/srv/irclogs.ubuntu.com/2018/01/09/#ubuntu-devel.txt

hallynjjohansen1: stgraber: if i'm running an artful container on an artful host with aa namespaces, i should be able to load the lxc policies right?03:34
hallynbc /lib/apparmor/profile-load skips that part when running in a container03:34
hallynaa-status shows 0 policies03:34
hallynand i'mw ondering whether that's expected03:35
stgraberyou should be, yes, do you have the apparmor namespace and stacking setup?03:35
stgraberis that lxd or lxc?03:35
hallynlxd03:35
hallynhm, is my lxd way out of date?03:36
hallyn2.1803:36
stgraberthat should be fine03:36
hallynbut that shouldn't matter03:36
hallynit's lxc in the container,03:36
hallynand that's built from the source in ubuntu-lxc ppa03:36
hallynoh, but that's not the problem either :)03:36
stgraberhallyn: what's /proc/<PID>/atttr/current for pid1 of the lxd container?03:36
hallyn/lib/apparmor/profile-load is the probem03:36
hallynwhen I edit /lib/apparmor/profile-load to remove the contaienr check, then policies load03:37
stgraberhallyn: hmm, you're right that something's off with artful...03:37
hallynlxd-alxc1_</var/lib/lxd>//&:lxd-alxc1_<var-lib-lxd>:unconfined (enforce)03:37
stgraberhallyn: no apparmor profiles loaded in there...03:37
stgraberhallyn: does a xenial container work?03:37
hallynis that a case where artful is behind zesty03:37
hallynuh, i'll check03:37
hallynaa-status shows 0 policies there as well03:38
stgraberyeah, same here03:38
stgraberwth is going on03:39
stgraberwe used to be getting profiles loading at some point03:40
hallynnothing obvious in changelog03:40
hallyni'm surprised no testcase barfed, if this is a regression03:41
hallynwhat is is_container_with_internal_policy03:42
stgraberyeah, me too. I'm pretty sure I used to run into issues with tcpdump in containers, which meant that the tcpdump profile was loaded back then03:42
stgraberhallyn: hmm, I have another xenial system where I do have apparmor profiles loaded properly03:43
hallyni'm guess /lib/apparmor/functions:is_container_with_internal_policy() regressed03:43
hallynor rather, maybe apparmorfs in kernel regressed wrt to it03:43
stgraberyeah, that's what I'm wondering, I seem to remember us having pretty advanced logic not to trigger on kernels that shipped busted apparmor nesting03:44
stgraberI wonder if newer kernels changed that part and now we're not triggering when we should03:44
hallyn/sys/kernel/security/apparmor/.ns_name is empty03:45
hallynthat i believe is the problem,03:45
hallynit expects to find the policy name in there03:45
stgraberstgraber@shell01:~$ cat /sys/kernel/security/apparmor/.ns_name03:46
stgraberlxd-shell01_<var-snap-lxd-common-lxd>03:46
stgraberon xenial 4.4 kernel03:46
stgraberand confirmed to be an empty string in bionic03:46
stgraberso yeah, that's the issue03:46
stgraberjjohansen1: ^03:46
hallyndude!   stgraber: this is the first time i saw 'bionic' and realized you mean the release, not the android libc03:47
hallynevery single time someone has said "<...> bionic" i thought "why do they care so much about bionic now?"03:47
stgraber:)03:47
stgraberempty string rather than expected value would be something that bionic the C library would do too though ;)03:48
hallyn*sigh* so now..  i don't really wanna reinstall the lxd hosts with xenial just for this, wonder what the easiest short term remedy is :)03:48
hallynheh :)03:48
stgraberinstalling the xenial 4.4 kernel on that host should work fine03:48
stgraberregardless of what the Ubuntu version on it actually is :)03:49
hallynyeah - that's probably easiest.03:49
hallynok, thanks for the debug help :)  \o   (/me goes to sneak another girardelli chocolata)03:49
jjohansen1stgraber: yeah, bionic is a mess that I need to fix05:58
stgraberjjohansen1: hallyn was reporting this on artful though, is that known to be broken too?06:00
jjohansen1stgraber: no, I'll look into it06:01
hallyncool, thanks guys.06:23
rbasakxnox: fancy tackling bug 1579695 for us? :)09:23
ubottubug 1579695 in systemd (Ubuntu) "apport hook does not show the status of failed services" [Undecided,New] https://launchpad.net/bugs/157969509:23
xnoxrbasak, i will add it to the team backlog.10:08
rbasakThanks!10:09
andyrockbdmurray: hey I need some help reviewing a software-properties MP10:13
andyrockhttps://code.launchpad.net/~azzar1/software-properties/canonical-livepatch/+merge/33521910:13
ZahovayHello, I am a new programmer just about to join the ubuntu development team, may I ask here a few things? or this is not the chat room10:36
sil2100Zahovay: sure, ask away10:38
Zahovaysil2100: I was told that ubuntu makes no changes to the kernel. Other said they do make changes. I was wondering if laptop-mode-tools still exist and what is the purpose of that tools. Does it makes changes to the kernel? is it a laptop package of ubuntu?10:40
sil2100Zahovay: from what I see laptop-mode-tools still exists but it's in universe, so I don't have much knowledge about that tool - maybe someone else here would know10:42
sil2100Zahovay: as for the kernel, Ubuntu mostly ships what's upstream + some patches, so it's not completely vanilla10:43
sil2100You can check what Ubuntu changes are put on top of the kernel tree by fetching the Ubuntu linux source packages10:43
ZahovayYes I know that it ships the upstream mainly, thou I think the upstream does not have a laptop specific project..10:44
Zahovaysil2100: do you happen to know who would be able to help me on this topic?10:46
TJ-sil2100: Zahovay told us yesterday in #ubuntu they want to get involved in improving power management on laptops. Had a long conversation with nacc and myself about it. We recommended finding a bug and working on it.10:50
sil2100I guess the best people to ask about this would be the kernel guys, but they're all *very* busy because of obvious reasons10:51
sil2100So I'd recommend just writing questions here and waiting for someone with the right knowledge set to see it and answer in his free time10:51
ZahovayActually I think I need to find someone who manages the projects of ubuntu, since he can answer the question whether ubuntu plans laptop package or do not want to deal with that at all since the basics still have some troubles10:52
rbasakUbuntu isn't developed that way.10:54
rbasakNobody "manages" projects of Ubuntu.10:54
TJ-Zahovay: power control is mainly around the ACPI sub-system and is done in the mainline kernel10:54
rbasakMost of the time projects don't clash with each other. If you want to work on making power management better, you're welcome to do so.10:54
TJ-Zahovay: power management tools for adjusting power profiles are done mostly by desktop tooling in userspace10:55
rbasakIn the rare case that there's some potential downside to your work and a decision needs to be made about the default, then we resolve that by speaking to each other, or deferring to the technical board if we cannot reach consensus.10:55
ZahovayStill I think the power management for desktops makes no sense since you have unlimited power. So I would only apply changes for laptops which means I should have a different package, shoudnt I?11:01
rbasakWe try to not distinguish between the two.11:01
rbasakFor example, what happens if I dock my laptop? :)11:01
rbasakBetter to adjust power management behaviour based on power status, which I think tools already do?11:02
Zahovaywell I think we could kill processes for laptops that do not need to run all the time. This is actually a kernel level implementation of longer battery life. Also hibernation on laptops differ from desktop hibernation (atleast I think, I may be wrong) am I wrong about these?11:05
TJ-Yes, and most DEs have power profile configuration for AC vs Battery too11:05
TJ-Zahovay: kill processes? that doesn't sound very user friendly. User's should choose to terminate processes if that is really necessary11:06
TJ-Zahovay: hibernation is identical; a swap partition or file large enough to store the RAM content11:06
ZahovaySo what is the cause of shorter battery life on ubuntu compared to .. so called windows/macos ? as far as I read ubuntu misses power management implementations thats why forums suggets powertop. Are they wrong about it? or has it changed and I am out of date on this topic?11:10
Zahovayor is it hardware related problem?11:10
TJ-Zahovay: Sometimes it is related to the system firmware ACPI DSDT implementation. It is responsible for configuring devices and managing power. Many firmware's are tailored to Windows and do not activate all features when Linux is the OS.11:19
ZahovayTJ-: can we help this, or is it hardware manufacturers decision?11:23
TJ-Zahovay: there are always ways to hack around restrictions11:26
ZahovayI mean in a legal form11:26
jibelbdmurray, do you have the upgrade logs of the upgrade to bionic you mention in bug 1512322 ?13:42
ubottubug 1512322 in dpkg (Ubuntu) "dpkg assert failure: dpkg: ../../src/packages.c:245: process_queue:" [High,Confirmed] https://launchpad.net/bugs/151232213:42
jibelbdmurray, I added a test case to bug 174214714:59
ubottubug 1742147 in ubuntu-release-upgrader (Ubuntu) "upgrade from 17.10 to 18.04 fails with triggers looping" [High,Confirmed] https://launchpad.net/bugs/174214714:59
bdmurrayjibel: I added some more log info to bug 151232215:03
ubottubug 1512322 in dpkg (Ubuntu) "dpkg assert failure: dpkg: ../../src/packages.c:245: process_queue:" [High,Confirmed] https://launchpad.net/bugs/151232215:03
bdmurrayjibel: ah, that bug is helpful thanks15:04
jibelbdmurray, I'm trying to narrow down the packages involved but it seems the 3 additional pacakges are required to trigger the bug15:08

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!