lxc container with postfix, permission denied on mailq

Bug #1446906 reported by zoolook on 2015-04-22
38
This bug affects 6 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Tim Gardner
Vivid
Undecided
Tim Gardner
Wily
Undecided
Tim Gardner
Xenial
Medium
Tim Gardner
lxc (Ubuntu)
Medium
Unassigned
Xenial
Medium
Unassigned

Bug Description

[Impact]

 * Users may encounter situations where they use applications, confined by
   AppArmor, that hit EACESS failures when attempting to operate on AF_UNIX
   stream sockets.

 * These failures typically occur when the confined applications attempts to
   read from an AF_UNIX stream socket when the other end of the socket has
   already been closed.

 * AppArmor is mistakenly denying the socket operations due to the socket
   shutdown operation making the sun_path no longer being available for
   AppArmor mediation after the socket is shutdown.

[Test Case]

 The expected test case is:

 $ sudo apt-get install postfix # installing in 'local only' config is fine
 $ cat > bug-profile << EOF
 profile bug-profile flags=(attach_disconnected) {
   network,
   file,
 }
 EOF
 $ sudo apparmor_parser -r bug.profile
 $ aa-exec -p bug-profile -- mailq
 Mail queue is empty

 A failed test case will see the mailq command exit with an error:

 $ aa-exec -p bug-profile -- mailq
 postqueue: warning: close: Permission denied

 and these denials will be found in the syslog:

 Jan 25 16:56:29 sec-vivid-amd64 kernel: [ 241.096168] audit: type=1400 audit(1453762589.727:29): apparmor="DENIED" operation="file_perm" profile="bug-profile" name="public/showq" pid=4923 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
 Jan 25 16:56:29 sec-vivid-amd64 kernel: [ 241.096175] audit: type=1400 audit(1453762589.727:30): apparmor="DENIED" operation="file_perm" profile="bug-profile" name="public/showq" pid=4923 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[Regression Potential]

 * The changes are local to the path-based AF_UNIX stream socket mediation code
   so that limits the regression potential to some degree.

 * John Johansen authored the patch and I reviewed it. It is small and there's
   no obvious areas of concern to me regarding potential regressions.

[Other Info]

 * None at this time

[Original bug report]

Hello,

on three Vivid host, all of them up-to-date, I have the problem described here:

https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223

That bug report shows the problem was fixed, but it is not (at least on current Vivid)

ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel image
ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers userspace tools
ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser utility for AppArmor

Reproducible with:

$ sudo lxc-create -n test -t ubuntu
$ sudo lxc-start -n test

(inside container)

$ sudo apt-get install postfix
$ mailq
postqueue: warning: close: Permission denied

dmesg shows:
[82140.386109] audit: type=1400 audit(1429661150.086:17067): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=27742 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
---
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: zoolook 1913 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 15.04
HibernationDevice: RESUME=UUID=aa25401d-0553-43dc-b7c8-c530fe245fb6
InstallationDate: Installed on 2015-02-27 (53 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
MachineType: LENOVO 20150
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-15-generic root=/dev/mapper/ubuntu--vg-root ro cgroup_enable=memory swapaccount=1 quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
RelatedPackageVersions:
 linux-restricted-modules-3.19.0-15-generic N/A
 linux-backports-modules-3.19.0-15-generic N/A
 linux-firmware 1.143
Tags: vivid
Uname: Linux 3.19.0-15-generic x86_64
UpgradeStatus: Upgraded to vivid on 2015-03-29 (24 days ago)
UserGroups: adm docker libvirtd lpadmin sambashare sudo
_MarkForUpload: True
dmi.bios.date: 12/19/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 5ECN95WW(V9.00)
dmi.board.asset.tag: No Asset Tag
dmi.board.name: INVALID
dmi.board.vendor: LENOVO
dmi.board.version: 31900004WIN8 STD SGL
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G580
dmi.modalias: dmi:bvnLENOVO:bvr5ECN95WW(V9.00):bd12/19/2012:svnLENOVO:pn20150:pvrLenovoG580:rvnLENOVO:rnINVALID:rvr31900004WIN8STDSGL:cvnLENOVO:ct10:cvrLenovoG580:
dmi.product.name: 20150
dmi.product.version: Lenovo G580
dmi.sys.vendor: LENOVO

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1446906

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
zoolook (nbensa) wrote : AlsaInfo.txt

apport information

tags: added: apport-collected vivid
description: updated
zoolook (nbensa) wrote : CRDA.txt

apport information

apport information

zoolook (nbensa) wrote : IwConfig.txt

apport information

apport information

zoolook (nbensa) wrote : Lspci.txt

apport information

zoolook (nbensa) wrote : Lsusb.txt

apport information

apport information

apport information

apport information

apport information

apport information

zoolook (nbensa) wrote : RfKill.txt

apport information

zoolook (nbensa) wrote : UdevDb.txt

apport information

zoolook (nbensa) wrote : UdevLog.txt

apport information

apport information

zoolook (nbensa) wrote :

Hi Brad. Totally unrelated to this bug but I find really weird (for not saying abussive) that Cannical needs to collect all these files, some of them with apparent serial numbers and show this information in a public system. It would be nice if apport-collect were changed/anhanced with:

1 - filter serial numbers (hard I know)
2 - let it me choose what I want to upload

Now, going back to the bug. Please note that it was filled against a package named "linux". I didn't want this. I chose "I don't know" but launchpad rejected the bug report three times.

Thanks

Changed in linux (Ubuntu):
importance: Undecided → Medium
zoolook (nbensa) wrote :

Q: What's status incomplete? Thanks

affects: linux (Ubuntu) → lxc (Ubuntu)
Changed in lxc (Ubuntu):
status: Incomplete → Confirmed
Wolfgang Bumiller (wbumiller) wrote :
Download full text (3.4 KiB)

This is not actually a container problem but an apparmor3 problem. You can reproduce it by using aa-exec on the host (with any profile) starting with commit b3c3d641f1de (UBUNTU: SAUCE: (no-up) apparmor: Sync to apparmor3 - RC1 snapshot) of the wily kernel: see https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/wily/log/security/apparmor
Also if I change my postfix service files on my host to use aa-exec so they're even in the same profile and then run mailq with aa-exec, or even just socat on that socket, the connect() will succeed, the read() will EACCESS.
We also managed to hit the case described in 1390223 where executing mailq in a loop will *sometimes* succeed (though I could not myself reproduce this on my host machine.)
We do have a server where it fails in only *some* containers (the only significant difference between them is that one set is 32 bit and one is 64 bit, but I couldn't reproduce that by simply running 32 bit postfix binaries on the host, so the differences might go beyond that).

Here's an example session with the wily kernel and postfix on a host modified to spawn with aa-exec:

# ps aux |grep postfix
root 556 0.0 0.5 108108 5124 ? Ss 10:21 0:00 /usr/lib/postfix/bin/master -w
postfix 557 0.0 0.6 110176 6868 ? S 10:21 0:00 pickup -l -t unix -u
postfix 558 0.0 0.6 110224 6768 ? S 10:21 0:00 qmgr -l -t unix -u
postfix 560 0.0 0.6 110176 6808 ? S 10:21 0:00 showq -t unix -u
# aa-status |grep -A5 'processes are in enforce mode.'
4 processes are in enforce mode.
   lxc-container-default (556)
   lxc-container-default (557)
   lxc-container-default (558)
   lxc-container-default (560)
0 processes are in complain mode.
# lsof -n |grep showq
master 556 root 61u unix 0xffff88003c99e000 0t0 12486 public/showq type=STREAM
# aa-exec -p lxc-container-default -- mailq
postqueue: warning: close: Permission denied
# aa-exec -p lxc-container-default -- socat UNIX:/var/spool/postfix/public/showq -
2015/11/03 10:23:48 socat[597] E read(5, 0x2103a00, 8192): Permission denied
# strace -f -- aa-exec -p lxc-container-default -- mailq
(...)
socket(PF_LOCAL, SOCK_STREAM, 0) = 4
fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR) = 0
connect(4, {sa_family=AF_LOCAL, sun_path="public/showq"}, 110) = 0
poll([{fd=4, events=POLLIN}], 1, 3600000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
read(4, 0x5606d5407f00, 4096) = -1 EACCES (Permission denied)

log:
Nov 03 10:25:08 akern audit[643]: AVC apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=643 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 03 10:25:08 akern audit[643]: AVC apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=643 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 03 10:25:08 akern audit[643]: SYSCALL arch=c000003e syscall=0 success=no exit=-13 a0=4 a1=55bdbc538f00 a2=1000 a3=3dc items=0 ppid...

Read more...

Wolfgang Bumiller (wbumiller) wrote :

So I ran postfix' master process with strace to see what it does, didn't find anything out of the ordinary, however, this way the read() succeeded 15 out of 20 times, only 5 EACCES. The strace output of postfix' master is the same in both cases.
So maybe this helps with reproducing the issue.

John Johansen (jjohansen) wrote :

The issue is that the path is disconnected from the namespace. Currently the only way to deal with this is by using the attach_disconnect flag in the profile, and then place rules for the attached files into the profile

eg.

profile lxc-container-default flags=(attach_disconnected) {

   public/showq r,

   ...

}

Christian Boltz (cboltz) wrote :

nearly correct - the rule needs to be

    /public/showq r,

(note the leading "/")

John Johansen (jjohansen) wrote :

yes, sorry I'm not sure why I missed adding the leading /

John Johansen (jjohansen) wrote :

Alright, so this is not the disconnected path issue I thought it was, I am looking into it more.

John Johansen (jjohansen) wrote :

Alright, this is failing the way it is because it is a race on the socket being shutdown. If the mediate_deleted flag was removed from the profile, an additional info flag would show up in the DENIED message.

info="Failed name lookup - deleted entry"

I am still looking into how to best fix

John Johansen (jjohansen) wrote :

Making this bug NOT a duplicate of Bug 1390223, which will be for just the bad unix_fs macro fix that has already been committed. This one will track the deleted entry/socket shutdown revalidation issue.

John Johansen (jjohansen) wrote :

Please try the test kernels at

http://people.canonical.com/~jj/lp1446906/

Anton Statutov (astatutov) wrote :

I encountered this problem too on Ubuntu 15.04 running 3.19.0-39 kernel. Fixed it by turned off apparmor profile for LXC container by adding "lxc.aa_profile = unconfined" into container's config. In my case increased security risk is acceptable, but it's desirable to fix it the right way. Is there any information in what kernel version it will be fixed and when this updates will be available in standartd ubuntu repositories?

Serge Hallyn (serge-hallyn) wrote :

@astatutov,

Could you please test the kernels posted in comment #28?

@jjohansen, confused, why is this bug not marked as affecting linux? Is there a reason?

John Johansen (jjohansen) wrote :

Kernels with version 3 of the fix can be found at
   http://people.canonical.com/~jj/lp1446906/

please test and leave feedback as to whether this fixes the issue

Anton Statutov (astatutov) wrote :

@jjohansen, I've tested your build and can confirm it fixes the issue.

root@host:~# uname -a
Linux host 3.19.0-31-generic #36+lp1446906v3 SMP Fri Dec 18 08:37:50 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

root@lxc:~# mailq
Mail queue is empty

Tyler Hicks (tyhicks) on 2016-01-25
description: updated
Tim Gardner (timg-tpi) on 2016-01-26
Changed in linux (Ubuntu Vivid):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Wily):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Xenial):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → Fix Committed
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Tim Gardner (timg-tpi) on 2016-01-26
Changed in linux (Ubuntu Vivid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Wily):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (17.3 KiB)

This bug was fixed in the package linux - 4.4.0-2.16

---------------
linux (4.4.0-2.16) xenial; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1539090
  * SAUCE: hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * SAUCE: dm: introduce a target_ioctl op to allow target specific ioctls
    - LP: #1538618

  [ Colin Ian King ]

  * SAUCE: ACPI / tables: Add acpi_force_32bit_fadt_addr option to force 32
    bit FADT addresses (LP: #1529381)
    - LP: #1529381

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906

  [ Mahesh Salgaonkar ]

  * SAUCE: Powernv: Remove the usage of PACAR1 from opal wrappers
    - LP: #1537881
  * SAUCE: powerpc/book3s: Fix TB corruption in guest exit path on HMI
    interrupt.
    - LP: #1537881
  * SAUCE: KVM: PPC: Book3S HV: Fix soft lockups in KVM on HMI for time
    base errors
    - LP: #1537881

  [ Paolo Pisati ]

  * SAUCE: arm64: errata: Add -mpc-relative-literal-loads to erratum
    #843419 build flags
    - LP: #1533009
  * [Config] MFD_TPS65217=y && REGULATOR_TPS65217=y
  * [Config] disable ARCH_ZX (ZTE ZX Soc)

  [ Tim Gardner ]

  * Revert "SAUCE: (noup) cxlflash: a couple off by one bugs"
  * SAUCE: (no-up) Update bnx2x firmware to 7.12.30.0
    - LP: #1536719
  * SAUCE: drop obsolete bnx2x firmware
  * SAUCE: i40e: Silence 'may be used uninitialized' warnings
    - LP: #1536474
  * [Config] CONFIG_ZONE_DMA=y for amd64 lowlatency
    - LP: #1534647
  * [Config] Add pvpanic to virtual flavour
    - LP: #1537923
  * [Config] CONFIG_INTEL_PUNIT_IPC=m, CONFIG_INTEL_TELEMETRY=m
    - LP: #1520457

  [ Upstream Kernel Changes ]

  * i40evf: fix compiler warning of unused variable
    - LP: #1536474
  * intel: i40e: fix confused code
    - LP: #1536474
  * i40e/i40evf: remove unused tunnel parameter
    - LP: #1536474
  * i40e: Change BUG_ON to WARN_ON in service event complete
    - LP: #1536474
  * i40e: remove BUG_ON from feature string building
    - LP: #1536474
  * i40e: remove BUG_ON from FCoE setup
    - LP: #1536474
  * i40e: Workaround fix for mss < 256 issue
    - LP: #1536474
  * i40e/i40evf: Add a stat to track how many times we have to do a force
    WB
    - LP: #1536474
  * i40e: Move the saving of old link info from handle_link_event to
    link_event
    - LP: #1536474
  * i40e/i40evf: Add comment to #endif
    - LP: #1536474
  * i40e/i40evf: clean up error messages
    - LP: #1536474
  * i40evf: handle many MAC filters correctly
    - LP: #1536474
  * i40e: return the number of enabled queues for ETHTOOL_GRXRINGS
    - LP: #1536474
  * i40e: rework the functions to configure RSS with similar parameters
    - LP: #1536474
  * i40e: create a generic configure rss function
    - LP: #1536474
  * i40e: Bump version to 1.4.2
    - LP: #1536474
  * i40e: add new fields to store user configuration
    - LP: #1536474
  * i40e: rename rss_size to alloc_rss_size in i40e_pf
    - LP: #1536474
  * i40e/i40evf: Fix RS bit update in Tx path and disable force WB
    workaround
    - LP: #1536474
  * i40e/i40evf: prefetch skb data on transmit
    - LP: #1536474
  * i40evf: rename VF adapter s...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-vivid' to 'verification-done-vivid'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-vivid
tags: added: verification-needed-wily
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-wily' to 'verification-done-wily'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Launchpad Janitor (janitor) wrote :
Download full text (43.7 KiB)

This bug was fixed in the package linux - 4.2.0-30.35

---------------
linux (4.2.0-30.35) wily; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of selectively
    raising caps
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux (4.2.0-29.34) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1543167

  [ Brad Figg ]

  * Revert "SAUCE: apparmor: fix sleep from invalid context"
    - LP: #1542049

  [ Upstream Kernel Changes ]

  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731

linux (4.2.0-28.33) wily; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1540634

  [ Brad Figg ]

  * CONFIG: CONFIG_DEBUG_UART_BCM63XX is not set

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906
  * SAUCE: apparmor: fix sleep from invalid context
    - LP: #1539349

  [ Tim Gardner ]

  * [Config] Add pvpanic to virtual flavour
    - LP: #1537923

  [ Upstream Kernel Changes ]

  * Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
    - LP: #1540532
  * tools: Add a "make all" rule
    - LP: #1536370
  * vf610_adc: Fix internal temperature calculation
    - LP: #1536370
  * iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
    - LP: #1536370
  * iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
    - LP: #1536370
  * iio: ad5064: Fix ad5629/ad5669 shift
    - LP: #1536370
  * iio:ad7793: Fix ad7785 product ID
    - LP: #1536370
  * iio: adc: vf610_adc: Fix division by zero error
    - LP: #1536370
  * mmc: mmc: Improve reliability of mmc_select_hs200()
    - LP: #1536370
  * mmc: mmc: Fix HS setting in mmc_select_hs400()
    - LP: #1536370
  * mmc: mmc: Move mmc_switch_status()
    - LP: #1536370
  * mmc: mmc: Improve reliability of mmc_select_hs400()
    - LP: #1536370
  * crypto: qat - don't use userspace pointer
    - LP: #1536370
  * iio: si7020: Swap data byte order
    - LP: #1536370
  * iio: adc: xilinx: Fix VREFN scale
    - LP: #1536370
  * ipmi: Start the timer and thread on internal msgs
    - LP: #1536370
  * drm/i915: quirk backlight present on Macbook 4, 1
    - LP: #1536370
  * drm/i915: get runtime PM reference around GEM set_caching IOCTL
    - LP: #1536370
  * drm/radeon: Disable uncacheable CPU mappings of GTT with RV6xx
    - LP: #1536370
  *...

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Vivid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (12.3 KiB)

This bug was fixed in the package linux - 3.19.0-51.57

---------------
linux (3.19.0-51.57) vivid; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of selectively
    raising caps
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1531747, #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux (3.19.0-50.56) vivid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1540576

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906

  [ Upstream Kernel Changes ]

  * drivers/base/memory.c: fix kernel warning during memory hotplug on
    ppc64
    - LP: #1463654
  * sched/wait: Fix signal handling in bit wait helpers
    - LP: #1537859
  * sched/wait: Fix the signal handling fix
    - LP: #1537859
  * ARC: Fix silly typo in MAINTAINERS file
    - LP: #1537859
  * ip6mr: call del_timer_sync() in ip6mr_free_table()
    - LP: #1537859
  * gre6: allow to update all parameters via rtnl
    - LP: #1537859
  * atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
    - LP: #1537859
  * sctp: use the same clock as if sock source timestamps were on
    - LP: #1537859
  * sctp: update the netstamp_needed counter when copying sockets
    - LP: #1537859
  * sctp: also copy sk_tsflags when copying the socket
    - LP: #1537859
  * net: qca_spi: fix transmit queue timeout handling
    - LP: #1537859
  * ipv6: sctp: clone options to avoid use after free
    - LP: #1537859
  * net: add validation for the socket syscall protocol argument
    - LP: #1537859
  * sh_eth: fix kernel oops in skb_put()
    - LP: #1537859
  * net: fix IP early demux races
    - LP: #1537859
  * vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
    - LP: #1537859
  * skbuff: Fix offset error in skb_reorder_vlan_header
    - LP: #1537859
  * pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
    - LP: #1537859
  * bluetooth: Validate socket address length in sco_sock_bind().
    - LP: #1537859
  * fou: clean up socket with kfree_rcu
    - LP: #1537859
  * af_unix: Revert 'lock_interruptible' in stream receive code
    - LP: #1537859
  * KEYS: Fix race between read and revoke
    - LP: #1537859
  * tools: Add a "make all" rule
    - LP: #1537859
  * efi: Disable interrupts around EFI calls, not in the epilog/prolog
    calls
    - LP: #1537859
  * fuse: break infinite loop in fuse_fill_write_pages()
    - LP: #1537859
  * usb: gadget: pxa2...

Changed in linux (Ubuntu Vivid):
status: Fix Committed → Fix Released
Changed in lxc (Ubuntu Xenial):
status: Confirmed → Invalid
no longer affects: lxc (Ubuntu Vivid)
no longer affects: lxc (Ubuntu Wily)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers