My opinion on how this could go: - integrate changes for cosmic soon, deploy the blacklist variant as soon as practical. Beg and cajole people to test and report results. (Does this require a feature freeze exception bug?)
- handle bionic and earlier via SRU process -- this feels like a significant regression risk, and the consequences of it could be pretty severe for our users. Not all kernels will log seccomp denials either, making it extremely difficult to track down the root cause of potential regressions. - we might not want to turn on even the blacklist variant by default in bionic and earlier due to the risk of regressions. We can always turn it on after cosmic has shipped and seen wider use. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789551 Title: qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1789551/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
