| blahdeblah | Can anyone explain what apparmor/snapd/whatever is trying to tell me here? https://pastebin.ubuntu.com/p/Nb4TqzPNqR/ | 03:05 |
|---|---|---|
| blahdeblah | It happens when I right-click a web link in Slack. The app becomes unresponsive and I get 5 or 6 warnings asking me if I want to force quit, then it comes back to life. | 03:06 |
| blahdeblah | Never used to happen - I could right-click & copy links to my heart's content. Last few revisions of Slack seem to have this bug now. | 03:06 |
| blahdeblah | Or maybe it started happening when I upgraded to 22.04. | 03:06 |
| sdeziel | blahdeblah: looks like the seccomp policy of that snap needs some tweaking | 03:16 |
| sdeziel | blahdeblah: Slack tries to `chown` something and the seccomp policy prevents it (here I'm assuming you run on x86_64 and looking up syscall number from https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/) | 03:18 |
| sdeziel | blahdeblah: feels like a bug worth reporting | 03:19 |
| amurray | blahdeblah: as sdeziel said, syscall 92 is chown (scmp_sys_resolver 92) but without knowing more it is hard to say - can you get any debug output from slack? (also the other ones - syscall=203 - are sched_setaffinity which I am assuming is a red herring) | 03:22 |
| amurray | blahdeblah: you could try strace'ing it too - something like: sudo strace -p 8030 -e chmod ? | 03:24 |
| amurray | that may show what the argument to chmod() is | 03:25 |
| JanC | assuming slack doesn't run as root, chown can only change the group, but why would it want to do that? | 03:29 |
| blahdeblah | Thanks folks, I'll dig in when I get a chance and try to gather that into a coherent bug. What's the right place for such a bug? Is there a specific section on Launchpad for snap bugs? | 03:51 |
| amurray | blahdeblah: if you could file it against snapd that would be great - ubuntu-bug snapd | 04:14 |
| teward | this was probably handled a while ago but did the trustcor cert disabling / removal from ca-certificates and such propagate to all previous releases including those systems under ESM? Just wondering because i discovered a system that's enrolled in ESM on my end that didn't seem to pull in any ca-certificates updates so had to manually tweak ca-certs. | 17:43 |
| teward | (on that system) | 17:43 |
| teward | who's on main security rotation today (openssl related) | 19:51 |
| teward | (if nobody answers i'mma just ping seth until i get a reply xD0 | 19:52 |
| teward | basically whenever openssl comes up even in backports i always get stingy about it. refer to https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2003903 requesting a backport of OpenSSL with a 'fix' for allowing UnsafeLegacyServerConnect in 3.0.2 and wanting 3.0.5. because of *security* implications of anything OpenSSL related I wanted Security's opinion | 20:02 |
| -ubottu:#ubuntu-security- Launchpad bug 2003903 in openssl (Ubuntu) "[BPO] openssl/3.0.5-2ubuntu2 from kinetic" [Undecided, New] | 20:02 | |
| mdeslaur | teward: what do you want to know? | 20:05 |
| teward | mdeslaur: whether there's any concerns of this being backported, because then that might circumvent updates. | 20:05 |
| teward | and whether there's anything I have to worry between 3.0.2 and 3.0.5 and any kind of soname/abi stuff | 20:05 |
| mdeslaur | no chance in hell we backport a whole new version | 20:05 |
| teward | and whether Security has any security related concerns of this | 20:05 |
| teward | mdeslaur: this was asked for -backports hence my inquiry | 20:05 |
| teward | not -security and not -updates but -backports. it still *technically* has limited security oversight hence the inquiry here | 20:06 |
| mdeslaur | I don't think the bug reporter was referring to -backports | 20:06 |
| teward | they are. any bug tagged [BPO] is a backports bug for -backports | 20:06 |
| mdeslaur | I think they just meant updating jammy | 20:06 |
| teward | (we - Backporters - redid the Backports process in the past 6 months) | 20:07 |
| mdeslaur | I'll write my 2c in the bug | 20:07 |
| teward | mdeslaur: ack thanks | 20:08 |
| teward | i asked what the intent was here because it introduces a security delta between -updates/-security and -backports which would break sec team updates in -updates/-security because of higher version in -backports | 20:08 |
| teward | my reservations was that on the first front but wanted Security to make a statement on that | 20:08 |
| mdeslaur | I've added my 2c | 20:09 |
| teward | thanks mdeslaur | 20:11 |
| teward | i agree the 3 or 4 commits being SRU'd is a better solution in this case, given the OpenSSL ABI/API chaos that happens with minor updates, and having that come from Security helps a little imo | 20:12 |
| === ellemoeiselleva is now known as ellemoe | ||
| === ellemoe is now known as elleva | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!