blahdeblahCan anyone explain what apparmor/snapd/whatever is trying to tell me here?  https://pastebin.ubuntu.com/p/Nb4TqzPNqR/03:05
blahdeblahIt happens when I right-click a web link in Slack.  The app becomes unresponsive and I get 5 or 6 warnings asking me if I want to force quit, then it comes back to life.03:06
blahdeblahNever used to happen - I could right-click & copy links to my heart's content.  Last few revisions of Slack seem to have this bug now.03:06
blahdeblahOr maybe it started happening when I upgraded to 22.04.03:06
sdezielblahdeblah: looks like the seccomp policy of that snap needs some tweaking03:16
sdezielblahdeblah: Slack tries to `chown` something and the seccomp policy prevents it (here I'm assuming you run on x86_64 and looking up syscall number from https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/)03:18
sdezielblahdeblah: feels like a bug worth reporting03:19
amurrayblahdeblah: as sdeziel said, syscall 92 is chown (scmp_sys_resolver 92) but without knowing more it is hard to say - can you get any debug output from slack? (also the other ones - syscall=203 - are sched_setaffinity which I am assuming is a red herring)03:22
amurrayblahdeblah: you could try strace'ing it too - something like: sudo strace -p 8030 -e chmod ?03:24
amurraythat may show what the argument to chmod() is03:25
JanCassuming slack doesn't run as root, chown can only change the group, but why would it want to do that?03:29
blahdeblahThanks folks, I'll dig in when I get a chance and try to gather that into a coherent bug.  What's the right place for such a bug?  Is there a specific section on Launchpad for snap bugs?03:51
amurrayblahdeblah: if you could file it against snapd that would be great - ubuntu-bug snapd04:14
tewardthis was probably handled a while ago but did the trustcor cert disabling / removal from ca-certificates and such propagate to all previous releases including those systems under ESM?  Just wondering because i discovered a system that's enrolled in ESM on my end that didn't seem to pull in any ca-certificates updates so had to manually tweak ca-certs.17:43
teward(on that system)17:43
tewardwho's on main security rotation today (openssl related)19:51
teward(if nobody answers i'mma just ping seth until i get a reply xD019:52
tewardbasically whenever openssl comes up even in backports i always get stingy about it.  refer to https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2003903 requesting a backport of OpenSSL with a 'fix' for allowing UnsafeLegacyServerConnect in 3.0.2 and wanting 3.0.5.  because of *security* implications of anything OpenSSL related I wanted Security's opinion20:02
-ubottu:#ubuntu-security- Launchpad bug 2003903 in openssl (Ubuntu) "[BPO] openssl/3.0.5-2ubuntu2 from kinetic" [Undecided, New]20:02
mdeslaurteward: what do you want to know?20:05
tewardmdeslaur: whether there's any concerns of this being backported, because then that might circumvent updates.20:05
tewardand whether there's anything I have to worry between 3.0.2 and 3.0.5 and any kind of soname/abi stuff20:05
mdeslaurno chance in hell we backport a whole new version20:05
tewardand whether Security has any security related concerns of this20:05
tewardmdeslaur: this was asked for -backports hence my inquiry20:05
tewardnot -security and not -updates but -backports.  it still *technically* has limited security oversight hence the inquiry here20:06
mdeslaurI don't think the bug reporter was referring to -backports20:06
tewardthey are.  any bug tagged [BPO] is a backports bug for -backports20:06
mdeslaurI think they just meant updating jammy20:06
teward(we - Backporters - redid the Backports process in the past 6 months)20:07
mdeslaurI'll write my 2c in the bug20:07
tewardmdeslaur: ack thanks20:08
tewardi asked what the intent was here because it introduces a security delta between -updates/-security and -backports which would break sec team updates in -updates/-security because of higher version in -backports20:08
tewardmy reservations was that on the first front but wanted Security to make a statement on that20:08
mdeslaurI've added my 2c20:09
tewardthanks mdeslaur 20:11
tewardi agree the 3 or 4 commits being SRU'd is a better solution in this case, given the OpenSSL ABI/API chaos that happens with minor updates, and having that come from Security helps a little imo20:12
=== ellemoeiselleva is now known as ellemoe
=== ellemoe is now known as elleva

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!