LXD 4.2 broken on linux-kvm due to missing VLAN filtering
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-kvm (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned | ||
Eoan |
Fix Released
|
Medium
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Description]
Some VLAN options (BRIDGE_
[Fix]
Apply the attached config patch
[Regression potential]
Low, just some config changes already present in generic.
---
This is another case of linux-kvm having unexplained differences compared to linux-generic in areas that aren't related to hardware drivers (see other bug we filed for missing nft).
This time, CPC is reporting that LXD no longer works on linux-kvm as we now set vlan filtering on our bridges to prevent containers from escaping firewalling through custom vlan tags.
This relies on CONFIG_
We need this fixed in focal and groovy.
CVE References
Changed in linux-kvm (Ubuntu): | |
status: | New → Triaged |
tags: | added: id-5ee11405ec50180f6deea614 |
tags: | added: patch |
Changed in linux-kvm (Ubuntu Focal): | |
importance: | Undecided → Low |
status: | New → In Progress |
importance: | Low → Medium |
Changed in linux-kvm (Ubuntu Eoan): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in linux-kvm (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in linux-kvm (Ubuntu Xenial): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in linux-kvm (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in linux-kvm (Ubuntu): | |
status: | Triaged → Invalid |
Changed in linux-kvm (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux-kvm (Ubuntu Eoan): | |
status: | Triaged → Fix Committed |
Changed in linux-kvm (Ubuntu Bionic): | |
status: | Triaged → Fix Committed |
Changed in linux-kvm (Ubuntu Xenial): | |
status: | Triaged → Fix Committed |
CPC are seeing this issue in _all_ minimal cloud images testing with LXD snap version 4.2 or greater. This blocks promotion of all minimal cloud download images and blocks build and publication of both daily and release cloud images.