| 2016-12-12 16:31:21 |
William Hua |
bug |
|
|
added bug |
| 2016-12-13 19:02:14 |
Brian Murray |
nominated for series |
|
Ubuntu Xenial |
|
| 2016-12-13 19:02:14 |
Brian Murray |
bug task added |
|
bubblewrap (Ubuntu Xenial) |
|
| 2017-01-05 14:53:31 |
Jeremy Bícha |
bubblewrap (Ubuntu): status |
New |
Fix Released |
|
| 2017-01-05 14:53:36 |
Jeremy Bícha |
bubblewrap (Ubuntu Xenial): status |
New |
In Progress |
|
| 2017-01-05 14:53:43 |
Jeremy Bícha |
bubblewrap (Ubuntu Xenial): importance |
Undecided |
Low |
|
| 2017-01-05 14:53:48 |
Jeremy Bícha |
bubblewrap (Ubuntu): importance |
Undecided |
Low |
|
| 2017-01-05 14:58:50 |
Jeremy Bícha |
description |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots." |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
[Regression Potential]
None. This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack.
bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in yakkety. 0.1.5 has been released to yakkety-proposed and the security PPA. The yakkety update is being tracked in bug 1643734. |
|
| 2017-01-05 14:59:16 |
Jeremy Bícha |
description |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
[Regression Potential]
None. This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack.
bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in yakkety. 0.1.5 has been released to yakkety-proposed and the security PPA. The yakkety update is being tracked in bug 1643734. |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack.
bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in yakkety. 0.1.5 has been released to yakkety-proposed and the security PPA. The yakkety update is being tracked in bug 1643734. |
|
| 2017-01-05 15:01:38 |
Jeremy Bícha |
tags |
|
xenial |
|
| 2017-01-16 20:49:53 |
Jeremy Bícha |
description |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack.
bubblewrap 0.1.5 includes security updates to the 0.1.2 currently in yakkety. 0.1.5 has been released to yakkety-proposed and the security PPA. The yakkety update is being tracked in bug 1643734. |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack. (LP: #1656712) |
|
| 2017-01-20 05:21:00 |
Jeremy Bícha |
description |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack. (LP: #1656712) |
[SRU Team Note]
This update is waiting on security bug 1657357 to be pushed first.
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack. (LP: #1656712) |
|
| 2017-01-27 11:24:25 |
Jeremy Bícha |
bubblewrap (Ubuntu Xenial): status |
In Progress |
Incomplete |
|
| 2017-02-10 12:02:02 |
Jeremy Bícha |
bubblewrap (Ubuntu Xenial): status |
Incomplete |
In Progress |
|
| 2017-02-10 12:02:50 |
Jeremy Bícha |
description |
[SRU Team Note]
This update is waiting on security bug 1657357 to be pushed first.
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same with the Flatpak stack. (LP: #1656712) |
[Impact]
I'm writing a snapcraft plugin that uses bubblewrap for sandboxing purposes, but since bubblewrap isn't available on xenial while snapcraft is, it's currently blocked from landing.
Besides that, bubblewrap is a generally useful tool for running commands in a sandbox, similar to a chroot, but can be run by an unprivileged user, or like lxc, but more lightweight.
Bubblewrap is also needed to provide Flatpak on Ubuntu 16.04 LTS. Since one major benefit of Flatpak is running newer apps on stable releases, it's really beneficial to have Flatpak available on the latest Ubuntu LTS.
[Test Case]
Type bwrap in a xenial terminal. The command isn't found.
[Regression Potential]
This package is already available in yakkety and zesty, and it depends only on libc6 and libselinux1. It contains no services.
The bwrap binary is setuid root.
This is a new package for 16.04 and should not negatively affect any other Ubuntu package.
[Other Info]
From the project page:
"The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots."
Since snapd was backported to trusty-updates and not trusty-backports, we'd like to do the same (xenial-updates not xenial-backports) with the Flatpak stack. (LP: #1656712) |
|
