** Changed in: apparmor/2.11
Status: Fix Committed => Fix Released
** Tags removed: sts-sru-needed verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid}
** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than 6 digits
This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.6~14.04.3
---
apparmor (2.10.95-0ubuntu2.6~14.04.3) trusty; urgency=medium
* d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch:
- Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other
This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.8
---
apparmor (2.10.95-0ubuntu2.8) xenial; urgency=medium
* d/p/0001-Allow-seven-digit-pid.patch:
On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
(2^22), which results in seven digit
This bug was fixed in the package apparmor - 2.11.0-2ubuntu17.1
---
apparmor (2.11.0-2ubuntu17.1) artful; urgency=medium
* d/p/0001-Allow-seven-digit-pid.patch:
On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
(2^22), which results in seven digit
sorry not commenting at once
mvo: the almost-ready 2.31 release will fix this
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than
Hello Eric
I'm attaching mvo's PM
mvo: yes, please ignore the failure of snapd. there was a server side
change in the store that makes the autopkgtests fail
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Seyeong,
The regression found in pending sru for apparmor (xenial):
Regression in autopkgtest for snapd (ppc64el): test log
Regression in autopkgtest for snapd (amd64): test log
and apparmor (artful):
Regression in autopkgtest for snapd (ppc64el): test log
Regression in autopkgtest for
pending sru url -> https://people.canonical.com/~ubuntu-archive/pending-
sru.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more
Thanks Eric
ii apparmor 2.10.95-0ubuntu2.6~14.04.3
there is no pre-installed snapd on trusty so i needed to install snapd
first
1. set sysctl
2. add -proposed
3. apt install snapd
4. reboot
5. snap install --dangerous oldverioncore
symptom is gone
Thanks.
**
Hello Andre, or anyone else affected,
Accepted apparmor into trusty-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.6~14.04.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
Got a confirmation by SRU verification that the new debdiff was SRU'able.
I have uploaded V2 a few minutes ago. It is now waiting on SRU team for
approval and then should land in trusty-proposed.
- Eric
** Changed in: apparmor (Ubuntu Trusty)
Status: Fix Committed => In Progress
**
** Patch added: "profile-14.04-trusty-lp1717714_V2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5047668/+files/profile-14.04-trusty-lp1717714_V2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
profile-14.04-trusty-lp1717714.debdiff
** Patch added: "profile-14.04-trusty-lp1717714.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5047667/+files/profile-14.04-trusty-lp1717714.debdiff
--
You received this bug notification because you are a member of
I have re-did the SRU by renaming/modifying the existing patch to adapt
to the profile-14.04.
[VALIDATION PRE-UPLOAD]
# dpkg -l | grep -i apparmor
ii apparmor 2.10.95-0ubuntu2.6~14.04.3
amd64user-space parser utility for AppArmor
ii
Hi Seyeong,
I did some verification this morning based on your comment #42.
After some digging... it turns out that the profiles in
"apparmor_src_pkg/profiles/" are not used. if you are attempting to
patch a profile, you must adjust it to patch
apparmor_src_pkg/profiles-14.04/ instead.
In this
Hello
on trusty
apt-get download apparmor_2.10.95-0ubuntu2.6~14.04.2_amd64.ddb
dpkg -x apparmor... t
cat t/etc/apparmor.d/tunables/kernelvars
@{pid}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]}
which is old one.
I checked
Hello, I tested on artful
ii apparmor 2.11.0-2ubuntu17.1
tested same steps as test case section.
Thanks
** Tags removed: verification-needed-artful
** Tags added: verification-done-artful
--
You received this bug notification because you are a member of
Hello, I tested on xenial
ii apparmor 2.10.95-0ubuntu2.8
tested same steps as test case section.
there is no DENIED after installing proposed pkg
Thanks
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug
Hello Andre, or anyone else affected,
Accepted apparmor into trusty-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.6~14.04.2
in a few hours, and then in the -proposed repository.
Please help us by testing this new package.
Uploaded for T/X/A.
It is now waiting for the SRU verification team to approve the uploads
for the packages to start building in -proposed.
- Eric
** Tags removed: sts-sponsor-slashd
** Tags added: sts-sponsor-slashd-done
--
You received this bug notification because you are a member of
** Changed in: apparmor (Ubuntu Artful)
Status: New => In Progress
** Changed in: apparmor (Ubuntu Xenial)
Status: New => In Progress
** Changed in: apparmor (Ubuntu Trusty)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
This bug was fixed in the package apparmor - 2.11.0-2ubuntu19
---
apparmor (2.11.0-2ubuntu19) bionic; urgency=medium
* d/p/0001-Allow-seven-digit-pid.patch:
On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
(2^22), which results in seven digit pids.
About "click-apparmor" bionic/armhf regression.
# Excuses... page
autopkgtest for click-apparmor/0.3.18: amd64: Pass, arm64: Pass, armhf:
Regression ♻ , i386: Pass, ppc64el: Ignored failure, s390x: Always failed
After a discussion with security team and xnox. They are actively trying
to remove
About the "snapd/2.29.4.2+18.04" bionic/ppc64el regression.
# Excuses... page
autopkgtest for snapd/2.29.4.2+18.04: amd64: Ignored failure, arm64: Always
failed, armhf: Pass, i386: Pass, ppc64el: Regression ♻ , s390x: Ignored failure
# Justification of the regression provided by mvo :
the
About the "snapd/2.29.4.2+18.04" bionic/ppc64el regression.
# Excuses... page
autopkgtest for snapd/2.29.4.2+18.04: amd64: Ignored failure, arm64: Always
failed, armhf: Pass, i386: Pass, ppc64el: Regression ♻ , s390x: Ignored failure
# Justification of the regression provided by mvo :
the
** No longer affects: apparmor (Ubuntu Zesty)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than 6 digits
To manage notifications
** Changed in: apparmor (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more
** Changed in: apparmor (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than 6
Eric Desrochers:
> The patch for bionic (devel release) has been sponsored but it is stuck in
> bionic-proposed for now waiting for the non amd64/i386 builder to be
> operational -> ppcel64, arm, s390x, ..
FWIW this patch is part of 2.12-1 that I've uploaded to Debian unstable.
No idea how
The patch for bionic (devel release) has been sponsored but it is stuck
in bionic-proposed for now waiting for the non amd64/i386 builder to be
operational -> ppcel64, arm, s390x, ..
#rmadison
apparmor | 2.11.0-2ubuntu18 | bionic | source, amd64, arm64, armhf,
i386, ppc64el, s390x
** Description changed:
[Impact]
If PID is larger than 6 digits apparmor denies process which only affect
64-bit systems[1] where the PID_MAX_LIMIT can be generated up to 7
digits at the maximum.
This fix is committed, but not released. so all supporting version are
affected.
** Changed in: apparmor (Debian)
Status: Unknown => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than 6 digits
Another verification that IMHO can be done more easily and faster than
the touch approach explain above is to directly change the pid_max and
ns_last_pid via sysctl in the 7 digit range (<4millions), and then try
to reproducer.
For instance:
sysctl -w kernel.pid_max=300
sysctl -w
bionic sponsoring done.
Thanks to sil2100.
Ill monitor the bionic build, and then start the SRU once everything
good.
- Eric
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid}
** Changed in: apparmor (Ubuntu Bionic)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than
Attaching "lp1717714_bionic_V2.debdiff":
- Nitpicking stuff related to d/changelog and DEP3 patch header.
** Patch added: "lp1717714_bionic_V2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5035841/+files/lp1717714_bionic_V2.debdiff
--
You received
I have contacted a coredev to hopefully sponsor the development bit
(Bionic) today, so I can proceed with the stable release update myself
next week.
- Eric
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
[Impact]
If PID is larger than 6 digits apparmor denies process which only affect
64-bit systems[1] where the PID_MAX_LIMIT can be generated up to 7
digits at the maximum.
This fix is committed, but not released. so all supporting version are
affected.
** Description changed:
[Impact]
- If PID is larger than 6 digits.
+ If PID is larger than 6 digits apparmor denies process which only affect
+ 64-bit systems[1] where the PID_MAX_LIMIT can be generated up to 7
+ digits at the maximum.
- apparmor denies process.
+ This fix is committed,
** Description changed:
[Impact]
If PID is larger than 6 digits.
apparmor denies process.
this fix is committed, but not released. so all supporting version are
affected.
[Test Case]
1. making pid over 6 digits
- - i used touch command to do it
- 2. snap install
> Not quite sure now if apparmor upstream is found in launchpad[1] or
gitlab[2].
The code moved from bzr to gitlab recently. Bug tracking and
translations are still handled on launchpad.
> I would go with that versionning approach instead:
>
> apparmor | 2.11.0-2ubuntu17.1 | artful
> apparmor |
I note that the Seyeong's Artful debdiff proposed version
"2.11.0-2ubuntu18" and bionic "2.11.0-2ubuntu19"
# Current rmadison output
apparmor | 2.11.0-2ubuntu17 | artful
apparmor | 2.11.0-2ubuntu18 | bionic
Bionic version is good.
No need to change the debdiff,
Meanwhile, please make sure you have submitted the patch to Debian and
link the debbug in this LP.
- Eric
** Changed in: apparmor (Ubuntu Trusty)
Assignee: (unassigned) => Seyeong Kim (xtrusia)
** Changed in: apparmor (Ubuntu Xenial)
Assignee: (unassigned) => Seyeong Kim (xtrusia)
**
Thanks Seyeong !
I'll do a 2nd review when the build farm will be back and will do the
other changes if necessary.
- Eric
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid}
** Patch added: "lp1717714_artful.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5033301/+files/lp1717714_artful.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5033302/+files/lp1717714_bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_xenial.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5033299/+files/lp1717714_xenial.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_zesty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5033300/+files/lp1717714_zesty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch removed: "lp1717714_trusty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5032828/+files/lp1717714_trusty.debdiff
** Patch removed: "lp1717714_xenial.debdiff"
Not quite sure now if apparmor upstream is found in launchpad[1] or
gitlab[2].
[1] https://launchpad.net/apparmor
[2] https://gitlab.com/apparmor
If it's launchpad then the URL is good.
If #2 & #3 are good (After your confirmation), then only #1, #4 and #5
are missing.
Im simply trying to
I apologize, for #2 above in comment#14, the good commit containing the
fix seems to be "630cb2a981cdc731847e8fdaafc45bcd337fe747", please make
sure #3 "Origin:" reflect that.
- Eric
** Description changed:
[Impact]
If PID is larger than 6 digits.
apparmor denies process.
this
Hi Seyeong,
Here's some sponsoring notes that will require minor change. While
waiting for the build farm ...
#1 - Can you make sure (if not already) to forward/submit the patch to
debian upstream against apparmor ? Which is a requirement for the patch
to land in Ubuntu.
Then we can request a
Hi Seyeong,
As we speak the LP build farm and autopkgtest request.cgi are disabled for
maintenance; no ETA yet.
No new uploads are allowed during this temporary freeze cause by the
maintenance.
We will gladly review your patch when everything will back to normal.
- Eric
--
You received this
** Description changed:
[Impact]
If PID is larger than 6 digits.
apparmor denies process.
this fix is committed, but not released. so all supporting version are
affected.
[Test Case]
1. making pid over 6 digits
- i used touch command to do it
2. snap install
** Also affects: apparmor (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu
** Description changed:
+ [Impact]
+
+ If PID is larger than 6 digits.
+
+ apparmor denies process.
+
+ this fix is committed, but not released. so all supporting version are
+ affected.
+
+ [Test Case]
+
+ 1. making pid over 6 digits
+ - i used touch command to do it
+ 2. snap install
The attachment "lp1717714_trusty.debdiff" seems to be a debdiff. The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag,
** Patch added: "lp1717714_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5032832/+files/lp1717714_bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_artful.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5032831/+files/lp1717714_artful.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_xenial.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5032829/+files/lp1717714_xenial.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_zesty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5032830/+files/lp1717714_zesty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "lp1717714_trusty.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1717714/+attachment/5032828/+files/lp1717714_trusty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: apparmor/2.11
Importance: Undecided
Status: New
** Changed in: apparmor/2.11
Status: New => Fix Committed
** Changed in: apparmor/2.11
Milestone: None => 2.11.2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Fix committed upstream in http://bazaar.launchpad.net/~apparmor-
dev/apparmor/master/revision/3722.
Thanks!
** Changed in: apparmor (Ubuntu)
Status: New => Fix Committed
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Confirmed
** Changed in: apparmor
Status: New
** Branch linked: lp:~talkless/apparmor/seven_digit_pid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with pid_max more than 6 digits
To manage
OK, so if http://man7.org/linux/man-pages/man5/proc.5.html says:
```
On 64-bit systems, pid_max can be set to any value up to 2^22 (PID_MAX_LIMIT,
approximately 4 million).
``
Its 4194304, so I will propose adding one more bulk of expressions for
seven-digit PID, stating with [1-4].
--
You
On 09/25/2017 12:16 PM, Vincas Dargis wrote:
> I can provide merge request, and I would like to suggest simplifying
> that ever-growing expression.
>
> Couldn't it be just [0-9]*? Are there possibility that `/proc` will have
well it could but, its not as tight as I would like, ideally we could
I can provide merge request, and I would like to suggest simplifying
that ever-growing expression.
Couldn't it be just [0-9]*? Are there possibility that `/proc` will have
some item, starting with digit, *not* being a pid?
--
You received this bug notification because you are a member of Ubuntu
** Also affects: apparmor
Importance: Undecided
Status: New
** Tags added: aa-policy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717714
Title:
@{pid} variable broken on systems with
Sorry, a correction (copy paste error):
Which should be matched by
owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
in /etc/apparmor.d/abstractions/libvirt-qemu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
71 matches
Mail list logo
