| 2013-08-21 15:36:40 |
Serge Hallyn |
bug |
|
|
added bug |
| 2013-08-21 15:37:17 |
Serge Hallyn |
apparmor (Ubuntu): status |
New |
Confirmed |
|
| 2013-08-21 17:01:00 |
Tim Gardner |
nominated for series |
|
Ubuntu Precise |
|
| 2013-08-21 17:01:00 |
Tim Gardner |
bug task added |
|
apparmor (Ubuntu Precise) |
|
| 2013-08-21 17:01:24 |
Tim Gardner |
apparmor (Ubuntu Precise): status |
New |
In Progress |
|
| 2013-08-21 17:01:24 |
Tim Gardner |
apparmor (Ubuntu Precise): assignee |
|
Tim Gardner (timg-tpi) |
|
| 2013-08-21 17:06:45 |
Tim Gardner |
attachment added |
|
This is a minimal fix to apparmor 2.8 for cache failures when the feature file is larger than the feature buffer used for cache version comparison. https://bugs.launchpad.net/ubuntu/precise/+source/apparmor/+bug/1214979/+attachment/3780927/+files/0041-parser-fix-flags.patch |
|
| 2013-08-21 17:08:26 |
Tim Gardner |
apparmor (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2013-08-26 16:35:14 |
Tim Gardner |
apparmor (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
| 2013-08-27 00:58:06 |
Seth Arnold |
attachment added |
|
apparmor_2.7.102-0ubuntu3.9.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1214979/+attachment/3789224/+files/apparmor_2.7.102-0ubuntu3.9.debdiff |
|
| 2013-08-27 01:08:03 |
Seth Arnold |
description |
The 0041-parser-fix-flags.patch patch from saucy's apparmor needs to be cherrypicked to precise. Without it, using the saucy upstream kernel, installing lxc gives me a "Feature buffer full" error message, and lxc postinst fails. |
[Impact]
* Users running Saucy or newer kernels on 12.04 LTS release cannot load
AppArmor profiles due to a fixed-size buffer in the apparmor_parser binary.
* As a result of this failure, lxc could not install, and no programs would
run confined, when a user installed a Saucy or newer kernel.
* This upload cherry picks a fix from Saucy that increases the size of the
fixed buffer from 1024 to 8192 bytes. This is expected to be large enough.
[Test Case]
* apt-add-repository ppa:ubuntu-x-swat/s-lts-backport
apt-get update
apt-get install linux-generic-lts-saucy
shutdown -r now
/etc/init.d/apparmor reload
apt-get install lxc
aa-status
* Without the fix, the reload and install lxc commands should fail, and
aa-status would report no loaded profiles.
With the fix, the reload and install lxc commands succeed, and
aa-status reports many loaded profiles.
[Regression Potential]
* If a future kernel requires more than 8192 bytes of buffer to describe
features, this will again break. The AppArmor 3.0 upstream release is
expected to dynamically allocate the size of this buffer if the buffer
should again prove to be too small, and such a hypothesized patch can be
cherry-picked again.
[Other Info]
* I revalidated this bug as well as 982619, 987578, and 1091642.
Thanks
Seth Arnold
[Original report]
The 0041-parser-fix-flags.patch patch from saucy's apparmor needs to be cherrypicked to precise. Without it, using the saucy upstream kernel, installing lxc gives me a "Feature buffer full" error message, and lxc postinst fails. |
|
| 2013-08-27 02:35:21 |
Seth Arnold |
description |
[Impact]
* Users running Saucy or newer kernels on 12.04 LTS release cannot load
AppArmor profiles due to a fixed-size buffer in the apparmor_parser binary.
* As a result of this failure, lxc could not install, and no programs would
run confined, when a user installed a Saucy or newer kernel.
* This upload cherry picks a fix from Saucy that increases the size of the
fixed buffer from 1024 to 8192 bytes. This is expected to be large enough.
[Test Case]
* apt-add-repository ppa:ubuntu-x-swat/s-lts-backport
apt-get update
apt-get install linux-generic-lts-saucy
shutdown -r now
/etc/init.d/apparmor reload
apt-get install lxc
aa-status
* Without the fix, the reload and install lxc commands should fail, and
aa-status would report no loaded profiles.
With the fix, the reload and install lxc commands succeed, and
aa-status reports many loaded profiles.
[Regression Potential]
* If a future kernel requires more than 8192 bytes of buffer to describe
features, this will again break. The AppArmor 3.0 upstream release is
expected to dynamically allocate the size of this buffer if the buffer
should again prove to be too small, and such a hypothesized patch can be
cherry-picked again.
[Other Info]
* I revalidated this bug as well as 982619, 987578, and 1091642.
Thanks
Seth Arnold
[Original report]
The 0041-parser-fix-flags.patch patch from saucy's apparmor needs to be cherrypicked to precise. Without it, using the saucy upstream kernel, installing lxc gives me a "Feature buffer full" error message, and lxc postinst fails. |
[Impact]
* Users running Saucy or newer kernels on 12.04 LTS release cannot load
AppArmor profiles due to a fixed-size buffer in the apparmor_parser binary.
* As a result of this failure, lxc could not install, and no programs would
run with AppArmor confinement, when a user installed a Saucy or newer kernel.
* This upload cherry picks a fix from Saucy that increases the size of the
fixed buffer from 1024 to 8192 bytes. This is expected to be large enough.
[Test Case]
* apt-add-repository ppa:ubuntu-x-swat/s-lts-backport
apt-get update
apt-get install linux-generic-lts-saucy
shutdown -r now
/etc/init.d/apparmor reload
apt-get install lxc
aa-status
* Without the fix, the reload and install lxc commands fail, and
aa-status would report no loaded profiles.
With the fix, the reload and install lxc commands succeed, and
aa-status reports many loaded profiles.
[Regression Potential]
* If a future kernel requires more than 8192 bytes of buffer to describe
features, this will again break. The AppArmor 3.0 upstream release is
expected to dynamically allocate the size of this buffer if the buffer
should again prove to be too small, and such a hypothesized patch can be
cherry-picked again.
[Other Info]
* I verified this bug as well as #982619, #987578, and #1091642.
Thanks
Seth Arnold
[Original report]
The 0041-parser-fix-flags.patch patch from saucy's apparmor needs to be cherrypicked to precise. Without it, using the saucy upstream kernel, installing lxc gives me a "Feature buffer full" error message, and lxc postinst fails. |
|
| 2013-08-27 19:58:59 |
Adam Conrad |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2013-08-27 19:59:03 |
Adam Conrad |
bug |
|
|
added subscriber SRU Verification |
| 2013-08-27 19:59:11 |
Adam Conrad |
tags |
|
verification-needed |
|
| 2013-08-27 20:08:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/apparmor |
|
| 2013-08-27 22:57:08 |
Seth Arnold |
tags |
verification-needed |
verification-done |
|
| 2013-08-28 07:15:15 |
Jan Kellermann |
bug |
|
|
added subscriber Jan Kellermann |
| 2013-09-04 15:19:11 |
Launchpad Janitor |
apparmor (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2013-09-04 15:19:17 |
Colin Watson |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2015-09-29 10:06:15 |
gustavo panizzo |
bug |
|
|
added subscriber gustavo panizzo |
