group.of.nepali.translators team mailing list archive

[Launchpad Bug Tracker <1656847@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package nova-lxd - 13.2.0-0ubuntu1.16.04.1

---------------
nova-lxd (13.2.0-0ubuntu1.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: ensure correct application of security group rules.
    - d/p/host-device-naming.patch: Cherry pick fix to ensure that the
      host part of the veth pair used to wire LXD containers into neutron
      has the correct naming, resolving issues with application of
      neutron security group rules in container deployments (LP: #1656847).
    - CVE not yet assigned

 -- James Page <james.page@xxxxxxxxxx>  Tue, 07 Feb 2017 17:06:46 +0100

** Changed in: nova-lxd (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1656847

Title:
  neutron security group rules not applied to nova-lxd containers

Status in nova-lxd:
  Fix Released
Status in nova-lxd package in Ubuntu:
  Fix Released
Status in nova-lxd source package in Xenial:
  Fix Released
Status in nova-lxd source package in Yakkety:
  Fix Released
Status in nova-lxd source package in Zesty:
  Fix Released

Bug description:
  I noted this when testing the changes for lxd:isolated in Ubuntu
  Xenial; neutron sets up iptables rules against tap devices (as used in
  the libvirt driver); however nova-lxd does not use tap devices - LXD
  plumbs the instance in to the neutron bridge using an veth pair.

  I think the net result of this is that security rules are just not
  getting applied in LXD instances.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova-lxd/+bug/1656847/+subscriptions