group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #19086
[Bug 1682102] Please test proposed package
Hello Dimitri, or anyone else affected,
Accepted libseccomp into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.3.1-2.1ubuntu2~16.04.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, details of your
testing will help us make a better decision.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!
** Changed in: libseccomp (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1682102
Title:
libseccomp should support GA and HWE kernels
Status in libseccomp package in Ubuntu:
Invalid
Status in libseccomp source package in Xenial:
Fix Committed
Bug description:
[Impact]
out of date libseccomp w.r.t. custom and hwe kernels provides sub-par userspace protection, which is otherwise available on the running kernel and hardware combination.
This results in subpar security of systems running new architectures (s390x & ppc64el) and newer hwe/custom kernels.
* Version 2.3.1 - April 20, 2016
- Fixed a problem with 32-bit x86 socket syscalls on some systems
- Fixed problems with ipc syscalls on 32-bit x86
- Fixed problems with socket and ipc syscalls on s390 and s390x
* Version 2.3.0 - February 29, 2016
- Added support for the s390 and s390x architectures
- Added support for the ppc, ppc64, and ppc64le architectures
- Update the internal syscall tables to match the Linux 4.5-rcX releases
- Filter generation for both multiplexed and direct socket syscalls on x86
- Support for the musl libc implementation
- Additions to the API to enable runtime version checking of the library
- Enable the use of seccomp() instead of prctl() on supported systems
- Added additional tests to the regression test suite
There is no ABI/API break
There are no packaging changes, apart from dropping patches included
in this upstream release and updating new symbols.
Doing wholesome update is safer and carries less risk, than
individually cherrypicking effectively all of the above.
This is a backport to an LTS release under the banner of safe
introduction of new features and new hardware support.
It is expected that container technologies will take advantage of the
newly available libseccomp.
This may need to be uploaded as a security update.
Currently, s390x support in xenial libssecomp is incomplete. And there
are v4.5+ syscall tables missing as used by hwe kernels and some
custom kernels.
[Testcase]
Validate that all main contianer technologies are operational and do not regress, e.g.:
- lxc
- lxd
- docker
- snapd
[Regression Potential]
Userspace components may detect at runtime newly available libseccomp, and thus restrict user-space processes more than previously done. This may lead to a change of restrictions applied on the user sapce processes, and result in previously unexpected denials / errors returned.
[Proposed Update available in bileto PPA]
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2981
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1682102/+subscriptions
References