This bug was fixed in the package linux - 3.19.0-51.57
---------------
linux (3.19.0-51.57) vivid; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials instead of selectively
raising caps
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
xattrs
- LP: #1531747, #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Be more careful about copying up sxid files
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
linux (3.19.0-50.56) vivid; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1540576
[ J. R. Okajima ]
* SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
- LP: #1533043
* SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
- LP: #1533043
[ John Johansen ]
* SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
being shutdown
- LP: #1446906
[ Upstream Kernel Changes ]
* drivers/base/memory.c: fix kernel warning during memory hotplug on
ppc64
- LP: #1463654
* sched/wait: Fix signal handling in bit wait helpers
- LP: #1537859
* sched/wait: Fix the signal handling fix
- LP: #1537859
* ARC: Fix silly typo in MAINTAINERS file
- LP: #1537859
* ip6mr: call del_timer_sync() in ip6mr_free_table()
- LP: #1537859
* gre6: allow to update all parameters via rtnl
- LP: #1537859
* atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
- LP: #1537859
* sctp: use the same clock as if sock source timestamps were on
- LP: #1537859
* sctp: update the netstamp_needed counter when copying sockets
- LP: #1537859
* sctp: also copy sk_tsflags when copying the socket
- LP: #1537859
* net: qca_spi: fix transmit queue timeout handling
- LP: #1537859
* ipv6: sctp: clone options to avoid use after free
- LP: #1537859
* net: add validation for the socket syscall protocol argument
- LP: #1537859
* sh_eth: fix kernel oops in skb_put()
- LP: #1537859
* net: fix IP early demux races
- LP: #1537859
* vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
- LP: #1537859
* skbuff: Fix offset error in skb_reorder_vlan_header
- LP: #1537859
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
- LP: #1537859
* bluetooth: Validate socket address length in sco_sock_bind().
- LP: #1537859
* fou: clean up socket with kfree_rcu
- LP: #1537859
* af_unix: Revert 'lock_interruptible' in stream receive code
- LP: #1537859
* KEYS: Fix race between read and revoke
- LP: #1537859
* tools: Add a "make all" rule
- LP: #1537859
* efi: Disable interrupts around EFI calls, not in the epilog/prolog
calls
- LP: #1537859
* fuse: break infinite loop in fuse_fill_write_pages()
- LP: #1537859
* usb: gadget: pxa27x: fix suspend callback
- LP: #1537859
* iio: fix some warning messages
- LP: #1537859
* USB: cp210x: Remove CP2110 ID from compatibility list
- LP: #1537859
* USB: cdc_acm: Ignore Infineon Flash Loader utility
- LP: #1537859
* ext4: Fix handling of extended tv_sec
- LP: #1537859
* jbd2: Fix unreclaimed pages after truncate in data=journal mode
- LP: #1537859
* drm/ttm: Fixed a read/write lock imbalance
- LP: #1537859
* i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs
- LP: #1537859
* AHCI: Fix softreset failed issue of Port Multiplier
- LP: #1537859
* sata_sil: disable trim
- LP: #1537859
* usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter
JMicron
- LP: #1537859
* staging: lustre: echo_copy.._lsm() dereferences userland pointers
directly
- LP: #1537859
* irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB
- LP: #1537859
* usb: core : hub: Fix BOS 'NULL pointer' kernel panic
- LP: #1537859
* USB: whci-hcd: add check for dma mapping error
- LP: #1537859
* usb: Use the USB_SS_MULT() macro to decode burst multiplier for log
message
- LP: #1537859
* xen/events/fifo: Consume unprocessed events when a CPU dies
- LP: #1537859
* dm btree: fix leak of bufio-backed block in btree_split_sibling error
path
- LP: #1537859
* ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple
rollovers
- LP: #1537859
* perf: Fix PERF_EVENT_IOC_PERIOD deadlock
- LP: #1537859
* usb: xhci: fix config fail of FS hub behind a HS hub with MTT
- LP: #1537859
* ALSA: rme96: Fix unexpected volume reset after rate changes
- LP: #1537859
* net: mvpp2: fix missing DMA region unmap in egress processing
- LP: #1537859
* net: mvpp2: fix buffers' DMA handling on RX path
- LP: #1537859
* net: mvpp2: fix refilling BM pools in RX path
- LP: #1537859
* dmaengine: at_xdmac: fix macro typo
- LP: #1537859
* ALSA: hda - Add inverted dmic for Packard Bell DOTS
- LP: #1523232, #1537859
* vhost: relax log address alignment
- LP: #1537859
* virtio: fix memory leak of virtio ida cache layers
- LP: #1537859
* IB/srp: Fix a memory leak
- LP: #1537859
* IB/srp: Fix possible send queue overflow
- LP: #1537859
* ALSA: hda - Fixing speaker noise on the two latest thinkpad models
- LP: #1523517, #1537859
* 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
- LP: #1537859
* radeon/cik: Fix GFX IB test on Big-Endian
- LP: #1537859
* radeon: Fix VCE ring test for Big-Endian systems
- LP: #1537859
* radeon: Fix VCE IB test on Big-Endian systems
- LP: #1537859
* video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
- LP: #1537859
* crypto: skcipher - Copy iv from desc even for 0-len walks
- LP: #1537859
* ALSA: hda - Fix noise problems on Thinkpad T440s
- LP: #1537859
* dm thin metadata: fix bug when taking a metadata snapshot
- LP: #1537859
* dm space map metadata: fix ref counting bug when bootstrapping a new
space map
- LP: #1537859
* ipmi: move timer init to before irq is setup
- LP: #1537859
* ASoC: es8328: Fix deemphasis values
- LP: #1537859
* KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
- LP: #1537859
* rfkill: copy the name into the rfkill struct
- LP: #1537859
* dm btree: fix bufio buffer leaks in dm_btree_del() error path
- LP: #1537859
* ses: Fix problems with simple enclosures
- LP: #1537859
* vgaarb: fix signal handling in vga_get()
- LP: #1537859
* ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx
- LP: #1537859
* ARM: dts: vf610: use reset values for L2 cache latencies
- LP: #1537859
* ses: fix additional element traversal bug
- LP: #1537859
* xhci: fix usb2 resume timing and races.
- LP: #1537859
* USB: add quirk for devices with broken LPM
- LP: #1537859
* powercap / RAPL: fix BIOS lock check
- LP: #1537859
* parisc iommu: fix panic due to trying to allocate too large region
- LP: #1537859
* mm: hugetlb: fix hugepage memory leak caused by wrong reserve count
- LP: #1537859
* vmstat: Reduce time interval to stat update on idle cpu
- LP: #1537859
* mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't
make any progress
- LP: #1537859
* mm: hugetlb: call huge_pte_alloc() only if ptep is null
- LP: #1537859
* drivers/base/memory.c: prohibit offlining of memory blocks with missing
sections
- LP: #1537859
* ocfs2: fix SGID not inherited issue
- LP: #1537859
* sh64: fix __NR_fgetxattr
- LP: #1537859
* ASoC: wm8974: set cache type for regmap
- LP: #1537859
* n_tty: Fix poll() after buffer-limited eof push read
- LP: #1537859
* tty: Fix GPF in flush_to_ldisc()
- LP: #1537859
* genirq: Prevent chip buslock deadlock
- LP: #1537859
* ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest
DragonFly
- LP: #1537859
* ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards
- LP: #1537859
* ARM: 8471/1: need to save/restore arm register(r11) when it is
corrupted
- LP: #1537859
* ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd
- LP: #1537859
* spi: fix parent-device reference leak
- LP: #1537859
* scripts: recordmcount: break hardlinks
- LP: #1537859
* dma-debug: Fix dma_debug_entry offset calculation
- LP: #1537859
* ftrace/scripts: Have recordmcount copy the object file
- LP: #1537859
* ARC: dw2 unwind: Reinstante unwinding out of modules
- LP: #1537859
* ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing
- LP: #1537859
* powerpc/powernv: pr_warn_once on unsupported OPAL_MSG type
- LP: #1537859
* ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
- LP: #1537859
* s390/dis: Fix handling of format specifiers
- LP: #1537859
* airspy: increase USB control message buffer size
- LP: #1537859
* USB: ipaq.c: fix a timeout loop
- LP: #1537859
* USB: fix invalid memory access in hub_activate()
- LP: #1537859
* x86/mce: Ensure offline CPUs don't participate in rendezvous process
- LP: #1537859
* i2c: rcar: disable runtime PM correctly in slave mode
- LP: #1537859
* parisc: Fix syscall restarts
- LP: #1537859
* ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
- LP: #1537859
* MIPS: uaccess: Fix strlen_user with EVA
- LP: #1537859
* ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
- LP: #1537859
* arm: fix handling of F_OFD_... in oabi_fcntl64()
- LP: #1537859
* ocfs2: fix BUG when calculate new backup super
- LP: #1537859
* mm/memory_hotplug.c: check for missing sections in
test_pages_in_a_zone()
- LP: #1537859
* ftrace/scripts: Fix incorrect use of sprintf in recordmcount
- LP: #1537859
* tracing: Fix setting of start_index in find_next()
- LP: #1537859
* tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro
- LP: #1537859
* ARM: versatile: fix MMC/SD interrupt assignment
- LP: #1537859
* async_tx: use GFP_NOWAIT rather than GFP_IO
- LP: #1537859
* dts: vt8500: Add SDHC node to DTS file for WM8650
- LP: #1537859
* ftrace/module: Call clean up function when module init fails early
- LP: #1537859
* vmstat: allocate vmstat_wq before it is used
- LP: #1537859
* usb: musb: USB_TI_CPPI41_DMA requires dmaengine support
- LP: #1537859
* sctp: convert sack_needed and sack_generation to bits
- LP: #1537859
* sctp: start t5 timer only when peer rwnd is 0 and local state is
SHUTDOWN_PENDING
- LP: #1537859
* pinctrl: bcm2835: Fix initial value for direction_output
- LP: #1537859
* net: phy: mdio-mux: Check return value of mdiobus_alloc()
- LP: #1537859
* sh_eth: fix TX buffer byte-swapping
- LP: #1537859
* mISDN: fix a loop count
- LP: #1537859
* amd-xgbe: fix a couple timeout loops
- LP: #1537859
* qlcnic: fix a timeout loop
- LP: #1537859
* ser_gigaset: fix deallocation of platform device structure
- LP: #1537859
* net: fix warnings in 'make htmldocs' by moving macro definition out of
field declaration
- LP: #1537859
* net/mlx4_en: Remove dependency between timestamping capability and
service_task
- LP: #1537859
* net/mlx4_en: Fix HW timestamp init issue upon system startup
- LP: #1537859
* include/linux/mmdebug.h: should include linux/bug.h
- LP: #1537859
* ipv6/addrlabel: fix ip6addrlbl_get()
- LP: #1537859
* ASoC: Use nested lock for snd_soc_dapm_mutex_lock
- LP: #1537859
* net: filter: make JITs zero A for SKF_AD_ALU_XOR_X
- LP: #1537859
* net: sched: fix missing free per cpu on qstats
- LP: #1537859
* net: possible use after free in dst_release
- LP: #1537859
* kvm: x86: only channel 0 of the i8254 is linked to the HPET
- LP: #1537859
* firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6
- LP: #1537859
* Linux 3.19.8-ckt13
- LP: #1537859
* hotplugcpu: Avoid deadlocks by waking active_writer
- LP: #1481357
* xfrm: dst_entries_init() per-net dst_ops
- LP: #1486670
-- Luis Henriques <luis.henriq...@canonical.com> Fri, 19 Feb 2016
11:12:52 +0000
** Changed in: linux (Ubuntu Vivid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1446906
Title:
lxc container with postfix, permission denied on mailq
Status in linux package in Ubuntu:
Fix Released
Status in lxc package in Ubuntu:
Confirmed
Status in linux source package in Vivid:
Fix Released
Status in lxc source package in Vivid:
New
Status in linux source package in Wily:
Fix Released
Status in lxc source package in Wily:
New
Status in linux source package in Xenial:
Fix Released
Status in lxc source package in Xenial:
Confirmed
Bug description:
[Impact]
* Users may encounter situations where they use applications, confined by
AppArmor, that hit EACESS failures when attempting to operate on AF_UNIX
stream sockets.
* These failures typically occur when the confined applications attempts to
read from an AF_UNIX stream socket when the other end of the socket has
already been closed.
* AppArmor is mistakenly denying the socket operations due to the socket
shutdown operation making the sun_path no longer being available for
AppArmor mediation after the socket is shutdown.
[Test Case]
The expected test case is:
$ sudo apt-get install postfix # installing in 'local only' config is fine
$ cat > bug-profile << EOF
profile bug-profile flags=(attach_disconnected) {
network,
file,
}
EOF
$ sudo apparmor_parser -r bug.profile
$ aa-exec -p bug-profile -- mailq
Mail queue is empty
A failed test case will see the mailq command exit with an error:
$ aa-exec -p bug-profile -- mailq
postqueue: warning: close: Permission denied
and these denials will be found in the syslog:
Jan 25 16:56:29 sec-vivid-amd64 kernel: [ 241.096168] audit: type=1400
audit(1453762589.727:29): apparmor="DENIED" operation="file_perm"
profile="bug-profile" name="public/showq" pid=4923 comm="postqueue"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 25 16:56:29 sec-vivid-amd64 kernel: [ 241.096175] audit: type=1400
audit(1453762589.727:30): apparmor="DENIED" operation="file_perm"
profile="bug-profile" name="public/showq" pid=4923 comm="postqueue"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Regression Potential]
* The changes are local to the path-based AF_UNIX stream socket mediation
code
so that limits the regression potential to some degree.
* John Johansen authored the patch and I reviewed it. It is small and there's
no obvious areas of concern to me regarding potential regressions.
[Other Info]
* None at this time
[Original bug report]
Hello,
on three Vivid host, all of them up-to-date, I have the problem
described here:
https://bugs.launchpad.net/ubuntu/utopic/+source/linux/+bug/1390223
That bug report shows the problem was fixed, but it is not (at least
on current Vivid)
ii linux-image-generic 3.19.0.15.14 amd64 Generic Linux kernel
image
ii lxc 1.1.2-0ubuntu3 amd64 Linux Containers
userspace tools
ii apparmor 2.9.1-0ubuntu9 amd64 User-space parser
utility for AppArmor
Reproducible with:
$ sudo lxc-create -n test -t ubuntu
$ sudo lxc-start -n test
(inside container)
$ sudo apt-get install postfix
$ mailq
postqueue: warning: close: Permission denied
dmesg shows:
[82140.386109] audit: type=1400 audit(1429661150.086:17067):
apparmor="DENIED" operation="file_perm" profile="lxc-container-default"
name="public/showq" pid=27742 comm="postqueue" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0
---
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: zoolook 1913 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 15.04
HibernationDevice: RESUME=UUID=aa25401d-0553-43dc-b7c8-c530fe245fb6
InstallationDate: Installed on 2015-02-27 (53 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64
(20150218.1)
MachineType: LENOVO 20150
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-15-generic
root=/dev/mapper/ubuntu--vg-root ro cgroup_enable=memory swapaccount=1 quiet
splash vt.handoff=7
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
RelatedPackageVersions:
linux-restricted-modules-3.19.0-15-generic N/A
linux-backports-modules-3.19.0-15-generic N/A
linux-firmware 1.143
Tags: vivid
Uname: Linux 3.19.0-15-generic x86_64
UpgradeStatus: Upgraded to vivid on 2015-03-29 (24 days ago)
UserGroups: adm docker libvirtd lpadmin sambashare sudo
_MarkForUpload: True
dmi.bios.date: 12/19/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 5ECN95WW(V9.00)
dmi.board.asset.tag: No Asset Tag
dmi.board.name: INVALID
dmi.board.vendor: LENOVO
dmi.board.version: 31900004WIN8 STD SGL
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G580
dmi.modalias:
dmi:bvnLENOVO:bvr5ECN95WW(V9.00):bd12/19/2012:svnLENOVO:pn20150:pvrLenovoG580:rvnLENOVO:rnINVALID:rvr31900004WIN8STDSGL:cvnLENOVO:ct10:cvrLenovoG580:
dmi.product.name: 20150
dmi.product.version: Lenovo G580
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1446906/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
