2015-05-29 16:45:03 |
Michael Vogt |
bug |
|
|
added bug |
2015-05-29 17:02:18 |
Michael Vogt |
description |
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build. |
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
|
2015-05-29 18:40:37 |
Ricardo Salveti |
nominated for series |
|
snappy/15.04 |
|
2015-05-29 18:40:37 |
Ricardo Salveti |
bug task added |
|
snappy/15.04 |
|
2015-05-29 18:40:44 |
Ricardo Salveti |
snappy/15.04: milestone |
|
15.04.1 |
|
2015-05-29 18:48:16 |
Michael Vogt |
description |
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
|
2015-05-29 18:55:15 |
Michael Vogt |
description |
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
The apparmor cache gets confused easily on upgrade.
Here is what happens:
- boot stable, /etc/apparmor.d/cache/usr.bin.ubuntu-core-launcher is mtime of now because we generate the cache on boot
- upgrade to edge, /etc/apparmor.d/usr.bin.ubuntu-core-launcher is updated and has the mtime of T (yesterday) when the file was put into the package
- on the next reboot the apparmor_parser compares the mtime of the cache/usr.bin.ubuntu-core-launcher (very very recent) with the mtime of the souce usr.bin.ubuntu-core-launcher (much older)
-> cache does is *not* re-generate
Possible solution:
- clear cache on upgrade
- make apparmor_parser use mtime of the source file
Original description:
----------------------
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
|
2015-05-29 18:55:30 |
Michael Vogt |
description |
The apparmor cache gets confused easily on upgrade.
Here is what happens:
- boot stable, /etc/apparmor.d/cache/usr.bin.ubuntu-core-launcher is mtime of now because we generate the cache on boot
- upgrade to edge, /etc/apparmor.d/usr.bin.ubuntu-core-launcher is updated and has the mtime of T (yesterday) when the file was put into the package
- on the next reboot the apparmor_parser compares the mtime of the cache/usr.bin.ubuntu-core-launcher (very very recent) with the mtime of the souce usr.bin.ubuntu-core-launcher (much older)
-> cache does is *not* re-generate
Possible solution:
- clear cache on upgrade
- make apparmor_parser use mtime of the source file
Original description:
----------------------
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
The apparmor cache gets confused easily on upgrade.
Here is what happens:
- boot stable, /etc/apparmor.d/cache/usr.bin.ubuntu-core-launcher is mtime of now because we generate the cache on boot
- upgrade to edge, /etc/apparmor.d/usr.bin.ubuntu-core-launcher is updated and has the mtime of T (yesterday) when the file was put into the package
- on the next reboot the apparmor_parser compares the mtime of the cache/usr.bin.ubuntu-core-launcher (very very recent) with the mtime of the souce usr.bin.ubuntu-core-launcher (much older)
-> cache does is *not* re-generate
Possible solution:
- clear cache on upgrade
- make apparmor_parser use mtime of the source file used to generate the cache
Original description:
----------------------
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
|
2015-05-29 18:57:14 |
Michael Vogt |
summary |
(sometimes?) becomes confused about apparmor rules for ubuntu-core-launcher |
apparmor cache not updated when apparmor.d rules change |
|
2015-05-29 18:58:23 |
Michael Vogt |
snappy: importance |
Undecided |
Critical |
|
2015-05-29 18:58:24 |
Michael Vogt |
snappy/15.04: importance |
Undecided |
Critical |
|
2015-05-29 18:58:44 |
Michael Vogt |
summary |
apparmor cache not updated when apparmor.d rules change |
apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates) |
|
2015-06-01 10:54:29 |
Launchpad Janitor |
branch linked |
|
lp:livecd-rootfs |
|
2015-06-01 10:55:46 |
Michael Vogt |
snappy: status |
New |
In Progress |
|
2015-06-03 07:53:40 |
Michael Vogt |
snappy/15.04: status |
New |
In Progress |
|
2015-06-03 09:04:26 |
Michael Vogt |
attachment added |
|
proof of concept patch for apparmor parser https://bugs.launchpad.net/snappy/+bug/1460152/+attachment/4409034/+files/lp1460152-apparmor.diff |
|
2015-06-03 09:04:35 |
Michael Vogt |
bug task added |
|
apparmor (Ubuntu) |
|
2015-06-03 09:05:35 |
Michael Vogt |
description |
The apparmor cache gets confused easily on upgrade.
Here is what happens:
- boot stable, /etc/apparmor.d/cache/usr.bin.ubuntu-core-launcher is mtime of now because we generate the cache on boot
- upgrade to edge, /etc/apparmor.d/usr.bin.ubuntu-core-launcher is updated and has the mtime of T (yesterday) when the file was put into the package
- on the next reboot the apparmor_parser compares the mtime of the cache/usr.bin.ubuntu-core-launcher (very very recent) with the mtime of the souce usr.bin.ubuntu-core-launcher (much older)
-> cache does is *not* re-generate
Possible solution:
- clear cache on upgrade
- make apparmor_parser use mtime of the source file used to generate the cache
Original description:
----------------------
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
The apparmor cache gets confused easily on upgrade.
Here is what happens:
- boot stable, /etc/apparmor.d/cache/usr.bin.ubuntu-core-launcher is mtime of now because we generate the cache on boot
- upgrade to edge, /etc/apparmor.d/usr.bin.ubuntu-core-launcher is updated and has the mtime of T (yesterday) when the file was put into the package
- on the next reboot the apparmor_parser compares the mtime of the cache/usr.bin.ubuntu-core-launcher (very very recent) with the mtime of the souce usr.bin.ubuntu-core-launcher (much older)
-> cache does is *not* re-generate
Possible solution:
- clear cache on upgrade
- make apparmor_parser store mtime of the source file in the header
- make apparmor_parser use set the cache file to the mtime of the source file used to generate the cache and re-generate if those get out-of-sync
Original description:
----------------------
Rick Spencer ran into the situation that he ended up with a snappy image that gave the following error:
"""
apparmor="DENIED" operation="mkdir" profile="/usr/bin/ubuntu-core-launcher" name="/tmp/snap.0_pastebinit.mvo_em33Zz/" pid=1092 comm="ubuntu-core-lau" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
"""
Running:
$ sudo apparmor_parser --skip-cache -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
fixes it.
This strongly indicates that the cache has the old content and did not get re-generated on upgrade or image build.
I also managed to reproduce this via:
15.04/stable->15.04/edge
The image is here: https://drive.google.com/open?id=0B1sb5ymdUGiLa0tUR0pGV3lzR1k&authuser=0 |
|
2015-06-03 11:40:49 |
Michael Vogt |
snappy/15.04: status |
In Progress |
Fix Committed |
|
2015-06-03 12:20:03 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2015-06-03 13:05:23 |
Michael Vogt |
snappy/15.04: status |
Fix Committed |
In Progress |
|
2015-06-04 04:53:54 |
Ricardo Salveti |
snappy: assignee |
|
Michael Vogt (mvo) |
|
2015-06-04 04:54:00 |
Ricardo Salveti |
snappy/15.04: assignee |
|
Michael Vogt (mvo) |
|
2015-06-04 20:41:14 |
Sergio Schvezov |
branch linked |
|
lp:~mvo/snappy/snappy-lp1460152-workaround |
|
2015-06-05 08:05:02 |
Michael Vogt |
branch linked |
|
lp:~mvo/ubuntu/vivid/ubuntu-core-config/lp1460152-workaround |
|
2015-06-08 05:53:41 |
Michael Vogt |
snappy/15.04: status |
In Progress |
Fix Committed |
|
2015-06-08 07:39:04 |
John Johansen |
attachment added |
|
0001-Use-mtime-instead-of-ctime-for-cache-file.patch https://bugs.launchpad.net/snappy/+bug/1460152/+attachment/4411426/+files/0001-Use-mtime-instead-of-ctime-for-cache-file.patch |
|
2015-06-08 07:39:26 |
John Johansen |
attachment added |
|
0002-Set-cache-file-tstamp-to-the-mtime-of-most-recent-po.patch https://bugs.launchpad.net/snappy/+bug/1460152/+attachment/4411427/+files/0002-Set-cache-file-tstamp-to-the-mtime-of-most-recent-po.patch |
|
2015-06-11 01:02:54 |
Ricardo Salveti |
snappy/15.04: status |
Fix Committed |
Fix Released |
|
2015-06-15 19:11:47 |
John Johansen |
attachment added |
|
foo.diff https://bugs.launchpad.net/snappy/+bug/1460152/+attachment/4415266/+files/foo.diff |
|
2015-06-18 12:36:08 |
Michael Vogt |
snappy: status |
In Progress |
Fix Committed |
|
2015-06-22 21:06:56 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/wily-proposed/ubuntu-core-config |
|
2015-07-02 19:55:36 |
Ricardo Salveti |
snappy/15.04: status |
Fix Released |
Fix Committed |
|
2015-07-02 19:55:38 |
Ricardo Salveti |
snappy/15.04: milestone |
15.04.1 |
15.04.2 |
|
2015-07-02 19:55:41 |
Ricardo Salveti |
snappy: status |
Fix Committed |
Fix Released |
|
2015-07-02 19:55:48 |
Ricardo Salveti |
apparmor (Ubuntu): status |
New |
Fix Released |
|
2015-07-29 03:16:16 |
Ricardo Salveti |
snappy/15.04: status |
Fix Committed |
Fix Released |
|