group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1649330] Re: [SRU] bubblewrap unavailable on xenial

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Jeremy Bicha <jeremy@xxxxxxxxx>
Date: Thu, 05 Jan 2017 14:53:31 -0000
Reply-to: Bug 1649330 <1649330@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: bubblewrap (Ubuntu)
       Status: New => Fix Released

** Changed in: bubblewrap (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: bubblewrap (Ubuntu Xenial)
   Importance: Undecided => Low

** Changed in: bubblewrap (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1649330

Title:
  [SRU] bubblewrap unavailable on xenial

Status in bubblewrap package in Ubuntu:
  Fix Released
Status in bubblewrap source package in Xenial:
  In Progress

Bug description:
  [Impact]

  I'm writing a snapcraft plugin that uses bubblewrap for sandboxing
  purposes, but since bubblewrap isn't available on xenial while
  snapcraft is, it's currently blocked from landing.

  Besides that, bubblewrap is a generally useful tool for running
  commands in a sandbox, similar to a chroot, but can be run by an
  unprivileged user, or like lxc, but more lightweight.

  Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS.
  Since one major benefit of Flatpak is running newer apps on stable
  releases, it's really beneficial to have Flatpak available on the
  latest Ubuntu LTS.

  [Test Case]

  Type bwrap in a xenial terminal. The command isn't found.

  [Regression Potential]

  This package is already available in yakkety and zesty, and it depends
  only on libc6 and libselinux1. It contains no services.

  The bwrap binary is setuid root.

  This is a new package for 16.04 and should not negatively affect any
  other Ubuntu package.

  [Other Info]

  From the project page:

  "The maintainers of this tool believe that it does not, even when used
  in combination with typical software installed on that distribution,
  allow privilege escalation. It may increase the ability of a logged in
  user to perform denial of service attacks, however.

  In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid
  binaries, which is the traditional way to get out of things like
  chroots."

  Since snapd was backported to trusty-updates and not trusty-backports,
  we'd like to do the same with the Flatpak stack.

  bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in
  yakkety. 0.1.5 has been released to yakkety-proposed and the security
  PPA. The yakkety update is being tracked in bug 1643734.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1649330/+subscriptions