← Back to team overview

kernel-packages team mailing list archive

[Bug 1509489] [linux-mako/wily] verification still needed

 

The fix for this bug has been awaiting testing feedback in the -proposed
repository for wily for more than 90 days.  Please test this fix and
update the bug appropriately with the results.  In the event that the
fix for this bug is still not verified 15 days from now, the package
will be removed from the -proposed repository.

** Tags added: removal-candidate

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1509489

Title:
  [SRU] seccomp filters backport for Mako

Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-mako source package in Wily:
  Fix Committed
Status in linux-mako source package in Xenial:
  Fix Released

Bug description:
  [Impact]

   * The snappy confinement model utilizes both apparmor and seccomp
  filters, and while the former is supported by the phone kernel, the
  latter is not. Snappy cannot be used on the mako, krillin, or vegetahd
  without seccomp filters being backported.

  [Test Case]

   * Run the tests located here:

         http://kernel.ubuntu.com/git/kyrofa/ubuntu-
  vivid.git/tree/tools/testing/selftests/seccomp?h=backport_seccomp_filters&id=555777b2449cb4a69604998e8550001231a0f6af

     They will fail without this change.

  [Regression Potential]

   * Potential AppArmor regression regarding its use of no_new_privs,
  since it was previously a fake implementation to facilitate the v3
  backport.

  [Other Info]

   * Backport is from mainline.
   * Backport only includes seccomp filters introduced in v3.5 (e.g. does not include syscall or tsync).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-mako/+bug/1509489/+subscriptions


References