group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #36282
[Bug 1882955] Re: LXD 4.2 broken on linux-kvm due to missing VLAN filtering
This bug was fixed in the package linux-kvm - 4.15.0-1071.72
---------------
linux-kvm (4.15.0-1071.72) bionic; urgency=medium
* bionic/linux-kvm: 4.15.0-1071.72 -proposed tracker (LP: #1887041)
[ Ubuntu: 4.15.0-112.113 ]
* bionic/linux: 4.15.0-112.113 -proposed tracker (LP: #1887048)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2020-11935
- SAUCE: aufs: do not call i_readcount_inc()
- SAUCE: aufs: bugfix, IMA i_readcount
* CVE-2020-10757
- mm: Fix mremap not considering huge pmd devmap
* Update lockdown patches (LP: #1884159)
- efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
- efi: Restrict efivar_ssdt_load when the kernel is locked down
- powerpc/xmon: add read-only mode
- powerpc/xmon: Restrict when kernel is locked down
- [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
- SAUCE: acpi: disallow loading configfs acpi tables when locked down
* seccomp_bpf fails on powerpc (LP: #1885757)
- SAUCE: selftests/seccomp: fix ptrace tests on powerpc
* Introduce the new NVIDIA 418-server and 440-server series, and update the
current NVIDIA drivers (LP: #1881137)
- [packaging] add signed modules for the 418-server and the 440-server
flavours
[ Ubuntu: 4.15.0-111.112 ]
* bionic/linux: 4.15.0-111.112 -proposed tracker (LP: #1886999)
* Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461)
- SAUCE: mlxsw: Add missmerged ERR_PTR hunk
* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
- SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"
linux-kvm (4.15.0-1070.71) bionic; urgency=medium
* bionic/linux-kvm: 4.15.0-1070.71 -proposed tracker (LP: #1885807)
* Build and ship a signed wireguard.ko (LP: #1861284)
- [Config] kvm: wireguard -- enable on all architectures
* LXD 4.2 broken on linux-kvm due to missing VLAN filtering (LP: #1882955)
- [Config] VLAN_8021Q=m && BRIDGE_VLAN_FILTERING=y
[ Ubuntu: 4.15.0-110.111 ]
* bionic/linux: 4.15.0-110.111 -proposed tracker (LP: #1885814)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2020-11935
- SAUCE: aufs: do not call i_readcount_inc()
- SAUCE: aufs: bugfix, IMA i_readcount
* CVE-2020-10757
- mm: Fix mremap not considering huge pmd devmap
* Update lockdown patches (LP: #1884159)
- efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
- efi: Restrict efivar_ssdt_load when the kernel is locked down
- powerpc/xmon: add read-only mode
- powerpc/xmon: Restrict when kernel is locked down
- [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
- SAUCE: acpi: disallow loading configfs acpi tables when locked down
* seccomp_bpf fails on powerpc (LP: #1885757)
- SAUCE: selftests/seccomp: fix ptrace tests on powerpc
* Introduce the new NVIDIA 418-server and 440-server series, and update the
current NVIDIA drivers (LP: #1881137)
- [packaging] add signed modules for the 418-server and the 440-server
flavours
-- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx> Thu, 09 Jul 2020
22:13:34 -0400
** Changed in: linux-kvm (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10757
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11935
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1882955
Title:
LXD 4.2 broken on linux-kvm due to missing VLAN filtering
Status in linux-kvm package in Ubuntu:
Invalid
Status in linux-kvm source package in Xenial:
Fix Released
Status in linux-kvm source package in Bionic:
Fix Released
Status in linux-kvm source package in Eoan:
Fix Committed
Status in linux-kvm source package in Focal:
Fix Released
Bug description:
[Description]
Some VLAN options (BRIDGE_VLAN_FILTERING, and its dependencies
VLAN_8021Q*) were in a different state in Focal/kvm compared to
Focal/generic: LXD now depends on BRIDGE_VLAN_FILTERING and due to
this discrepancy it fails to work on the Focal/kvm kernel: fix it by
aligning the config with Focal/generic
[Fix]
Apply the attached config patch
[Regression potential]
Low, just some config changes already present in generic.
---
This is another case of linux-kvm having unexplained differences compared to linux-generic in areas that aren't related to hardware drivers (see other bug we filed for missing nft).
This time, CPC is reporting that LXD no longer works on linux-kvm as
we now set vlan filtering on our bridges to prevent containers from
escaping firewalling through custom vlan tags.
This relies on CONFIG_BRIDGE_VLAN_FILTERING which is a built-in on the
generic kernel but is apparently missing on linux-kvm (I don't have
any system running that kernel to confirm its config, but the behavior
certainly matches that).
We need this fixed in focal and groovy.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1882955/+subscriptions