[Bug 324212] [NEW] Tomcat 6 does not respect CATALINA_BASE/lib
Public bug reported: Binary package hint: tomcat6 Tomcat6 ignores any libraries placed in CATALINA_BASE/lib. As commented by Thierry Carrez in https://bugs.launchpad.net/bugs/315314: Tomcat6 is run with CATALINA_HOME set to /usr/share/tomcat6 and CATALINA_BASE set to /var/lib/tomcat6. If you read the Tomcat RUNNING.txt doc (available at /usr/share/doc/tomcat6-common/RUNNING.txt.gz) you'll see that Tomcat6 is looking at libraries at CATALINA_HOME/lib and doesn't look into CATALINA_BASE/lib. So the current behavior is following the spec. This is confusing, since every other directory (bin, conf, logs, webapps, work, and temp) is respected in CATALINA_BASE, and especially since the CATALINA_BASE/lib directory exists. It also makes it impossible to run two instances of Tomcat with conflicting libraries. I propose that Tomcat6 also uses CATALINA_BASE/lib (before, or instead of, CATALINA_HOME/lib) when searching for classes. Distro/package versions: Ubuntu 8.10 tomcat6*: 6.0.18-0ubuntu3.1 ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: New -- Tomcat 6 does not respect CATALINA_BASE/lib https://bugs.launchpad.net/bugs/324212 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 306430] Re: ~/.ssh/config does not handle multiple hosts correctly
I can confirm this bug on fresh install of Ubuntu 8.04.2, i386 $ dpkg -l openssh-client\* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Beschreibung +++-==-==- ii openssh-client 1:4.7p1-8ubuntu1.2 secure shell client, an rlogin/rsh/rcp replacement This is a working config, but it does not conform to the man page: Host 192.168.1.1 rodent IdentityFile %d/.ssh/rodent_sysadmin_ssh_key/id_rsa And this is a non-working config, however it conforms to the man page Host 192.168.1.1,rodent IdentityFile %d/.ssh/rodent_sysadmin_ssh_key/id_rsa The man page says on this topic: HostRestricts the following declarations (up to the next Host keyword) to be only for those hosts that match one of the patterns given after the keyword. A single ‘*’ as a pattern can be used to provide global defaults for all hosts. The host is the hostname argument given on the command line (i.e. the name is not con‐ verted to a canonicalized host name before matching). See PATTERNS for more information on patterns. And under PATTERNS: PATTERNS A pattern consists of zero or more non-whitespace characters, ‘*’ (a wildcard that matches zero or more characters), or ‘?’ (a wildcard that matches exactly one charac‐ ter). For example, to specify a set of declarations for any host in the “.co.uk” set of domains, the following pattern could be used: Host *.co.uk The following pattern would match any host in the 192.168.0.[0-9] network range: Host 192.168.0.? A pattern-list is a comma-separated list of patterns. Patterns within pattern-lists may be negated by preceding them with an exclamation mark (‘!’). For example, to allow a key to be used from anywhere within an organisation except from the “dialup” pool, the following entry (in authorized_keys) could be used: from=!*.dialup.example.com,*.example.com -- ~/.ssh/config does not handle multiple hosts correctly https://bugs.launchpad.net/bugs/306430 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 310547] Re: ec2-ami-tools: upgrade to 1.3-30748
Retargetting to the proper package. ** Also affects: ec2-ami-tools (Ubuntu) Importance: Undecided Status: New ** Changed in: ubuntu-on-ec2 Status: New = Invalid -- ec2-ami-tools: upgrade to 1.3-30748 https://bugs.launchpad.net/bugs/310547 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ec2-ami-tools in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
@Phil: Since you obviously looked closer at the matter, would you mind easing up the bug confirmation process by giving some examples of what works and what doesn't, which changes to php.ini you are refering to, etc? -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 323755] Re: non-trivial building mysql source package, build test keeps failing, (open)ssl related
This is because the certificates used in testing have expired. See http://bugs.mysql.com/bug.php?id=42366. -- non-trivial building mysql source package, build test keeps failing, (open)ssl related https://bugs.launchpad.net/bugs/323755 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282298] Re: [SRU] Intrepid: No Access to NAS (samba=2.2.x) shares any more
** Changed in: samba Status: In Progress = Fix Released -- [SRU] Intrepid: No Access to NAS (samba=2.2.x) shares any more https://bugs.launchpad.net/bugs/282298 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 260424] Re: Incorrect hyperlink in samba-docs
No only the link to the manpages are broken, also the link to Using Samba. There are also two links to WHATSNEW.txt and README.VENDOR, from the samba package which doesn't have to be installed. So this patch removes the links to both of them. ** Attachment added: intrepid_samba-doc_hyperlink_fix.diff http://launchpadlibrarian.net/21909253/intrepid_samba-doc_hyperlink_fix.diff -- Incorrect hyperlink in samba-docs https://bugs.launchpad.net/bugs/260424 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 260424] Re: Incorrect hyperlink in samba-docs
** Bug watch added: Debian Bug tracker #508388 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508388 ** Also affects: samba (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508388 Importance: Unknown Status: Unknown -- Incorrect hyperlink in samba-docs https://bugs.launchpad.net/bugs/260424 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 189168] Re: unable to view windows shares because of the default resolve order
Hello people, to fix that, just create an account if You don't have and go to Dashboard then Advanced Settings and uncheck Enable typo correction. However you cannot use filters from opendns. -- unable to view windows shares because of the default resolve order https://bugs.launchpad.net/bugs/189168 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 120375] Re: cannot boot raid1 with only one disk
Dustin, thank you for your quick answer and tips. It took me a while to test it, as I have an encrypted RAID 1 array with LVM, and things are not that straightforward with that setup. So far I have been using one of the tricks described in this thread earlier (ie. edit /etc/udev/rules.d/85-mdadm.rules: change the --no- degraded to -R, after that sudo update-initramfs -u -k all). It allows me to boot with only one drive, but has that annoying side effect where one of the partitions often starts in degraded mode, even if both drives are in fact present and working. I wanted to get rid of that problem, so I did this: - return 85-mdadm.rules as it used to be, ie. --no-degraded - sudo update-initramfs -u -k all - cat /proc/mdstat and check that all drives are online and sync'ed - upgrade all packages - re-install grub to both drives These are my test results: 1. Restart computer with both disks - everything works OK 2. Restart computer with only one disk - Keeps asking Enter password to unlock the disk (md1_crypt): even though I write the correct password 3. Restart computer again with both disks - everything works OK So, first it seemed that the fix does not work at all, as Ubuntu starts only when both disks are present. Then I made some more tests: 4. Restart computer with only one disk - Keeps asking Enter password to unlock the disk (md1_crypt): even though I write the correct password - Now press CTRL+ALT+F1, and see these messages: Starting up ... Loading, please wait... Setting up cryptographic volume md1_crypt (based on /dev/md1) cryptsetup: cryptsetup failed, bad password or options? cryptsetup: cryptsetup failed, bad password or options? - After waiting some minutes, I got dropped into the busybox - Something seems to be going wrong with encryption 5. Restart computer with only one disk, without quiet splash boot parameters in /boot/grub/menu.lst - Got these messages: Command failed: Not a block device cryptsetup: cryptsetup failed, bad password or options? ... other stuff ... Command failed: Not a block device cryptsetup: cryptsetup failed, bad password or options? Command failed: Not a block device cryptsetup: cryptsetup failed, bad password or options? cryptsetup: maximum number of tries exceeded Done. Begin: Waiting for root file system... ... - After waiting some minutes, I get the question whether I want to start the system with degraded setup. However, it does not matter what I answer, as the system cannot start since the encryption has already given up trying. I don't know what it was trying to read as a password, because I did not type anything. 6. Restart computer with only one disk, with quiet splash bootdegraded=true boot parameters in /boot/grub/menu.lst - Keeps asking Enter password to unlock the disk (md1_crypt): even though I write the correct password - Now press CTRL+ALT+F1, and see these messages: Starting up ... Loading, please wait... Setting up cryptographic volume md1_crypt (based on /dev/md1) cryptsetup: cryptsetup failed, bad password or options? Summary: The fix does not seem to work, in case you have encrypted your RAID disks. To be more specific: after a long wait it does ask whether to start in degraded mode, although the question seems to appear only when booted without quiet splash parameters. I guess it also starts in degraded mode automatically if bootdegraded parameter is set. Nevertheless the system will not start, as this seems to happen too late for encryption has already given up. Question: Is this fix tested with encryption at all? Is it suppose to work with it, or not? I think this is important, as if you have a RAID setup you obviously have some important data and in many cases want to encrypt it, too. -- cannot boot raid1 with only one disk https://bugs.launchpad.net/bugs/120375 You received this bug notification because you are a member of Ubuntu Server Team, which is a subscriber of a duplicate bug. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 120375] Re: cannot boot raid1 with only one disk
Ok, I'm answering myself: there is a workaround for getting it to work with LUKS encryption. You can run sudo dpkg-reconfigure mdadm and enable automatic startup with degraded RAID array if you want, or watch the screen and be quick enough to answer Yes when asked to start degraded. Nevertheless, you need to wait again until you're dropped to BusyBox. Then do this: # to enter the passphrase. md1 and the md1_crypt are the same values # you had to put in /target/etc/crypttab at the end of the install cryptsetup luksOpen /dev/md1 md1_crypt # (type your LUKS password, as requested) # continue to boot! hit CTRL+D I found the instructions from here: http://ubuntuforums.org/archive/index.php/t-524513.html Now, if only someone could give a hint on how to make this automatic, so that there would be no need to write anything. It is ok to wait a few minutes, though. Nevertheless, I'm pretty happy now that I can use --no-degraded parameter in 85-mdadm.rules, yet get the system up in case a disk fails. In the rare case of an actual disk failure, writing a one-liner can be tolerated. Thank you everyone who have worked with this issue and helped to get it solved in Hardy. -- cannot boot raid1 with only one disk https://bugs.launchpad.net/bugs/120375 You received this bug notification because you are a member of Ubuntu Server Team, which is a subscriber of a duplicate bug. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 308548] Re: ec2-ami-tools patch for excluding persistent network files
Retargetted for ec2-ami-tools ** Changed in: ubuntu-on-ec2 Status: New = Invalid -- ec2-ami-tools patch for excluding persistent network files https://bugs.launchpad.net/bugs/308548 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ec2-ami-tools in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 308548] Re: ec2-ami-tools patch for excluding persistent network files
** Changed in: ubuntu-on-ec2/beta3 Status: New = Invalid -- ec2-ami-tools patch for excluding persistent network files https://bugs.launchpad.net/bugs/308548 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ec2-ami-tools in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 310547] Re: ec2-ami-tools: upgrade to 1.3-30748
This should be fixed already for jaunty. I will ask for a backported version for intrepid. ** Changed in: ec2-ami-tools (Ubuntu) Status: New = Fix Released -- ec2-ami-tools: upgrade to 1.3-30748 https://bugs.launchpad.net/bugs/310547 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ec2-ami-tools in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 324249] Re: [CVE-2009-0265] BIND 9 not properly checking the return value from OpenSSL EVP_VerifyFinal()
Thanks for the report, however, this does not affect the BIND released in Ubuntu. See the Notes section in the Ubuntu CVE tracker: http://people.ubuntu.com/~ubuntu-security/cve/CVE-2009-0265 ** Changed in: bind9 (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) Status: New = Invalid -- [CVE-2009-0265] BIND 9 not properly checking the return value from OpenSSL EVP_VerifyFinal() https://bugs.launchpad.net/bugs/324249 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 324249] [NEW] [CVE-2009-0265] BIND 9 not properly checking the return value from OpenSSL EVP_VerifyFinal()
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: bind9 CVE-2009-0265 description: Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0265 CVE-2009-0025 has been fixed in USN-706-1. But this is a different vulnerability according to the above description and it looks like it hasn't been fixed yet. ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0265 -- [CVE-2009-0265] BIND 9 not properly checking the return value from OpenSSL EVP_VerifyFinal() https://bugs.launchpad.net/bugs/324249 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
This is with latest Intrepid version. -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 323755] Re: non-trivial building mysql source package, build test keeps failing, (open)ssl related
Yes, by applying the mysql patch, supplying a new test cert, everything builds and tests fine. I'm attaching a debdiff including the mysql patch as a dpatch. ** Attachment added: mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu5.debdiff http://launchpadlibrarian.net/21914982/mysql-dfsg-5.0_5.1.30really5.0.75-0ubuntu5.debdiff -- non-trivial building mysql source package, build test keeps failing, (open)ssl related https://bugs.launchpad.net/bugs/323755 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 324683] [NEW] package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1
Public bug reported: I've installed the mysql from command line (and after the setup new mysql password )it gaves me this error. I've copied all the message so I cand be shure there is nothing left outside (possible usefull information) * Restarting web server apache2 ... waiting [ OK ] k...@ubuntu:~$ sudo gedit /var/www/test.php k...@ubuntu:~$ sudo apt-get install mysql-server Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libgtk1.2 libgtk1.2-common Use 'apt-get autoremove' to remove them. The following extra packages will be installed: mysql-server-5.0 Suggested packages: tinyca mailx The following NEW packages will be installed: mysql-server mysql-server-5.0 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 26.9MB of archives. After this operation, 87.7MB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://us.archive.ubuntu.com intrepid/main mysql-server-5.0 5.0.67-0ubuntu6 [26.8MB] Get:2 http://us.archive.ubuntu.com intrepid/main mysql-server 5.0.67-0ubuntu6 [54.9kB] Fetched 26.9MB in 5min2s (89.0kB/s) Preconfiguring packages ... Selecting previously deselected package mysql-server-5.0. (Reading database ... 185920 files and directories currently installed.) Unpacking mysql-server-5.0 (from .../mysql-server-5.0_5.0.67-0ubuntu6_i386.deb) ... Selecting previously deselected package mysql-server. Unpacking mysql-server (from .../mysql-server_5.0.67-0ubuntu6_all.deb) ... Processing triggers for man-db ... Setting up mysql-server-5.0 (5.0.67-0ubuntu6) ... * Stopping MySQL database server mysqld [ OK ] Reloading AppArmor profiles : done. * Starting MySQL database server mysqld [fail] invoke-rc.d: initscript mysql, action start failed. dpkg: error processing mysql-server-5.0 (--configure): subprocess post-installation script returned error exit status 1 dpkg: dependency problems prevent configuration of mysql-server: mysql-server depends on mysql-server-5.0; however: Package mysql-server-5.0 is not configured yet. dpkg: error processing mysql-server (--configure): dependency problems - leaving unconfigured No apport report written because the error message indicates its a followup error from a previous failure. Errors were encountered while processing: mysql-server-5.0 mysql-server E: Sub-process /usr/bin/dpkg returned an error code (1) What should I do in this case? I want to install wordpress into my local computer so I could modify it as I wish. Thank you for your support. ps:I'm a newbie to linux and I'll need more information than advanced users. ProblemType: Package Architecture: i386 DistroRelease: Ubuntu 8.10 ErrorMessage: subprocess post-installation script returned error exit status 1 NonfreeKernelModules: nvidia Package: mysql-server-5.0 5.0.67-0ubuntu6 SourcePackage: mysql-dfsg-5.0 Title: package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1 Uname: Linux 2.6.27-11-generic i686 ** Affects: mysql-dfsg-5.0 (Ubuntu) Importance: Undecided Status: New ** Tags: apport-package -- package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1 https://bugs.launchpad.net/bugs/324683 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 324683] Re: package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1
** Attachment added: Dependencies.txt http://launchpadlibrarian.net/21917966/Dependencies.txt ** Attachment added: DpkgTerminalLog.gz http://launchpadlibrarian.net/21917967/DpkgTerminalLog.gz -- package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1 https://bugs.launchpad.net/bugs/324683 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 185524] Re: ssh tunnel dies unexpectedly several times a day
resetting to new. Will confirm once another report from hardy or later comes in. ** Changed in: openssh (Ubuntu) Status: Incomplete = New -- ssh tunnel dies unexpectedly several times a day https://bugs.launchpad.net/bugs/185524 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 228229] [NEW] sshd profile does not work out-of-the-box
You have been subscribed to a public bug: Binary package hint: apparmor-profiles The apparmor profile for sshd provided by the apparmor-profiles package does not work out-of-the-box. Looking over syslog, it appears there are seven types of audit entries (one of each follows). Until this is fixed, the usr.sbin.sshd file in apparmor-profiles should have flags=(complain) added to it. May 8 08:23:26 darwin kernel: [136857.839011] audit(1210249406.803:56): type=1502 operation=inode_permission requested_mask=r:: denied_mask=r:: name=/etc/default/locale pid=21377 profile=/usr/sbin/sshd namespace=default May 8 08:23:29 darwin kernel: [136860.663589] audit(1210249409.633:71): type=1502 operation=inode_permission requested_mask=::r denied_mask=::r name=/etc/default/locale pid=21377 profile=/usr/sbin/sshd namespace=default May 8 08:23:26 darwin kernel: [136857.842204] audit(1210249406.803:58): type=1502 operation=inode_permission requested_mask=r:: denied_mask=r:: name=/proc/filesystems pid=21375 profile=/usr/sbin/sshd namespace=default May 8 08:23:26 darwin kernel: [136857.839817] audit(1210249406.803:57): type=1502 operation=inode_permission requested_mask=::r denied_mask=::r name=/proc/filesystems pid=21377 profile=/usr/sbin/sshd namespace=default May 8 09:33:21 darwin kernel: [141051.379421] audit(1210253601.703:83): type=1502 operation=file_lock requested_mask=k:: denied_mask=k:: name=/var/log/wtmp pid=21412 profile=/usr/sbin/sshd namespace=default May 8 08:23:26 darwin kernel: [136857.837856] audit(1210249406.803:55): type=1502 operation=inode_permission requested_mask=r:: denied_mask=r:: name=/var/run/motd pid=21377 profile=/usr/sbin/sshd namespace=default May 8 09:59:43 darwin kernel: [142632.555690] audit(1210255183.393:84): type=1502 operation=file_lock requested_mask=k:: denied_mask=k:: name=/var/run/utmp pid=21412 profile=/usr/sbin/sshd namespace=default ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- sshd profile does not work out-of-the-box https://bugs.edge.launchpad.net/bugs/228229 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 228229] Re: sshd profile does not work out-of-the-box
moving to openssh, since the patch is needed there? (I'm currently evaluating apparmor, so would like to confine sshd) ** Changed in: openssh (Ubuntu) Sourcepackagename: apparmor = openssh -- sshd profile does not work out-of-the-box https://bugs.launchpad.net/bugs/228229 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs