[Group.of.nepali.translators] [Bug 1567597] Re: implement 'complain mode' in seccomp for developer mode with snaps
This is fixed in xenial 2.3.1-2.1ubuntu2~16.04.1 ** Changed in: libseccomp (Ubuntu Xenial) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1567597 Title: implement 'complain mode' in seccomp for developer mode with snaps Status in Snappy: In Progress Status in libseccomp package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in libseccomp source package in Xenial: Fix Released Status in linux source package in Xenial: Fix Released Status in libseccomp source package in Zesty: Fix Released Status in linux source package in Zesty: Fix Released Bug description: A requirement for snappy is that a snap may be placed in developer mode which will put the security sandbox in complain mode such that violations against policy are logged, but permitted. In this manner learning tools can be written to parse the logs, etc and make developing on snappy easier. Unfortunately with seccomp only SCMP_ACT_KILL logs to dmesg and while we can set complain mode to permit all calls, they are not logged at this time. I've discussed this with upstream and we are working together on the approach. This may require a kernel patch and an update to libseccomp, to filing this bug for now as a placeholder and we'll add other tasks as necessary. UPDATE: ubuntu-core-launcher now supports the '@complain' directive that is a synonym for '@unrestricted' so people can at least turn on developer mode and not be blocked by seccomp. Proper complain mode for seccomp needs to still be implemented (this bug). [Impact] Snapd needs a way to log seccomp actions without blocking any syscalls in order to have a more useful complain mode. Such functionality has been acked upstream and patches are on their way into the Linux 4.14 kernel (backported to 4.12.0-13.14 in artful). The corresponding libseccomp changes are still undergoing review (https://github.com/seccomp/libseccomp/pull/92). The pull request adds a number of new symbols and probably isn't appropriate to backport until upstream has acked the pull request. However, only a small part of that larger pull request is needed by snapd and that change can be safely backported since the only added symbol, the SCMP_ACT_LOG macro, must match the SECCOMP_RET_LOG macro that has already been approved and merged in the upstream Linux kernel. [libseccomp Test Case] A large number of tests are ran as part of the libseccomp build. However, the "live" tests which test libseccomp with actual kernel enforcement are not ran at that time. They can be manually exercised to help catch any regressions. Note that on Artful, there's an existing test failure (20-live-basic_die%%002-1): $ sudo apt build-dep -y libseccomp $ sudo apt install -y cython $ apt source libseccomp $ cd libseccomp-* $ autoreconf -ivf && ./configure --enable-python && make check-build $ (cd tests && ./regression -T live) All tests should pass on zesty (12 tests) and xenial (10 tests). On artful, you'll see one pre-existing failure: ... Test 20-live-basic_die%%002-1 result: FAILURE 20-live-basic_die TRAP rc=159 ... Regression Test Summary tests run: 12 tests skipped: 0 tests passed: 11 tests failed: 1 tests errored: 0 Now we can build and run a small test program to test the SCMP_ACT_LOG action in the way that snapd wants to use it for developer mode: $ sudo apt install -y libseccomp-dev $ gcc -o lp1567597-test lp1567597-test.c -lseccomp $ ./lp1567597-test With a kernel that contains the logging patches and an updated libseccomp, the exit code should be 0 and you should have an entry in the system log that looks like this: audit: type=1326 audit(1505859630.994:69): auid=1000 uid=1000 gid=1000 ses=2 pid=18451 comm="lp1567597-test" exe="/home/tyhicks/lp1567597-test" sig=0 arch=c03e syscall=2 compat=0 ip=0x7f547352c5c0 code=0x7ffc If you have an updated libseccomp with an old kernel, you'll see that seccomp_init() fails due to the added compatibility check inside of libseccomp determines that the kernel doesn't have proper support for the new log action: $ ./lp1567597-test ERROR: seccomp_init: Invalid argument [Linux Kernel Test Case] All of the libseccomp test cases apply here. Running the seccomp kernel selftests is also a great to exercise seccomp and the kernel patch set proposed for the SRU includes additional seccomp selftests. To build, enter into the root of the kernel source tree and build the seccomp test binary: $ make -C tools/testing/selftests TARGETS=seccomp Now you can
[Group.of.nepali.translators] [Bug 1567597] Re: implement 'complain mode' in seccomp for developer mode with snaps
This bug was fixed in the package linux - 4.4.0-98.121 --- linux (4.4.0-98.121) xenial; urgency=low * linux: 4.4.0-98.121 -proposed tracker (LP: #1722299) * Controller lockup detected on ProLiant DL380 Gen9 with P440 Controller (LP: #1720359) - scsi: hpsa: limit transfer length to 1MB * [Dell Docking IE][0bda:8153] Realtek USB Ethernet leads to system hang (LP: #1720977) - r8152: fix the list rx_done may be used without initialization * Add installer support for Broadcom BCM573xx network drivers. (LP: #1720466) - d-i: Add bnxt_en to nic-modules. * snapcraft.yaml: add dpkg-dev to the build deps (LP: #1718886) - snapcraft.yaml: add dpkg-dev to the build deps * Support setting I2C_TIMEOUT via ioctl for i2c-designware (LP: #1718578) - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT * 5U84 - ses driver isn't binding right - cannot blink lights on 1 of the 2 5u84 (LP: #1693369) - scsi_transport_sas: add function to get SAS endpoint address - ses: fix discovery of SATA devices in SAS enclosures - scsi: sas: provide stub implementation for scsi_is_sas_rphy - scsi: ses: Fix SAS device detection in enclosure * multipath -ll is not showing the disks which are actually multipath (LP: #1718397) - fs: aio: fix the increment of aio-nr and counting against aio-max-nr * Support Dell Wireless DW5819/5818 WWAN devices (LP: #1721455) - SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819 * CVE-2017-10911 - xen-blkback: don't leak stack data via response ring * implement 'complain mode' in seccomp for developer mode with snaps (LP: #1567597) - seccomp: Provide matching filter for introspection - seccomp: Sysctl to display available actions - seccomp: Operation for checking if an action is available - seccomp: Sysctl to configure actions that are allowed to be logged - seccomp: Selftest for detection of filter flag support - seccomp: Action to log before allowing * implement errno action logging in seccomp for strict mode with snaps (LP: #1721676) - seccomp: Provide matching filter for introspection - seccomp: Sysctl to display available actions - seccomp: Operation for checking if an action is available - seccomp: Sysctl to configure actions that are allowed to be logged - seccomp: Selftest for detection of filter flag support - seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW * [Xenial] update OpenNSL kernel modules to 6.5.10 (LP: #1721511) - SAUCE: update OpenNSL kernel modules to 6.5.10 * Xenial update to 4.4.90 stable release (LP: #1721550) - cifs: release auth_key.response for reconnect. - mac80211: flush hw_roc_start work before cancelling the ROC - KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() - tracing: Fix trace_pipe behavior for instance traces - tracing: Erase irqsoff trace with empty write - md/raid5: fix a race condition in stripe batch - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly - crypto: talitos - Don't provide setkey for non hmac hashing algs. - crypto: talitos - fix sha224 - KEYS: fix writing past end of user-supplied buffer in keyring_read() - KEYS: prevent creating a different user's keyrings - KEYS: prevent KEYCTL_READ on negative key - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() - Fix SMB3.1.1 guest authentication to Samba - SMB: Validate negotiate (to protect against downgrade) even if signing off - SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets - nl80211: check for the required netlink attributes presence - bsg-lib: don't free job in bsg_prepare_job - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() - arm64: Make sure SPsel is always set - arm64: fault: Route pte translation faults via do_translation_fault - KVM: VMX: Do not BUG() on out-of-bounds guest IRQ - kvm: nVMX: Don't allow L2 to access the hardware CR8 - PCI: Fix race condition with driver_override - btrfs: fix NULL pointer dereference from free_reloc_roots() - btrfs: propagate error to btrfs_cmp_data_prepare caller - btrfs: prevent to set invalid default subvolid - x86/fpu: Don't let userspace set bogus xcomp_bv - gfs2: Fix debugfs glocks dump - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 - KVM: VMX: do not change SN bit in vmx_update_pi_irte() - KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt - cxl: Fix driver use count - dmaengine: mmp-pdma: add number of requestors - ARM: pxa: add the number of DMA requestor lines - ARM: pxa: fix the number of DMA requestor lines - KVM: VMX: use
[Group.of.nepali.translators] [Bug 1567597] Re: implement 'complain mode' in seccomp for developer mode with snaps
This bug was fixed in the package linux - 4.10.0-38.42 --- linux (4.10.0-38.42) zesty; urgency=low * linux: 4.10.0-38.42 -proposed tracker (LP: #1722330) * Controller lockup detected on ProLiant DL380 Gen9 with P440 Controller (LP: #1720359) - scsi: hpsa: limit transfer length to 1MB * [Dell Docking IE][0bda:8153] Realtek USB Ethernet leads to system hang (LP: #1720977) - r8152: fix the list rx_done may be used without initialization * Touchpad not detected in Lenovo X1 Yoga / Yoga 720-15IKB (LP: #1700657) - mfd: intel-lpss: Add missing PCI ID for Intel Sunrise Point LPSS devices * Add installer support for Broadcom BCM573xx network drivers. (LP: #1720466) - d-i: Add bnxt_en to nic-modules. * CVE-2017-1000252 - KVM: VMX: Do not BUG() on out-of-bounds guest IRQ * CVE-2017-10663 - f2fs: sanity check checkpoint segno and blkoff * xfstest sanity checks on seek operations fails (LP: #1696049) - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() * [P9, Power NV][ WSP][Ubuntu 16.04.03] : perf hw breakpoint command results in call traces and system goes for reboot. (LP: #1706033) - powerpc/64s: Handle data breakpoints in Radix mode * 5U84 - ses driver isn't binding right - cannot blink lights on 1 of the 2 5u84 (LP: #1693369) - scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails. * Vlun resize request could fail with cxlflash driver (LP: #1713575) - scsi: cxlflash: Fix vlun resize failure in the shrink path * More migrations with constant load (LP: #1713576) - sched/fair: Prefer sibiling only if local group is under-utilized * New PMU fixes for marked events. (LP: #1716491) - powerpc/perf: POWER9 PMU stops after idle workaround * CVE-2017-14340 - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present * [Zesty][Yakkety] rtl8192e bug fixes (LP: #1698470) - staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory. - staging: rtl8192e: fix 2 byte alignment of register BSSIDR. - staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. - staging: rtl8192e: GetTs Fix invalid TID 7 warning. * Stranded with ENODEV after mdadm --readonly (LP: #1706243) - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop * multipath -ll is not showing the disks which are actually multipath (LP: #1718397) - fs: aio: fix the increment of aio-nr and counting against aio-max-nr * ETPS/2 Elantech Touchpad inconsistently detected (Gigabyte P57W laptop) (LP: #1594214) - Input: i8042 - add Gigabyte P57 to the keyboard reset table * CVE-2017-10911 - xen-blkback: don't leak stack data via response ring * CVE-2017-11176 - mqueue: fix a use-after-free in sys_mq_notify() * implement 'complain mode' in seccomp for developer mode with snaps (LP: #1567597) - Revert "UBUNTU: SAUCE: seccomp: log actions even when audit is disabled" - seccomp: Provide matching filter for introspection - seccomp: Sysctl to display available actions - seccomp: Operation for checking if an action is available - seccomp: Sysctl to configure actions that are allowed to be logged - seccomp: Selftest for detection of filter flag support - seccomp: Action to log before allowing * implement errno action logging in seccomp for strict mode with snaps (LP: #1721676) - Revert "UBUNTU: SAUCE: seccomp: log actions even when audit is disabled" - seccomp: Provide matching filter for introspection - seccomp: Sysctl to display available actions - seccomp: Operation for checking if an action is available - seccomp: Sysctl to configure actions that are allowed to be logged - seccomp: Selftest for detection of filter flag support - seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW * Backport recent bbr bugfixes to 4.10 kernel (LP: #1708604) - tcp_bbr: cut pacing rate only if filled pipe - tcp_bbr: introduce bbr_bw_to_pacing_rate() helper - tcp_bbr: introduce bbr_init_pacing_rate_from_rtt() helper - tcp_bbr: remove sk_pacing_rate=0 transient during init - tcp_bbr: init pacing rate on first RTT sample * [SRU][Zesty] Fix lscpu segfault on ARM64 with SMBIOS v2.0 (LP: #1716483) - arm64: kernel: restrict /dev/mem read() calls to linear region -- Kleber Sacilotto de SouzaTue, 10 Oct 2017 13:49:34 +0200 ** Changed in: linux (Ubuntu Zesty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000252 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10663 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10911 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11176 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14340 ** Changed
[Group.of.nepali.translators] [Bug 1567597] Re: implement 'complain mode' in seccomp for developer mode with snaps
This bug was fixed in the package libseccomp - 2.3.1-2.1ubuntu2~17.04.1 --- libseccomp (2.3.1-2.1ubuntu2~17.04.1) zesty; urgency=medium * Backport artful's libseccomp to zesty (LP: #1567597) - Add support for the SECCOMP_RET_LOG action libseccomp (2.3.1-2.1ubuntu2) artful; urgency=medium * add-log-action.patch: Minimal backport to support the SECCOMP_RET_LOG action that will be released in Linux kernel version 4.14. (LP: #1567597) -- Tyler HicksFri, 06 Oct 2017 18:43:11 + ** Changed in: libseccomp (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1567597 Title: implement 'complain mode' in seccomp for developer mode with snaps Status in Snappy: In Progress Status in libseccomp package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in libseccomp source package in Xenial: In Progress Status in linux source package in Xenial: Fix Committed Status in libseccomp source package in Zesty: Fix Released Status in linux source package in Zesty: Fix Committed Bug description: A requirement for snappy is that a snap may be placed in developer mode which will put the security sandbox in complain mode such that violations against policy are logged, but permitted. In this manner learning tools can be written to parse the logs, etc and make developing on snappy easier. Unfortunately with seccomp only SCMP_ACT_KILL logs to dmesg and while we can set complain mode to permit all calls, they are not logged at this time. I've discussed this with upstream and we are working together on the approach. This may require a kernel patch and an update to libseccomp, to filing this bug for now as a placeholder and we'll add other tasks as necessary. UPDATE: ubuntu-core-launcher now supports the '@complain' directive that is a synonym for '@unrestricted' so people can at least turn on developer mode and not be blocked by seccomp. Proper complain mode for seccomp needs to still be implemented (this bug). [Impact] Snapd needs a way to log seccomp actions without blocking any syscalls in order to have a more useful complain mode. Such functionality has been acked upstream and patches are on their way into the Linux 4.14 kernel (backported to 4.12.0-13.14 in artful). The corresponding libseccomp changes are still undergoing review (https://github.com/seccomp/libseccomp/pull/92). The pull request adds a number of new symbols and probably isn't appropriate to backport until upstream has acked the pull request. However, only a small part of that larger pull request is needed by snapd and that change can be safely backported since the only added symbol, the SCMP_ACT_LOG macro, must match the SECCOMP_RET_LOG macro that has already been approved and merged in the upstream Linux kernel. [libseccomp Test Case] A large number of tests are ran as part of the libseccomp build. However, the "live" tests which test libseccomp with actual kernel enforcement are not ran at that time. They can be manually exercised to help catch any regressions. Note that on Artful, there's an existing test failure (20-live-basic_die%%002-1): $ sudo apt build-dep -y libseccomp $ sudo apt install -y cython $ apt source libseccomp $ cd libseccomp-* $ autoreconf -ivf && ./configure --enable-python && make check-build $ (cd tests && ./regression -T live) All tests should pass on zesty (12 tests) and xenial (10 tests). On artful, you'll see one pre-existing failure: ... Test 20-live-basic_die%%002-1 result: FAILURE 20-live-basic_die TRAP rc=159 ... Regression Test Summary tests run: 12 tests skipped: 0 tests passed: 11 tests failed: 1 tests errored: 0 Now we can build and run a small test program to test the SCMP_ACT_LOG action in the way that snapd wants to use it for developer mode: $ sudo apt install -y libseccomp-dev $ gcc -o lp1567597-test lp1567597-test.c -lseccomp $ ./lp1567597-test With a kernel that contains the logging patches and an updated libseccomp, the exit code should be 0 and you should have an entry in the system log that looks like this: audit: type=1326 audit(1505859630.994:69): auid=1000 uid=1000 gid=1000 ses=2 pid=18451 comm="lp1567597-test" exe="/home/tyhicks/lp1567597-test" sig=0 arch=c03e syscall=2 compat=0 ip=0x7f547352c5c0 code=0x7ffc If you have an updated libseccomp with an old kernel, you'll see that seccomp_init() fails due to the added compatibility check inside of libseccomp determines that the kernel doesn't have proper support for the new log action: $