Quasselcore apparmor profile issue in lxd container.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Invalid
|
Undecided
|
Unassigned | ||
apparmor (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Groovy |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Invalid
|
Undecided
|
Unassigned | ||
Kinetic |
Invalid
|
Undecided
|
Unassigned | ||
quassel (Ubuntu) |
Fix Released
|
Medium
|
Dave Jones | ||
Bionic |
Fix Released
|
Medium
|
Dan Streetman | ||
Focal |
Fix Released
|
Medium
|
Dan Streetman | ||
Groovy |
Fix Released
|
Medium
|
Dan Streetman | ||
Jammy |
Fix Released
|
Undecided
|
Dave Jones | ||
Kinetic |
Fix Released
|
Medium
|
Dave Jones |
Bug Description
[impact]
quasselcore cannot start inside lxd container
[test case]
create lxd container, install quassel-core, check quasselcore service:
$ systemctl status quasselcore
● quasselcore.service - distributed IRC client using a central core component
Loaded: loaded (/lib/systemd/
Active: failed (Result: signal) since Tue 2020-06-30 18:32:40 UTC; 4s ago
Docs: man:quasselcore(1)
Process: 3853 ExecStart=
Main PID: 3853 (code=killed, signal=SEGV)
Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.
Jun 30 18:32:40 lp1814302-f systemd[1]: Stopped distributed IRC client using a central core component.
Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.
Jun 30 18:32:40 lp1814302-f systemd[1]: quasselcore.
Jun 30 18:32:40 lp1814302-f systemd[1]: Failed to start distributed IRC client using a central core component.
Also, the binary will segfault when run directly due to apparmor denials:
$ /usr/bin/
Segmentation fault
[760149.590802] audit: type=1400 audit(159354207
[regression potential]
this expands the apparmor profile, so any regression would likely involve problems while starting due to apparmor.
[scope]
this is needed for b/f/g.
this is also needed for e, but that is EOL in weeks and this is not important enough to bother there.
[original description]
Fresh install of Ubuntu 18.04. lxd installed from snap. Fresh 18.04 container. Everything up todate via apt.
Install quassel-core. Service will not start.
Set "aa-complain /usr/bin/
I then added "/usr/bin/
Set "aa-enforce /usr/bin/
Quasselcore service now starts and I can connect to it.
Changed in apparmor (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in apparmor (Ubuntu Focal): | |
status: | New → Invalid |
Changed in apparmor (Ubuntu Groovy): | |
status: | Confirmed → Invalid |
Changed in apparmor: | |
status: | New → Invalid |
Changed in quassel (Ubuntu Focal): | |
status: | New → In Progress |
Changed in quassel (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in quassel (Ubuntu Groovy): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in quassel (Ubuntu Focal): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in quassel (Ubuntu Bionic): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in quassel (Ubuntu Groovy): | |
importance: | Undecided → Medium |
Changed in quassel (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in quassel (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in quassel (Ubuntu Groovy): | |
status: | Confirmed → In Progress |
description: | updated |
Status changed to 'Confirmed' because the bug affects multiple users.