After downloading the apparmor source from hirsute-proposed and running
the regression tests, I was able to confirm that the i18n test is now
passing for arm64.
** Tags removed: verification-needed verification-needed-hirsute
** Tags added: verification-done verification-done-hirsute
--
You rece
From the commits mentioned that solve the issue, 338d0be437ef was not
available on 4.15 kernels. The cherry-pick was submitted to the kernel
team for approval.
** Description changed:
- Per 'man namespaces':
+ SRU Justification:
- "Permission to dereference or read (readlink(2)) these symbolic
Thanks for the verification, John. I updated the tags based on the
results of your tests.
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Verification done as part of Bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification becau
** Tags removed: verification-needed-jammy-linux-lowlatency-hwe-6.8
** Tags added: verification-done-jammy-linux-lowlatency-hwe-6.8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2032602
Title:
[FFe]
Added to QRT in MR https://code.launchpad.net/~georgiag/qa-regression-
testing/+git/qa-regression-testing/+merge/468941
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062138
Title:
test-logprof.py f
As per the discussion in
https://irclogs.ubuntu.com/2024/07/09/%23ubuntu-security.txt
The recommendation from the security team is to not revert to the
"flags=(unconfined)" profile if the profile is already confined. That means
that we should only fix the multiarch issue.
Scarlett, you're right
Hi Changqing Li,
Thanks for your report. Unfortunately, as John has stated in this comment:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2063976/comments/3
We are not able to ship a profile for bitbake running in a writable location of
an unprivileged user because it could be used to b
Hi Scarlett,
No worries, that log should be enough to understand what's going on. That is a
bug in the snapd interface because the AppArmor policy specified the peer_label
as unconfined, but that's no longer the case for plasmashell. I'll reach out to
the snapd team and report the issue.
Thank
@Robie Basak:
I ran QRT and the tests passed:
georgia@ubuntu:~/qrt-test-apparmor$ sudo ./install-packages test-apparmor.py
georgia@ubuntu:~/qrt-test-apparmor$ sudo ./test-apparmor.py
...
--
Ran 62 tests in 1974.585s
OK (skippe
Here's my proposed fix for oracular. It disables the bwrap profile so we can do
further tests. As was done on noble, it does require a reboot.
It's also available on this ppa:
https://launchpad.net/~georgiag/+archive/ubuntu/4.0.1-0ubuntu2
** Patch added: "apparmor_4.0.1-0ubuntu2.debdiff"
ht
Hi appe!
There's a new version of apparmor in the noble-proposed pocket that should fix
this issue:
https://launchpad.net/ubuntu/+source/apparmor/4.0.1really4.0.1-0ubuntu0.24.04.3
https://wiki.ubuntu.com/Testing/EnableProposed
--
You received this bug notification because you are a member of U
Hi Sergio
The version from the PPA fixes it for me. Thank you for working on this!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077336
Title:
Creation of armv7l vm fails due to tpm-tis
To manage
Ah, I tested only in jammy amd64. Here's my setup:
georgia@georgia:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 22.04.4 LTS
Release:22.04
Codename: jammy
georgia@georgia:~$ uname -a
Linux georgia 5.15.0-119-generic #129-Ubuntu SMP Fri
Sorry for the delay. The fix had landed but it was reverted due to a
regression. We have a 4.0.1really4.0.1-0ubuntu0.24.04.3 update but
it is still sitting in noble-proposed
https://people.canonical.com/~ubuntu-archive/pending-sru.html
--
You received this bug notification because you are a
Hi! Could you add some logs so we can determine if it's apparmor
related? You can run the following command to get them automatically.
apport-collect -p apparmor 2074277
** Changed in: apparmor (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a mem
From the comments in the forum, it seems that the AppImage was
corrupted. Since it doesn't seem apparmor related, I'm setting this bug
as Invalid. Feel free to change back it if you don't agree.
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notific
It does seem to be an issue with their snap apparmor policy, which they
manage directly. Feel free to report the issue to them directly
https://github.com/NordSecurity/nordvpn-linux
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you a
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
*** This bug is a duplicate of bug 2064144 ***
https://bugs.launchpad.net/bugs/2064144
Hi Mikko. Thanks for the report. This seems to be a duplicate of Bug
2064144, which has the fix on its way to noble.
** This bug has been marked a duplicate of bug 2064144
lxc ships apparmor config that
** Package changed: apparmor (Ubuntu) => snapd (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2067564
Title:
Syslog is flooded with messages when watching videos on Youtube
To manage notifi
Hi Simon,
The use of --unshare=network does not cause a regression with the bwrap profile.
This is the full profile:
https://gitlab.com/apparmor/apparmor/-/blob/aa74b9b12d9ed55909489403a0c2514b9ea6a95f/profiles/apparmor/profiles/extras/bwrap-userns-restrict
If you look at the bwrap profile itsel
This bug corresponds to the userspace components of AppArmor but it was
added in some kernel patches along with Bug 2028253. Verification should
be completed in Bug 2028253
** Tags removed: verification-needed-jammy-linux-aws-6.5
verification-needed-jammy-linux-azure-6.5
verification-needed-jamm
** Tags removed: verification-needed-noble-linux-lowlatency
** Tags added: verification-done-noble-linux-lowlatency
** Tags removed: verification-needed-noble-linux-ibm
** Tags added: verification-done-noble-linux-ibm
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Tags removed: verification-needed-noble-linux-gke
** Tags added: verification-done-noble-linux-gke
** Tags removed: verification-needed-noble-linux-gcp
** Tags added: verification-done-noble-linux-gcp
** Tags removed: verification-needed-noble-linux-azure
** Tags added: verification-done-noble
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Tags removed: verification-needed-jammy-linux-nvidia-6.8
verification-needed-noble-linux-gke
** Tags added: verification-done-jammy-linux-nvidia-6.8
verification-done-noble-linux-gke
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This is probably happening because before 24.04 plasmashell was not
confined, therefore it had the "unconfined" label. But now that it is
confined, we need a rule to allow peer_label="plasmashell"
** Also affects: snapd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bu
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2057927
Title:
lxd vga console throws "Operation not permitted" error
To manage no
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056696
Title:
All Snaps are denied the ability to use DBus for notifications and
Fix committed in
https://gitlab.com/apparmor/apparmor/-/merge_requests/1251
** Changed in: apparmor (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2061113
** Tags removed: verification-needed-noble-linux-oracle
** Tags added: verification-done-noble-linux-oracle
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2032602
Title:
[FFe] apparmor-4.0.0-alpha2 f
As I understand these changes are only waiting to be sponsored to
proposed, correct?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065915
Title:
[SRU] Add multiarch lines for each architecture we w
I have updated the description with the information of the SRU version
4.0.1really4.0.1-0ubuntu0.24.04.3
The Test Plan is updated with detailed instructions and I also added an
analysis of why the regression happened for the previous SRU. Note that since
we have removed the enablement by default
The main issue is that I still wasn't able to reproduce it locally.
Dan, could you check if this issue still happens with the unprivileged user
namespace restriction disabled?
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Please note that this makes your setup vulnerable, so I r
@Sebastien, yes, I asked people from the security team to sponsor it but
we are still reviewing the snap_browsers abstraction. We are denying
access to /run/user/[0-9]*/gdm/Xauthority in the policy but if that was
the case, then the browser should not have been able to open, but it
does open so we
Tested on bionic-proposed using the test binary that can be obtained in
the old description and it worked as expected:
root@ubuntu:~# gcc ./readlink-ns.c && sudo apparmor_parser -r
./readlink-ns.apparmor && sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
r
** Description changed:
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan > /sys/kernel/
Tested on -proposed by causing the leak and checking the memory used
with "free", since CONFIG_DEBUG_KMEMLEAK is not set. It worked as
expected - the memory used shown in "free" after removing the profile
was in an expected range.
** Tags removed: verification-needed-bionic verification-needed-foc
I'm working on a SRU for apparmor and evince to introduce the snap_browsers
abstraction on apparmor as a workaround for this issue.
It is based on these two merge requests from upstream:
https://gitlab.com/apparmor/apparmor/-/merge_requests/806
https://gitlab.com/apparmor/apparmor/-/merge_requests
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to open
** Description changed:
- This is related to bug #1792648. After fixing that one (see discussion
- at https://salsa.debian.org/gnome-team/evince/merge_requests/1),
- clicking a hyperlink in a PDF opens it correctly if the default browser
- is a well-known application (such as /usr/bin/firefox), bu
** Patch added: "evince_42.1-3ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581877/+files/evince_42.1-3ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launc
** Patch added: "evince_40.4-2ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581878/+files/evince_40.4-2ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
** Patch added: "evince_3.36.10-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581879/+files/evince_3.36.10-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://
** Patch added: "evince_3.28.4-0ubuntu1.3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581880/+files/evince_3.28.4-0ubuntu1.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bu
** Patch added: "apparmor_3.0.4-2ubuntu3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581881/+files/apparmor_3.0.4-2ubuntu3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581882/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://
** Patch added: "apparmor_2.13.3-7ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581884/+files/apparmor_2.13.3-7ubuntu5.2.debdiff
** Patch removed: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/17940
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581883/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://
** Patch added: "apparmor_2.12-4ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581885/+files/apparmor_2.12-4ubuntu5.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bu
@Sebastien, yes, just did. Thank you!
I also attached the debdiffs for evince and apparmor for bionic, focal, impish
and jammy. They were also uploaded into the Security Proposed PPA:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=apparmor
https://
*** This bug is a duplicate of bug 1918410 ***
https://bugs.launchpad.net/bugs/1918410
This is likely a duplicate of bug #1918410
** This bug has been marked a duplicate of bug 1918410
isc-dhcp-client denied by apparmor
--
You received this bug notification because you are a member of Ub
** Tags added: hirsute
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918410
Title:
isc-dhcp-client denied by apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubunt
*** This bug is a duplicate of bug 2032851 ***
https://bugs.launchpad.net/bugs/2032851
** This bug has been marked a duplicate of bug 2032851
package apparmor 2.12-4ubuntu5.3 failed to install/upgrade: new apparmor
package pre-installation script subprocess returned error exit status 1
--
*** This bug is a duplicate of bug 2051932 ***
https://bugs.launchpad.net/bugs/2051932
** This bug has been marked a duplicate of bug 2051932
attach_disconnected test from test_regression_testsuite of
ubuntu_qrt_apparmor failed with "Unable to run test sub-executable" on Mantic
--
You re
Verification in mantic was successful:
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-27-generic #28-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar
7 18:21:00 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~$ cat
/sys/kernel/security/apparmor/features/mount/move_mount
d
This issue should be fixed by apparmor 4.0.0~beta2-0ubuntu3 which is
currently in -proposed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2047256
Title:
Ubuntu 24.04 Some image thumbnails no longer
Erich Eickmeyer, I don't have a Tuxedo Computer to test, so could you
please check if the following profile works for you?
$ echo "# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile tuxedo-control-cent
Ah, sorry, Łukasz. I didn't see you were working on it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for cups-browsed 2.0.0-0ubuntu8
To manage notifications about
The fix is similar for privoxy. I attached the debdiff that fixes it.
** Patch added: "privoxy_3.0.34-3ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/cups-browsed/+bug/2058866/+attachment/5759689/+files/privoxy_3.0.34-3ubuntu2.debdiff
--
You received this bug notification because
The mqueue patches are present in jammy-linux-gcp-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-gcp-fips
** Tags added: verification-done-jammy-linux-gcp-fips
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I can confirm that the mqueue patches are present in linux-xilinx-
zynqmp: commits 6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-xilinx-zynqmp
** Tags added: verification-done-jammy-linux-xilinx-zynqmp
--
You received this bug notification because you are a mem
The mqueue patches are present in linux-nvidia-tegra: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-nvidia-tegra
** Tags added: verification-done-jammy-linux-nvidia-tegra
--
You received this bug notification because you are a member of Ubuntu
Bugs, whi
The mqueue patches are present in linux-azure-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-azure-fips
** Tags added: verification-done-jammy-linux-azure-fips
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
The mqueue patches are present in jammy-linux-mtk: commits 6e7ff802c7b10
and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-mtk
** Tags added: verification-done-jammy-linux-mtk
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
Since the profile is not shipped by the apparmor package, I'm marking it
as invalid and adding the correct package passt
** Also affects: passt (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
You received this bug notificati
Public bug reported:
I downloaded an armhf cloud image on jammy and tried to create a vm but
I got an error saying that tpm-this is not supported
$ wget
https://cloud-images.ubuntu.com/oracular/current/oracular-server-cloudimg-armhf.img
$ sudo virt-install -n oracular-arm --os-variant=generic
** Description changed:
I downloaded an armhf cloud image on jammy and tried to create a vm but
- I got an error saying that tpm-this is not supported
+ I got an error saying that tpm-tis is not supported
$ wget
https://cloud-images.ubuntu.com/oracular/current/oracular-server-cloudimg-armh
I have noticed that a lot of AppArmor policies use peer=unconfined when
they meant *any* peer. I believe this is also the case for bug 2040483.
I see little difference in allowing "signal (receive) peer=unconfined,"
vs "signal (receive)," in abstractions/base, so I proposed
https://gitlab.com/appa
Verification completed on apparmor noble-proposed
$ apt policy apparmor
apparmor:
Installed: 4.0.1really4.0.1-0ubuntu0.24.04.3
Candidate: 4.0.1really4.0.1-0ubuntu0.24.04.3
Version table:
*** 4.0.1really4.0.1-0ubuntu0.24.04.3 100
100 http://archive.ubuntu.com/ubuntu noble-proposed/ma
Ah, so it's not the same issue as the original bug report, it's
something else. Since it's not related to apparmor, I recommend you open
a new bug here in launchpad or upstream
https://gitlab.gnome.org/GNOME/nautilus/-/issues so other people can
help you debug and hopefully fix this issue.
--
You
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because
Verification completed in bug 2064672
** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/b
@lazka: you can use this profile:
https://pastebin.canonical.com/p/VbmH97Rhqp/
I grabbed it from upstream:
https://github.com/moby/moby/blob/master/profiles/apparmor/template.go
Note that for the rule "signal (receive) peer={{.DaemonProfile}}," in the
template I assumed the DaemonProfile is unco
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
Thanks for reviewing, Chris. I have updated the test plan with your
suggestions, and I also updated the ppa containing a new version of the
package with the wike profile location fixed. I'll also make sure to
comment on the bugs in the changelog that verification is not required.
** Description ch
Public bug reported:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with translation, failing
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
I added the suggested patch to QRT:
https://code.launchpad.net/~georgiag/qa-regression-testing/+git/qa-regression-testing/+merge/465526
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062138
Title:
t
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with tr
If you're still running into this issue, do you mind sharing which AppArmor
version are you running? For that you can run
apt-cache policy apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/204725
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Hello! Thanks for tagging apparmor. Yes, this is a duplicate of bug
2046844. We are working on an update that introduces a profile for bwrap
which would allow setzer (and several other applications) to work
Thanks. That version should have the nautilus profile that makes the
thumbnails appear, so we will need to dig a bit deeper.
Could you paste the results of the following command? This will show us if
there is a profile for nautilus loaded and it should look something like this
$ sudo aa-status --
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to open
I was able to reproduce this issue on focal and bionic but not on
impish. I'm still investigating why, since I don't see any changes in
policies that might affect this issue, but I could have missed
something.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Hi! Thank you for reporting this issue. It was already fixed by upstream
AppArmor but the fix still needs to be applied in the apparmor package:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1218
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
** Attachment added: "docker-default"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2039294/+attachment/5824926/+files/docker-default
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2039294
I agree that if /etc/ipa/ca.crt is a standard location for that package
(which appears to be
https://pagure.io/freeipa/blob/master/f/ipaplatform/base/paths.py#_69)
then we could add it to the ssl_certs abstraction
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Hi, mihalicyn, sorry for the delay answering.
That's unfortunately right. Ubuntu 12.04 ships apparmor 2.7 which didn't
have support for ABIs yet, so dc757a645cfa82f6ac252365df20a36a9ff82760
causes a regression on those early versions. I talked to @jjohansen and
we have agreed that this patch needs
Hi Janne, thanks for reporting. Adding attach_disconnected to the profile flags
is the correct course of action at this point.
I submitted a MR upstream with the information you provided:
https://gitlab.com/apparmor/apparmor/-/merge_requests/1395
--
You received this bug notification because y
Hi Ondra. Could you share what the apparmor profile looks like? Spaces
should work when surrounded by double quotes in the profile. In
4.0.1really4.0.1-0ubuntu0.24.04.3 there's an example of that in
/etc/apparmor.d/MongoDB_Compass.
profile "MongoDB Compass" "/usr/lib/mongodb-compass/MongoDB Compas
If after running the following command thumbnails still won't load, then
it is not related to this bug report. If that's the case, please open a
new bug.
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
Note that this makes your setup vulnerable, so I recommend turning back on
afte
1 - 100 of 125 matches
Mail list logo
