locking sockets broken due to missing AppArmor socket mediation patches

Bug #1780227 reported by Christian Brauner on 2018-07-05
94
This bug affects 30 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Critical
Unassigned
Xenial
Critical
Unassigned
Bionic
Critical
Unassigned
linux (Ubuntu)
Critical
John Johansen
Xenial
Critical
John Johansen
Bionic
Critical
John Johansen

Bug Description

Hey,

Newer systemd makes use of locks placed on AF_UNIX sockets created with the socketpair() syscall to synchronize various bits and pieces when isolating services. On kernels prior to 4.18 that do not have backported the AppArmor socket mediation patchset this will cause the locks to be denied with EACCESS. This causes systemd to be broken in LXC and LXD containers that do not run unconfined which is a pretty big deal. We have seen various bug reports related to this. See for example [1] and [2].

If feasible it would be excellent if we could backport the socket mediation patchset to all LTS kernels. Afaict, this should be 4.4 and 4.15. This will unbreak a whole range of use-cases.

The socket mediation patchset is available here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4

[1]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779
[2]: https://github.com/systemd/systemd/issues/9493

Thanks!
Christian

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1780227

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → High
Changed in linux (Ubuntu):
status: Confirmed → Triaged
Changed in linux (Ubuntu Xenial):
status: New → Triaged
Changed in linux (Ubuntu Bionic):
status: New → Triaged
Changed in linux (Ubuntu Xenial):
importance: Undecided → High
Changed in linux (Ubuntu Bionic):
importance: Undecided → High
tags: added: bionic kernel-da-key xenial
John Johansen (jjohansen) wrote :

The 4.17 patch set did not have any changes that should affect this. I will have to investigate what is going on further. At this time DO NOT backport the 4.17 patchset.

On Thu, Jul 05, 2018 at 04:16:20PM -0000, John Johansen wrote:
> The 4.17 patch set did not have any changes that should affect this. I
> will have to investigate what is going on further. At this time DO NOT
> backport the 4.17 patchset.

Thanks John. Sorry for jumping the gun then.
What is weird though is that this bug is present in prior kernels and
gone with 4.17 and there's a bunch of socket related codepaths that
would explain the changed behavior. In any case, thanks for helping!

John Johansen (jjohansen) wrote :

Okay, so lets split this between upstream and ubuntu kernels

previous upstream kernels did not have socket mediation and could NOT have generated the denial message being seen.

Jul 04 15:11:11 host audit[28404]: AVC apparmor="DENIED" operation="file_lock" profile="lxc-container-default-cgns" pid=28404 comm="(true)" family="unix" sock_type="dgram" protocol=0 addr=none

4.17 has socket mediation code but there is no released userspace that supports it. It requires apparmor 3 dev, so in all existing userspaces the 4.17 socket mediation is not being enforced.

The ubuntu kernels Xenial and Bionic carry a variant of the socket mediation patch that is in 4.17 but with a different abi. The ubuntu 4.17 kernel carries a compatibility patch and will have the Bionic and Xenial behavior under current 2.x apparmor userspaces.

The correct solution looks to be patching the current 2.x userspace to support locking on abstract and anonymous sockets

Wolfgang Bumiller (wbumiller) wrote :

I suppose that would that be an ubuntu-specific patch for apparmor
userspace? I'm assuming the ABI tells userspace which features are
supported, unless this particular feature can be tested for some other
way? Would the patched userspace know not to use these features under
this ABI in a future 4.18+ kernel or a non-Ubuntu pre-4.17 kernel?
I'm just a bit worried about the upgrade path here.

John Johansen (jjohansen) wrote :

You are correct that the kernel reports a supported abi, and currently the abi does not export that it is supporting link mediation for sockets. However the kernel is currently enforcing link mediation on sockets and there are reasons to want to continue to do so.

The plan would be to let the parser know that existing kernel abis have a quirk where they are not correctly advertising the abi. The parser would then correctly generate policy for both old and new kernels.

The patch would be rolled out in upstream apparmor point releases
2.10.4, 2.11.2, 2.12.1, and 2.13.1, as well as being dropped into supported ubuntu releases. Suse and Debian will pickup the bug fixes from upstream, they are fairly good about picking up point release bug fixes.

Updating the userspace probably provides us the widest roll out of the fix possible.

Changed in linux (Ubuntu):
importance: High → Critical
Dimitri John Ledkov (xnox) wrote :

I still observe this bug in Cosmic with v4.17.0-5 kernel from cosmic-proposed.

Dimitri John Ledkov (xnox) wrote :

Ah, I need 2.12.1 apparmor as well, which is not in the archive yet.

tags: added: block-proposed
Changed in linux (Ubuntu):
status: Triaged → Invalid
Changed in linux (Ubuntu Xenial):
status: Triaged → Invalid
Changed in linux (Ubuntu Bionic):
status: Triaged → Invalid
Changed in apparmor (Ubuntu):
status: New → Triaged
Changed in apparmor (Ubuntu Xenial):
status: New → Triaged
Changed in apparmor (Ubuntu Bionic):
status: New → Triaged
Changed in apparmor (Ubuntu):
importance: Undecided → Critical
Changed in apparmor (Ubuntu Xenial):
importance: Undecided → Critical
Changed in apparmor (Ubuntu Bionic):
importance: Undecided → Critical
Changed in linux (Ubuntu):
importance: Critical → Undecided
Changed in linux (Ubuntu Xenial):
importance: High → Undecided
Changed in linux (Ubuntu Bionic):
importance: High → Undecided
Changed in apparmor (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in apparmor (Ubuntu Xenial):
assignee: nobody → John Johansen (jjohansen)
Changed in apparmor (Ubuntu Bionic):
assignee: nobody → John Johansen (jjohansen)
Stéphane Graber (stgraber) wrote :

Per discussion above:
 - Closing the kernel tasks
 - Raising priority on apparmor tasks to Critical (to match what kernel had)
 - Assigning to jjohansen as the AppArmor maintainer

As we care about xenial, bionic and cosmic, we need point releases (or cherry-pick) for:
 - AppArmor 2.10 (2.10.95 in xenial)
 - AppArmor 2.12 (2.12 in bionic and cosmic)

John: Any ETA for those two point releases or pointer to a commit which we could SRU on its own?

For now our focus is obviously on getting this resolved in Ubuntu as soon as possible, since it's breaking a number of systemd services that are now (18.04) shipping with more confinement than in the past. The same issue is also currently preventing us from starting newer Fedora and Arch containers on Ubuntu.

Our standard response so far has been to tell users to turn off AppArmor for those containers, but it's obviously not an answer we like to give (I'm sure you'll agree).

Stéphane Graber (stgraber) wrote :

In preparation for an SRU, here is a minimal C testcase provided by Wolfgang Bumiller:

```
/*
# apparmor_parser -r /etc/apparmor.d/bug-profile
# (tested without the flags here as well btw.)
profile bug-profile flags=(attach_disconnected,mediate_deleted) {
   network,
   file,
   unix,
}

# gcc this.c
# ./a.out
lock = 2 (Success)
# aa-exec -p bug-profile ./a.out
lock = 2 (Permission denied)

kernel: audit: type=1400 audit(1530774919.510:93): apparmor="DENIED" operation="file_lock" profile="bug-profile" pid=21788 comm="a.out" family="unix" sock_type="dgram" protocol=0 addr=none
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/file.h>

int
main(int argc, char **argv)
{
 int sp[2];
 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sp) != 0) {
  perror("socketpair");
  exit(1);
 }
 int rc = flock(sp[0], LOCK_EX);
 printf("lock = %i (%m)\n");

 close(sp[0]);
 close(sp[1]);
 return 0;
}
```

Another very easy way to reproduce the issue is to run "hostnamectl status" inside a container which will hang as the systemd unit (socket activated) will fail to trigger.

Dimitri John Ledkov (xnox) wrote :

Blocking launching (in useful ways) Debian testing & sid containers on Ubuntu as well.

tags: removed: block-proposed
John Johansen (jjohansen) wrote :

I will try to get the point releases out today.

Stéphane Graber (stgraber) wrote :

@John any update on the point releases?

John Johansen (jjohansen) wrote :

Sadly we ran into two separate issues.

1. the kernel mapping of the permission won't allow the lock perm to be carried through on all kernels.

I have a patch for it now, but pita

2. the release process needed some updating to uhm work with the move to git and gitlab as hosting.

So with the above issues I have come up with an alternative kernel patch that just ignores the lock perm for now. I don't like it but it will get the fix out faster, and the original reasoning to do a userspace fix is faulty so going with only a kernel fix is better.

I am going to split off the userspace lock perm and the needed kernel mapping fix to a separate bug and we will keep this one for the kernel solution that ignores lock permission requests on none fs based unix socakets.

Stéphane Graber (stgraber) wrote :

Ok, thanks for the update. I've now updated the bug once again to move all the tasks over to the kernel. Can you attach the kernel patch here when you can, I'm sure some of the subscribers may want to test this ahead of the Ubuntu kernel fixes :)

Changed in linux (Ubuntu):
importance: Undecided → Critical
Changed in linux (Ubuntu Xenial):
importance: Undecided → Critical
Changed in linux (Ubuntu Bionic):
importance: Undecided → Critical
Changed in linux (Ubuntu):
status: Invalid → Triaged
Changed in linux (Ubuntu Xenial):
status: Invalid → Triaged
Changed in linux (Ubuntu Bionic):
status: Invalid → Triaged
Changed in apparmor (Ubuntu):
status: Triaged → Invalid
Changed in apparmor (Ubuntu Xenial):
status: Triaged → Invalid
Changed in apparmor (Ubuntu Bionic):
status: Triaged → Invalid
Changed in apparmor (Ubuntu):
assignee: John Johansen (jjohansen) → nobody
Changed in apparmor (Ubuntu Xenial):
assignee: John Johansen (jjohansen) → nobody
Changed in apparmor (Ubuntu Bionic):
assignee: John Johansen (jjohansen) → nobody
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux (Ubuntu Xenial):
assignee: nobody → John Johansen (jjohansen)
Changed in linux (Ubuntu Bionic):
assignee: nobody → John Johansen (jjohansen)
Christian Brauner (cbrauner) wrote :
Download full text (3.4 KiB)

On Fri, Jul 27, 2018, 21:21 Stéphane Graber <email address hidden> wrote:

> Ok, thanks for the update. I've now updated the bug once again to move
> all the tasks over to the kernel. Can you attach the kernel patch here
> when you can, I'm sure some of the subscribers may want to test this
> ahead of the Ubuntu kernel fixes :)
>

Might make sense to cc Lennart as he has a stake in this too. :)

> ** Changed in: linux (Ubuntu)
> Importance: Undecided => Critical
>
> ** Changed in: linux (Ubuntu Xenial)
> Importance: Undecided => Critical
>
> ** Changed in: linux (Ubuntu Bionic)
> Importance: Undecided => Critical
>
> ** Changed in: linux (Ubuntu)
> Status: Invalid => Triaged
>
> ** Changed in: linux (Ubuntu Xenial)
> Status: Invalid => Triaged
>
> ** Changed in: linux (Ubuntu Bionic)
> Status: Invalid => Triaged
>
> ** Changed in: apparmor (Ubuntu)
> Status: Triaged => Invalid
>
> ** Changed in: apparmor (Ubuntu Xenial)
> Status: Triaged => Invalid
>
> ** Changed in: apparmor (Ubuntu Bionic)
> Status: Triaged => Invalid
>
> ** Changed in: apparmor (Ubuntu)
> Assignee: John Johansen (jjohansen) => (unassigned)
>
> ** Changed in: apparmor (Ubuntu Xenial)
> Assignee: John Johansen (jjohansen) => (unassigned)
>
> ** Changed in: apparmor (Ubuntu Bionic)
> Assignee: John Johansen (jjohansen) => (unassigned)
>
> ** Changed in: linux (Ubuntu)
> Assignee: (unassigned) => John Johansen (jjohansen)
>
> ** Changed in: linux (Ubuntu Xenial)
> Assignee: (unassigned) => John Johansen (jjohansen)
>
> ** Changed in: linux (Ubuntu Bionic)
> Assignee: (unassigned) => John Johansen (jjohansen)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1780227
>
> Title:
> locking sockets broken due to missing AppArmor socket mediation
> patches
>
> Status in apparmor package in Ubuntu:
> Invalid
> Status in linux package in Ubuntu:
> Triaged
> Status in apparmor source package in Xenial:
> Invalid
> Status in linux source package in Xenial:
> Triaged
> Status in apparmor source package in Bionic:
> Invalid
> Status in linux source package in Bionic:
> Triaged
>
> Bug description:
> Hey,
>
> Newer systemd makes use of locks placed on AF_UNIX sockets created
> with the socketpair() syscall to synchronize various bits and pieces
> when isolating services. On kernels prior to 4.18 that do not have
> backported the AppArmor socket mediation patchset this will cause the
> locks to be denied with EACCESS. This causes systemd to be broken in
> LXC and LXD containers that do not run unconfined which is a pretty
> big deal. We have seen various bug reports related to this. See for
> example [1] and [2].
>
> If feasible it would be excellent if we could backport the socket
> mediation patchset to all LTS kernels. Afaict, this should be 4.4 and
> 4.15. This will unbreak a whole range of use-cases.
>
> The socket mediation patchset is available here:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4
>
>
> [1]: ht...

Read more...

John Johansen (jjohansen) wrote :

I have placed ubuntu test kernels for xenial and bionic in

  http://people.canonical.com/~jj/lp1780227/

the patch is attached

tags: added: patch
Dimitri John Ledkov (xnox) wrote :

v4.15 kernel works for me, as proposed.

Would a similar thing be needed in the v4.17 kernel that is in cosmic-proposed?

Wolfgang Bumiller (wbumiller) wrote :

Can confirm that the patch seems to work on 4.15. No "denied" "file_lock" log-spam when starting ArchLinux containers anymore, and they seem to be behaving as expected again.

Stéphane Graber (stgraber) wrote :

I tested on two systems, one clean xenial and one clean bionic, both running the current stable LXD snap with latest ArchLinux and Debian containers. On both of them, upgrading to the kernels provided by John fixed the file_lock denials and made the containers boot again.

So as far as I'm concerned, we're good to start pushing this to Ubuntu kernels.

Changed in linux (Ubuntu Xenial):
status: Triaged → Fix Committed
Changed in linux (Ubuntu Bionic):
status: Triaged → Fix Committed
Seth Forshee (sforshee) on 2018-08-01
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
tags: added: verification-done-xenial
removed: verification-needed-bionic verification-needed-xenial
tags: added: verification-done-bionic
Launchpad Janitor (janitor) wrote :
Download full text (30.8 KiB)

This bug was fixed in the package linux - 4.17.0-7.8

---------------
linux (4.17.0-7.8) cosmic; urgency=medium

  * linux: 4.17.0-7.8 -proposed tracker (LP: #1785242)

  * Cosmic update to 4.17.12 stable release (LP: #1785211)
    - spi: spi-s3c64xx: Fix system resume support
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - mm: disallow mappings that conflict for devm_memremap_pages()
    - kvm, mm: account shadow page tables to kmemcg
    - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
    - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
    - mlxsw: spectrum_switchdev: Fix port_vlan refcounting
    - kcov: ensure irq code sees a valid area
    - mm: check for SIGKILL inside dup_mmap() loop
    - drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2)
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - hv_netvsc: fix network namespace issues with VF support
    - skip LAYOUTRETURN if layout is invalid
    - ixgbe: Fix setting of TC configuration for macvlan case
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
    - nfsd: fix error handling in nfs4_set_delegation()
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - vfio: platform: Fix reset module leak in error path
    - vfio/mdev: Check globally for duplicate devices
    - vfio/type1: Fix task tracking for QEMU vCPU hotplug
    - kernel/hung_task.c: show all hung tasks before panic
    - mem_cgroup: make sure moving_account, move_lock_task and stat_cpu in the
      same cacheline
    - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - rxrpc: Fix terminal retransmission connection ID to include the channel
    - perf tools: Fix pmu events parsing rule
    - netfilter: ipset: forbid family for hash:mac sets
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - irqchip/ls-scfg-msi: Map MSIs in the iommu
    - watchdog: da9063: Fix updating timeout value
    - media: arch: sh: migor: Fix TW9910 PDN gpio
    - printk: drop in_nmi check from printk_safe_flush_on_panic()
    - bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
    - ceph: fix alignment of rasize
    - ceph: fix use-after-free in ceph_statfs()
    - e1000e: Ignore TSYNCRXCTL when getting I219...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (35.6 KiB)

This bug was fixed in the package linux - 4.15.0-33.36

---------------
linux (4.15.0-33.36) bionic; urgency=medium

  * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)

  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"

  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390

  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process

  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes

  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook

  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5

  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode

  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules

  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound

  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3

  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

  * Cephfs + fscache: unab...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (16.4 KiB)

This bug was fixed in the package linux - 4.4.0-134.160

---------------
linux (4.4.0-134.160) xenial; urgency=medium

  * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

  * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
    - Introduce v3 namespaced file capabilities
    - commoncap: move assignment of fs_ns to avoid null pointer dereference
    - capabilities: fix buffer overread on very short xattr
    - commoncap: Handle memory allocation failure.

  * Xenial update to 4.4.140 stable release (LP: #1784409)
    - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
    - USB: serial: cp210x: add CESINEL device ids
    - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
    - n_tty: Fix stall at n_tty_receive_char_special().
    - staging: android: ion: Return an ERR_PTR in ion_map_kernel
    - n_tty: Access echo_* variables carefully.
    - x86/boot: Fix early command-line parsing when matching at end
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - i2c: rcar: fix resume by always initializing registers before transfer
    - ipv4: Fix error return value in fib_convert_metrics()
    - kprobes/x86: Do not modify singlestep buffer while resuming
    - nvme-pci: initialize queue memory before interrupts
    - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
    - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
    - ubi: fastmap: Correctly handle interrupted erasures in EBA
    - mm: hugetlb: yield when prepping struct pages
    - tracing: Fix missing return symbol in function_graph output
    - scsi: sg: mitigate read/write abuse
    - s390: Correct register corruption in critical section cleanup
    - drbd: fix access after free
    - cifs: Fix infinite loop when using hard mount option
    - jbd2: don't mark block as modified if the handle is out of credits
    - ext4: make sure bitmaps and the inode table don't overlap with bg
      descriptors
    - ext4: always check block group bounds in ext4_init_block_bitmap()
    - ext4: only look at the bg_flags field if it is valid
    - ext4: verify the depth of extent tree in ext4_find_extent()
    - ext4: include the illegal physical block in the bad map ext4_error msg
    - ext4: clear i_data in ext4_inode_info when removing inline data
    - ext4: add more inode number paranoia checks
    - ext4: add more mount time checks of the superblock
    - ext4: check superblock mapped prior to committing
    - HID: i2c-hid: Fix "incomplete report" noise
    - HID: hiddev: fix potential Spectre v1
    - HID: debug: check length before copy_to_user()
    - x86/mce: Detect local MCEs properly
    - x86/mce: Fix incorrect "Machine check from unknown source" message
    - media: cx25840: Use subdev host data for PLL override
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - dm bufio: avoid sleeping while holding the dm_bufio lock
    - dm bufio: drop the lock when doing GFP_NOIO allocation
    - mtd: rawnand: mxc: set spa...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released

Thanks John for having that already fixed.
I wanted to let everybody subscribed here know that as of today Cosmic has the new systemd 239.
That said people (like me) who reboot rarely and still have a kernel before that will from now on see this when booting a cosmic container:

# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2018-08-29 10:39:04 UTC; 10min ago

And obviously name resolution in there is broken due to that.

I hope people will find bug 1789627 and not debug too long on their own to eventually get here.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.