touch-packages team mailing list archive

[Launchpad Bug Tracker <1438249@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package systemd - 219-6ubuntu1

---------------
systemd (219-6ubuntu1) vivid; urgency=medium

  * Merge with Debian experimental branch. Remaining Ubuntu changes:
    - Hack to support system-image read-only /etc, and modify files in
      /etc/writable/ instead.
    - Keep our much simpler udev maintainer scripts (all platforms must
      support udev, no debconf).
    - initramfs init-top: Drop $ROOTDELAY, we do that in a more sensible way
      with wait-for-root. Will get applicable to Debian once Debian gets
      wait-for-root in initramfs-tools.
    - initramfs init-bottom: If LVM is installed, settle udev,
      otherwise we get missing LV symlinks. Workaround for LP #1185394.
    - Add debian/udev.lvm2.init: Dummy SysV init script to satisfy insserv
      dependencies to "lvm2" which is handled with udev rules in Ubuntu.
    - Provide shutdown fallback for upstart. (LP: #1370329)
    - debian/extra/ifup@.service: Additionally run for "auto" class. We don't
      really support "allow-hotplug" in Ubuntu at the moment, so we need to
      deal with "auto" devices appearing after "/etc/init.d/networking start"
      already ran. (LP: #1374521) Also, check if devices are actually defined
      in /etc/network/interfaces as we don't use Debian's net.agent.
    - ifup@.service: Drop dependency on networking.service (i. e.
      /etc/init.d/networking), and merely ensure that /run/network exists.
      This avoids unnecessary dependencies/waiting during boot and dependency
      cycles if hooks wait for other interfaces to come up (like ifenslave
      with bonding interfaces). (LP: #1414544)
    - Add Get-RTC-is-in-local-time-setting-from-etc-default-rc.patch: In
      Ubuntu we currently keep the setting whether the RTC is in local or UTC
      time in /etc/default/rcS "UTC=yes|no", instead of /etc/adjtime.
      (LP: #1377258)
    - Put session scopes into all cgroup controllers. This makes unprivileged
      user LXC containers work under systemd. (LP: #1346734)
    - systemctl: Don't forward telinit u to upstart. This works around
      upstart's Restart() always reexec'ing /sbin/init on Restart(), even if
      that changes to point to systemd during the upgrade. This avoids running
      systemd during a dist-upgrade. (LP: #1430479)
    - Lower Breaks: to plymouth version which has the udev inotify fix in
      Ubuntu.
    - Lower libappamor1 dep to the Ubuntu version where it moved to /lib.
    - Change systemd-sysv's conflicts to upstart-sysv. (LP: #1422681)
    - Make failure of boot-and-services NSpawn.test_boot non-fatal for now.
      This currently fails when being triggered by Jenkins, but is totally
      unreproducible when running this manually on the exact same machine.

    Upgrade fixes, keep until 16.04 LTS release:
    - systemd Conflicts/Replaces/Provides systemd-services.
    - Remove obsolete systemd-logind upstart job.
    - Clean up obsolete /etc/udev/rules.d/README.

  * Add debian/udev.lvm2.service to avoid running the dummy lvm2 init script.
    (LP: #1431107)

systemd (219-6) experimental; urgency=medium

  [ Martin Pitt ]
  * Import patches from v219-stable branch (up to 85a6fab).
  * boot-and-services autopkgtest: Add missing python3 test dependency.
  * Make apparmor run before networking, to ensure that profiles apply to
    e. g. dhclient (LP: #1438249):
    - Rename networking.service.d/network-pre.conf to systemd.conf, and add
      After=apparmor.service.
    - ifup@.service: Add After=apparmor.service.
  * udev: Drop hwdb-update dependency, which got introduced by the above
    v219-stable branch. This causes udev and plymouth to start too late and
    isn't really needed in Debian yet as we don't support stateless systems
    yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301)

  [ Didier Roche ]
  * Fix mount point detection on overlayfs and similar file systems without
    name_to_handle_at() and st_dev support. (LP: #1411140)

  [ Christian Seiler ]
  * Make the journald to syslog forwarding more robust by increasing the
    maximum datagram queue length from 10 to 512. (Closes: #762700)

  [ Marco d'Itri ]
  * Avoid writing duplicate entries in 70-persistent-net.rules by double
    checking if the new udev rule has already been written for the given
    interface. This happens if multiple add events are generated before the
    write_net_rules script returns and udevd renames the interface.
    (Closes: #765577)
 -- Martin Pitt <martin.pitt@xxxxxxxxxx>   Thu, 02 Apr 2015 10:08:44 +0200

** Changed in: systemd (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1438249

Title:
  /sbin/dhclient is unconfined after switch to systemd (aka, equivalent
  of upstart's network-interface-security.conf not implemented)

Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  dhclient is starting before the apparmor profile for it is loaded
  which results in the following output from aa-status:

  $ sudo aa-status
  ...
  4 profiles are in enforce mode.
     /sbin/dhclient
  ...
  1 processes are unconfined but have a profile defined.
     /sbin/dhclient (634)

  Upstart had the network-interface-security.conf job to make sure this
  didn't happen. We wanted the cache loading library to be implemented
  in time (bug #1385414), but it still hasn't landed. Having the cache
  loading library in place would mean that this bug would also be fixed,
  but now we need to fix this bug differently for 15.04 and it must be
  fixed by release.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1438249/+subscriptions