v6.38: Ke
Uploaded to disco-proposed.
** Changed in: apparmor (Ubuntu)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817799
Title:
[FFe] apparmor 2.13
To manage noti
I've confirmed that the "Could not open '/var/lib/snapd/apparmor/snap-
confine'" is not present in standard install of disco. This was a local
issue.
I've also updated the packaging to remove the "dpkg: warning: unable to
delete old directory '/etc/apparmor.d/cache': Directory not empty"
message.
** Description changed:
[Impact]
This bug is the master bug for a one time SRU of ufw to the new 0.36
release. Typically patches would be individually backported like normal,
but the new 'prepend' command feature is the impetus for this SRU and it
- contains most of the code changes. Ot
FYI, I've reuploaded 0.36 to bionic-proposed and cosmic-proposed after
updating the master bug's description.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1368411
Title:
Cannot insert IPV6 rule bef
FYI, I've reuploaded 0.36 to bionic-proposed and cosmic-proposed after
updating this master bug's description.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1811129
Title:
update ufw to 0.36
To man
** Description changed:
[Impact]
This bug is the master bug for a one time SRU of ufw to the new 0.36
release. Typically patches would be individually backported like normal,
but the new 'prepend' command feature is the impetus for this SRU and it
contains most of the code changes. Ot
The failures are still there
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-disco/disco/amd64/f/firewalld/20190325_151135_3b840@/log.gz:
2019-03-25 15:04:45 ERROR: COMMAND_FAILED: '/sbin/ipset add foobar 10.1.2.0/22'
failed: ipset v6.38: Kern
Ah, looks like seb128 was already aware of this since he prepared the
ipset 7.1 upload:
https://launchpad.net/ubuntu/+source/ipset/7.1-0ubuntu1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1821596
Ti
$ ./remove-package -m "1.8.2 abandoned, will wait for 1.8.3 (LP: #1820317)" -s
disco-proposed iptables
Removing packages from disco-proposed:
iptables 1.8.2-4ubuntu1 in disco
iptables 1.8.2-4ubuntu1 in disco amd64
iptables 1.8.2-4ubuntu1 in disco arm64
Public bug reported:
While investigating bug #820317 I noticed that firewalld autopkgtests
started failing:
2019-03-24 17:30:19 ERROR: COMMAND_FAILED: '/sbin/ipset add foobar
10.1.2.0/22' failed: ipset v6.38: Kernel support protocol versions 6-7
while userspace supports protocol versions 6-6"
As
For whoever looks at this, FYI, it looks like the last time these two
tests passed was with a 4.19 kernel: testbed running kernel: Linux
4.19.0-13-generic #14-Ubuntu SMP Thu Feb 7 21:51:25 UTC 2019
See:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/auto
I upload 0.6.3-5ubuntu4 for the Depends/Recommends update but expect it
to fail due to the ipset issues. I filed bug 1821596 for that.
** Changed in: firewalld (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
I took a look at this and found that:
a) firewalld root-unittests autopkgtests fail when using either iptables 1.6 or
1.8 in release due to https://bugzilla.redhat.com/show_bug.cgi?id=1601610 and
the failure is: "2019-03-24 17:30:19 ERROR: COMMAND_FAILED: '/sbin/ipset add
foobar 10.1.2.0/22' fa
FYI, I cannot reproduce this with even less memory:
$ iptables --version
iptables v1.6.1
$ free
totalusedfree shared buff/cache available
Mem: 265712 114824 667441024 84144 36024
Swap: 0 0
401 - 500 of 19492 matches
Mail list logo
