Call for testing to qemu -sandbox users

Christian Ehrhardt christian.ehrhardt at canonical.com
Wed Sep 5 05:56:50 UTC 2018


Hi,
TL;DR: If you enabled -sandbox in your Bionic qemu, please test the PPA [2]

Details:
There is a CVE [1] which we fixed in Cosmic [3], but are unsure to backport
to Bionic.
Reasons for that are:
- there is some regression risk associated which we want to minimize
- the sandbox feature it fixes is not enabled by default on Bionic (it is
in Cosmic)

Per discussion between me and the security Team there are two things gating
the backport of this to Bionic.
1. We'd want to know if anybody actually enables -sandbox explicitly in
Bionic?
2. if so, it would be great if one of those with a real case could do a
verification based on the ppa [2]

In case there is no feedback here (this poll might work, but no reply
doesn't mean too much) we likely will wait until Cosmic is released for
quite a while. That will implicitly test the -sandbox feature including the
fix.

[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15746
[2]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3395
[3]: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1789551

P.S.: sorry for the cross post, but this is trying to maximize the chance
to actually find somebody with the conditions in a real setup

-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20180905/1da1a551/attachment.html>


More information about the ubuntu-devel mailing list