[Touch-packages] [Bug 2060100] Re: denials from sshd in noble

[Launchpad Bug Tracker]

This bug was fixed in the package apparmor -
4.0.1really4.0.1-0ubuntu0.24.04.3

---------------
apparmor (4.0.1really4.0.1-0ubuntu0.24.04.3) noble; urgency=medium

  * Revert to version 4.0.1-0ubuntu0.24.04.2 except for the patch
    that enables the bwrap-userns-restrict profile (LP: #2072811).
  * New upstream release.
    (LP: #2064672, LP: #2046844, LP: #2060100, LP: #2056297)
  * Drop patches which have now been applied upstream
    - d/p/u/parser-fix-issues-appointed-by-coverity.patch
    - d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch
    - d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
    - d/p/u/Minor-improvements-for-MountRule.patch
  * Add patch to add balena-etcher profile (LP: #2046844)
    - d/p/u/profiles-add-unconfined-balena-etcher-profile.patch
  * Add upstream patch to relax mount rules to fix use of virtiofs and
    other file-system types
    - d/p/u/mountrule-relaxing-constraints-on-fstype.patch
  * Refresh
    - d/p/u/samba-systemd-interaction.patch
    - d/p/u/parser-add-support-for-prompting.patch
      - Add condition in policydb serialization to only encode xtable if
      kernel_supports_permstable32
  * Fix d/p/u/userns-runtime-disable.patch to work when
    kernel.apparmor_restrict_unprivileged_userns does not exist by adding
    -e to sysctl.
  * d/apparmor-profiles.install
    - install new profile
      - unshare-userns-restrict
      - bwrap-userns-restrict
  * d/apparmor.install
    - install new profiles
      - wike - changed installation from apparmor to apparmor.d
      - foliate
      - balena-etcher
      - transmission
  * d/control: Remove obsolete lsb-base Depends and swap pkg-config to
    pkgconf for Build-Depends

 -- Georgia Garcia <georgia.gar...@canonical.com>  Thu, 18 Jul 2024
15:28:46 -0300

** Changed in: apparmor (Ubuntu Noble)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2060100

Title:
  denials from sshd in noble

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Noble:
  Fix Released

Bug description:
  2024-03-27T00:10:28.929314-04:00 image-ubuntu64 kernel: audit:
  type=1400 audit(1711512628.920:155): apparmor="DENIED"
  operation="bind" class="net" profile="/usr/sbin/sshd" pid=1290
  comm="sshd" family="unix" sock_type="stream" protocol=0
  requested_mask="bind" denied_mask="bind"
  addr="@63cf34db7fbab75f/bus/sshd/system"

  2024-03-27T00:41:09.791826-04:00 image-ubuntu64 kernel: audit:
  type=1107 audit(1711514469.771:333907): pid=703 uid=101
  auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED"
  operation="dbus_method_call"  bus="system"
  path="/org/freedesktop/login1"
  interface="org.freedesktop.login1.Manager"
  member="CreateSessionWithPIDFD" mask="send"
  name="org.freedesktop.login1" pid=4528 label="/usr/sbin/sshd"
  peer_pid=688 peer_label="unconfined"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2060100/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp