** Tags added: id-5a3bd5fa5445fb1d95040a5b
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1682102
Title:
libseccomp should support GA and HWE kernels
To manage notifications about this bug go to:
And I have set the verification-done tag based on comment #6.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1682102
Title:
libseccomp should support GA and HWE kernels
To manage notifications
This bug was fixed in the package libseccomp - 2.3.1-2.1ubuntu2~16.04.1
---
libseccomp (2.3.1-2.1ubuntu2~16.04.1) xenial; urgency=medium
* Backport libseccomp 2.3.1 to xenial LP: #1682102
- Improved s390x support
- Improved support for v4.5+ kernels
-- Dimitri John Ledkov
It would have expedited the release of this SRU if someone had retried
the systemd/armhf autopkgtest failure, or provided some concrete
analysis of why this test is expected to fail and does not need to be
retried.
I've now retriggered that test, and it has passed. All of the failing
snapd has migrated to xenial-updates without this change landing;
unfortunately, that makes snapd uninstallable on powerpc (as that's the
only architecture where it isn't statically compiled). snapd is
installed during image builds, so this migration is currently blocking
powerpc cloud images
snapd failure on s390x. We now do have machine isolation available, but
the tests do not have anything to run:
+ /tmp/go/bin/spread -v autopkgtest:ubuntu-16.04-s390x
2017-12-11 23:35:01 Found /tmp/autopkgtest.ics8dn/build.mFy/src/spread.yaml.
error: nothing matches provider filter
This is a
As for the failing Xenial snapd autopkgtests...
- amd64: The autopkgtest:ubuntu-16.04-amd64:tests/main/completion fails with
and without the libseccomp in xenial-proposed
- s390x: No tests are ever ran due to the tests requiring "machine-level
isolation" but that not being available on s390x.
I've successfully performed the testing described in the [libseccomp
Test Case] section of the bug 1567597 description using libseccomp
2.3.1-2.1ubuntu2~16.04.1 from xenial-proposed. It includes the
libseccomp live tests (which aren't used during the build) and a
specific test of the new seccomp
I built this package in the ubuntu-security-proposed PPA so it can be
released to both -updates and -security (which seems like probably a
sane thing to do) once it's passed the SRU process.
** Changed in: libseccomp (Ubuntu Xenial)
Status: Confirmed => Fix Committed
** Tags added:
A 2.3.x in Xenial would also allow to drop some Delta that the Cloud
Archive is adding to "drop" newer seccomp support we add for latter
releases - so seconding Tyhicks question being interested as well.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Description changed:
[Impact]
out of date libseccomp w.r.t. custom and hwe kernels provides sub-par
userspace protection, which is otherwise available on the running kernel and
hardware combination.
This results in subpar security of systems running new architectures (s390x &
** Description changed:
- Currently libseccomp version in Ubuntu are:
+ [Impact]
- libseccomp | 2.2.3-3ubuntu3 | xenial |
source
- libseccomp | 2.3.1-2ubuntu2 | yakkety|
source
- libseccomp | 2.3.1-2.1ubuntu1
@xnox bringing zesty's libseccomp back to xenial may be needed for some
kernel/snapd/libseccomp changes that I'm working on. Have you spent any
time investigating such a change?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libseccomp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1682102
Title:
14 matches
Mail list logo