[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2140 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2888 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2889 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2892 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2893 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2895 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2896 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2897 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2899 ** Tags removed: bot-stop-nagging -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1183616 Title: seccomp-bpf missing on ARM in precise Status in linux package in Ubuntu: Triaged Status in linux source package in Precise: Fix Released Bug description: While seccomp-bpf was backported into precise, it was only for x86. Now that the ARM support is upstream too, it would be great to have the same level of support on ARM in the LTS kernel. I'll prepare patches. [Impact] ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome) [Test Case] git clone https://github.com/redpig/seccomp.git cd seccomp/tests make ./seccomp_bpf_tests All tests should pass [Regression Potential] Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
This bug was fixed in the package linux - 3.2.0-57.87 --- linux (3.2.0-57.87) precise; urgency=low [Steve Conklin] * Release Tracking Bug - LP: #1250622 [ Andy Whitcroft ] * tools -- upgrade to common generic helper - LP: #1205284 [ Kees Cook ] * SAUCE: backport ARM seccomp-bpf support - LP: #1183616 [ Luis Henriques ] * SAUCE: ACPI battery: fix compiler warning - LP: #1247154 [ Tim Gardner ] * [Config] updateconfigs: CONFIG_HAVE_AOUT=n for arm [ Upstream Kernel Changes ] * Revert sctp: fix call to SCTP_CMD_PROCESS_SACK in sctp_cmd_interpreter() - LP: #1249089 * xen/blkback: Check device permissions before allowing OP_DISCARD - LP: #1091187 - CVE-2013-2140 * zram: allow request end to coincide with disksize - LP: #1246664 * ARM: 7373/1: add support for the generic syscall.h interface - LP: #1183616 * ARM: 7577/1: arch/add syscall_get_arch - LP: #1183616 * htb: fix sign extension bug - LP: #1249089 * net: check net.core.somaxconn sysctl values - LP: #1249089 * fib_trie: remove potential out of bound access - LP: #1249089 * tcp: cubic: fix overflow error in bictcp_update() - LP: #1249089 * tcp: cubic: fix bug in bictcp_acked() - LP: #1249089 * ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match - LP: #1249089 * 8139cp: Add dma_mapping_error checking - LP: #1249089 * tun: signedness bug in tun_get_user() - LP: #1249089 * ipv6: remove max_addresses check from ipv6_create_tempaddr - LP: #1249089 * ipv6: drop packets with multiple fragmentation headers - LP: #1249089 * ipv6: Don't depend on per socket memory for neighbour discovery messages - LP: #1249089 * net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for max_delay - LP: #1249089 * ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO - LP: #1249089 * tipc: fix lockdep warning during bearer initialization - LP: #1249089 * HID: hidraw: put old deallocation mechanism in place - LP: #1249089 * HID: hidraw: correctly deallocate memory on device disconnect - LP: #1249089 * xen-gnt: prevent adding duplicate gnt callbacks - LP: #1249089 * ath9k: always clear ps filter bit on new assoc - LP: #1249089 * libceph: unregister request in __map_request failed and nofail == false - LP: #1249089 * usb: config-desc.bLength may not exceed amount of data returned by the device - LP: #1249089 * USB: cdc-wdm: fix race between interrupt handler and tasklet - LP: #1249089 * powerpc: Handle unaligned ldbrx/stdbrx - LP: #1249089 * intel-iommu: Fix leaks in pagetable freeing - LP: #1249089 * ath9k: fix rx descriptor related race condition - LP: #1249089 * ath9k: avoid accessing MRC registers on single-chain devices - LP: #1249089 * ASoC: wm8960: Fix PLL register writes - LP: #1249089 * rculist: list_first_or_null_rcu() should use list_entry_rcu() - LP: #1249089 * USB: mos7720: use GFP_ATOMIC under spinlock - LP: #1249089 * USB: mos7720: fix big-endian control requests - LP: #1249089 * staging: comedi: dt282x: dt282x_ai_insn_read() always fails - LP: #1249089 * usb: ehci-mxc: check for pdata before dereferencing - LP: #1249089 * mmc: tmio_mmc_dma: fix PIO fallback on SDHI - LP: #1249089 * rt2800: fix wrong TX power compensation - LP: #1249089 * usb: xhci: Disable runtime PM suspend for quirky controllers - LP: #1249089 * USB: OHCI: Allow runtime PM without system sleep - LP: #1249089 * ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT - LP: #1249089 * HID: validate HID report id size - LP: #1249089 - CVE-2013-2888 * of: Fix missing memory initialization on FDT unflattening - LP: #1249089 * USB: fix build error when CONFIG_PM_SLEEP isn't enabled - LP: #1249089 * drm/edid: add quirk for Medion MD30217PG - LP: #1249089 * drm/radeon: update line buffer allocation for dce4.1/5 - LP: #1249089 * drm/radeon: fix LCD record parsing - LP: #1249089 * drm/radeon: fix resume on some rs4xx boards (v2) - LP: #1249089 * drm/radeon: fix handling of variable sized arrays for router objects - LP: #1249089 * ALSA: hda - hdmi: Fallback to ALSA allocation when selecting CA - LP: #1249089 * fuse: postpone end_page_writeback() in fuse_writepage_locked() - LP: #1249089 * fuse: invalidate inode attributes on xattr modification - LP: #1249089 * fuse: hotfix truncate_pagecache() issue - LP: #1249089 * hdpvr: register the video node at the end of probe - LP: #1249089 * hdpvr: fix iteration over uninitialized lists in hdpvr_probe() - LP: #1249089 * fuse: readdir: check for slash in names - LP: #1249089 * HID: pantherlord: validate output report details - LP: #1249089 - CVE-2013-2892 * HID: ntrig: validate feature report
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
This bug was fixed in the package linux - 3.2.0-57.87 --- linux (3.2.0-57.87) precise; urgency=low [Steve Conklin] * Release Tracking Bug - LP: #1250622 [ Andy Whitcroft ] * tools -- upgrade to common generic helper - LP: #1205284 [ Kees Cook ] * SAUCE: backport ARM seccomp-bpf support - LP: #1183616 [ Luis Henriques ] * SAUCE: ACPI battery: fix compiler warning - LP: #1247154 [ Tim Gardner ] * [Config] updateconfigs: CONFIG_HAVE_AOUT=n for arm [ Upstream Kernel Changes ] * Revert sctp: fix call to SCTP_CMD_PROCESS_SACK in sctp_cmd_interpreter() - LP: #1249089 * xen/blkback: Check device permissions before allowing OP_DISCARD - LP: #1091187 - CVE-2013-2140 * zram: allow request end to coincide with disksize - LP: #1246664 * ARM: 7373/1: add support for the generic syscall.h interface - LP: #1183616 * ARM: 7577/1: arch/add syscall_get_arch - LP: #1183616 * htb: fix sign extension bug - LP: #1249089 * net: check net.core.somaxconn sysctl values - LP: #1249089 * fib_trie: remove potential out of bound access - LP: #1249089 * tcp: cubic: fix overflow error in bictcp_update() - LP: #1249089 * tcp: cubic: fix bug in bictcp_acked() - LP: #1249089 * ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match - LP: #1249089 * 8139cp: Add dma_mapping_error checking - LP: #1249089 * tun: signedness bug in tun_get_user() - LP: #1249089 * ipv6: remove max_addresses check from ipv6_create_tempaddr - LP: #1249089 * ipv6: drop packets with multiple fragmentation headers - LP: #1249089 * ipv6: Don't depend on per socket memory for neighbour discovery messages - LP: #1249089 * net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for max_delay - LP: #1249089 * ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO - LP: #1249089 * tipc: fix lockdep warning during bearer initialization - LP: #1249089 * HID: hidraw: put old deallocation mechanism in place - LP: #1249089 * HID: hidraw: correctly deallocate memory on device disconnect - LP: #1249089 * xen-gnt: prevent adding duplicate gnt callbacks - LP: #1249089 * ath9k: always clear ps filter bit on new assoc - LP: #1249089 * libceph: unregister request in __map_request failed and nofail == false - LP: #1249089 * usb: config-desc.bLength may not exceed amount of data returned by the device - LP: #1249089 * USB: cdc-wdm: fix race between interrupt handler and tasklet - LP: #1249089 * powerpc: Handle unaligned ldbrx/stdbrx - LP: #1249089 * intel-iommu: Fix leaks in pagetable freeing - LP: #1249089 * ath9k: fix rx descriptor related race condition - LP: #1249089 * ath9k: avoid accessing MRC registers on single-chain devices - LP: #1249089 * ASoC: wm8960: Fix PLL register writes - LP: #1249089 * rculist: list_first_or_null_rcu() should use list_entry_rcu() - LP: #1249089 * USB: mos7720: use GFP_ATOMIC under spinlock - LP: #1249089 * USB: mos7720: fix big-endian control requests - LP: #1249089 * staging: comedi: dt282x: dt282x_ai_insn_read() always fails - LP: #1249089 * usb: ehci-mxc: check for pdata before dereferencing - LP: #1249089 * mmc: tmio_mmc_dma: fix PIO fallback on SDHI - LP: #1249089 * rt2800: fix wrong TX power compensation - LP: #1249089 * usb: xhci: Disable runtime PM suspend for quirky controllers - LP: #1249089 * USB: OHCI: Allow runtime PM without system sleep - LP: #1249089 * ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT - LP: #1249089 * HID: validate HID report id size - LP: #1249089 - CVE-2013-2888 * of: Fix missing memory initialization on FDT unflattening - LP: #1249089 * USB: fix build error when CONFIG_PM_SLEEP isn't enabled - LP: #1249089 * drm/edid: add quirk for Medion MD30217PG - LP: #1249089 * drm/radeon: update line buffer allocation for dce4.1/5 - LP: #1249089 * drm/radeon: fix LCD record parsing - LP: #1249089 * drm/radeon: fix resume on some rs4xx boards (v2) - LP: #1249089 * drm/radeon: fix handling of variable sized arrays for router objects - LP: #1249089 * ALSA: hda - hdmi: Fallback to ALSA allocation when selecting CA - LP: #1249089 * fuse: postpone end_page_writeback() in fuse_writepage_locked() - LP: #1249089 * fuse: invalidate inode attributes on xattr modification - LP: #1249089 * fuse: hotfix truncate_pagecache() issue - LP: #1249089 * hdpvr: register the video node at the end of probe - LP: #1249089 * hdpvr: fix iteration over uninitialized lists in hdpvr_probe() - LP: #1249089 * fuse: readdir: check for slash in names - LP: #1249089 * HID: pantherlord: validate output report details - LP: #1249089 - CVE-2013-2892 * HID: ntrig: validate feature report
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
as i said on irc, this code ATM doesn't compile: flag@flag-desktop:~/seccomp/tests$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 12.04.3 LTS Release:12.04 Codename: precise flag@flag-desktop:~/seccomp/tests$ uname -a Linux flag-desktop 3.2.0-1441-omap4 #60 SMP PREEMPT Fri Nov 15 15:16:44 UTC 2013 armv7l armv7l armv7l GNU/Linux /usr/include/arm-linux-gnueabi/asm/unistd.h: ... #if defined(__ARM_EABI__) !defined(__KERNEL__) #warning im here #undef __NR_time #undef __NR_umount #undef __NR_stime #undef __NR_alarm #undef __NR_utime #undef __NR_getrlimit #undef __NR_select #undef __NR_readdir #undef __NR_mmap #undef __NR_socketcall #undef __NR_syscall #undef __NR_ipc #endif the #warning is mine: flag@flag-desktop:~/seccomp/tests$ gcc -dM -E seccomp_bpf_tests.c | grep EABI #define __ARM_EABI__ 1 flag@flag-desktop:~/seccomp/tests$ make cc seccomp_bpf_tests.c -o seccomp_bpf_tests In file included from /usr/include/arm-linux-gnueabi/sys/syscall.h:25:0, from /usr/include/syscall.h:1, from seccomp_bpf_tests.c:22: /usr/include/arm-linux-gnueabi/asm/unistd.h:428:2: warning: #warning im here [-Wcpp] seccomp_bpf_tests.c: In function ‘ERRNO_one’: seccomp_bpf_tests.c:310:3: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:310:3: note: each undeclared identifier is reported only once for each function it appears in seccomp_bpf_tests.c:326:2: warning: passing argument 1 of ‘syscall’ makes integer from pointer without a cast [enabled by default] /usr/include/unistd.h:1082:17: note: expected ‘long int’ but argument is of type ‘struct sock_filter *’ seccomp_bpf_tests.c:326:2: warning: passing argument 1 of ‘syscall’ makes integer from pointer without a cast [enabled by default] /usr/include/unistd.h:1082:17: note: expected ‘long int’ but argument is of type ‘struct sock_filter *’ seccomp_bpf_tests.c: In function ‘ERRNO_one_ok’: seccomp_bpf_tests.c:339:3: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:339:3: warning: initialization makes integer from pointer without a cast [enabled by default] seccomp_bpf_tests.c:339:3: warning: (near initialization for ‘filter[1].k’) [enabled by default] seccomp_bpf_tests.c:358:3: warning: passing argument 1 of ‘syscall’ makes integer from pointer without a cast [enabled by default] /usr/include/unistd.h:1082:17: note: expected ‘long int’ but argument is of type ‘struct sock_filter *’ seccomp_bpf_tests.c:358:3: warning: passing argument 1 of ‘syscall’ makes integer from pointer without a cast [enabled by default] /usr/include/unistd.h:1082:17: note: expected ‘long int’ but argument is of type ‘struct sock_filter *’ seccomp_bpf_tests.c: In function ‘TRAP_setup’: seccomp_bpf_tests.c:375:3: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:375:3: warning: initialization makes integer from pointer without a cast [enabled by default] seccomp_bpf_tests.c:375:3: warning: (near initialization for ‘filter[3].k’) [enabled by default] seccomp_bpf_tests.c: In function ‘TRAP_dfl’: seccomp_bpf_tests.c:398:10: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:398:2: warning: passing argument 1 of ‘syscall’ makes integer from pointer without a cast [enabled by default] /usr/include/unistd.h:1082:17: note: expected ‘long int’ but argument is of type ‘struct sock_filter *’ seccomp_bpf_tests.c: In function ‘tracer’: seccomp_bpf_tests.c:696:27: error: storage size of ‘regs’ isn’t known seccomp_bpf_tests.c:718:11: error: request for member ‘orig_rax’ in something not a structure or union seccomp_bpf_tests.c:718:24: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:719:8: error: request for member ‘rax’ in something not a structure or union seccomp_bpf_tests.c:720:8: error: request for member ‘orig_rax’ in something not a structure or union seccomp_bpf_tests.c:724:1: error: request for member ‘rip’ in something not a structure or union seccomp_bpf_tests.c:724:3: warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘struct sock_filter *’ [-Wformat] seccomp_bpf_tests.c: In function ‘TRACE_setup’: seccomp_bpf_tests.c:743:3: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:743:3: warning: initialization makes integer from pointer without a cast [enabled by default] seccomp_bpf_tests.c:743:3: warning: (near initialization for ‘filter[1].k’) [enabled by default] seccomp_bpf_tests.c: In function ‘TRACE_time_is_skipped’: seccomp_bpf_tests.c:794:15: error: ‘__NR_time’ undeclared (first use in this function) seccomp_bpf_tests.c:794:3: warning: passing argument 1 of ‘syscall’ makes integer from pointer without a cast [enabled by default] /usr/include/unistd.h:1082:17: note: expected ‘long int’ but argument is of type ‘struct sock_filter *’ make: *** [seccomp_bpf_tests] Error 1
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
My testing was with a Debian userspace. I don't have a functional Ubuntu ARM environment. I can boot rebuilt kernels in KVM. Can you just adjust the header file to get it compiled? I have no idea why __NR_time is stripped out like that. It's a valid syscall. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1183616 Title: seccomp-bpf missing on ARM in precise Status in “linux” package in Ubuntu: Triaged Status in “linux” source package in Precise: Triaged Bug description: While seccomp-bpf was backported into precise, it was only for x86. Now that the ARM support is upstream too, it would be great to have the same level of support on ARM in the LTS kernel. I'll prepare patches. [Impact] ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome) [Test Case] git clone https://github.com/redpig/seccomp.git cd seccomp/tests make ./seccomp_bpf_tests All tests should pass [Regression Potential] Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
flag@flag-desktop:~/seccomp/tests$ ./seccomp_bpf_tests [==] Running 31 tests from 1 test cases. [ RUN ] global.mode_strict_support [ OK ] global.mode_strict_support [ RUN ] global.mode_strict_cannot_call_prctl [ OK ] global.mode_strict_cannot_call_prctl [ RUN ] global.no_new_privs_support [ OK ] global.no_new_privs_support [ RUN ] global.mode_filter_support [ OK ] global.mode_filter_support [ RUN ] global.mode_filter_without_nnp [ OK ] global.mode_filter_without_nnp [ RUN ] global.mode_filter_cannot_move_to_strict [ OK ] global.mode_filter_cannot_move_to_strict [ RUN ] global.ALLOW_all [ OK ] global.ALLOW_all [ RUN ] global.empty_prog [ OK ] global.empty_prog [ RUN ] global.unknown_ret_is_kill_inside [ OK ] global.unknown_ret_is_kill_inside [ RUN ] global.unknown_ret_is_kill_above_allow [ OK ] global.unknown_ret_is_kill_above_allow [ RUN ] global.KILL_all [ OK ] global.KILL_all [ RUN ] global.KILL_one [ OK ] global.KILL_one [ RUN ] global.KILL_one_arg_one [ OK ] global.KILL_one_arg_one [ RUN ] global.KILL_one_arg_six [ OK ] global.KILL_one_arg_six [ RUN ] global.arg_out_of_range [ OK ] global.arg_out_of_range [ RUN ] global.ERRNO_one [ OK ] global.ERRNO_one [ RUN ] global.ERRNO_one_ok [ OK ] global.ERRNO_one_ok [ RUN ] TRAP.dfl [ OK ] TRAP.dfl [ RUN ] TRAP.ign [ OK ] TRAP.ign [ RUN ] TRAP.handler [ OK ] TRAP.handler [ RUN ] TRAP.handler [ OK ] TRAP.handler [ RUN ] precedence.allow_ok [ OK ] precedence.allow_ok [ RUN ] precedence.kill_is_highest [ OK ] precedence.kill_is_highest [ RUN ] precedence.kill_is_highest_in_any_order [ OK ] precedence.kill_is_highest_in_any_order [ RUN ] precedence.trap_is_second [ OK ] precedence.trap_is_second [ RUN ] precedence.trap_is_second_in_any_order [ OK ] precedence.trap_is_second_in_any_order [ RUN ] precedence.errno_is_third [ OK ] precedence.errno_is_third [ RUN ] precedence.errno_is_third_in_any_order [ OK ] precedence.errno_is_third_in_any_order [ RUN ] precedence.trace_is_fourth [ OK ] precedence.trace_is_fourth [ RUN ] precedence.trace_is_fourth_in_any_order [ OK ] precedence.trace_is_fourth_in_any_order [ RUN ] TRACE.read_has_side_effects [ OK ] TRACE.read_has_side_effects [ RUN ] TRACE.getpid_runs_normally [ OK ] TRACE.getpid_runs_normally [==] 31 / 31 tests passed. [ PASSED ] flag@flag-desktop:~/seccomp/tests$ flag@flag-desktop:~/seccomp/tests$ uname -a Linux flag-desktop 3.2.0-1441-omap4 #60 SMP PREEMPT Fri Nov 15 15:16:44 UTC 2013 armv7l armv7l armv7l GNU/Linux flag@flag-desktop:~/seccomp/tests$ ** Tags removed: verification-needed-precise ** Tags added: verification-done-precise -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1183616 Title: seccomp-bpf missing on ARM in precise Status in “linux” package in Ubuntu: Triaged Status in “linux” source package in Precise: Triaged Bug description: While seccomp-bpf was backported into precise, it was only for x86. Now that the ARM support is upstream too, it would be great to have the same level of support on ARM in the LTS kernel. I'll prepare patches. [Impact] ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome) [Test Case] git clone https://github.com/redpig/seccomp.git cd seccomp/tests make ./seccomp_bpf_tests All tests should pass [Regression Potential] Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- precise' to 'verification-done-precise'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-precise -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1183616 Title: seccomp-bpf missing on ARM in precise Status in “linux” package in Ubuntu: Triaged Status in “linux” source package in Precise: Triaged Bug description: While seccomp-bpf was backported into precise, it was only for x86. Now that the ARM support is upstream too, it would be great to have the same level of support on ARM in the LTS kernel. I'll prepare patches. [Impact] ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome) [Test Case] git clone https://github.com/redpig/seccomp.git cd seccomp/tests make ./seccomp_bpf_tests All tests should pass [Regression Potential] Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1183616] Re: seccomp-bpf missing on ARM in precise
** Description changed: While seccomp-bpf was backported into precise, it was only for x86. Now that the ARM support is upstream too, it would be great to have the same level of support on ARM in the LTS kernel. I'll prepare patches. + + [Impact] + ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome) + + [Test Case] + git clone https://github.com/redpig/seccomp.git + cd seccomp/tests + make + ./seccomp_bpf_tests + All tests should pass + + [Regression Potential] + Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1183616 Title: seccomp-bpf missing on ARM in precise Status in “linux” package in Ubuntu: Triaged Status in “linux” source package in Precise: Triaged Bug description: While seccomp-bpf was backported into precise, it was only for x86. Now that the ARM support is upstream too, it would be great to have the same level of support on ARM in the LTS kernel. I'll prepare patches. [Impact] ARM devices lack seccomp-bpf protections when running seccomp-aware applications (e.g. Chrome) [Test Case] git clone https://github.com/redpig/seccomp.git cd seccomp/tests make ./seccomp_bpf_tests All tests should pass [Regression Potential] Low: ARM currently has no seccomp-bpf support, so this is very unlikely to cause regressions. The changes that are common between x86 and ARM bring Precise closer to upstream seccomp-bpf, so this is similarly unlike to cause regressions (as this code is more correct than what is currently in Precise). Changes have been minimized, and tested. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
