[SRU] seccomp filters backport for Mako

This bug was fixed in the package linux-mako - 3.4.0-7.40

---------------
linux-mako (3.4.0-7.40) xenial; urgency=low

  [ Kyle Fazzari ]

  * SAUCE: Enable SECCOMP_FILTER on mako.
    - LP: #1509489
  * SAUCE: Remove fake no_new_privs.
    - LP: #1509489
  * SAUCE: Make sure userspace sees an ENOSYS for no tracer.
    - LP: #1509489
  * SAUCE: Add seccomp selftests.
    - LP: #1509489

  [ Upstream Kernel Changes ]

  * Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
    - LP: #1509489
  * Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS
    - LP: #1509489
  * sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
    - LP: #1509489
  * net/compat.c,linux/filter.h: share compat_sock_fprog
    - LP: #1509489
  * seccomp: kill the seccomp_t typedef
    - LP: #1509489
  * asm/syscall.h: add syscall_get_arch
    - LP: #1509489
  * arch/x86: add syscall_get_arch to syscall.h
    - LP: #1509489
  * seccomp: add system call filtering using BPF
    - LP: #1509489
  * seccomp: remove duplicated failure logging
    - LP: #1509489
  * seccomp: add SECCOMP_RET_ERRNO
    - LP: #1509489
  * signal, x86: add SIGSYS info and make it synchronous.
    - LP: #1509489
  * seccomp: Add SECCOMP_RET_TRAP
    - LP: #1509489
  * ptrace,seccomp: Add PTRACE_SECCOMP support
    - LP: #1509489
  * x86: Enable HAVE_ARCH_SECCOMP_FILTER
    - LP: #1509489
  * Documentation: prctl/seccomp_filter
    - LP: #1509489
  * seccomp: use a static inline for a function stub
    - LP: #1509489
  * seccomp: ignore secure_computing return values
    - LP: #1509489
  * seccomp: fix build warnings when there is no CONFIG_SECCOMP_FILTER
    - LP: #1509489
  * samples/seccomp: fix dependencies on arch macros
    - LP: #1509489
  * ARM: 7373/1: add support for the generic syscall.h interface
    - LP: #1509489
  * ARM: 7374/1: add TRACEHOOK support
    - LP: #1509489
  * ARM: 7456/1: ptrace: provide separate functions for tracing syscall
    {entry,exit}
    - LP: #1509489
  * ARM: 7577/1: arch/add syscall_get_arch
    - LP: #1509489
  * ARM: 7578/1: arch/move secure_computing into trace
    - LP: #1509489
  * ARM: 7579/1: arch/allow a scno of -1 to not cause a SIGILL
    - LP: #1509489
  * ARM: 7580/1: arch/select HAVE_ARCH_SECCOMP_FILTER
    - LP: #1509489

 -- Tim Gardner <email address hidden> Wed, 28 Oct 2015 09:44:02 -0600

Hello Kyle, or anyone else affected,

Accepted linux-mako into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-mako/3.4.0-7.41~15.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

The fix for this bug has been awaiting testing feedback in the -proposed repository for wily for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

The version of linux-mako in the proposed pocket of Wily that was purported to fix this bug report has been removed because the bugs that were to be fixed by the upload were not verified in a timely (105 days) fashion.