← Back to team overview

kernel-packages team mailing list archive

[Bug 1509489] Please test proposed package

 

Hello Kyle, or anyone else affected,

Accepted linux-mako into wily-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/linux-
mako/3.4.0-7.41~15.10.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1509489

Title:
  [SRU] seccomp filters backport for Mako

Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-mako source package in Wily:
  Fix Committed
Status in linux-mako source package in Xenial:
  Fix Released

Bug description:
  [Impact]

   * The snappy confinement model utilizes both apparmor and seccomp
  filters, and while the former is supported by the phone kernel, the
  latter is not. Snappy cannot be used on the mako, krillin, or vegetahd
  without seccomp filters being backported.

  [Test Case]

   * Run the tests located here:

         http://kernel.ubuntu.com/git/kyrofa/ubuntu-
  vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af

     They will fail without this change.

  [Regression Potential]

   * Potential AppArmor regression regarding its use of no_new_privs,
  since it was previously a fake implementation to facilitate the v3
  backport.

  [Other Info]

   * Backport is from mainline.
   * Backport only includes seccomp filters introduced in v3.5 (e.g. does not include syscall or tsync).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-mako/+bug/1509489/+subscriptions


References