group.of.nepali.translators team mailing list archive

[Brian Murray <brian@xxxxxxxxxx>]

** Also affects: bubblewrap (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1649330

Title:
  [SRU] bubblewrap unavailable on xenial

Status in bubblewrap package in Ubuntu:
  New
Status in bubblewrap source package in Xenial:
  New

Bug description:
  [Impact]

  I'm writing a snapcraft plugin that uses bubblewrap for sandboxing
  purposes, but since bubblewrap isn't available on xenial while
  snapcraft is, it's currently blocked from landing.

  Besides that, bubblewrap is a generally useful tool for running
  commands in a sandbox, similar to a chroot, but can be run by an
  unprivileged user, or like lxc, but more lightweight.

  [Test Case]

  Type bwrap in a xenial terminal. The command isn't found.

  [Regression Potential]

  This package is already available in yakkety and zesty, and it depends
  only on libc6 and libselinux1. It contains no services.

  The bwrap binary is setuid root.

  [Other Info]

  From the project page:

  "The maintainers of this tool believe that it does not, even when used
  in combination with typical software installed on that distribution,
  allow privilege escalation. It may increase the ability of a logged in
  user to perform denial of service attacks, however.

  In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid
  binaries, which is the traditional way to get out of things like
  chroots."

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1649330/+subscriptions