← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #142632

[Bug 1509489] Re: No support for seccomp filters

  Thread PreviousDate PreviousThread Next 
** Description changed:

- The snappy confinement model utilizes both apparmor and seccomp filters,
- and while the former is supported by the phone kernel, the latter is
- not. Snappy cannot be used on the mako, krillin, or vegetahd without
- seccomp filters being backported.
+ [Impact]
+ 
+  * The snappy confinement model utilizes both apparmor and seccomp filters, and
+    while the former is supported by the phone kernel, the latter is not. Snappy
+    cannot be used on the mako, krillin, or vegetahd without seccomp filters
+    being backported.
+ 
+ [Test Case]
+ 
+  * Run the tests located here:
+ 
+        http://kernel.ubuntu.com/git/kyrofa/ubuntu-
+ vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af
+ 
+    They will fail without this change.
+ 
+ [Regression Potential]
+ 
+  * AppArmor regression regarding its use of no_new_privs, since it was
+    previously a fake implementation to facilitate the v3 backport.

** Description changed:

  [Impact]
  
-  * The snappy confinement model utilizes both apparmor and seccomp filters, and
-    while the former is supported by the phone kernel, the latter is not. Snappy
-    cannot be used on the mako, krillin, or vegetahd without seccomp filters
-    being backported.
+  * The snappy confinement model utilizes both apparmor and seccomp
+ filters, and while the former is supported by the phone kernel, the
+ latter is not. Snappy cannot be used on the mako, krillin, or vegetahd
+ without seccomp filters being backported.
  
  [Test Case]
  
-  * Run the tests located here:
+  * Run the tests located here:
  
-        http://kernel.ubuntu.com/git/kyrofa/ubuntu-
+        http://kernel.ubuntu.com/git/kyrofa/ubuntu-
  vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af
  
-    They will fail without this change.
+    They will fail without this change.
  
  [Regression Potential]
  
-  * AppArmor regression regarding its use of no_new_privs, since it was
-    previously a fake implementation to facilitate the v3 backport.
+  * AppArmor regression regarding its use of no_new_privs, since it was
+ previously a fake implementation to facilitate the v3 backport.

** Description changed:

  [Impact]
  
   * The snappy confinement model utilizes both apparmor and seccomp
  filters, and while the former is supported by the phone kernel, the
  latter is not. Snappy cannot be used on the mako, krillin, or vegetahd
  without seccomp filters being backported.
  
  [Test Case]
  
   * Run the tests located here:
  
         http://kernel.ubuntu.com/git/kyrofa/ubuntu-
  vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af
  
     They will fail without this change.
  
  [Regression Potential]
  
-  * AppArmor regression regarding its use of no_new_privs, since it was
- previously a fake implementation to facilitate the v3 backport.
+  * Potential AppArmor regression regarding its use of no_new_privs,
+ since it was previously a fake implementation to facilitate the v3
+ backport.

** Description changed:

  [Impact]
  
   * The snappy confinement model utilizes both apparmor and seccomp
  filters, and while the former is supported by the phone kernel, the
  latter is not. Snappy cannot be used on the mako, krillin, or vegetahd
  without seccomp filters being backported.
  
  [Test Case]
  
   * Run the tests located here:
  
         http://kernel.ubuntu.com/git/kyrofa/ubuntu-
  vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af
  
     They will fail without this change.
  
  [Regression Potential]
  
   * Potential AppArmor regression regarding its use of no_new_privs,
  since it was previously a fake implementation to facilitate the v3
  backport.
+ 
+ [Other Info]
+ 
+  * Backport is from mainline.
+  * Backport only includes seccomp filters introduced in v3.5 (e.g. does not include syscall or tsync).

** Summary changed:

- No support for seccomp filters
+ [SRU] seccomp filters backport for Mako

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1509489

Title:
  [SRU] seccomp filters backport for Mako

Status in linux-mako package in Ubuntu:
  New

Bug description:
  [Impact]

   * The snappy confinement model utilizes both apparmor and seccomp
  filters, and while the former is supported by the phone kernel, the
  latter is not. Snappy cannot be used on the mako, krillin, or vegetahd
  without seccomp filters being backported.

  [Test Case]

   * Run the tests located here:

         http://kernel.ubuntu.com/git/kyrofa/ubuntu-
  vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af

     They will fail without this change.

  [Regression Potential]

   * Potential AppArmor regression regarding its use of no_new_privs,
  since it was previously a fake implementation to facilitate the v3
  backport.

  [Other Info]

   * Backport is from mainline.
   * Backport only includes seccomp filters introduced in v3.5 (e.g. does not include syscall or tsync).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-mako/+bug/1509489/+subscriptions

References

  Thread PreviousDate PreviousThread Next