© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
My opinion on how this could go:
- integrate changes for cosmic soon, deploy the blacklist variant as soon as practical. Beg and cajole people to test and report results. (Does this require a feature freeze exception bug?)
- handle bionic and earlier via SRU process -- this feels like a significant regression risk, and the consequences of it could be pretty severe for our users. Not all kernels will log seccomp denials either, making it extremely difficult to track down the root cause of potential regressions.
- we might not want to turn on even the blacklist variant by default in bionic and earlier due to the risk of regressions. We can always turn it on after cosmic has shipped and seen wider use.
Thanks