[Bug 1853164] Re: systemd: /etc/dhcp/dhclient-enter-hooks.d/resolved error

2021-07-10 Thread Daniel Richard G.
FWIW, the fix in focal-proposed looks good on my end as well. I can confirm that the /etc/dhcp/dhclient-enter-hooks.d/resolved script now has the is-enabled check, and while I won't be able to test out resolvconf, I regard the updated conditional as equivalent to my previous known-good workaround

[Bug 1871726] Re: "systemd --user" and child processes fail to exit when user logs out

2021-07-01 Thread Daniel Richard G.
Yes, it is still an issue in focal. Was there an update since last year that should have addressed this? ** Changed in: systemd (Ubuntu) Status: Invalid => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1853164] Re: systemd: /etc/dhcp/dhclient-enter-hooks.d/resolved error

2021-06-30 Thread Daniel Richard G.
Thank you @ddstreet, I'm happy to see this as well. I'd like to get rid of the workaround I've been using for this issue: # dpkg-divert --divert /etc/dhcp/dhclient-enter- hooks.d/resolved.DISABLED --rename /etc/dhcp/dhclient-enter- hooks.d/resolved -- You received this bug notification because

[Bug 1871728] Re: geoclue agent process persists after user logout

2021-04-09 Thread Daniel Richard G.
KillUserProcesses=yes is a sledgehammer of a solution. I would advise just removing the geoclue package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871728 Title: geoclue agent process persists

[Bug 1881357] [NEW] abstractions/X needs new ICEauthority path

2020-05-29 Thread Daniel Richard G.
Public bug reported: This concerns apparmor 2.13.3-7ubuntu5 in Ubuntu focal. Saw this during a Firefox test run: May 29 17:25:32 test-ubuntu64 kernel: [ 818.399967] audit: type=1400 audit(1590787532.023:69): apparmor="DENIED" operation="open" profile="firefox"

[Bug 1880841] [NEW] usr.sbin.nscd needs unix socket access to @userdb-*

2020-05-27 Thread Daniel Richard G.
Public bug reported: This concerns apparmor-profiles 2.13.3-7ubuntu5 in Ubuntu focal. I use the usr.sbin.nscd profile in enforce mode, and am seeing the following messages in /var/log/syslog . I don't know if the SIGABRT is related: May 27 04:39:56 test-ubuntu64 kernel: [ 199.392521] audit:

[Bug 1783044] Re: grub-efi-amd64 postinst fails to install GRUB if /boot/efi/EFI/ubuntu/ is not present

2020-05-19 Thread Daniel Richard G.
I've confirmed that, as of focal, the /boot/efi/EFI/ubuntu/ directory no longer needs to be present in order for the grub-efi-amd64 package to install the bootloader files. Even /boot/efi/EFI/ does not need to be there; it will be created. This issue still appears to exist on the Debian side,

[Bug 1879558] [NEW] grub-efi-amd64 postinst fails to install GRUB if previous GRUB install is not detected

2020-05-19 Thread Daniel Richard G.
Public bug reported: This concerns grub-efi-amd64 2.04-1ubuntu26 in Ubuntu focal. Currently, when grub-efi-amd64 (or grub-efi-amd64-signed) is installed or reconfigured, the following steps occur: 1. Package postinst script runs 2. postinst checks if /boot/grub/x86_64-efi/core.efi is

[Bug 1879466] [NEW] Purging grub-pc package deletes /etc/default/grub file owned by grub-efi-amd64

2020-05-19 Thread Daniel Richard G.
Public bug reported: This concerns grub-pc 2.04-1ubuntu26 in Ubuntu focal. I have the following packages installed. Note that grub-pc has been removed but not yet purged: root@xubuntu:/# dpkg -l | grep grub ii grub-common 2.04-1ubuntu26

[Bug 1878333] Re: AppArmor cache entries not removed when profile is deleted

2020-05-13 Thread Daniel Richard G.
That's why I hedged on having something like "apparmor unload". What you're saying explains why "restart" and "reload" are distinct actions (I'd never been clear on this), so having a new action that is "like 'stop' but actually does stop apparmor, even though that is not usually what you want"

[Bug 1878333] Re: AppArmor cache entries not removed when profile is deleted

2020-05-13 Thread Daniel Richard G.
A related issue: "/etc/init.d/apparmor stop" should invoke aa- teardown(8). Depending on the semantics of the apparmor "service," this could also be "/etc/init.d/apparmor unload" or the like. I was surprised to find that "apparmor stop" was not actually unloading the profiles, as I had assumed.

[Bug 1878333] Re: AppArmor cache entries not removed when profile is deleted

2020-05-13 Thread Daniel Richard G.
Thanks. I am in complete agreement. I don't need (or even want) AppArmor to automagically update the kernel state right after changing something under /etc/apparmor.d/, because having to do a SIGHUP/restart/etc. is already normal practice. But I do expect that a reboot/reload will take care of

[Bug 1877528] Re: Applet does not terminate at end of X desktop session

2020-05-13 Thread Daniel Richard G.
Aaaand the upstream has decided they can't/won't fix this issue. One thing that bothers me about this whole situation is that, in order for background services like this one to be cleaned up after logout, they need to behave "correctly." From my point of view, this is backwards. When the system

[Bug 1878333] Re: AppArmor cache entries not removed when profile is deleted

2020-05-13 Thread Daniel Richard G.
Hello John, I did not take any specific action to unload a profile from the kernel. Instead, I rebooted the system, under the assumption that this would wipe the slate clean, with everything reloading cleanly from /etc/apparmor.d/. The new profile I developed was under a new filename, because I

[Bug 1878333] [NEW] AppArmor cache entries not removed when profile is deleted

2020-05-12 Thread Daniel Richard G.
Public bug reported: This concerns apparmor 2.13.3-7ubuntu5 in Ubuntu focal. If I delete a profile from /etc/apparmor.d/, reboot the system, and then look in /var/cache/apparmor/.0/, I still see a file for the compiled form of the profile. The same occurs if the profile is "deleted" by

[Bug 1872564] Re: /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

2020-05-12 Thread Daniel Richard G.
Thanks for being on top of this, Sergio. I'm surprised that a LP search for "boot_id" in this project did not turn up this existing bug report. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872564

[Bug 1878175] [NEW] Abstraction needs access to @{PROC}/sys/kernel/random/boot_id

2020-05-12 Thread Daniel Richard G.
Public bug reported: This concerns apparmor 2.13.3-7ubuntu5 in Ubuntu focal. I have AppArmor actively enforcing policy on my system. In /var/log/syslog, I see a number of the following two sorts of messages: May 12 04:44:21 image-ubuntu64 kernel: [ 26.667094] audit: type=1400

[Bug 1877528] Re: Applet does not terminate at end of X desktop session

2020-05-10 Thread Daniel Richard G.
This bug was reported three years ago in Debian: https://bugs.debian.org/863227 ** Bug watch added: Debian Bug tracker #863227 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863227 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1877650] Re: Fails to remove /var/lib/command-not-found/ when package is purged

2020-05-10 Thread Daniel Richard G.
I wouldn't expect dpkg to know about the database files, but they should at least be deleted by a package script (prerm?) when the package is removed/purged. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1404172] Re: lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory

2020-05-08 Thread Daniel Richard G.
This issue persists in lightdm 1.30.0-0ubuntu3.1 in Ubuntu focal. I see the warnings not only for pam_kwallet.so, but also its successor pam_kwallet5.so, as well as pam_gnome_keyring.so (which I do not have installed). All three of these are referenced in /etc/pam.d/lightdm and

[Bug 1877666] [NEW] Python syntax warning in LayoutLoaderSVG.py

2020-05-08 Thread Daniel Richard G.
Public bug reported: This concerns onboard 1.4.1-2ubuntu7 in Ubuntu focal. Seen during package installation: [...] Setting up onboard (1.4.1-2ubuntu7) ... /usr/lib/python3/dist-packages/Onboard/LayoutLoaderSVG.py:447: SyntaxWarning: 'str' object is not callable; perhaps you missed a comma?

[Bug 1877664] [NEW] Python syntax warning in helpers.py script

2020-05-08 Thread Daniel Richard G.
Public bug reported: This concerns lightdm-gtk-greeter-settings 1.2.2-3 in Ubuntu focal. Seen during package installation: [...] Setting up lightdm-gtk-greeter-settings (1.2.2-3) ... /usr/lib/python3/dist-packages/lightdm_gtk_greeter_settings/helpers.py:281: SyntaxWarning: "is" with a literal.

[Bug 1877650] [NEW] Fails to remove /var/lib/command-not-found/ when package is purged

2020-05-08 Thread Daniel Richard G.
Public bug reported: This concerns command-not-found 20.04.2 in Ubuntu focal. The apt-get invocation largely tells the story: # apt-get --purge --autoremove remove command-not-found Reading package lists... Done Building dependency tree Reading state information... Done The following

[Bug 1877532] Re: at-spi-bus-launcher does not terminate at end of X session

2020-05-08 Thread Daniel Richard G.
This bug has LP: 1871726 as a quasi-parent. Those two processes shown in session-status are deceptive; ps(1) shows a much larger number of processes still remaining from the login session. When the two processes go away, however, all the others follow. The impact of this issue, then, is not

[Bug 1877528] Re: Applet does not terminate at end of X desktop session

2020-05-08 Thread Daniel Richard G.
This bug has LP: 1871726 as a quasi-parent. That one system-config-printer process shown in session-status is deceptive; ps(1) shows a much larger number of processes still remaining from the login session. When the s-c-p process goes away, however, all the others follow. The impact of this

[Bug 1871726] Re: "systemd --user" and child processes fail to exit when user logs out

2020-05-08 Thread Daniel Richard G.
Also related: LP: #1877532 It's possible that all the lingering processes are due to a couple of misbehaving applications. This isn't a great state of affairs (the cleanup process should not be so fragile that non-cooperative processes can stop it completely), but it might explain what's going

[Bug 1877532] [NEW] at-spi-bus-launcher does not terminate at end of X session

2020-05-08 Thread Daniel Richard G.
Public bug reported: This concerns at-spi2-core 2.36.0-2 in Ubuntu focal. I log into the Xfce desktop as "skunk" via xrdp, and then logout. A few minutes later, "loginctl list-sessions" shows the following: SESSION UID USER SEAT TTY 9 0 root c10 1000 skunk

[Bug 1871726] Re: "systemd --user" and child processes fail to exit when user logs out

2020-05-08 Thread Daniel Richard G.
Related: LP: #1877528 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871726 Title: "systemd --user" and child processes fail to exit when user logs out To manage notifications about this bug go

[Bug 1877528] [NEW] Applet does not terminate at end of X desktop session

2020-05-08 Thread Daniel Richard G.
Public bug reported: This concerns system-config-printer 1.5.12-0ubuntu1 in Ubuntu focal. I log into the Xfce desktop, and then logout. The screen returns to the LightDM login screen. A few minutes later, "loginctl list-sessions" shows the following: SESSION UID USERSEAT TTY

[Bug 1870640] Re: Does not register as x-www-browser alternative

2020-05-07 Thread Daniel Richard G.
Oliver and Ɓukasz, thank you for following this up. So that I understand, in focal, is the fix part of the transitional package, not in the snap? The former is described as "This is a transitional dummy package. It can safely be removed," but would removing it then remove Chromium as an x

[Bug 1871882] Re: Default session fails when not started by a login manager

2020-04-14 Thread Daniel Richard G.
I'm not sure that this new title is accurate, as the error condition is brought about specifically by an unusual (albeit legal) way of starting the X session. My scenario involved xrdp, but I could see this happening with an older display manager (xdm?) that does not recognize XDG xsession files.

[Bug 543834] Re: grub-set-default should give a warning when GRUB_DEFAULT != saved

2020-04-14 Thread Daniel Richard G.
To elaborate on the situation in Ubuntu focal, as there have been some improvements: * grub-reboot(8) now works even when GRUB_DEFAULT != "saved", so that is out of the picture. I've edited the title of this bug accordingly. * Both the man page and --help text for grub-set-default(8) indicate

[Bug 1782275] Re: Conflict between resolvconf and systemd-resolved dhclient scripts

2020-04-13 Thread Daniel Richard G.
This issue is still present in Ubuntu focal. Here is what I see that needs to happen: systemd: The /etc/dhcp/dhclient-enter-hooks.d/resolved script should be renamed to something like 00resolved or aaa_resolved, so that other packages that install scripts into that directory will have their

[Bug 543834] Re: grub-set-default and grub-reboot should give a warning when GRUB_DEFAULT != saved

2020-04-13 Thread Daniel Richard G.
I've confirmed that this issue is still present in Ubuntu focal. ** Changed in: grub2 (Ubuntu) Status: Incomplete => New ** Tags added: focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1871726] Re: "systemd --user" and child processes fail to exit when user logs out

2020-04-10 Thread Daniel Richard G.
Could you try this using lightdm? It's possible that this may be a display-manager issue. I did notice that in a different (customized) configuration of Xubuntu, the user processes still remained after logout, but then killing the "systemd --user" process resulted in the login session ending.

[Bug 1871882] Re: gnome-session-bin package cannot function without gnome-session

2020-04-10 Thread Daniel Richard G.
Autologin is not in use. The only unusual aspect of this login is that it is via xrdp, and because no argument is passed to the initial /etc/X11/Xsession invocation, it uses the default x-session-manager -> gnome-session . If the user logs in via the console, xfce4-session is used instead, masking

[Bug 1871979] Re: package grub-efi-amd64-signed 1.139+2.04-1ubuntu24 failed to install/upgrade: installed grub-efi-amd64-signed package post-installation script subprocess returned error exit status 2

2020-04-09 Thread Daniel Richard G.
*** This bug is a duplicate of bug 1871955 *** https://bugs.launchpad.net/bugs/1871955 Looks like a misplaced double-semicolon: --- /var/lib/dpkg/info/grub-efi-amd64-signed.postinst 2020-04-09 07:00:04.0 -0400 +++ /tmp/grub-efi-amd64-signed.postinst 2020-04-09 22:16:11.243539503

[Bug 1871896] [NEW] Perl warning during package installation

2020-04-09 Thread Daniel Richard G.
Public bug reported: This concerns update-inetd 4.50 in Ubuntu focal. Observed during package installation: [...] Setting up finger (0.17-17) ... Setting up update-inetd (4.50) ... Setting up fingerd (0.17-17) ... Use of uninitialized value $_ in pattern match (m//) at

[Bug 1871882] [NEW] gnome-session-bin package cannot function without gnome-session

2020-04-09 Thread Daniel Richard G.
Public bug reported: This concerns gnome-session-bin 3.36.0-2ubuntu1 in Ubuntu focal. When I log into a Xubuntu desktop via xrdp, an error occurs, and the session terminates before the desktop is even drawn on the screen. I looked in syslog, and saw this: Apr 9 12:12:23 test-ubuntu64

[Bug 1871726] Re: "systemd --user" and child processes fail to exit when user logs out

2020-04-09 Thread Daniel Richard G.
This occurs whether the user logs in (through lightdm) on the console, or remotely via xrdp. Running that command, as root, after the user (skunk) has logged in via lightdm: # loginctl list-sessions SESSION UID USER SEAT TTY 20 root c2 1000 skunk

[Bug 1871593] Re: User receives prompt on login: "Authentication is required to create a color managed device"

2020-04-08 Thread Daniel Richard G.
Note: My use case involves logging into the desktop remotely, via XRDP. This issue appears to affect other remote-login implementations as well. Related: https://github.com/TurboVNC/turbovnc/issues/47 https://bugzilla.redhat.com/show_bug.cgi?id=1149893

[Bug 1871728] [NEW] geoclue agent process persists after user logout

2020-04-08 Thread Daniel Richard G.
Public bug reported: This concerns geoclue-2.0 2.5.6-0ubuntu1 in Ubuntu focal. I am using the Xfce desktop. When a user logs in, a /usr/libexec/geoclue-2.0/demos/agent process is started. However, when the user logs out, and the associated "systemd --user" instance is killed, the geoclue

[Bug 1871726] [NEW] "systemd --user" and child processes fail to exit when user logs out

2020-04-08 Thread Daniel Richard G.
Public bug reported: This concerns systemd 245.2-1ubuntu2 in Ubuntu focal. I am using the Xfce desktop. After the user logs out from a desktop session, numerous desktop-related processes are left over. Here is a listing, taken over twenty minutes after logout: skunk853 0.0 0.2 18912

[Bug 1871593] [NEW] User receives prompt on login: "Authentication is required to create a color managed device"

2020-04-08 Thread Daniel Richard G.
Public bug reported: This concerns colord 1.4.4-2 in Ubuntu focal. (xiccd 0.3.0-1 may also be relevant.) I log into the Xfce desktop environment, and immediately see an "Authenticate" window pop up: Authentication is required to create a color managed device Password for root:

[Bug 1871318] [NEW] tumblerd GStreamer plugin crashes on startup, causing desktop session to exit

2020-04-07 Thread Daniel Richard G.
Public bug reported: This concerns tumbler 0.2.8-1 in Ubuntu focal. Symptom: When I log into the Xubuntu desktop environment, the desktop begins to appear on the screen, but then the X server dies and I am unceremoniously returned to the LightDM login screen. If I uninstall tumbler, then I can

[Bug 1870640] [NEW] Does not register as x-www-browser alternative

2020-04-03 Thread Daniel Richard G.
Public bug reported: This concern chromium 80.0.3987.162 (snap package) in Ubuntu focal. After installing the package, update-alternatives(1) cannot set x-www- browser to point to /usr/bin/chromium-browser: # update-alternatives --set x-www-browser /usr/bin/chromium-browser

[Bug 1870633] [NEW] Python syntax issues in SgtLauncher.py

2020-04-03 Thread Daniel Richard G.
Public bug reported: This concerns sgt-launcher version 0.2.5-0ubuntu1 in Ubuntu focal. I see the following when installing the package: Setting up sgt-launcher (0.2.5-0ubuntu1) ... /usr/lib/python3.8/subprocess.py:838: RuntimeWarning: line buffering (buffering=1) isn't supported in binary

[Bug 1853861] Re: [SRU] Unattended-upgrades silently does not apply updates when MinimalSteps is disabled and there are autoremovable kernels

2019-12-03 Thread Daniel Richard G.
Thanks Balint. I've installed the bionic-proposed package, and have not observed any silently-failed upgrades as before (but of course verifying it in my use case is tantamount to proving a negative). -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 507309] Re: Should not re-mount all connected drives on startup

2019-03-19 Thread Daniel Richard G.
Hi Carolyn, This bug concerns usb-creator specifically, not the general USB 3.0 mounting behavior of Linux. Please do not mark this bug as a duplicate of #792085. ** This bug is no longer a duplicate of bug 792085 Automatic remount of safely removed USB 3.0 drive -- You received this bug

[Bug 1599646] Re: E-mail report contains repeated "Reading database ... NN%" lines

2019-01-12 Thread Daniel Richard G.
Could this be SRU'ed into Bionic? 18.04LTS currently has version 1.1, so the "Reading database ..." lines will otherwise afflict it for quite some time to come. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 564853] Re: Spurious conffile prompts for /etc/default/grub

2018-11-30 Thread Daniel Richard G.
Scott, thank you for providing the script, and the analysis that led to it. I've run into this issue numerous times but have not been able to suss out exactly what leads to it such that it can be reproduced. I've linked a relevant Debian bug, which appears to address the same issue, and was filed

[Bug 1784499] Re: AppArmor treats regular NFS file access as network op

2018-10-12 Thread Daniel Richard G.
Thanks for looking into this Markus. I'm surprised that the kernel pieces needed to make this work as expected have yet to be fully integrated. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1784499

[Bug 1783044] Re: grub-efi-amd64 postinst fails to install GRUB if /boot/efi/EFI/ubuntu/ is not present

2018-08-15 Thread Daniel Richard G.
I think there's a good case to get rid of those Conflicts:, at least for the package combinations that make sense. BIOS+EFI definitely makes sense, IMO. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1783044] Re: grub-efi-amd64 postinst fails to install GRUB if /boot/efi/EFI/ubuntu/ is not present

2018-08-14 Thread Daniel Richard G.
My understanding is that grub-pc conflicts with grub-efi-amd64 (and other top-level GRUB packages), so having both installed shouldn't even be possible. (I've filed a bug report on the Debian side to address this, as this situation is not ideal: https://bugs.debian.org/904062) And that if you want

[Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial

2018-08-09 Thread Daniel Richard G.
Arrgh... this is not a great way of working (malware could write to that location and then load in code), but as it is what we've got, I've added the rule to a forthcoming Firefox profile update. Incidentally, Olivier, if you've got a line on who's responsible for the Firefox profile there, it

[Bug 1785548] [NEW] GRUB countdown does not begin until key press

2018-08-05 Thread Daniel Richard G.
Public bug reported: This concerns grub-pc 2.02-2ubuntu8.2 in Ubuntu 18.04/bionic. I have GRUB configured to do a five-second countdown (no menu) on boot: GRUB_TIMEOUT_STYLE=countdown GRUB_TIMEOUT=5 Strangely enough, on a "Dell Precision Workstation" PC that I have here, the "5"

[Bug 557818] Re: cups-client does not create /etc/cups directory, let alone client.conf

2018-08-05 Thread Daniel Richard G.
Bug persists in Ubuntu 18.04/bionic: # ls /etc/cups ls: cannot access '/etc/cups': No such file or directory # apt-get install cups-client Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed:

[Bug 1690858] Re: AppArmor profile blocks access to .config/gtk-3.0/settings.ini

2018-08-03 Thread Daniel Richard G.
I see that /etc/apparmor.d/abstractions/gnome in Ubuntu 18.04/bionic has this line... owner @{HOME}/.config/gtk-3.0/* r, ...which covers the settings.ini file. So this should no longer be an issue. ** Changed in: firefox (Ubuntu) Status: New => Fix Released -- You received

[Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial

2018-08-03 Thread Daniel Richard G.
I think we're going to need more information on how this plugin got in there in the first place. Being able to map a library in a user-writable directory doesn't sound terribly safe... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1575438] Re: usr.sbin.nscd needs r/w access to nslcd socket

2018-08-03 Thread Daniel Richard G.
An update to the "ldapclient" abstraction has been merged upstream: https://gitlab.com/apparmor/apparmor/merge_requests/153/diffs?commit_id=ac1d0545f458b11728f2bcb4a7de0567538fa94a ** Changed in: apparmor Status: New => Fix Committed ** Changed in: apparmor (Ubuntu) Status: New =>

[Bug 1783044] Re: grub-efi-amd64 postinst fails to install GRUB if /boot/efi/EFI/ubuntu/ is not present

2018-08-03 Thread Daniel Richard G.
Philip, wouldn't such a debconf question be closely related to the existing question on whether to install to the EFI removable media path? Because if you're not putting things into EFI/ubuntu/ (or EFI/debian/), then you'd be putting them into EFI/BOOT/ ... -- You received this bug notification

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

2018-07-30 Thread Daniel Richard G.
Hmmm, interesting! I wouldn't hold out too long on giving the friendly tools smarts vis-a-vis conditionals, since that kind of logic isn't necessarily straightforward (i.e. can be hard/time-consuming to implement), it's not necessary for power/paranoid users (we're happy resorting to a text

[Bug 1665535] Re: WebRTC webcam support broken in firefox due to apparmor

2018-07-30 Thread Daniel Richard G.
/etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia in Ubuntu 18.04/bionic contains the fix. Marking the Firefox bug as Invalid, since the issue was fixed by updating the AppArmor abstraction. (I.e. no change to the firefox package was/is needed.) ** Changed in: firefox (Ubuntu)

[Bug 1660298] Re: Firefox misses interface org.gtk.vfs.Enumerator

2018-07-30 Thread Daniel Richard G.
Does this issue still arise with Firefox 60+? I've encountered various DBus VFS-related denials with Firefox under AppArmor, but not this particular one. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1784499] [NEW] AppArmor treats regular NFS file access as network op

2018-07-30 Thread Daniel Richard G.
Public bug reported: I am using AppArmor 2.12-4ubuntu5 on Ubuntu 18.04/bionic. I have the usr.bin.man profile enforced, and home directories in NFS. The log excerpt copied below is the result of a single invocation of "man ls" by an unprivileged user. (The program did display the man page

[Bug 1784499] Re: AppArmor treats regular NFS file access as network op

2018-07-30 Thread Daniel Richard G.
I have an additional test case that is perhaps more immediate. Attempting to view a roff file in NFS directly: $ man ./zlib.3 man: ./zlib.3: Permission denied No manual entry for ./zlib.3 This fails despite the permissive "/** mrixwlk" rule in the AppArmor profile. Similar output in

[Bug 1553758] Re: usr.bin.firefox apparmor profile blocks access to meminfo

2018-07-29 Thread Daniel Richard G.
The Firefox AppArmor profile shipped in Ubuntu 18.04/bionic includes this rule, so this should no longer be an issue. ** Changed in: firefox (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1660086] Re: Apparmor blocks firefox 51.0.1 reading /usr/share/distro-info/debian.csv

2018-07-29 Thread Daniel Richard G.
The Firefox AppArmor profile shipped in Ubuntu 18.04/bionic includes a rule for /usr/share/distro-info/*.csv, so this should no longer be an issue. ** Changed in: firefox (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1553708] Re: usr.bin.firefox profile blocks access to the AMD GPU

2018-07-29 Thread Daniel Richard G.
Hello Jean-Philippe, do you still see this issue if those AppArmor permissions are commented out? Are you using the fglrx driver? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553708 Title:

[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker

2018-07-29 Thread Daniel Richard G.
Has anyone observed any undesirable behavior from Firefox when access to these mount-related DBus services is denied? It's not clear to me why Firefox is even calling these in the first place, and given that mounts can include NFS servers and the like, I'd just as soon deny this access if there's

[Bug 1372113] Re: flashplayer does not work due missing apparmor rule

2018-07-29 Thread Daniel Richard G.
The current Firefox AppArmor profile includes the "openssl" abstraction, which allows access to /etc/ssl/openssl.cnf. This bug should no longer be present in Ubuntu. ** Changed in: firefox (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a

[Bug 885211] Re: firefox generates apparmor violations

2018-07-29 Thread Daniel Richard G.
Does this issue still occur with Firefox 60 or later? I am unable to reproduce it on 18.04/bionic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885211 Title: firefox generates apparmor violations

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

2018-07-29 Thread Daniel Richard G.
I think we could really use some kind of conditional construct (IF ... THEN ...) in AppArmor syntax. Everything being talking about here should, ideally, be adjustable using tunables. With a debconf configuration option, even. Between users who want strict access control to user files, and users

[Bug 911540] Re: about:memory displays a weird error due to lacking access to /proc/self/smaps

2018-07-29 Thread Daniel Richard G.
For the record, Firefox 61 very much does continue to make use of /proc//smaps (and /proc//statm) when using the about:memory page. I confirmed this by experimentally commenting out the AppArmor rules for those two /proc files (motivated by comment #3 above), and subsequently observed

[Bug 1783057] [NEW] Allow support of Secure Boot without touching NVRAM

2018-07-22 Thread Daniel Richard G.
Public bug reported: This concerns shim 13-0ubuntu2 in Ubuntu 18.04/bionic. (Note: I am not entirely clear on whether this issue belongs to shim, or to grub2; please redirect as appropriate.) I am installing Ubuntu with EFI support with the following two prerequisites: 1. No changes are made

[Bug 1783044] Re: grub-efi-amd64 postinst fails to install GRUB if /boot/efi/EFI/ubuntu/ is not present

2018-07-22 Thread Daniel Richard G.
I should point out that on the Debian side, the same conditional exists in the postinst script, so this same issue occurs there as well. (Only with the /boot/efi/EFI/debian/ directory, of course.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 1783044] [NEW] grub-efi-amd64 postinst fails to install GRUB if /boot/efi/EFI/ubuntu/ is not present

2018-07-22 Thread Daniel Richard G.
Public bug reported: This concerns grub-efi-amd64 2.02-2ubuntu8.1 in Ubuntu 18.04/bionic. When the grub-efi-amd64 package is initially installed on a system that has not previously booted via the Ubuntu EFI bootloader (so /boot/efi/ is either empty, or at least does not have a

[Bug 425979] Re: [UEFI boot only] Holding shift fails to display grub2 menu

2018-07-22 Thread Daniel Richard G.
Hello everyone, There is a bug report similar to this one on the Debian side: https://bugs.debian.org/902928 There, Colin Watson made an interesting comment: > When I last looked into this, this wasn't possible with UEFI: the > firmware doesn't tell us about held modifier keys. You'll

[Bug 1782843] [NEW] Error spam when pulseaudio is not active

2018-07-20 Thread Daniel Richard G.
Public bug reported: This concerns xfce4-pulseaudio-plugin 0.4.1-0ubuntu1 in Ubuntu 18.04/bionic. In an Xfce desktop session, when this package is installed, and Pulseaudio is not active, I see a steady procession of these messages in ~/.xsession-errors: (wrapper-2.0:2036):

[Bug 1782641] Re: Request: Rename "ubuntu-keyring" package to "ubuntu-archive-keyring" for consistency with Debian

2018-07-20 Thread Daniel Richard G.
Dimitri, thank you for laying out the rationale behind the package name. Since there is good reason for things to be the way they are here, I've opened a bug on the Debian side for them to address the naming inconsistency: https://bugs.debian.org/904152 ** Bug watch added: Debian Bug

[Bug 1782275] Re: Conflict between resolvconf and systemd-resolved dhclient scripts

2018-07-20 Thread Daniel Richard G.
This issue can be addressed with a manual action, but first you have to dig into the scripts to diagnose the problem, and really if resolvconf is installed then it should just work. Part of this setup involves disabling systemd-resolved, in favor of a "direct" /etc/resolv.conf, to match the

[Bug 1782641] [NEW] Request: Rename "ubuntu-keyring" package to "ubuntu-archive-keyring" for consistency with Debian

2018-07-19 Thread Daniel Richard G.
Public bug reported: The package that Ubuntu calls "ubuntu-keyring" is present in Debian as "ubuntu-archive-keyring". Debian has separate "debian-keyring" and "debian-archive-keyring" packages, described as follows: d-k: GnuPG keys of Debian Developers and Maintainers d-a-k: GnuPG

[Bug 1782275] [NEW] Conflict between resolvconf and systemd-resolved dhclient scripts

2018-07-17 Thread Daniel Richard G.
Public bug reported: I am setting up an Ubuntu 18.04 (bionic) system with ifupdown instead of netplan, as the latter does not meet my needs. I am using resolvconf to update /etc/resolv.conf from DHCP, as in earlier releases. Unfortunately, I am not seeing /etc/resolv.conf (actually a symlink to

[Bug 1782274] [NEW] resolvconf package needs dependency on ifupdown

2018-07-17 Thread Daniel Richard G.
Public bug reported: When I install resolvconf on a minimal install of Ubuntu 18.04 (bionic), I see this: # apt-get install resolvconf Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: resolvconf 0

[Bug 684280] Re: casper toram forgets to disconnect loop device

2018-07-02 Thread Daniel Richard G.
Philip Susi: Confirmed with the Bionic live CD: root@xubuntu:~# cat /proc/cmdline BOOT_IMAGE=(loop)/casper/vmlinuz boot=casper iso-scan/filename=/linux/xubuntu-18.04-desktop-amd64.iso toram root@xubuntu:~# umount /isodevice umount: /isodevice: target is busy. root@xubuntu:~# losetup -d

[Bug 1766317] Re: package rsyslog 8.32.0-1ubuntu3 failed to install/upgrade: installed rsyslog package post-installation script subprocess returned error exit status 1

2018-04-25 Thread Daniel Richard G.
This bug appears to have been fixed in 8.32.0-1ubuntu4. Looks like this was an issue with the Apparmor profile. rsyslog (8.32.0-1ubuntu4) bionic; urgency=medium [ Jamie Strandboge ] * debian/usr.sbin.rsyslogd: updates for bionic (LP: #1766600) - allow rsyslog modules in multiarch

[Bug 1766317] Re: package rsyslog 8.32.0-1ubuntu3 failed to install/upgrade: installed rsyslog package post-installation script subprocess returned error exit status 1

2018-04-24 Thread Daniel Richard G.
Hi Brian, This is actually the same issue. I am seeing the same error message quoted by the original reporter, but that message is filtered through systemd---it is not direct output from rsyslogd. What I provided was the direct output, that actually shows what's going on. I think this needs to

[Bug 1766317] Re: package rsyslog 8.32.0-1ubuntu3 failed to install/upgrade: installed rsyslog package post-installation script subprocess returned error exit status 1

2018-04-23 Thread Daniel Richard G.
I am seeing this same error in Bionic. Some further telemetry: # /usr/sbin/rsyslogd -n rsyslog internal message (3,-2066): could not load module '/usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so', dlopen: /usr/lib/x86_64-linux-gnu/rsyslog/lmnet.so: failed to map segment from shared object [v8.32.0

[Bug 1731522] Re: systemd-resolved does not listen on TCP port, cannot serve large records (Cannot ping pod51041.outlook.com but can dig.)

2018-04-05 Thread Daniel Richard G.
Thanks Dimitri, greatly appreciated. I haven't found many problems in my testing of Bionic, but this is the juiciest one so far. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731522 Title:

[Bug 1731522] Re: systemd-resolved does not listen on TCP port, cannot serve large records (Cannot ping pod51041.outlook.com but can dig.)

2018-04-05 Thread Daniel Richard G.
Steve, Bionic still has the default (commented-out) #DNSStubListener=udp in /etc/systemd/resolved.conf . I've noticed that this breaks Kerberos KDC lookup at a large site, because the reply is quite large: # host -t SRV _kerberos._udp.xxx.example.com ;; Connection to

[Bug 1722027] [NEW] Removing kernel packages leads to initrd regens, reboot-required

2017-10-07 Thread Daniel Richard G.
Public bug reported: This concerns linux-base 4.0ubuntu1 in Ubuntu Xenial. Removing Linux kernel packages from the system leads to initrd generation and causes /var/run/reboot-required to appear. Neither of these side effects should occur if only kernel packages older than the running one are

[Bug 1700468] Re: "krb5-auth-dialog --auto" segfaults on startup

2017-07-07 Thread Daniel Richard G.
Confirmed that this fixes the segfault for me when applied to version 3.20.0. Thanks :) (Figured this would be easy to reproduce...) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700468 Title:

[Bug 1700468] Re: "krb5-auth-dialog --auto" segfaults on startup

2017-07-06 Thread Daniel Richard G.
Er... $ klist -v klist: invalid option -- 'v' Usage: klist [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] [name] [...] Remember, the segfault occurs with a user that is local-only. Kerberos infrastructure is installed on the system, but the user has no

[Bug 1700468] Re: "krb5-auth-dialog --auto" segfaults on startup

2017-07-05 Thread Daniel Richard G.
Hi Guido, I think you mean "klist -V" (uppercase) :-) On the system in question, that returns $ klist -V Kerberos 5 version 1.13.2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700468

[Bug 1700468] Re: "krb5-auth-dialog --auto" segfaults on startup

2017-06-29 Thread Daniel Richard G.
Attached is a Valgrind log file produced from a debug build of k-a-d version 3.20.0. All the errors appear to be accesses within freed memory... ** Attachment added: "kad-valgrind-log.txt"

[Bug 1700468] Re: "krb5-auth-dialog --auto" segfaults on startup

2017-06-27 Thread Daniel Richard G.
Hunh. How odd... I can't imagine that there would be something particular to this system that is causing the crash. As you requested: skunk@darkstar:/tmp/krb5-auth-dialog-3.20.0/_build/src$ G_MESSAGES_DEBUG=all ./krb5-auth-dialog -a (krb5-auth-dialog:16500): KrbAuthDialog-DEBUG:

[Bug 643623] Re: Should ubuntu-keyring include the debug archive key?

2017-06-26 Thread Daniel Richard G.
Thank you Dimitry, that is a helpful link. I've removed the key-file attachment from comment #5, but am unable to otherwise edit/remove the text. ** Attachment removed: "dbgsym-release-key.asc"

[Bug 1700468] Re: "krb5-auth-dialog --auto" segfaults on startup

2017-06-26 Thread Daniel Richard G.
I'm afraid I see the same failure mode with 3.20. The GDB session is below. (You're not able to reproduce this? This is a system with all the Kerberos infrastructure, but a local-only user---no KRB* envvars set) $ gdb --args /tmp/krb5-auth-dialog-3.20.0/_build/src/krb5-auth-dialog --auto GNU

[Bug 1700468] [NEW] "krb5-auth-dialog --auto" segfaults on startup

2017-06-26 Thread Daniel Richard G.
Public bug reported: This concerns krb5-auth-dialog 3.12.0-2 in Ubuntu Xenial. When the program is invoked with the --auto option, it briefly maps the systray icon, and then segfaults. Here is a GDB session running on a debug build of the original package source: $ gdb --args

[Bug 643623] Re: Should ubuntu-keyring include the debug archive key?

2017-06-26 Thread Daniel Richard G.
I agree on this key needing to be available in the/an official Ubuntu keyring package. For now, because the original key file is not even accessible via HTTPS, I am attaching a copy of it here. The file is dated 2016-07-04 16:10, and has the following SHA{256,512} hashes:

  1   2   3   4   5   6   7   8   9   >