[03:05] <blahdeblah> Can anyone explain what apparmor/snapd/whatever is trying to tell me here?  https://pastebin.ubuntu.com/p/Nb4TqzPNqR/
[03:06] <blahdeblah> It happens when I right-click a web link in Slack.  The app becomes unresponsive and I get 5 or 6 warnings asking me if I want to force quit, then it comes back to life.
[03:06] <blahdeblah> Never used to happen - I could right-click & copy links to my heart's content.  Last few revisions of Slack seem to have this bug now.
[03:06] <blahdeblah> Or maybe it started happening when I upgraded to 22.04.
[03:16] <sdeziel> blahdeblah: looks like the seccomp policy of that snap needs some tweaking
[03:18] <sdeziel> blahdeblah: Slack tries to `chown` something and the seccomp policy prevents it (here I'm assuming you run on x86_64 and looking up syscall number from https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/)
[03:19] <sdeziel> blahdeblah: feels like a bug worth reporting
[03:22] <amurray> blahdeblah: as sdeziel said, syscall 92 is chown (scmp_sys_resolver 92) but without knowing more it is hard to say - can you get any debug output from slack? (also the other ones - syscall=203 - are sched_setaffinity which I am assuming is a red herring)
[03:24] <amurray> blahdeblah: you could try strace'ing it too - something like: sudo strace -p 8030 -e chmod ?
[03:25] <amurray> that may show what the argument to chmod() is
[03:29] <JanC> assuming slack doesn't run as root, chown can only change the group, but why would it want to do that?
[03:51] <blahdeblah> Thanks folks, I'll dig in when I get a chance and try to gather that into a coherent bug.  What's the right place for such a bug?  Is there a specific section on Launchpad for snap bugs?
[04:14] <amurray> blahdeblah: if you could file it against snapd that would be great - ubuntu-bug snapd
[17:43] <teward> this was probably handled a while ago but did the trustcor cert disabling / removal from ca-certificates and such propagate to all previous releases including those systems under ESM?  Just wondering because i discovered a system that's enrolled in ESM on my end that didn't seem to pull in any ca-certificates updates so had to manually tweak ca-certs.
[17:43] <teward> (on that system)
[19:51] <teward> who's on main security rotation today (openssl related)
[19:52] <teward> (if nobody answers i'mma just ping seth until i get a reply xD0
[20:02] <teward> basically whenever openssl comes up even in backports i always get stingy about it.  refer to https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2003903 requesting a backport of OpenSSL with a 'fix' for allowing UnsafeLegacyServerConnect in 3.0.2 and wanting 3.0.5.  because of *security* implications of anything OpenSSL related I wanted Security's opinion
[20:02] -ubottu:#ubuntu-security- Launchpad bug 2003903 in openssl (Ubuntu) "[BPO] openssl/3.0.5-2ubuntu2 from kinetic" [Undecided, New]
[20:05] <mdeslaur> teward: what do you want to know?
[20:05] <teward> mdeslaur: whether there's any concerns of this being backported, because then that might circumvent updates.
[20:05] <teward> and whether there's anything I have to worry between 3.0.2 and 3.0.5 and any kind of soname/abi stuff
[20:05] <mdeslaur> no chance in hell we backport a whole new version
[20:05] <teward> and whether Security has any security related concerns of this
[20:05] <teward> mdeslaur: this was asked for -backports hence my inquiry
[20:06] <teward> not -security and not -updates but -backports.  it still *technically* has limited security oversight hence the inquiry here
[20:06] <mdeslaur> I don't think the bug reporter was referring to -backports
[20:06] <teward> they are.  any bug tagged [BPO] is a backports bug for -backports
[20:06] <mdeslaur> I think they just meant updating jammy
[20:07] <teward> (we - Backporters - redid the Backports process in the past 6 months)
[20:07] <mdeslaur> I'll write my 2c in the bug
[20:08] <teward> mdeslaur: ack thanks
[20:08] <teward> i asked what the intent was here because it introduces a security delta between -updates/-security and -backports which would break sec team updates in -updates/-security because of higher version in -backports
[20:08] <teward> my reservations was that on the first front but wanted Security to make a statement on that
[20:09] <mdeslaur> I've added my 2c
[20:11] <teward> thanks mdeslaur 
[20:12] <teward> i agree the 3 or 4 commits being SRU'd is a better solution in this case, given the OpenSSL ABI/API chaos that happens with minor updates, and having that come from Security helps a little imo