group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #10080
[Bug 1649330] Re: [SRU] bubblewrap unavailable on xenial
** Changed in: bubblewrap (Ubuntu)
Status: New => Fix Released
** Changed in: bubblewrap (Ubuntu Xenial)
Status: New => In Progress
** Changed in: bubblewrap (Ubuntu Xenial)
Importance: Undecided => Low
** Changed in: bubblewrap (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1649330
Title:
[SRU] bubblewrap unavailable on xenial
Status in bubblewrap package in Ubuntu:
Fix Released
Status in bubblewrap source package in Xenial:
In Progress
Bug description:
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing
purposes, but since bubblewrap isn't available on xenial while
snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running
commands in a sandbox, similar to a chroot, but can be run by an
unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS.
Since one major benefit of Flatpak is running newer apps on stable
releases, it's really beneficial to have Flatpak available on the
latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends
only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any
other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used
in combination with typical software installed on that distribution,
allow privilege escalation. It may increase the ability of a logged in
user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid
binaries, which is the traditional way to get out of things like
chroots."
Since snapd was backported to trusty-updates and not trusty-backports,
we'd like to do the same with the Flatpak stack.
bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in
yakkety. 0.1.5 has been released to yakkety-proposed and the security
PPA. The yakkety update is being tracked in bug 1643734.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1649330/+subscriptions