from:"Ryan Lee"

[Touch-packages] [Bug 2083435] Re: AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

2024-10-01 Thread Ryan Lee

** Patch added: "Patch of commit c86c87e8868c72e5ab2084b5bf783cd5ca800a9b 
downloaded from GitLab"
   
https://bugs.launchpad.net/apparmor/+bug/2083435/+attachment/5823945/+files/c86c87e8868c72e5ab2084b5bf783cd5ca800a9b.patch

** Description changed:

  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This field
  was added in the middle of the struct instead of the end, causing an ABI
  break in libapparmor without a corresponding major version number bump.
  This commit landed between v4.0.3 and v4.1.0-beta1, and unfortunately,
  Oracular currently packages v4.1.0-beta1.
  
- Thus, we need to land a patch to move the `execpath` field to the end of
- the struct ASAP to prevent an ABI break from making it into the Oracular
- release. The patch is attached below and is available as commit
+ Thus, we need to land a bugfix patch to move the `execpath` field to the
+ end of the struct ASAP to prevent an ABI break from making it into the
+ Oracular release. The patch is attached below and is available as commit
  c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083435

Title:
  AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in apparmor source package in Oracular:
  New

Bug description:
  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This
  field was added in the middle of the struct instead of the end,
  causing an ABI break in libapparmor without a corresponding major
  version number bump. This commit landed between v4.0.3 and
  v4.1.0-beta1, and unfortunately, Oracular currently packages
  v4.1.0-beta1.

  Thus, we need to land a bugfix patch to move the `execpath` field to
  the end of the struct ASAP to prevent an ABI break from making it into
  the Oracular release. The patch is attached below and is available as
  commit c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2083435/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2083435] Re: AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

2024-10-01 Thread Ryan Lee

Gitlab MR has been merged, with commit
c86c87e8868c72e5ab2084b5bf783cd5ca800a9b fixing the ABI break. Patch is
attached.

** Description changed:

  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This field
  was added in the middle of the struct instead of the end, causing an ABI
  break in libapparmor without a corresponding major version number bump.
  This commit landed between v4.0.3 and v4.1.0-beta1, and unfortunately,
  Oracular currently packages v4.1.0-beta1.
  
  Thus, we need to land a patch to move the `execpath` field to the end of
  the struct ASAP to prevent an ABI break from making it into the Oracular
- release. The patch will be attached below [once available] and will be
- available as commit [SHA to be filled in once patch is merged upstream].
+ release. The patch is attached below and is available as commit
+ c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083435

Title:
  AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in apparmor source package in Oracular:
  New

Bug description:
  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This
  field was added in the middle of the struct instead of the end,
  causing an ABI break in libapparmor without a corresponding major
  version number bump. This commit landed between v4.0.3 and
  v4.1.0-beta1, and unfortunately, Oracular currently packages
  v4.1.0-beta1.

  Thus, we need to land a bugfix patch to move the `execpath` field to
  the end of the struct ASAP to prevent an ABI break from making it into
  the Oracular release. The patch is attached below and is available as
  commit c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2083435/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2004592] Re: aalogparse.h cannot be included from C++ code

2024-10-04 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

** Changed in: apparmor (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2004592

Title:
  aalogparse.h cannot be included from C++ code

Status in apparmor package in Ubuntu:
  Fix Committed

Bug description:
  aalogparse.h cannot be included from C++ code because it uses
  'namespace' and 'class' as variable names, and these are reserved
  keywords in C++.

  /usr/include/aalogparse/aalogparse.h:137:15: error: expected unqualified-id 
before ‘namespace’
137 | char *namespace;
|   ^
  /usr/include/aalogparse/aalogparse.h:163:15: error: expected unqualified-id 
before ‘class’
163 | char *class;
|   ^

  This is interesting to me because abi-compliance-checker necessarily
  processes all headers as C++; but it's likely of general interest to
  be able to link C++ code to libapparmor.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2004592/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2083435] Re: AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

2024-10-01 Thread Ryan Lee

** Tags added: oracular

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083435

Title:
  AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in apparmor source package in Oracular:
  New

Bug description:
  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This
  field was added in the middle of the struct instead of the end,
  causing an ABI break in libapparmor without a corresponding major
  version number bump. This commit landed between v4.0.3 and
  v4.1.0-beta1, and unfortunately, Oracular currently packages
  v4.1.0-beta1.

  Thus, we need to land a patch to move the `execpath` field to the end
  of the struct ASAP to prevent an ABI break from making it into the
  Oracular release. The patch will be attached below [once available]
  and will be available as commit [SHA to be filled in once patch is
  merged upstream].

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2083435/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2083435] Re: AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

2024-10-01 Thread Ryan Lee

While we're at it, John Johansen also decided to include this patch,
which fixes a critical bug in which the rule priority directives could
destroy permissions for some classes.

** Patch added: "Patch for commit 204c0c5a3a34ac2eb47b863aae20bace48e0ad3c 
downloaded from Gitlab"
   
https://bugs.launchpad.net/apparmor/+bug/2083435/+attachment/5823987/+files/204c0c5a3a34ac2eb47b863aae20bace48e0ad3c.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083435

Title:
  AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in apparmor source package in Oracular:
  New

Bug description:
  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This
  field was added in the middle of the struct instead of the end,
  causing an ABI break in libapparmor without a corresponding major
  version number bump. This commit landed between v4.0.3 and
  v4.1.0-beta1, and unfortunately, Oracular currently packages
  v4.1.0-beta1.

  Thus, we need to land a bugfix patch to move the `execpath` field to
  the end of the struct ASAP to prevent an ABI break from making it into
  the Oracular release. The patch is attached below and is available as
  commit c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2083435/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2083435] Re: AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

2024-10-01 Thread Ryan Lee

After rechecking
https://git.launchpad.net/ubuntu/+source/apparmor/tree/debian/patches/ubuntu
Alex Murray found that this second patch in comment #4 was already
applied in the last upload of the apparmor package, so we don't have to
apply the patch again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083435

Title:
  AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in apparmor source package in Oracular:
  New

Bug description:
  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This
  field was added in the middle of the struct instead of the end,
  causing an ABI break in libapparmor without a corresponding major
  version number bump. This commit landed between v4.0.3 and
  v4.1.0-beta1, and unfortunately, Oracular currently packages
  v4.1.0-beta1.

  Thus, we need to land a bugfix patch to move the `execpath` field to
  the end of the struct ASAP to prevent an ABI break from making it into
  the Oracular release. The patch is attached below and is available as
  commit c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2083435/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2095597] Re: apparmor: removal of Python standard libraries in Python 3.13

2025-01-23 Thread Ryan Lee

As noted in the original Debian bug, this issue is tracked upstream at
https://gitlab.com/apparmor/apparmor/-/issues/447.

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #447
   https://gitlab.com/apparmor/apparmor/-/issues/447

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2095597

Title:
  apparmor: removal of Python standard libraries in Python 3.13

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor package in Debian:
  Confirmed

Bug description:
  Imported from Debian bug http://bugs.debian.org/1084647:

  Source: apparmor
  Severity: important
  User: debian-pyt...@lists.debian.org
  Usertags: pep-594-deprecation-313

  Dear maintainer(s),

  Python 3.13 removes a large amount of so called 'dead battery' libraries 
  from the standard library. As such, code that imports these libraries 
  will no longer work in Python 3.13, which is the targeted version for 
  Trixie.

  The following removed libraries were found in this package:

  cgitb: utils/apparmor/fail.py:11

  See this link for more details: 
  https://peps.python.org/pep-0594/#deprecated-modules

  Cheers,

  -- 
 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
 ⢿⡄⠘⠷⠚⠋   po...@debian.org / veronneau.org
 ⠈⠳⣄

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2095597/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2095118] [NEW] Desktop login screen sometimes flickers, accompanied by rfkill dmesg logspam

2025-01-16 Thread Ryan Lee

Public bug reported:

Sometimes, when booting into a Plucky VM (provisioned via virt-manager),
the login screen flickers constantly, rendering the GUI unusable.
Occasionally, the flickering pauses long enough for me to type in the
first few characters of my password, before the flickering starts again
and kicks me back to the username selection screen. Logging in via SSH,
I can see that each flicker is accompanied by dmesg logspam
(representative example below):

[  188.853451] rfkill: input handler enabled
[  189.689764] rfkill: input handler disabled
[  190.463262] rfkill: input handler enabled
[  191.379945] rfkill: input handler disabled
[  192.284689] rfkill: input handler enabled
[  193.072647] rfkill: input handler disabled

ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: rfkill 2.40.2-1ubuntu2
ProcVersionSignature: Ubuntu 6.11.0-8.8-generic 6.11.0
Uname: Linux 6.11.0-8-generic x86_64
ApportVersion: 2.31.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Jan 16 11:57:46 2025
InstallationDate: Installed on 2025-01-14 (2 days ago)
InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Daily amd64 (20250114)
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=
SourcePackage: util-linux
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: util-linux (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug plucky

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/2095118

Title:
  Desktop login screen sometimes flickers, accompanied by rfkill dmesg
  logspam

Status in util-linux package in Ubuntu:
  New

Bug description:
  Sometimes, when booting into a Plucky VM (provisioned via virt-
  manager), the login screen flickers constantly, rendering the GUI
  unusable. Occasionally, the flickering pauses long enough for me to
  type in the first few characters of my password, before the flickering
  starts again and kicks me back to the username selection screen.
  Logging in via SSH, I can see that each flicker is accompanied by
  dmesg logspam (representative example below):

  [  188.853451] rfkill: input handler enabled
  [  189.689764] rfkill: input handler disabled
  [  190.463262] rfkill: input handler enabled
  [  191.379945] rfkill: input handler disabled
  [  192.284689] rfkill: input handler enabled
  [  193.072647] rfkill: input handler disabled

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: rfkill 2.40.2-1ubuntu2
  ProcVersionSignature: Ubuntu 6.11.0-8.8-generic 6.11.0
  Uname: Linux 6.11.0-8-generic x86_64
  ApportVersion: 2.31.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Thu Jan 16 11:57:46 2025
  InstallationDate: Installed on 2025-01-14 (2 days ago)
  InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Daily amd64 (20250114)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: util-linux
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/2095118/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-02-28 Thread Ryan Lee

Seems like the new wpa_supplicant protocol will need rules allowing read
access to /sys/devices/pci*:*/*:*:*.*/ieee80211/phy*/** and to allow
dgram socket creation, but there may be other accesses we might have
missed that would be needed to unbreak the profile. For now, we'll
proceed by disabling the new profile by default.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  New

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-02-28 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098906] Re: apparmor breaks sbuild with unshare on plucky

2025-02-28 Thread Ryan Lee

This breakage is due to the latest AppArmor packaging enabling a
unshare-userns-restrict profile by default. In most cases, this allows
more usage of unshare than before (while limiting the attack surface
exposed by capabilities in unprivileged user namespaces), but sbuild is
one of the cases where the new profile imposes more restrictions instead
of loosening them. We are working on an updated sbuild profile to fix
this.

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098906

Title:
  apparmor breaks sbuild with unshare on plucky

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  After today's apparmor updates and restarting my computer, I can no
  longer use sbuild's unshare backend. This breaks the (newly)
  recommended way to build .deb packages locally from Ubuntu 25.04. (See
  https://lists.ubuntu.com/archives/ubuntu-
  devel/2024-December/043193.html )

  Journal excerpt
  ==
  Feb 19 17:24:29 kernel: audit: type=1400 audit: apparmor="AUDIT" 
operation="exec" class="file" info="ix fallback" profile="unshare" 
name="/usr/bin/newuidmap" pid=10846 comm="unshare" requested_mask="x" 
fsuid=1000 ouid=0 target="unpriv_unshare//&unshare"
  Feb 19 17:24:29 kernel: audit: type=1400 audit: apparmor="DENIED" 
operation="capable" class="cap" profile="unpriv_unshare" comm="newuidmap" 
capability=1  capname="dac_override"

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 19 17:25:41 2025
  InstallationDate: Installed on 2024-04-12 (313 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Beta amd64 (20240410.2)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=7a431ed1-30e4-4377-bb6e-1f81480f31ba ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2024-12-18 (63 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098906] Re: apparmor breaks sbuild with unshare on plucky

2025-02-28 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098906

Title:
  apparmor breaks sbuild with unshare on plucky

Status in apparmor package in Ubuntu:
  Fix Committed

Bug description:
  After today's apparmor updates and restarting my computer, I can no
  longer use sbuild's unshare backend. This breaks the (newly)
  recommended way to build .deb packages locally from Ubuntu 25.04. (See
  https://lists.ubuntu.com/archives/ubuntu-
  devel/2024-December/043193.html )

  Journal excerpt
  ==
  Feb 19 17:24:29 kernel: audit: type=1400 audit: apparmor="AUDIT" 
operation="exec" class="file" info="ix fallback" profile="unshare" 
name="/usr/bin/newuidmap" pid=10846 comm="unshare" requested_mask="x" 
fsuid=1000 ouid=0 target="unpriv_unshare//&unshare"
  Feb 19 17:24:29 kernel: audit: type=1400 audit: apparmor="DENIED" 
operation="capable" class="cap" profile="unpriv_unshare" comm="newuidmap" 
capability=1  capname="dac_override"

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 19 17:25:41 2025
  InstallationDate: Installed on 2024-04-12 (313 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Beta amd64 (20240410.2)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=7a431ed1-30e4-4377-bb6e-1f81480f31ba ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2024-12-18 (63 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-02-28 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Fix Committed

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2099811] Re: Os-prober segmentation fault one message for each partition on same PC

2025-03-07 Thread Ryan Lee

We'll be packaging up os-prober profiles in the main AppArmor package so
that they're installed by default and so that we can update them more
easily if necessary.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2099811

Title:
  Os-prober segmentation fault one message for each partition on same PC

Status in apparmor package in Ubuntu:
  Confirmed
Status in os-prober package in Ubuntu:
  Confirmed

Bug description:
  Reporting this bug on os-prober, my bug 
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2099662
  was incorrectly attributed to grub

  corrado@corrado-n3-pp-0223:~$ sudo os-prober
  [sudo] password for corrado: 
  find: Failed to restore initial working directory: /home/corrado: Permission 
denied
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  corrado@corrado-n3-pp-0223:~$ 

  Attaching related journal

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: os-prober 1.83ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Feb 23 15:46:27 2025
  InstallationDate: Installed on 2025-02-23 (0 days ago)
  InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Daily amd64 (20250223)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: os-prober
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2099811/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2101180] Re: Multiple DENIED apparmor messages when using rsyslog with the imfile module

2025-03-08 Thread Ryan Lee

Does the imfile module still work correctly despite the denial logs, or
is it unable to perform monitoring as expected?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/2101180

Title:
  Multiple DENIED apparmor messages when using rsyslog with the imfile
  module

Status in rsyslog package in Ubuntu:
  New

Bug description:
  When enabling the imfile module in order to watch
  /var/log/audit/audit.log file, the following traces are generated in
  logs regularly :

  
  type=AVC msg=audit(1741370794.968:9963561): apparmor="DENIED" 
operation="open" profile="rsyslogd" name="/" pid=67348 comm="in:imfile" 
requested_mask="r" denied_mask="r" fsuid=106 ouid=0
  type=AVC msg=audit(1741370794.968:9963562): apparmor="DENIED" 
operation="open" profile="rsyslogd" name="/var/" pid=67348 comm="in:imfile" 
requested_mask="r" denied_mask="r" fsuid=106 ouid=0
  type=AVC msg=audit(1741370794.968:9963563): apparmor="DENIED" 
operation="open" profile="rsyslogd" name="/var/log/" pid=67348 comm="in:imfile" 
requested_mask="r" denied_mask="r" fsuid=106 ouid=0

  As a small fix, I had to add the following lines into the rsyslogd
  apparmor configuration file :

  / r,
  /var r,
  /var/** r,

  Could it be a possible bug ?

  Behaviour detected on Ubuntu 22.04
  rsyslog package : 8.2406.0-1ubuntu2

  Behaviour expected : No DENIED apparmor actions when using the imfile
  module.

  Thanks !

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2101180/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2099990] Re: lsusb fails due to apparmor

2025-03-04 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: New => Fix Committed

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/200

Title:
  lsusb fails due to apparmor

Status in apparmor package in Ubuntu:
  Fix Committed

Bug description:
  With apparmor 4.1.0~beta5-0ubuntu5 on a RISC-V Microchip Icicle Kit I
  see that the kernel discovers USB:

  [  +0.008662] usb 1-1: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
  [  +0.007425] usb 1-1: Product: Ultra
  [  +0.003688] usb 1-1: Manufacturer: SanDisk
  [  +0.004245] usb 1-1: SerialNumber: 
010187b422912d2f128c699458cec5c82b7af2ece2713972b09d1de68f741b2afecb66a842d0ff9957008a558107452c91e7
  [  +0.011662] usb-storage 1-1:1.0: USB Mass Storage device detected
  [  +0.012149] scsi host0: usb-storage 1-1:1.0
  [  +0.011826] usbcore: registered new interface driver usb-storage
  [  +0.035775] usbcore: registered new interface driver uas 

  But lsusb shows not device. Looking as journalctl shows that apparmor
  is blocking:

  Feb 25 12:46:58 ubuntu sudo[1508]: pam_unix(sudo:session): session opened for 
user root(uid=0) by ubuntu(uid=1000)
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.039:207): 
apparmor="DENIED" operation="capable" class="cap" profile="lsusb" pid=1510 
comm="lsusb" capability=12  capname="net_admin"
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.039:208): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/uevent" 
pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.043:209): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/1-1/uevent" 
pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.043:210): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/1-0:1.0/uevent"
 pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.047:211): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/1-1/1-1:1.0/uevent"
 pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu sudo[1508]: pam_unix(sudo:session): session closed for 
user root

  /etc/apparmor.d/usr.bin.lsusb does not exist.

  sudo apparmor_status shows that lsusb is in enforce mode.

  Only after putting /usb/bin/lsusb into complain mode the command
  starts to work.

  Best regards

  Heinrich
  --- 
  ProblemType: Bug
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: riscv64
  CasperMD5CheckResult: unknown
  CloudArchitecture: riscv64
  CloudBuildName: server
  CloudID: nocloud
  CloudName: unknown
  CloudPlatform: nocloud
  CloudSerial: 20250225
  CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud-net)
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu5
  PackageArchitecture: riscv64
  ProcEnviron:
   LANG=C.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=vt220
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-4-generic 
root=UUID=d7adaa9d-66b4-4ce4-a45f-3651ae4bbb85 ro efi=debug earlycon=sbi 
sysctl.kernel.watchdog_thresh=60
  ProcVersionSignature: Ubuntu 6.14.0-4.4.1~1-generic 6.14.0-rc3
  Syslog: 2025-02-25T12:34:08.711312+00:00 ubuntu dbus-daemon[909]: [system] 
AppArmor D-Bus mediation is enabled
  Tags: cloud-image plucky
  Uname: Linux 6.14.0-4-generic riscv64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: N/A
  _MarkForUpload: True
  mtime.conffile..etc.apparmor.d.lsusb: 2025-02-25T12:57:31.410467

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/200/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2100295] Re: Apparmor settings for fusermount3 break flatpak

2025-03-04 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Fix Committed

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2100295

Title:
  Apparmor settings for fusermount3 break flatpak

Status in apparmor package in Ubuntu:
  Fix Committed

Bug description:
  On Ubuntu Plucky (after updating from 24.10), flatpak was throwing errors 
such as:
  mount revokefs-fuse filesystem at 
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712: 
Child process exited with code 1
  Warning: Could not unmount revokefs-fuse filesystem at 
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712: 
Child process exited with code 1
  (internal error, please report)

  After looking at dmesg I saw: [  337.157392] audit: type=1400
  audit(1740585583.450:394): apparmor="DENIED" operation="mount"
  class="mount" info="failed mntpnt match" error=-13
  profile="fusermount3" name="/var/tmp/flatpak-cache-
  HGJ712/org.gnome.Platform-QW6C22/" pid=8913 comm="fusermount3"
  fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"

  To fix the problem, I modified the /etc/apparmor.d/fusermount3 to
  include the lines to allow mounting in /var/tmp:

  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> 
/var/tmp/flatpak-cache-*/**,
  mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> 
/var/tmp/flatpak-cache-*/**,
  umount /var/tmp/flatpak-cache-*/**,

  after reloading with:
   sudo apparmor_parser -r /etc/apparmor.d/fusermount3

  and running flatpak update again, it worked as expected.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu5
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 26 17:11:41 2025
  InstallationDate: Installed on 2021-01-05 (1513 days ago)
  InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20201223)
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=a347123c-fffc-41bc-b182-3eb2b26aa16b ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2025-02-16 (10 days ago)
  mtime.conffile..etc.apparmor.d.fusermount3: 2025-02-26T17:07:28.917778

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2100295/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2100295] Re: Apparmor settings for fusermount3 break flatpak

2025-03-04 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2100295

Title:
  Apparmor settings for fusermount3 break flatpak

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  On Ubuntu Plucky (after updating from 24.10), flatpak was throwing errors 
such as:
  mount revokefs-fuse filesystem at 
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712: 
Child process exited with code 1
  Warning: Could not unmount revokefs-fuse filesystem at 
/var/tmp/flatpak-cache-HGJ712/org.freedesktop.Platform.Compat.i386-QVI712: 
Child process exited with code 1
  (internal error, please report)

  After looking at dmesg I saw: [  337.157392] audit: type=1400
  audit(1740585583.450:394): apparmor="DENIED" operation="mount"
  class="mount" info="failed mntpnt match" error=-13
  profile="fusermount3" name="/var/tmp/flatpak-cache-
  HGJ712/org.gnome.Platform-QW6C22/" pid=8913 comm="fusermount3"
  fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"

  To fix the problem, I modified the /etc/apparmor.d/fusermount3 to
  include the lines to allow mounting in /var/tmp:

  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> 
/var/tmp/flatpak-cache-*/**,
  mount fstype=@{fuse_types} options=(nosuid,nodev,ro) -> 
/var/tmp/flatpak-cache-*/**,
  umount /var/tmp/flatpak-cache-*/**,

  after reloading with:
   sudo apparmor_parser -r /etc/apparmor.d/fusermount3

  and running flatpak update again, it worked as expected.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu5
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Feb 26 17:11:41 2025
  InstallationDate: Installed on 2021-01-05 (1513 days ago)
  InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20201223)
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=a347123c-fffc-41bc-b182-3eb2b26aa16b ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2025-02-16 (10 days ago)
  mtime.conffile..etc.apparmor.d.fusermount3: 2025-02-26T17:07:28.917778

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2100295/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2099811] Re: Os-prober segmentation fault one message for each partition on same PC

2025-03-06 Thread Ryan Lee

For the record: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476184
has a rationale for why os-prober introduced mount namespaces in the
first place. If we remove the unsharing of the mount namespace, can we
also make sure that os-prober won't fall over if its unmount calls fail?

** Bug watch added: Debian Bug tracker #476184
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476184

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2099811

Title:
  Os-prober segmentation fault one message for each partition on same PC

Status in apparmor package in Ubuntu:
  Confirmed
Status in os-prober package in Ubuntu:
  Confirmed

Bug description:
  Reporting this bug on os-prober, my bug 
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2099662
  was incorrectly attributed to grub

  corrado@corrado-n3-pp-0223:~$ sudo os-prober
  [sudo] password for corrado: 
  find: Failed to restore initial working directory: /home/corrado: Permission 
denied
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  Segmentation fault
  corrado@corrado-n3-pp-0223:~$ 

  Attaching related journal

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: os-prober 1.83ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Feb 23 15:46:27 2025
  InstallationDate: Installed on 2025-02-23 (0 days ago)
  InstallationMedia: Ubuntu 25.04 "Plucky Puffin" - Daily amd64 (20250223)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: os-prober
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2099811/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2101909] [NEW] AppArmor OpenVPN profile blocks access to NetworkManager-OpenVPN imported certs

2025-03-10 Thread Ryan Lee

Public bug reported:

The openvpn profile shipped in the AppArmor package in Plucky
(4.1.0~beta5-0ubuntu6 as of time of writing) does not allow access to
the ~/.cert/nm-openvpn, which is needed to allow OpenVPN to use
certificate files imported by NetworkManager. This was reported by
"@zorn-v" upstream as a comment on
https://gitlab.com/apparmor/apparmor/-/merge_requests/1263.

** Affects: apparmor (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2101909

Title:
  AppArmor OpenVPN profile blocks access to NetworkManager-OpenVPN
  imported certs

Status in apparmor package in Ubuntu:
  New

Bug description:
  The openvpn profile shipped in the AppArmor package in Plucky
  (4.1.0~beta5-0ubuntu6 as of time of writing) does not allow access to
  the ~/.cert/nm-openvpn, which is needed to allow OpenVPN to use
  certificate files imported by NetworkManager. This was reported by
  "@zorn-v" upstream as a comment on
  https://gitlab.com/apparmor/apparmor/-/merge_requests/1263.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2101909/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2083435] Re: AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

2025-03-10 Thread Ryan Lee

** Changed in: apparmor
   Status: New => Fix Released

** Changed in: apparmor (Ubuntu)
   Status: Fix Committed => Fix Released

** Changed in: apparmor (Ubuntu Oracular)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2083435

Title:
  AppArmor 4.1.0-beta1 contains an ABI break for aa_log_record

Status in AppArmor:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Oracular:
  Fix Released

Bug description:
  Commit 3c825eb001d33bb6f2480c4f78df03aee4c40396 in the Gitlab upstream
  adds a field called `execpath` to the `aa_log_record` struct. This
  field was added in the middle of the struct instead of the end,
  causing an ABI break in libapparmor without a corresponding major
  version number bump. This commit landed between v4.0.3 and
  v4.1.0-beta1, and unfortunately, Oracular currently packages
  v4.1.0-beta1.

  Thus, we need to land a bugfix patch to move the `execpath` field to
  the end of the struct ASAP to prevent an ABI break from making it into
  the Oracular release. The patch is attached below and is available as
  commit c86c87e8868c72e5ab2084b5bf783cd5ca800a9b in the Gitlab repo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2083435/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2101869] Re: apparmor utils tools cannot parse fusermount3 profile

2025-03-11 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2101869

Title:
  apparmor utils tools cannot parse fusermount3 profile

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  On Ubuntu Plucky, apparmor utils tools such as aa-notify, aa-logprof,
  aa-cleanprof cannot parse fusermount3 profile.

  $ aa-notify -p

  skipping unparseable profile /etc/apparmor.d/fusermount3 (Can't parse
  mount rule mount fstype=fuse options=(nosuid,nodev,rw) revokefs-fuse
  -> /var/tmp/flatpak-cache-*/**/,)

  This bug happens because mount rules may include labels as sources, but the 
existing regex did not
  permit hyphens, incorrectly marking valid labels like 'revokefs-fuse' as
  invalid.

  This bug is fixed in upstream by
  https://gitlab.com/apparmor/apparmor/-/merge_requests/1565

  apparmor-utils version: 4.1.0~beta5-0ubuntu6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2101869/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2102033] Re: remmina blocked by apparmor in Plucky

2025-03-11 Thread Ryan Lee

Is that the only AppArmor log message being generated, or are there
more?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2102033

Title:
  remmina blocked by apparmor in Plucky

Status in apparmor package in Ubuntu:
  New
Status in remmina package in Ubuntu:
  New

Bug description:
  Remmina is now failing on plucky, blocked by apparmor:

  Failed to register:
  GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor
  policy prevents this sender from sending this message to this
  recipient; type="method_call", sender=":1.126" (uid=1000 pid=9636
  comm="remmina" label="remmina (enforce)") interface="org.gtk.Actions"
  member="DescribeAll" error name="(unset)" requested_reply="0"
  destination="org.remmina.Remmina" (uid=1000 pid=4366
  comm="/usr/bin/remmina -i" label="remmina (enforce)")

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: remmina 1.4.39+dfsg-1
  ProcVersionSignature: Ubuntu 6.12.0-16.16-generic 6.12.11
  Uname: Linux 6.12.0-16-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.32.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Tue Mar 11 09:09:15 2025
  InstallationDate: Installed on 2024-10-30 (132 days ago)
  InstallationMedia: Ubuntu-Studio 24.10 "Oracular Oriole" - Release amd64 
(20241007.1)
  SourcePackage: remmina
  UpgradeStatus: Upgraded to plucky on 2025-01-25 (45 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102033/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2102033] Re: remmina blocked by apparmor in Plucky

2025-03-11 Thread Ryan Lee

Also, I see that you added remmina to LP: #2046844, but the log that you
pasted into the bug report above does not have anything to do with user
namespaces.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2102033

Title:
  remmina blocked by apparmor in Plucky

Status in apparmor package in Ubuntu:
  New
Status in remmina package in Ubuntu:
  New

Bug description:
  Remmina is now failing on plucky, blocked by apparmor:

  Failed to register:
  GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor
  policy prevents this sender from sending this message to this
  recipient; type="method_call", sender=":1.126" (uid=1000 pid=9636
  comm="remmina" label="remmina (enforce)") interface="org.gtk.Actions"
  member="DescribeAll" error name="(unset)" requested_reply="0"
  destination="org.remmina.Remmina" (uid=1000 pid=4366
  comm="/usr/bin/remmina -i" label="remmina (enforce)")

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: remmina 1.4.39+dfsg-1
  ProcVersionSignature: Ubuntu 6.12.0-16.16-generic 6.12.11
  Uname: Linux 6.12.0-16-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.32.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Tue Mar 11 09:09:15 2025
  InstallationDate: Installed on 2024-10-30 (132 days ago)
  InstallationMedia: Ubuntu-Studio 24.10 "Oracular Oriole" - Release amd64 
(20241007.1)
  SourcePackage: remmina
  UpgradeStatus: Upgraded to plucky on 2025-01-25 (45 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102033/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098993] Re: Last updates to apparmor broke all AppImages, which depend on fusermount

2025-02-28 Thread Ryan Lee

** Changed in: apparmor (Ubuntu)
   Status: New => Fix Committed

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098993

Title:
  Last updates to apparmor broke all AppImages, which depend on
  fusermount

Status in apparmor package in Ubuntu:
  Fix Committed

Bug description:
  Ubuntu 25.04.

  After last updates to apparmor, all AppImages stopped running, giving
  the message:

  $ ./filename.AppImage
  fusermount: mount failed: Permission denied

  Cannot mount AppImage, please check your FUSE setup.
  You might still be able to extract the contents of this AppImage 
  if you run it with the --appimage-extract option. 
  See https://github.com/AppImage/AppImageKit/wiki/FUSE 
  for more information
  open dir error: No such file or directory

  Relevant lines from journalctl:

  פבר 20 17:32:20 ape kernel: audit: type=1400 audit(1740065540.628:588): 
apparmor=“DENIED” operation=“mount” class=“mount” info=“failed flags match” 
error=-13 profile=“fusermount3” name=“/tmp/.mount_overGrsjqzZw/” pid=22454 
comm=“fusermount” fstype=“fuse.overGrive-3.5.2-x86_64.AppImage” 
srcname=“overGrive-3.5.2-x86_64.AppImage” flags=“ro, nosuid, nodev”
  פבר 20 17:32:20 ape kernel: audit: type=1400 audit(1740065540.629:589): 
apparmor=“DENIED” operation=“mount” class=“mount” info=“failed flags match” 
error=-13 profile=“fusermount3” name=“/tmp/.mount_overGrsjqzZw/” pid=22455 
comm=“fusermount” fstype=“fuse” srcname=“/dev/fuse” flags=“ro, nosuid, nodev”

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.31.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 20 19:02:21 2025
  InstallationDate: Installed on 2022-01-31 (1116 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220126)
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.12.0-15-generic 
root=UUID=06eb0295-6f5f-4d0e-96e7-4d2e2fe687ac ro quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: apparmor
  Syslog:
   2025-02-18T19:59:56.591218+02:00 ape dbus-daemon[9035]: [session uid=0 
pid=9033 pidfd=4] AppArmor D-Bus mediation is enabled
   2025-02-20T17:25:43.744723+02:00 ape dbus-daemon[20337]: [session uid=0 
pid=20335 pidfd=4] AppArmor D-Bus mediation is enabled
   2025-02-20T17:26:25.182143+02:00 ape dbus-daemon[20735]: [session uid=0 
pid=20733 pidfd=4] AppArmor D-Bus mediation is enabled
   2025-02-20T17:38:06.201216+02:00 ape dbus-daemon[24041]: [session uid=0 
pid=24039 pidfd=4] AppArmor D-Bus mediation is enabled
  UpgradeStatus: Upgraded to plucky on 2025-01-30 (21 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098993/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-02-28 Thread Ryan Lee

Switching this to "Fix Released" now that the 0ubuntu5 release is out
that disables the profile - feel free to switch back if you're still
encountering issues even on that release.

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-02-28 Thread Ryan Lee

Hi Heinrich,

Could you also confirm how you constructed the above AppArmor profile
for wpa_supplicant? Did you create it based on the broken wpa_supplicant
profile shipped in the earlier AppArmor package, or did you create it
some other way?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Confirmed
Status in wpa package in Ubuntu:
  Confirmed

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-02-28 Thread Ryan Lee

The broken profile located in /etc/apparmor.d/wpa_supplicant should have
been removed by the upgrade to 4.1.0~beta5-0ubuntu5. Was it still there
on your system after the upgrade?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Confirmed
Status in wpa package in Ubuntu:
  Confirmed

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2102056] Re: openvpn on Plucky fails to connect

2025-03-12 Thread Ryan Lee

*** This bug is a duplicate of bug 2101909 ***
https://bugs.launchpad.net/bugs/2101909

** This bug has been marked a duplicate of bug 2101909
   AppArmor OpenVPN profile blocks access to NetworkManager-OpenVPN imported 
certs

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2102056

Title:
  openvpn on Plucky fails to connect

Status in apparmor package in Ubuntu:
  New
Status in openvpn package in Ubuntu:
  New

Bug description:
  Attempting to connect to my VPN on Plucky results in an inability to
  connect. I haven't been able to figure out why. I'm able to connect
  via Noble and Oracular and was able to prior to the latest upload of
  2.6.13 in Plucky. I haven't been able to discern any sizable
  difference between this version and 2.6.12.

  Steps to reproduce:

  Using networkmanager in GNOME or Plasma:

  * Import .ovpn file from an OpenVPN server.
  * Attempt to connect via NetworkManager interface in either DE.

  EXPECTED:

  * Connects no issues (case in Noble and Oracular)

  ACTUAL:

  * Fails with no explanation

  
  Using dbus-monitor didn't show me any reason, so I'd love some suggestions to 
diagnose this further.

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: openvpn 2.6.13-1ubuntu1
  ProcVersionSignature: Ubuntu 6.12.0-16.16-generic 6.12.11
  Uname: Linux 6.12.0-16-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.32.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Tue Mar 11 18:47:17 2025
  InstallationDate: Installed on 2024-10-30 (133 days ago)
  InstallationMedia: Ubuntu-Studio 24.10 "Oracular Oriole" - Release amd64 
(20241007.1)
  SourcePackage: openvpn
  UpgradeStatus: Upgraded to plucky on 2025-01-25 (45 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102056/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098930] Re: openvpn profile doesn't allow access to files on home dir

2025-03-12 Thread Ryan Lee

After a discussion with Alex Murray and John Johansen, we decided on the 
following OpenVPN policy adjustments:
- allowing writes to files in the /etc/openvpn, and not just reads
- allowing reads to most of the home directories
- allowing writes to most of the home directories, with an owner restriction 
(which would allow the genkey write case while blocking an OpenVPN daemon 
running as root from covertly overwriting user-owned keys)

where "most of the home directories" refers to including the private-
files-strict abstraction
(https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor.d/abstractions/private-
files-strict?ref_type=heads) and adding a carveout to allow writes
inside .config.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098930

Title:
  openvpn profile doesn't allow access to files on home dir

Status in apparmor package in Ubuntu:
  Confirmed
Status in gnome-control-center package in Ubuntu:
  Confirmed
Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  my VPN keys & certs are stored in my HOME directory. The current
  apparmor update broke that. When I try to activate my VPN through
  NetworkManager, the journal says:

  
  Feb 20 07:48:57 paprika NetworkManager[3405]:   [1740034137.4372] 
vpn[0x58db282782d0,132c9eee-2134-4f7a-8326-58bde38036de,"canonical-uk"]: 
starting openvpn
  [snipped]
  Feb 20 07:48:57 paprika nm-openvpn[10793]: Cannot pre-load keyfile 
(/home/tom/Documents/vpn/ta.key)
  Feb 20 07:48:57 paprika nm-openvpn[10793]: Exiting due to fatal error
  [snipped]
  Feb 20 07:48:57 paprika kernel: audit: type=1400 audit(1740034137.454:789): 
apparmor="DENIED" operation="open" class="file" profile="openvpn" 
name="/home/tom/Documents/vpn/ta.key" pid=10793 comm="openvpn" 
requested_mask="r" denied_ma>

  
  So openvpn can no longer access 
/home/tom/Documents/canonical/vpn/canonical_ta.key .

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu2
  ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
  Uname: Linux 6.12.0-15-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.31.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 20 08:57:57 2025
  InstallationDate: Installed on 2024-07-18 (217 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/usr/bin/zsh
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic 
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash vt.handoff=7
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to plucky on 2024-12-20 (62 days ago)
  modified.conffile..etc.apparmor.d.element-desktop: [modified]
  mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T18:32:02.077059

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098930/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2103524] Re: lsblk apparmor profile denies block device lookup on Azure

2025-03-19 Thread Ryan Lee

** Tags added: sec-5988

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2103524

Title:
  lsblk apparmor profile denies block device lookup on Azure

Status in apparmor package in Ubuntu:
  New

Bug description:
  Release: 25.04
  Package version: 4.1.0~beta5-0ubuntu8

  # What should happen

  `lsbkl` on Azure should list the disk images:

  ubuntu@alan-plucky-base-hieursuvme:~$ lsblk
  NAMEMAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
  sda   8:00   10G  0 disk
  └─sda18:10   10G  0 part /mnt 



  sdb   8:16   0   30G  0 disk
  ├─sdb18:17   0 28.9G  0 part /



  ├─sdb13   8:29   0 1023M  0 part /boot
  ├─sdb14   8:30   04M  0 part
  └─sdb15   8:31   0  106M  0 part /boot/efi



  sr0  11:01  628K  0 rom

  # What happened instead

  The lsblk apparmor profile introduced with 4.1.0~beta5-0ubuntu2 [0]
  breaks lsblk on Azure:

  ubuntu@alan-plucky-base-hieursuvme:~$ lsblk
  NAME MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
  sr0   11:01  628K  0 rom

  ubuntu@alan-plucky-base-hieursuvme:~$ journalctl --no-pager | grep DENIED
  Mar 17 18:20:08 alan-plucky-base-hieursuvme kernel: audit: type=1400 
audit(1742235608.633:177): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" 
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/-0001-8899--/host1/target1:0:1/1:0:1:0/block/sda/"
 pid=822 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Mar 17 18:20:08 alan-plucky-base-hieursuvme kernel: audit: type=1400 
audit(1742235608.693:178): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" 
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/-0001-8899--/host1/target1:0:1/1:0:1:0/block/sda/sda1/"
 pid=825 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Mar 17 18:26:45 alan-plucky-base-hieursuvme kernel: audit: type=1400 
audit(1742236005.881:182): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" 
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/--8899--/host0/target0:0:0/0:0:0:0/block/sdb/hidden"
 pid=12278 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Mar 17 18:26:45 alan-plucky-base-hieursuvme kernel: audit: type=1400 
audit(1742236005.882:183): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" 
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/--8899--/host0/target0:0:0/0:0:0:0/block/sdb/dev"
 pid=12278 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0



  Mar 17 18:26:45 
alan-plucky-base-hieursuvme kernel: audit: type=1400 audit(1742236005.882:184): 
apparmor="DENIED" operation="open" class="file" profile="lsblk" 
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/-0001-8899--/host1/target1:0:1/1:0:1:0/block/sda/hidden"
 pid=12278 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0



   Mar 17 18:26:45 
alan-plucky-base-hieursuvme kernel: audit: type=1400 audit(1742236005.882:185): 
apparmor="DENIED" operation="open" class="file" profile="lsblk" 
name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/-0001-8899--/host1/target1:0:1/1:0:1:0/block/sda/dev"
 pid=12278 comm="lsblk" requested_mask="r

[Touch-packages] [Bug 2104193] [NEW] aa-enforce converts child profile "profile firefox//sh {" into "profile firefox {" producing "Multiple definitions" error

2025-03-25 Thread Ryan Lee

Public bug reported:

As reported in https://gitlab.com/apparmor/apparmor/-/issues/493, the
child profile component of a profile name is not handled correctly by
aa-enforce, resulting in it being stripped.

** Affects: apparmor (Ubuntu)
 Importance: Undecided
 Assignee: Ryan Lee (rlee287)
 Status: In Progress

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

** Changed in: apparmor (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2104193

Title:
  aa-enforce converts child profile "profile firefox//sh {" into
  "profile firefox {" producing "Multiple definitions" error

Status in apparmor package in Ubuntu:
  In Progress

Bug description:
  As reported in https://gitlab.com/apparmor/apparmor/-/issues/493, the
  child profile component of a profile name is not handled correctly by
  aa-enforce, resulting in it being stripped.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2104193/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2104194] [NEW] aa-genprof and aa-logprof have hotkey conflict with execution ignore and inherit

2025-03-25 Thread Ryan Lee

Public bug reported:

As reported by https://gitlab.com/apparmor/apparmor/-/issues/302,
execution log ignore and inherit shared the same hotkey (i) in aa-
genprof and aa-logprof, so there is no way to ignore the execution.

** Affects: apparmor (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2104194

Title:
  aa-genprof and aa-logprof have hotkey conflict with execution ignore
  and inherit

Status in apparmor package in Ubuntu:
  New

Bug description:
  As reported by https://gitlab.com/apparmor/apparmor/-/issues/302,
  execution log ignore and inherit shared the same hotkey (i) in aa-
  genprof and aa-logprof, so there is no way to ignore the execution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2104194/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2106311] Re: File picker does not work in browsers in Ubuntu 25.04 beta for SSSD users

2025-04-10 Thread Ryan Lee

** Tags added: sec-6112

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2106311

Title:
  File picker does not work in browsers in Ubuntu 25.04 beta for SSSD
  users

Status in apparmor package in Ubuntu:
  In Progress

Bug description:
  In Ubuntu 25.04 Beta, the file picker in any browser does not work as
  intended when uploading or downloading a file. I have tested this on
  Firefox and Chromium, and I am unable to upload or download a file
  using the file picker.

  I can download files in either browser if I turn off the option to ask
  my download location, however, if I do enable it I am unable to save
  the file.

  The file picker however works okay in other applications such as Text
  Editor.

  Please look into this bug and take the necessary action ASAP, as it
  greatly impacts my workflow and potentially those of others as well,
  as I am unable to upload or download any files through a web browser.

  (P.S. I am submitting this report for the Nautilus package instead of
  the Chromium or Firefox package as it affects both and I am not
  exactly sure where to put it - do please move it to the appropriate
  package.)

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: nautilus 1:48.0-1ubuntu1
  ProcVersionSignature: Ubuntu 6.14.0-13.13-generic 6.14.0
  Uname: Linux 6.14.0-13-generic x86_64
  ApportVersion: 2.32.0-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Apr  6 00:48:38 2025
  SourcePackage: nautilus
  UpgradeStatus: Upgraded to plucky on 2025-04-02 (3 days ago)
  usr_lib_nautilus:
   file-roller   44.5-1
   nautilus-extension-gnome-terminal 3.56.0-1ubuntu1
   papers48.0-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2106311/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2103460] Re: QRT AppArmorUnixDomainConnect test failures on Plucky 6.14 kernel

2025-03-28 Thread Ryan Lee

Marking bug as invalid for AppArmor (Ubuntu) because the bug is solely
in the AppArmor kernel side.

** Changed in: apparmor (Ubuntu Plucky)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2103460

Title:
  QRT AppArmorUnixDomainConnect test failures on Plucky 6.14 kernel

Status in apparmor package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Plucky:
  Invalid
Status in linux source package in Plucky:
  Fix Released

Bug description:
  QRT is failing when run against the 6.14 kernel with the following
  trace

  
  test_sock_dgram (__main__.ApparmorUnixDomainConnect.test_sock_dgram)
  Test mediation of file based SOCK_DGRAM connect ... FAIL
  test_sock_seqpacket (__main__.ApparmorUnixDomainConnect.test_sock_seqpacket)
  Test mediation of file based SOCK_SEQPACKET connect ... FAIL
  test_sock_stream (__main__.ApparmorUnixDomainConnect.test_sock_stream)
  Test mediation of file based SOCK_STREAM connect ... FAIL

  ==
  FAIL: test_sock_dgram (__main__.ApparmorUnixDomainConnect.test_sock_dgram)
  Test mediation of file based SOCK_DGRAM connect
  --
  Traceback (most recent call last):
File "/home/ryan-lee/qrt-test-apparmor/./test-apparmor.py", line 3698, in 
test_sock_dgram
  self._test_sock_type('dgram')
  ^^^^^
    File "/home/ryan-lee/qrt-test-apparmor/./test-apparmor.py", line 3694, in 
_test_sock_type
  self.assertEqual(expected, rc, result + report)
  ^^^
  AssertionError: 1 != 0 : Got exit code 0, expected 1

  
  ==
  FAIL: test_sock_seqpacket 
(__main__.ApparmorUnixDomainConnect.test_sock_seqpacket)
  Test mediation of file based SOCK_SEQPACKET connect
  --
  Traceback (most recent call last):
File "/home/ryan-lee/qrt-test-apparmor/./test-apparmor.py", line 3702, in 
test_sock_seqpacket
  self._test_sock_type('seqpacket')
      ~~~~~~~~^
File "/home/ryan-lee/qrt-test-apparmor/./test-apparmor.py", line 3694, in 
_test_sock_type
  self.assertEqual(expected, rc, result + report)
  ^^^
  AssertionError: 1 != 0 : Got exit code 0, expected 1

  
  ==
  FAIL: test_sock_stream (__main__.ApparmorUnixDomainConnect.test_sock_stream)
  Test mediation of file based SOCK_STREAM connect
  ------
  Traceback (most recent call last):
File "/home/ryan-lee/qrt-test-apparmor/./test-apparmor.py", line 3706, in 
test_sock_stream
  self._test_sock_type('stream')
  ^^
File "/home/ryan-lee/qrt-test-apparmor/./test-apparmor.py", line 3694, in 
_test_sock_type
  self.assertEqual(expected, rc, result + report)
  ^^^
  AssertionError: 1 != 0 : Got exit code 0, expected 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2103460/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2103889] Re: gnome-remote-desktop-daemon: fusermount3: mount failed: Permission denied

2025-03-30 Thread Ryan Lee

The corresponding umount rule also needs to be fixed, but otherwise the
diff LGTM

** Tags added: sec-6014

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

** Changed in: apparmor (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2103889

Title:
  gnome-remote-desktop-daemon: fusermount3: mount failed: Permission
  denied

Status in apparmor package in Ubuntu:
  In Progress

Bug description:
  On Ubuntu 25.04 daily (as of 2025-03-23), connecting to headless
  remote desktop fails with apparmor error "fusermount3: mount failed:
  Permission denied", after installation:

  ```
  Mar 23 15:47:07 ubuntu2504 gnome-remote-desktop-daemon[6020]: fusermount3: 
mount failed: Permission denied
  Mar 23 15:47:07 ubuntu2504 kernel: audit: type=1400 
audit(1742705227.026:259): apparmor="DENIED" operation="mount" class="mount" 
info="failed mntpnt match" error=-13 profile="fusermount3" 
name="/run/user/1000/gnome-remote-desktop/cliprdr-cjuzWv/" pid=6020 
comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"
  ```

   To reproduce 

  1. Enable headless Gnome Remote Desktop (i.e. `grdctl --system rdp
  enable` / via System > Remote Desktop > Remote Login)

  2. Connect to Gnome Remote Desktop, e.g.:
  xfreerdp  /dynamic-resolution /v:ubuntu2504 /size:1920x1080

  3. Attempt fails with
  ```
  [17:52:37:199] [1593640:1593641] [INFO][com.freerdp.channels.drdynvc.client] 
- Loading Dynamic Virtual Channel rdpgfx
  [17:52:37:199] [1593640:1593641] [INFO][com.freerdp.channels.drdynvc.client] 
- Loading Dynamic Virtual Channel disp
  [17:52:37:251] [1593640:1593641] [ERROR][com.freerdp.core.transport] - 
BIO_read returned a system error 104: Connection reset by peer
  [17:52:37:251] [1593640:1593641] [ERROR][com.freerdp.core] - 
transport_read_layer:freerdp_set_last_error_ex 
ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
  [17:52:37:251] [1593640:1593641] [INFO][com.freerdp.client.common] - Network 
disconnect!
  ```

  with `journalctl -f` error:

  ```
  Mar 23 17:52:37 ubuntu2504 org.gnome.RemoteDesktop.Handover.desktop[15162]: 
fusermount3: mount failed: Permission denied
  Mar 23 17:52:37 ubuntu2504 kernel: audit: type=1400 
audit(1742712757.245:305): apparmor="DENIED" operation="mount" class="mount" 
info="failed mntpnt match" error=-13 profile="fusermount3" 
name="/run/user/119/gnome-remote-desktop/cliprdr-ABm0Gd/" pid=15162 
comm="fusermount3" fstype="fuse" srcname="/dev/fuse" flags="rw, nosuid, nodev"
  Mar 23 17:52:37 ubuntu2504 kernel: traps: RDP FUSE clipbo[15161] trap int3 
ip:7b95e7600ea7 sp:7b95b53fdfe0 error:0 in 
libglib-2.0.so.0.8400.0[72ea7,7b95e75ad000+bd000]
  Mar 23 17:52:37 ubuntu2504 gnome-remote-de[14921]: [FUSE Clipboard] Failed to 
mount FUSE filesystem
  ```

   Fix 

  `/etc/apparmor.d/fusermount3` - change path to '**' - e.g.:

  ```
  15c15
  <   mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> 
@{run}/user/@{uid}/*/,
  ---
  >   mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> 
@{run}/user/@{uid}/**/,
  ```

  Fixed profile attached:
  
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2103889/+attachment/5866571/+files/fusermount3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2103889/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2099990] Re: lsusb fails due to apparmor

2025-04-01 Thread Ryan Lee

Both paths involved should be in the latest lsusb profile - can you
double check the AppArmor package version you have installed and also
include the contents of your /etc/apparmor.d/lsusb?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/200

Title:
  lsusb fails due to apparmor

Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  With apparmor 4.1.0~beta5-0ubuntu5 on a RISC-V Microchip Icicle Kit I
  see that the kernel discovers USB:

  [  +0.008662] usb 1-1: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
  [  +0.007425] usb 1-1: Product: Ultra
  [  +0.003688] usb 1-1: Manufacturer: SanDisk
  [  +0.004245] usb 1-1: SerialNumber: 
010187b422912d2f128c699458cec5c82b7af2ece2713972b09d1de68f741b2afecb66a842d0ff9957008a558107452c91e7
  [  +0.011662] usb-storage 1-1:1.0: USB Mass Storage device detected
  [  +0.012149] scsi host0: usb-storage 1-1:1.0
  [  +0.011826] usbcore: registered new interface driver usb-storage
  [  +0.035775] usbcore: registered new interface driver uas 

  But lsusb shows not device. Looking as journalctl shows that apparmor
  is blocking:

  Feb 25 12:46:58 ubuntu sudo[1508]: pam_unix(sudo:session): session opened for 
user root(uid=0) by ubuntu(uid=1000)
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.039:207): 
apparmor="DENIED" operation="capable" class="cap" profile="lsusb" pid=1510 
comm="lsusb" capability=12  capname="net_admin"
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.039:208): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/uevent" 
pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.043:209): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/1-1/uevent" 
pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.043:210): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/1-0:1.0/uevent"
 pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu kernel: audit: type=1400 audit(1740487618.047:211): 
apparmor="DENIED" operation="open" class="file" profile="lsusb" 
name="/sys/devices/platform/soc/20201000.usb/musb-hdrc.2.auto/usb1/1-1/1-1:1.0/uevent"
 pid=1510 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 12:46:58 ubuntu sudo[1508]: pam_unix(sudo:session): session closed for 
user root

  /etc/apparmor.d/usr.bin.lsusb does not exist.

  sudo apparmor_status shows that lsusb is in enforce mode.

  Only after putting /usb/bin/lsusb into complain mode the command
  starts to work.

  Best regards

  Heinrich
  --- 
  ProblemType: Bug
  ApportVersion: 2.31.0+git20250220-0ubuntu2
  Architecture: riscv64
  CasperMD5CheckResult: unknown
  CloudArchitecture: riscv64
  CloudBuildName: server
  CloudID: nocloud
  CloudName: unknown
  CloudPlatform: nocloud
  CloudSerial: 20250225
  CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud-net)
  DistroRelease: Ubuntu 25.04
  Package: apparmor 4.1.0~beta5-0ubuntu5
  PackageArchitecture: riscv64
  ProcEnviron:
   LANG=C.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=vt220
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-6.14.0-4-generic 
root=UUID=d7adaa9d-66b4-4ce4-a45f-3651ae4bbb85 ro efi=debug earlycon=sbi 
sysctl.kernel.watchdog_thresh=60
  ProcVersionSignature: Ubuntu 6.14.0-4.4.1~1-generic 6.14.0-rc3
  Syslog: 2025-02-25T12:34:08.711312+00:00 ubuntu dbus-daemon[909]: [system] 
AppArmor D-Bus mediation is enabled
  Tags: cloud-image plucky
  Uname: Linux 6.14.0-4-generic riscv64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: N/A
  _MarkForUpload: True
  mtime.conffile..etc.apparmor.d.lsusb: 2025-02-25T12:57:31.410467

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/200/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2098838] Re: apparmor appears to deny wpasupplicant on plucky, breaking wifi

2025-04-11 Thread Ryan Lee

Updating statuses (again) to reflect that there should no longer be an
active wpa_supplicant profile on Plucky, and to request that people
still running into issues attach the contents of their
/etc/apparmor.d/wpa_supplicant, which should no longer exist.

** Changed in: wpa (Ubuntu)
   Status: Confirmed => Invalid

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098838

Title:
  apparmor appears to deny wpasupplicant on plucky, breaking wifi

Status in apparmor package in Ubuntu:
  Fix Released
Status in wpa package in Ubuntu:
  Invalid

Bug description:
  2/19/25 4:44 PM user@1000.service   NM.DeviceError: Scanning not
  allowed while unavailable

  Stack trace:

_promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098838/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2102033] Re: remmina blocked by apparmor in Plucky

2025-04-07 Thread Ryan Lee

Can you please share 1) the version of the AppArmor package you now have
installed, 2) the contents of /etc/apparmor.d/remmina, and 3) the
AppArmor denial log from the syslog (which should have something like
"dbus-daemon[3722]: apparmor="DENIED""?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2102033

Title:
  remmina blocked by apparmor in Plucky

Status in apparmor package in Ubuntu:
  Triaged
Status in remmina package in Ubuntu:
  Invalid

Bug description:
  Remmina is now failing on plucky, blocked by apparmor:

  Failed to register:
  GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor
  policy prevents this sender from sending this message to this
  recipient; type="method_call", sender=":1.126" (uid=1000 pid=9636
  comm="remmina" label="remmina (enforce)") interface="org.gtk.Actions"
  member="DescribeAll" error name="(unset)" requested_reply="0"
  destination="org.remmina.Remmina" (uid=1000 pid=4366
  comm="/usr/bin/remmina -i" label="remmina (enforce)")

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: remmina 1.4.39+dfsg-1
  ProcVersionSignature: Ubuntu 6.12.0-16.16-generic 6.12.11
  Uname: Linux 6.12.0-16-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.32.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: KDE
  Date: Tue Mar 11 09:09:15 2025
  InstallationDate: Installed on 2024-10-30 (132 days ago)
  InstallationMedia: Ubuntu-Studio 24.10 "Oracular Oriole" - Release amd64 
(20241007.1)
  SourcePackage: remmina
  UpgradeStatus: Upgraded to plucky on 2025-01-25 (45 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2102033/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2105840] Re: apparmor shell script string comparison error

2025-04-04 Thread Ryan Lee

Also found by LP: #2102680. Fixes are in Plucky but will need to be
backported to Noble and Oracular

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2105840

Title:
  apparmor shell script string comparison error

Status in apparmor package in Ubuntu:
  New

Bug description:
  When I restart the apparmor service on 24.04 I see this error message:

  ```
  Mar 27 12:09:51 hostname apparmor.systemd[582]: Restarting AppArmor
  Mar 27 12:09:51 hostname apparmor.systemd[582]: 
/lib/apparmor/apparmor.systemd: 148: [: Illegal number: yes
  ```

  This comes from `/usr/lib/apparmor/rc.apparmor.functions` line 148:

  ```
  if [ "$unconfined_userns" -eq "0" ]; then
   # tell people their kernel doesn't support userns
  ```

  While sysctl does report a digit for this setting:

  ```
  $ sysctl kernel.apparmor_restrict_unprivileged_userns
  kernel.apparmor_restrict_unprivileged_userns = 1
  ```

  The file checked by this script
  `/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns`
  does not:

  
  ```
  $ cat 
/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns
  yes
  ```

  This is not a breaking bug for me, but just wanted to mention this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2105840/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2092232] Re: unable to deploy Plucky Puffin due to AppArmor lsblk denials

2025-04-03 Thread Ryan Lee

** Summary changed:

- not able to deploy Plucky Puffin
+ unable to deploy Plucky Puffin due to AppArmor lsblk denials

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2092232

Title:
  unable to deploy Plucky Puffin due to AppArmor lsblk denials

Status in MAAS:
  Invalid
Status in The Ubuntu-power-systems project:
  Confirmed
Status in apparmor package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Incomplete

Bug description:
  Describe the bug:

  Deployment fails on Power9 and Power10 nodes when trying with Ubuntu
  25.04/Plucky Puffin

  
  Actual behavior (what actually happened?): 
  ```
   Thu, 19 Dec. 2024 17:38:22   Marking node failed - Node operation 
'Deploying' timed out after 30 minutes.
   Thu, 19 Dec. 2024 17:38:22   Node changed status - From 'Deploying' to 
'Failed deployment'
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-keys_to_console with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-power_state_change with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-install_hotplug with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-ssh_authkey_fingerprints with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-final_message with frequency always
   Thu, 19 Dec. 2024 17:08:06   Rebooting
  ```

  Looking its console, it seems deployment has finished quickly: 
  ``` 
  -END SSH HOST KEY KEYS-
  [   29.557514] cloud-init[755]: Cloud-init v. 24.4-0ubuntu1 finished at Thu, 
19 Dec 2024 17:10:00 +. Datasource DataSourceNone.  Up 29.55 seconds
  [   29.557942] cloud-init[755]: 2024-12-19 17:10:00,978 - 
cc_final_message.py[WARNING]: Used fallback datasource
  ...

  [   29.563198] cloud-init[755]: +[SHA256]-+

  Ubuntu Plucky Puffin (development branch) ubuntu hvc0

  ubuntu login: 
  ubuntu login: 
  ```
  but either way MAAS deployment fails.

  MAAS version: 3.5.2

  
  Additional context:
  a) I'm able to deploy the same system, via MAAS, when trying with 
Jammy/Noble/Oracular  
  b) Also able to deploy with Plucky Puffin .ISO image (also on the same system 
- P10rain-LPAR09).

To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/2092232/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2106177] [NEW] aa-notify's default configuration breaks the userns restriction by suggesting capabilities addition to unprivileged_userns

2025-04-03 Thread Ryan Lee

Public bug reported:

The default configuration of aa-notify does not have any filtering on
the notifications that it pops up, resulting in notifications that
suggest adding capabilities to unprivileged_userns, circumventing and
breaking the AppArmor userns restrictions. Since Plucky is very close to
release, we will unfortunately have to go for a less invasive bugfix
patch by adding filtering to the default config that filters out such
notifications. However, this has lingering issues in that user configs
that override the system config may result in such notifications
appearing again. In the longer run, we will want to update aa-notify to
fix this instead of depending on certain config values to be set.

** Affects: apparmor (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2106177

Title:
  aa-notify's default configuration breaks the userns restriction by
  suggesting capabilities addition to unprivileged_userns

Status in apparmor package in Ubuntu:
  New

Bug description:
  The default configuration of aa-notify does not have any filtering on
  the notifications that it pops up, resulting in notifications that
  suggest adding capabilities to unprivileged_userns, circumventing and
  breaking the AppArmor userns restrictions. Since Plucky is very close
  to release, we will unfortunately have to go for a less invasive
  bugfix patch by adding filtering to the default config that filters
  out such notifications. However, this has lingering issues in that
  user configs that override the system config may result in such
  notifications appearing again. In the longer run, we will want to
  update aa-notify to fix this instead of depending on certain config
  values to be set.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2106177/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2106174] [NEW] aa-notify's userns_special_profiles default missing unprivileged_userns

2025-04-03 Thread Ryan Lee

Public bug reported:

Both the unconfined profile and unprivileged_userns are part of the
default notify.conf's userns_special_profiles, so the default fallback
when no configurations are present should also match this default.

** Affects: apparmor (Ubuntu)
 Importance: Undecided
 Assignee: Ryan Lee (rlee287)
 Status: New

** Changed in: apparmor (Ubuntu)
 Assignee: (unassigned) => Ryan Lee (rlee287)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2106174

Title:
  aa-notify's userns_special_profiles default missing
  unprivileged_userns

Status in apparmor package in Ubuntu:
  New

Bug description:
  Both the unconfined profile and unprivileged_userns are part of the
  default notify.conf's userns_special_profiles, so the default fallback
  when no configurations are present should also match this default.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2106174/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2092232] Re: not able to deploy Plucky Puffin

2025-04-02 Thread Ryan Lee

The profile fix will be added as a patch to the version packaged in
Plucky, and should be uploaded into the queue by my EOD tomorrow.

** Tags added: sec-6054

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2092232

Title:
  not able to deploy Plucky Puffin

Status in MAAS:
  Invalid
Status in The Ubuntu-power-systems project:
  Confirmed
Status in apparmor package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Incomplete

Bug description:
  Describe the bug:

  Deployment fails on Power9 and Power10 nodes when trying with Ubuntu
  25.04/Plucky Puffin

  
  Actual behavior (what actually happened?): 
  ```
   Thu, 19 Dec. 2024 17:38:22   Marking node failed - Node operation 
'Deploying' timed out after 30 minutes.
   Thu, 19 Dec. 2024 17:38:22   Node changed status - From 'Deploying' to 
'Failed deployment'
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-keys_to_console with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-power_state_change with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-install_hotplug with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-ssh_authkey_fingerprints with frequency once-per-instance
   Thu, 19 Dec. 2024 17:08:06   Node installation - 'cloudinit' running 
config-final_message with frequency always
   Thu, 19 Dec. 2024 17:08:06   Rebooting
  ```

  Looking its console, it seems deployment has finished quickly: 
  ``` 
  -END SSH HOST KEY KEYS-
  [   29.557514] cloud-init[755]: Cloud-init v. 24.4-0ubuntu1 finished at Thu, 
19 Dec 2024 17:10:00 +. Datasource DataSourceNone.  Up 29.55 seconds
  [   29.557942] cloud-init[755]: 2024-12-19 17:10:00,978 - 
cc_final_message.py[WARNING]: Used fallback datasource
  ...

  [   29.563198] cloud-init[755]: +[SHA256]-+

  Ubuntu Plucky Puffin (development branch) ubuntu hvc0

  ubuntu login: 
  ubuntu login: 
  ```
  but either way MAAS deployment fails.

  MAAS version: 3.5.2

  
  Additional context:
  a) I'm able to deploy the same system, via MAAS, when trying with 
Jammy/Noble/Oracular  
  b) Also able to deploy with Plucky Puffin .ISO image (also on the same system 
- P10rain-LPAR09).

To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/2092232/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2102680] Re: Installation of AppArmor on a 6.14 kernel produces error message "Illegal number: yes"

2025-04-02 Thread Ryan Lee

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: apparmor
   Status: New => Invalid

** Changed in: apparmor (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2102680

Title:
  Installation of AppArmor on a 6.14 kernel produces error message
  "Illegal number: yes"

Status in AppArmor:
  Invalid
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  Installing the AppArmor package on a Plucky machine that is running a
  6.14 kernel produces the error message
  "/var/lib/dpkg/info/apparmor.postinst: 148: [: Illegal number: yes".
  This is due to an underlying kernel sysctl
  (/sys/kernel/security/apparmor/features/policy/unconfined_restrictions/userns)
  changing from a 0/1 integer (semantic boolean) to a "no"/"yes" string
  in Ubuntu's 6.14 kernel, causing our debian/patches/ubuntu/userns-
  runtime-disable.patch to fail because it expects a 0/1 integer. The
  switch to "no"/"yes" will be needed if/when the sysctl is upstreamed.
  As such, we should patch our debian/patches/ubuntu/userns-runtime-
  disable.patch to be robust and handle both 0/1 and "no"/"yes" values
  for the sysctl.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2102680/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2107402] Re: lsblk blocked by apparmor in 25.04

2025-04-15 Thread Ryan Lee

This is a problem with the lsblk profile shipped by AppArmor and not a
problem with the util-linux package. I am not super familiar with IBM z
Systems, but I think the path that would need to be added is
/sys/devices/css0/**. @fheimes could you confirm whether this path
always includes "css0" as opposed to "css[some other number]"?

** Summary changed:

- lsblk blocked by apparmor in 25.04
+ lsblk on IBM z Systems blocked by apparmor in 25.04

** Tags added: sec-6152

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2107402

Title:
  lsblk on IBM z Systems blocked by apparmor in 25.04

Status in Ubuntu on IBM z Systems:
  New
Status in apparmor package in Ubuntu:
  New
Status in util-linux package in Ubuntu:
  Invalid

Bug description:
  Fresh install of 25.04 on s390x. Same happens also on upgrade from
  24.10 to 25.04

  lsblk returns no output

  journactl shows it is blocked by apparmor

  This works fine for SCSI devices, it fails only for DASD.

  ```
  2025-04-15T15:02:26.048055+00:00 s5lp1-gen03 kernel: kauditd_printk_skb: 6 
callbacks suppressed
  2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:270): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0./0.0.0101/block/dasda/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048077+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:271): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0./0.0.0101/block/dasda/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048078+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:272): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0003/0.0.0104/block/dasdd/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048079+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:273): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0003/0.0.0104/block/dasdd/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048080+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:274): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0001/0.0.0102/block/dasdb/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048080+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:275): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0001/0.0.0102/block/dasdb/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048081+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:276): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0002/0.0.0103/block/dasdc/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048081+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:277): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0002/0.0.0103/block/dasdc/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  ```

  
  Attaching also strace

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2107402/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2107402] Re: lsblk blocked by apparmor in 25.04

2025-04-15 Thread Ryan Lee

** Changed in: util-linux (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2107402

Title:
  lsblk blocked by apparmor in 25.04

Status in Ubuntu on IBM z Systems:
  New
Status in apparmor package in Ubuntu:
  New
Status in util-linux package in Ubuntu:
  Invalid

Bug description:
  Fresh install of 25.04 on s390x. Same happens also on upgrade from
  24.10 to 25.04

  lsblk returns no output

  journactl shows it is blocked by apparmor

  This works fine for SCSI devices, it fails only for DASD.

  ```
  2025-04-15T15:02:26.048055+00:00 s5lp1-gen03 kernel: kauditd_printk_skb: 6 
callbacks suppressed
  2025-04-15T15:02:26.048075+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:270): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0./0.0.0101/block/dasda/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048077+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:271): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0./0.0.0101/block/dasda/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048078+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:272): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0003/0.0.0104/block/dasdd/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048079+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:273): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0003/0.0.0104/block/dasdd/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048080+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:274): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0001/0.0.0102/block/dasdb/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048080+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:275): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0001/0.0.0102/block/dasdb/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048081+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:276): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0002/0.0.0103/block/dasdc/hidden" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  2025-04-15T15:02:26.048081+00:00 s5lp1-gen03 kernel: audit: type=1400 
audit(1744729346.034:277): apparmor="DENIED" operation="open" class="file" 
profile="lsblk" name="/sys/devices/css0/0.0.0002/0.0.0103/block/dasdc/dev" 
pid=2070 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  ```

  
  Attaching also strace

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2107402/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1438510] Re: [REGRESSION] bluetooth headset no longer supports a2dp in 16.04 xenial and 16.10 yakkety

2016-11-15 Thread Ryan Lee Sipes

This affects me as well. Seemingly with each type of bluetooth device
I've connected. Sony SRS-X11 bluetooth speaker, my JBL Bluetooth speaker
(not sure on the model), and my SkullCandy Hesh 2 Wireless Headphones.

Restarting the devices multiple times appears to randomly fix it. Then I
just make sure to keep the device connected on my desk all day to ensure
it does not get disconnected.

Will try the workaround.

This affects me on both 16.04 and 16.10 (tested on multiple machines
here at System76).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1438510

Title:
  [REGRESSION] bluetooth headset no longer supports a2dp in 16.04 xenial
  and 16.10 yakkety

Status in PulseAudio:
  Unknown
Status in bluez package in Ubuntu:
  Confirmed
Status in pulseaudio package in Ubuntu:
  Confirmed
Status in bluez source package in Vivid:
  Won't Fix
Status in pulseaudio source package in Vivid:
  Won't Fix

Bug description:
  Just installed 15.04 fresh from the latest ISO (beta2).

  I'm bummed to see my bluetooth headset (Bose Soundlink overear) seems
  to have regressed in functionality.

  In 14.10, I was able to set the output profile either to a2dp or
  hsp/hfp (telephony duplex).

  In 15.04, it only works in telephony duplex mode.  I can't get high
  fidelity sound playback to work at all.

  This thread seems to be related, though the workaround within did not solve 
the problem for me:
  https://bbs.archlinux.org/viewtopic.php?id=194006

  The bug is still present in 16.04 LTS and 16.10.

To manage notifications about this bug go to:
https://bugs.launchpad.net/pulseaudio/+bug/1438510/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

48 matches

Mail list logo