2015-04-22 00:07:36 |
Norberto Bensa |
bug |
|
|
added bug |
2015-04-22 00:30:08 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
2015-04-22 00:51:34 |
Norberto Bensa |
tags |
|
apport-collected vivid |
|
2015-04-22 00:51:36 |
Norberto Bensa |
description |
Hello,
on three Vivid host, all of them up-to-date, I have the problem described here:
https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223
That bug report shows the problem was fixed, but it is not (at least on current Vivid)
ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel image
ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers userspace tools
ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser utility for AppArmor
Reproducible with:
$ sudo lxc-create -n test -t ubuntu
$ sudo lxc-start -n test
(inside container)
$ sudo apt-get install postfix
$ mailq
postqueue: warning: close: Permission denied
dmesg shows:
[82140.386109] audit: type=1400 audit(1429661150.086:17067): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=27742 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 |
Hello,
on three Vivid host, all of them up-to-date, I have the problem described here:
https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223
That bug report shows the problem was fixed, but it is not (at least on current Vivid)
ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel image
ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers userspace tools
ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser utility for AppArmor
Reproducible with:
$ sudo lxc-create -n test -t ubuntu
$ sudo lxc-start -n test
(inside container)
$ sudo apt-get install postfix
$ mailq
postqueue: warning: close: Permission denied
dmesg shows:
[82140.386109] audit: type=1400 audit(1429661150.086:17067): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=27742 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
---
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: zoolook 1913 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 15.04
HibernationDevice: RESUME=UUID=aa25401d-0553-43dc-b7c8-c530fe245fb6
InstallationDate: Installed on 2015-02-27 (53 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
MachineType: LENOVO 20150
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-15-generic root=/dev/mapper/ubuntu--vg-root ro cgroup_enable=memory swapaccount=1 quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
RelatedPackageVersions:
linux-restricted-modules-3.19.0-15-generic N/A
linux-backports-modules-3.19.0-15-generic N/A
linux-firmware 1.143
Tags: vivid
Uname: Linux 3.19.0-15-generic x86_64
UpgradeStatus: Upgraded to vivid on 2015-03-29 (24 days ago)
UserGroups: adm docker libvirtd lpadmin sambashare sudo
_MarkForUpload: True
dmi.bios.date: 12/19/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 5ECN95WW(V9.00)
dmi.board.asset.tag: No Asset Tag
dmi.board.name: INVALID
dmi.board.vendor: LENOVO
dmi.board.version: 31900004WIN8 STD SGL
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G580
dmi.modalias: dmi:bvnLENOVO:bvr5ECN95WW(V9.00):bd12/19/2012:svnLENOVO:pn20150:pvrLenovoG580:rvnLENOVO:rnINVALID:rvr31900004WIN8STDSGL:cvnLENOVO:ct10:cvrLenovoG580:
dmi.product.name: 20150
dmi.product.version: Lenovo G580
dmi.sys.vendor: LENOVO |
|
2015-04-22 00:51:37 |
Norberto Bensa |
attachment added |
|
AlsaInfo.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380889/+files/AlsaInfo.txt |
|
2015-04-22 00:51:39 |
Norberto Bensa |
attachment added |
|
CRDA.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380890/+files/CRDA.txt |
|
2015-04-22 00:51:42 |
Norberto Bensa |
attachment added |
|
CurrentDmesg.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380891/+files/CurrentDmesg.txt |
|
2015-04-22 00:51:43 |
Norberto Bensa |
attachment added |
|
IwConfig.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380892/+files/IwConfig.txt |
|
2015-04-22 00:51:44 |
Norberto Bensa |
attachment added |
|
JournalErrors.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380893/+files/JournalErrors.txt |
|
2015-04-22 00:51:46 |
Norberto Bensa |
attachment added |
|
Lspci.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380894/+files/Lspci.txt |
|
2015-04-22 00:51:48 |
Norberto Bensa |
attachment added |
|
Lsusb.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380895/+files/Lsusb.txt |
|
2015-04-22 00:51:49 |
Norberto Bensa |
attachment added |
|
ProcCpuinfo.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380896/+files/ProcCpuinfo.txt |
|
2015-04-22 00:51:51 |
Norberto Bensa |
attachment added |
|
ProcEnviron.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380897/+files/ProcEnviron.txt |
|
2015-04-22 00:51:53 |
Norberto Bensa |
attachment added |
|
ProcInterrupts.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380898/+files/ProcInterrupts.txt |
|
2015-04-22 00:51:55 |
Norberto Bensa |
attachment added |
|
ProcModules.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380899/+files/ProcModules.txt |
|
2015-04-22 00:51:57 |
Norberto Bensa |
attachment added |
|
PulseList.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380900/+files/PulseList.txt |
|
2015-04-22 00:51:59 |
Norberto Bensa |
attachment added |
|
RfKill.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380901/+files/RfKill.txt |
|
2015-04-22 00:52:03 |
Norberto Bensa |
attachment added |
|
UdevDb.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380902/+files/UdevDb.txt |
|
2015-04-22 00:52:05 |
Norberto Bensa |
attachment added |
|
UdevLog.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380903/+files/UdevLog.txt |
|
2015-04-22 00:52:08 |
Norberto Bensa |
attachment added |
|
WifiSyslog.txt https://bugs.launchpad.net/bugs/1446906/+attachment/4380904/+files/WifiSyslog.txt |
|
2015-04-22 16:53:46 |
Joseph Salisbury |
linux (Ubuntu): importance |
Undecided |
Medium |
|
2015-04-23 00:59:58 |
Norberto Bensa |
affects |
linux (Ubuntu) |
lxc (Ubuntu) |
|
2015-04-23 15:59:34 |
Joseph Salisbury |
lxc (Ubuntu): status |
Incomplete |
Confirmed |
|
2015-04-23 15:59:53 |
Joseph Salisbury |
marked as duplicate |
|
1390223 |
|
2015-06-25 22:03:05 |
Mike Bernson |
bug |
|
|
added subscriber mike Bernson |
2015-11-03 19:19:54 |
Thomas |
bug |
|
|
added subscriber Thomas |
2015-11-19 08:23:50 |
John Johansen |
removed duplicate marker |
1390223 |
|
|
2015-12-08 15:38:47 |
Anton Statutov |
bug |
|
|
added subscriber Anton Statutov |
2016-01-14 21:51:57 |
Felix Eckhofer |
bug |
|
|
added subscriber Felix Eckhofer |
2016-01-25 23:39:16 |
Tyler Hicks |
description |
Hello,
on three Vivid host, all of them up-to-date, I have the problem described here:
https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223
That bug report shows the problem was fixed, but it is not (at least on current Vivid)
ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel image
ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers userspace tools
ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser utility for AppArmor
Reproducible with:
$ sudo lxc-create -n test -t ubuntu
$ sudo lxc-start -n test
(inside container)
$ sudo apt-get install postfix
$ mailq
postqueue: warning: close: Permission denied
dmesg shows:
[82140.386109] audit: type=1400 audit(1429661150.086:17067): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=27742 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
---
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: zoolook 1913 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 15.04
HibernationDevice: RESUME=UUID=aa25401d-0553-43dc-b7c8-c530fe245fb6
InstallationDate: Installed on 2015-02-27 (53 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
MachineType: LENOVO 20150
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-15-generic root=/dev/mapper/ubuntu--vg-root ro cgroup_enable=memory swapaccount=1 quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
RelatedPackageVersions:
linux-restricted-modules-3.19.0-15-generic N/A
linux-backports-modules-3.19.0-15-generic N/A
linux-firmware 1.143
Tags: vivid
Uname: Linux 3.19.0-15-generic x86_64
UpgradeStatus: Upgraded to vivid on 2015-03-29 (24 days ago)
UserGroups: adm docker libvirtd lpadmin sambashare sudo
_MarkForUpload: True
dmi.bios.date: 12/19/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 5ECN95WW(V9.00)
dmi.board.asset.tag: No Asset Tag
dmi.board.name: INVALID
dmi.board.vendor: LENOVO
dmi.board.version: 31900004WIN8 STD SGL
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G580
dmi.modalias: dmi:bvnLENOVO:bvr5ECN95WW(V9.00):bd12/19/2012:svnLENOVO:pn20150:pvrLenovoG580:rvnLENOVO:rnINVALID:rvr31900004WIN8STDSGL:cvnLENOVO:ct10:cvrLenovoG580:
dmi.product.name: 20150
dmi.product.version: Lenovo G580
dmi.sys.vendor: LENOVO |
[Impact]
* Users may encounter situations where they use applications, confined by
AppArmor, that hit EACESS failures when attempting to operate on AF_UNIX
stream sockets.
* These failures typically occur when the confined applications attempts to
read from an AF_UNIX stream socket when the other end of the socket has
already been closed.
* AppArmor is mistakenly denying the socket operations due to the socket
shutdown operation making the sun_path no longer being available for
AppArmor mediation after the socket is shutdown.
[Test Case]
The expected test case is:
$ sudo apt-get install postfix # installing in 'local only' config is fine
$ cat > bug-profile << EOF
profile bug-profile flags=(attach_disconnected) {
network,
file,
}
EOF
$ sudo apparmor_parser -r bug.profile
$ aa-exec -p bug-profile -- mailq
Mail queue is empty
A failed test case will see the mailq command exit with an error:
$ aa-exec -p bug-profile -- mailq
postqueue: warning: close: Permission denied
and these denials will be found in the syslog:
Jan 25 16:56:29 sec-vivid-amd64 kernel: [ 241.096168] audit: type=1400 audit(1453762589.727:29): apparmor="DENIED" operation="file_perm" profile="bug-profile" name="public/showq" pid=4923 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 25 16:56:29 sec-vivid-amd64 kernel: [ 241.096175] audit: type=1400 audit(1453762589.727:30): apparmor="DENIED" operation="file_perm" profile="bug-profile" name="public/showq" pid=4923 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Regression Potential]
* The changes are local to the path-based AF_UNIX stream socket mediation code
so that limits the regression potential to some degree.
* John Johansen authored the patch and I reviewed it. It is small and there's
no obvious areas of concern to me regarding potential regressions.
[Other Info]
* None at this time
[Original bug report]
Hello,
on three Vivid host, all of them up-to-date, I have the problem described here:
https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223
That bug report shows the problem was fixed, but it is not (at least on current Vivid)
ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel image
ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers userspace tools
ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser utility for AppArmor
Reproducible with:
$ sudo lxc-create -n test -t ubuntu
$ sudo lxc-start -n test
(inside container)
$ sudo apt-get install postfix
$ mailq
postqueue: warning: close: Permission denied
dmesg shows:
[82140.386109] audit: type=1400 audit(1429661150.086:17067): apparmor="DENIED" operation="file_perm" profile="lxc-container-default" name="public/showq" pid=27742 comm="postqueue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
---
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: zoolook 1913 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 15.04
HibernationDevice: RESUME=UUID=aa25401d-0553-43dc-b7c8-c530fe245fb6
InstallationDate: Installed on 2015-02-27 (53 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
MachineType: LENOVO 20150
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-15-generic root=/dev/mapper/ubuntu--vg-root ro cgroup_enable=memory swapaccount=1 quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
RelatedPackageVersions:
linux-restricted-modules-3.19.0-15-generic N/A
linux-backports-modules-3.19.0-15-generic N/A
linux-firmware 1.143
Tags: vivid
Uname: Linux 3.19.0-15-generic x86_64
UpgradeStatus: Upgraded to vivid on 2015-03-29 (24 days ago)
UserGroups: adm docker libvirtd lpadmin sambashare sudo
_MarkForUpload: True
dmi.bios.date: 12/19/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 5ECN95WW(V9.00)
dmi.board.asset.tag: No Asset Tag
dmi.board.name: INVALID
dmi.board.vendor: LENOVO
dmi.board.version: 31900004WIN8 STD SGL
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G580
dmi.modalias: dmi:bvnLENOVO:bvr5ECN95WW(V9.00):bd12/19/2012:svnLENOVO:pn20150:pvrLenovoG580:rvnLENOVO:rnINVALID:rvr31900004WIN8STDSGL:cvnLENOVO:ct10:cvrLenovoG580:
dmi.product.name: 20150
dmi.product.version: Lenovo G580
dmi.sys.vendor: LENOVO |
|
2016-01-26 02:08:38 |
Tim Gardner |
bug task added |
|
linux (Ubuntu) |
|
2016-01-26 02:08:51 |
Tim Gardner |
nominated for series |
|
Ubuntu Xenial |
|
2016-01-26 02:08:51 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Xenial) |
|
2016-01-26 02:08:51 |
Tim Gardner |
bug task added |
|
lxc (Ubuntu Xenial) |
|
2016-01-26 02:08:51 |
Tim Gardner |
nominated for series |
|
Ubuntu Vivid |
|
2016-01-26 02:08:51 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Vivid) |
|
2016-01-26 02:08:51 |
Tim Gardner |
bug task added |
|
lxc (Ubuntu Vivid) |
|
2016-01-26 02:08:51 |
Tim Gardner |
nominated for series |
|
Ubuntu Wily |
|
2016-01-26 02:08:51 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Wily) |
|
2016-01-26 02:08:51 |
Tim Gardner |
bug task added |
|
lxc (Ubuntu Wily) |
|
2016-01-26 02:09:06 |
Tim Gardner |
linux (Ubuntu Vivid): status |
New |
In Progress |
|
2016-01-26 02:09:06 |
Tim Gardner |
linux (Ubuntu Vivid): assignee |
|
Tim Gardner (timg-tpi) |
|
2016-01-26 02:09:19 |
Tim Gardner |
linux (Ubuntu Wily): status |
New |
In Progress |
|
2016-01-26 02:09:19 |
Tim Gardner |
linux (Ubuntu Wily): assignee |
|
Tim Gardner (timg-tpi) |
|
2016-01-26 02:12:34 |
Tim Gardner |
linux (Ubuntu Xenial): status |
New |
Fix Committed |
|
2016-01-26 02:12:34 |
Tim Gardner |
linux (Ubuntu Xenial): assignee |
|
Tim Gardner (timg-tpi) |
|
2016-01-26 07:24:53 |
penalvch |
linux (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-01-26 18:02:06 |
Tim Gardner |
linux (Ubuntu Vivid): status |
In Progress |
Fix Committed |
|
2016-01-26 18:02:11 |
Tim Gardner |
linux (Ubuntu Wily): status |
In Progress |
Fix Committed |
|
2016-02-01 11:46:01 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2016-02-05 17:55:39 |
Brad Figg |
tags |
apport-collected vivid |
apport-collected verification-needed-vivid vivid |
|
2016-02-05 17:56:16 |
Brad Figg |
tags |
apport-collected verification-needed-vivid vivid |
apport-collected verification-needed-vivid verification-needed-wily vivid |
|
2016-02-22 15:36:57 |
Tyler Hicks |
bug |
|
|
added subscriber Tyler Hicks |
2016-02-22 18:35:02 |
Launchpad Janitor |
linux (Ubuntu Wily): status |
Fix Committed |
Fix Released |
|
2016-02-22 18:35:02 |
Launchpad Janitor |
cve linked |
|
2016-1575 |
|
2016-02-22 18:35:02 |
Launchpad Janitor |
cve linked |
|
2016-1576 |
|
2016-02-22 18:35:02 |
Launchpad Janitor |
linux (Ubuntu Wily): status |
Fix Committed |
Fix Released |
|
2016-02-22 18:36:11 |
Launchpad Janitor |
linux (Ubuntu Vivid): status |
Fix Committed |
Fix Released |
|
2016-02-22 18:36:11 |
Launchpad Janitor |
linux (Ubuntu Vivid): status |
Fix Committed |
Fix Released |
|
2016-02-24 12:44:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/linux-lts-vivid |
|
2016-02-24 13:07:51 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/trusty/linux-lts-wily/trusty-proposed |
|
2016-03-21 05:41:14 |
Antony Suter |
bug |
|
|
added subscriber Antony Suter |
2016-04-12 16:48:28 |
Serge Hallyn |
lxc (Ubuntu Xenial): status |
Confirmed |
Invalid |
|
2016-04-12 16:48:32 |
Serge Hallyn |
bug task deleted |
lxc (Ubuntu Vivid) |
|
|
2016-04-12 16:48:38 |
Serge Hallyn |
bug task deleted |
lxc (Ubuntu Wily) |
|
|