Ubuntu
linux package

IPv6 cannot be disabled on Jaunty

Bug #351656 reported by Augusto Santos
326
This bug affects 10 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Medium
Unassigned
Jaunty
Fix Released
Medium
Stefan Bader
Karmic
Invalid
Medium
Unassigned

Bug Description

SRU Justification:

Impact: The method to disable IPV6 in Jaunty does not work, which does not allow systgem administrators to disable it on specific systems.

Fix: Patch from upstream which fixes the disable_ipv6 method.

Testcase: Try to disable ipv6 for a system with echo 1 >/proc/sys/net/ipv6/conf/all/disable_ipv6

=====

When using sysctl to disable IPv6, it doesn't work. The command I used is the following:
sysctl -w net.ipv6.conf.all.disable_ipv6=1

Looking around it seens this a bug in the linux kernel, which already has a fix, as described here: http://patchwork.ozlabs.org/patch/24127/

Please, backport this patch so IPv6 can easily be disabled on Jaunty!

I'm running Jaunty beta, updated as of 29/03/2009. Any details needed I'll be glad to provide.

See original description
Revision history for this message
67GTA (67gta) wrote :

There is a patch to correct this: http://patchwork.ozlabs.org/patch/24127/

Revision history for this message
Ancoron Luziferis (ancoron) wrote :

Can confirm this in the final version.

Kernel 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009.

Augusto Santos (mkhaos7)
Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Jonas (jojje) wrote :

What's the schedule for making this fix available in the the Jaunty apt-repository?
Will it be included in linux-image-2.6.28-12 kernels?

Revision history for this message
joshis (joshis-czech) wrote :

joshis@joshis-desktop:~$ uname -a
Linux joshis-desktop 2.6.28-13-generic #44-Ubuntu SMP Tue Jun 2 07:55:09 UTC 2009 x86_64 GNU/Linux

Still present here - I am also interested about when the fix is delivered. :o(

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Another patch which is likely desirable to go with this one is:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe7ca2e1e847b65c12d245cbf402af89da96888a

This should allow "ipv6.disable=1" to work on the kernel command line. This is not need in Karmic, only Jaunty.

Jamie Strandboge (jdstrand)
security vulnerability: no → yes
summary: - sysctl doesn't disable IPv6 on Jaunty
+ IPv6 cannot be disabled on Jaunty
Changed in linux (Ubuntu):
importance: Undecided → High
importance: High → Medium
Changed in linux (Ubuntu Jaunty):
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Karmic is at 2.6.31 which is not affected.

Changed in linux (Ubuntu Karmic):
status: Confirmed → Invalid
Changed in linux (Ubuntu Jaunty):
importance: Undecided → Medium
Revision history for this message
Jonas (jojje) wrote :

Jamie, why hasn't the patch you linked to @ #5 been applied yet to the Jaunty kernel?
It applies as linked hunked with 104 line offset which should make applying it to the main line kernel a 5 minute job.
I'd wager it's taken you longer to change the status of this ticket back and fort:)

What's the hold up? Any status update would be greatly appreciated.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This should be in the next security update for Jaunty's kernel.

Leann Ogasawara (leannogasawara)
Changed in linux (Ubuntu Jaunty):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
Revision history for this message
pet (pet-mueller1) wrote :

one of the most annoying failures in ubuntu. after so many years and releases it is still a hot topic and will probably not been solved in future releases too. on for this 100 failure list. i can't belive it, it does stress me every day. thanks

Leann Ogasawara (leannogasawara)
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Jaunty):
status: Triaged → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted linux into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Revision history for this message
Marcel de Vries (carresmd-deactivatedaccount) wrote :

Confirmed, adding 'ipv6.disable=1' to the kernel line now disabled ipv6. Thank you!

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-15.52

---------------
linux (2.6.28-15.52) jaunty-proposed; urgency=low

  [ Stefan Bader ]

  * Revert "SAUCE: ACPI: Populate DIDL before registering ACPI video device
    on Intel"
    - LP: #423296
  * SAUCE: Allow less restrictive acpi video detection
    - LP: #333386

  [ Upstream Kernel Changes ]

  * include drivers/pci/hotplug/* in -virtual package
    - LP: #364916
  * ext4: don't call jbd2_journal_force_commit_nested without journal
    - LP: #418197
  * ext4: fix ext4_free_inode() vs. ext4_claim_inode() race
    - LP: #418197
  * ext4: fix bogus BUG_ONs in in mballoc code
    - LP: #418197
  * ext4: fix typo which causes a memory leak on error path
    - LP: #418197
  * ext4: Fix softlockup caused by illegal i_file_acl value in on-disk
    inode
    - LP: #418197
  * ext4: Fix sub-block zeroing for writes into preallocated extents
    - LP: #418197
  * jbd2: Call journal commit callback without holding j_list_lock
    - LP: #418197
  * ext4: Print the find_group_flex() warning only once
    - LP: #367065
  * ext4: really print the find_group_flex fallback warning only once
    - LP: #367065

linux (2.6.28-15.51) jaunty-proposed; urgency=low

  [ Colin Ian King ]

  * SAUCE: wireless: hostap, fix oops due to early probing interrupt
    - LP: #254837

  [ Leann Ogasawara ]

  * Add the atl1c driver to support Atheros AR8132
    - LP: #415358
  * Updating configs to enable the atl1c driver
    - LP: #415358

  [ Stefan Bader ]

  * Revert "SAUCE: input: Blacklist digitizers from joydev.c"
    - LP: #300143
  * SAUCE: Fix the exported name for e1000e-next
    - LP: #402890
  * SAUCE: Fix incorrect stable backport to bas_gigaset
    - LP: #417732
  * SAUCE: Remove the atl2 driver from the ubuntu subdirectory
    - LP: #419438

linux (2.6.28-15.50) jaunty-proposed; urgency=low

  [ Colin Ian King ]

  * SAUCE: radio-maestro: fix panics on probe failure
    - LP: #357724
  * SAUCE: HDA Intel, sigmatel: Enable speakers on HP Mini 1000
    - LP: #318942

  [ Jerone Young ]

  * SAUCE: Fix Soltech TA12 volume hotkeys not sending key release in
    Jaunty
    - LP: #397499

  [ John Johansen ]

  * SAUCE: remove AppArmor debug check for calls from interrupt context
    - LP: #350789

  [ Manoj Iyer ]

  * SAUCE: Fix kernel panic when SELinux is enabled.
    - LP: #395219

  [ Matthew Garrett ]

  * SAUCE: ACPI: Populate DIDL before registering ACPI video device on
    Intel

  [ Michael Frey (Senior Manager, MID ]

  * SAUCE: Fix for internal microphone for Dell Mini10V
    - LP: #394793

  [ Tim Gardner ]

  * SAUCE: Added e1000e from sourceforge.
    - LP: #402890

  [ Upstream Kernel Changes ]

  * Input: synaptics - report multi-taps only if supported by the device
    - LP: #399787
  * ftdi_sio: fix kref leak
    - LP: #396930, #376128
  * IPv6: add "disable" module parameter support to ipv6.ko
    - LP: #351656

 -- Stefan Bader <email address hidden> Thu, 27 Aug 2009 15:09:06 +0200

Changed in linux (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.