Thanks! Uploaded to xenial's new queue. Do you want this uploaded to trusty also? Flatpak is not easily backportable to trusty so it's not needed for Flatpak, but since snapd is now supported on trusty...?
** Description changed: [Impact] I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing. Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight. + + Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since + one major benefit of Flatpak is running newer apps on stable releases, + it's really beneficial to have Flatpak available on the latest Ubuntu + LTS. [Test Case] Type bwrap in a xenial terminal. The command isn't found. [Regression Potential] This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services. The bwrap binary is setuid root. + + [Regression Potential] + None. This is a new package for 16.04 and should not negatively affect any other Ubuntu package. [Other Info] From the project page: "The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however. In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots." + + Since snapd was backported to trusty-updates and not trusty-backports, + we'd like to do the same with the Flatpak stack. + + bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in + yakkety. 0.1.5 has been released to yakkety-proposed and the security + PPA. The yakkety update is being tracked in bug 1643734. ** Description changed: [Impact] I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing. Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight. Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS. [Test Case] Type bwrap in a xenial terminal. The command isn't found. [Regression Potential] This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services. The bwrap binary is setuid root. - [Regression Potential] - None. This is a new package for 16.04 and should not negatively affect any other Ubuntu package. + This is a new package for 16.04 and should not negatively affect any + other Ubuntu package. [Other Info] From the project page: "The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however. In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots." Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack. bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in yakkety. 0.1.5 has been released to yakkety-proposed and the security PPA. The yakkety update is being tracked in bug 1643734. ** Tags added: xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1649330 Title: [SRU] bubblewrap unavailable on xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1649330/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
