2016-05-23 21:17:26 |
Philipp Gassmann |
bug |
|
|
added bug |
2016-05-23 21:21:20 |
Seth Forshee |
linux (Ubuntu): importance |
Undecided |
Medium |
|
2016-05-23 21:21:20 |
Seth Forshee |
linux (Ubuntu): status |
New |
Confirmed |
|
2016-05-23 21:21:20 |
Seth Forshee |
linux (Ubuntu): assignee |
|
Seth Forshee (sforshee) |
|
2016-05-23 21:21:37 |
Seth Forshee |
nominated for series |
|
Ubuntu Xenial |
|
2016-05-23 21:21:37 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Xenial) |
|
2016-05-23 21:21:54 |
Seth Forshee |
linux (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2016-05-23 21:21:54 |
Seth Forshee |
linux (Ubuntu Xenial): status |
New |
Confirmed |
|
2016-05-23 21:21:54 |
Seth Forshee |
linux (Ubuntu Xenial): assignee |
|
Seth Forshee (sforshee) |
|
2016-05-23 21:35:32 |
Seth Forshee |
linux (Ubuntu Xenial): status |
Confirmed |
In Progress |
|
2016-05-23 21:36:05 |
Seth Forshee |
linux (Ubuntu): status |
Confirmed |
Fix Released |
|
2016-05-24 03:19:25 |
Seth Forshee |
linux (Ubuntu Xenial): status |
In Progress |
Incomplete |
|
2016-05-24 14:26:43 |
Seth Forshee |
attachment added |
|
iptables-test.sh https://bugs.launchpad.net/ubuntu/xenial/+source/linux/+bug/1584953/+attachment/4669432/+files/iptables-test.sh |
|
2016-05-24 14:27:56 |
Seth Forshee |
nominated for series |
|
Ubuntu Wily |
|
2016-05-24 14:27:56 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Wily) |
|
2016-05-24 14:27:56 |
Seth Forshee |
nominated for series |
|
Ubuntu Trusty |
|
2016-05-24 14:27:56 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Trusty) |
|
2016-05-24 14:27:56 |
Seth Forshee |
nominated for series |
|
Ubuntu Vivid |
|
2016-05-24 14:27:56 |
Seth Forshee |
bug task added |
|
linux (Ubuntu Vivid) |
|
2016-05-24 14:28:47 |
Seth Forshee |
bug task added |
|
linux-lts-utopic (Ubuntu) |
|
2016-05-24 14:29:13 |
Seth Forshee |
linux-lts-utopic (Ubuntu): status |
New |
Invalid |
|
2016-05-24 14:29:25 |
Seth Forshee |
linux-lts-utopic (Ubuntu Vivid): status |
New |
Invalid |
|
2016-05-24 14:29:35 |
Seth Forshee |
linux-lts-utopic (Ubuntu Wily): status |
New |
Invalid |
|
2016-05-24 14:29:43 |
Seth Forshee |
linux-lts-utopic (Ubuntu Xenial): status |
New |
Invalid |
|
2016-05-24 14:29:57 |
Seth Forshee |
linux-lts-utopic (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-05-24 14:29:57 |
Seth Forshee |
linux-lts-utopic (Ubuntu Trusty): status |
New |
In Progress |
|
2016-05-24 14:29:57 |
Seth Forshee |
linux-lts-utopic (Ubuntu Trusty): assignee |
|
Seth Forshee (sforshee) |
|
2016-05-24 14:30:16 |
Seth Forshee |
linux (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2016-05-24 14:30:16 |
Seth Forshee |
linux (Ubuntu Trusty): status |
New |
In Progress |
|
2016-05-24 14:30:16 |
Seth Forshee |
linux (Ubuntu Trusty): assignee |
|
Seth Forshee (sforshee) |
|
2016-05-24 14:30:30 |
Seth Forshee |
linux (Ubuntu Vivid): importance |
Undecided |
Medium |
|
2016-05-24 14:30:30 |
Seth Forshee |
linux (Ubuntu Vivid): status |
New |
In Progress |
|
2016-05-24 14:30:30 |
Seth Forshee |
linux (Ubuntu Vivid): assignee |
|
Seth Forshee (sforshee) |
|
2016-05-24 14:30:47 |
Seth Forshee |
linux (Ubuntu Wily): importance |
Undecided |
Medium |
|
2016-05-24 14:30:47 |
Seth Forshee |
linux (Ubuntu Wily): status |
New |
In Progress |
|
2016-05-24 14:30:47 |
Seth Forshee |
linux (Ubuntu Wily): assignee |
|
Seth Forshee (sforshee) |
|
2016-05-24 14:30:57 |
Seth Forshee |
linux (Ubuntu Xenial): status |
Incomplete |
In Progress |
|
2016-05-24 14:39:15 |
Seth Forshee |
description |
Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4 for xenial and if possible to lts kernel for 14.04
Change upstream:
netfilter: Set /proc/net entries owner to root in namespace
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881
This is the Kernel-side part of the fix for "iptables-save does not work inside lxd containers"
https://github.com/lxc/lxd/issues/1978#issuecomment-220998013
The necessary changes in lxc landed in lxc/lxd https://github.com/lxc/lxc/pull/1014 and is available in version 2.0.1, currently in xenial-proposed.
It would be great if this would be backported asap. As it allows to manage the firewall within lxd instances using Puppet and probably other configuration management systems. And to use iptables-save manually |
SRU Justification
Impact: iptables-save fails in lxd containers due to the ownership of /proc/net/ip_tables_names. This command is needed to manage firewalls in containers using Puppet.
Fix: Upstream commit f13f2aeed154da8e48f90b85e720f8ba39b1e881 ("netfilter: Set /proc/net entries owner to root in namespace") which sets ownership for /proc/net files to root in the user ns which owns the net ns.
Test Case: Script attached to this bug report. Before the fix no output will be seen from iptables-save; after the fix it will output the iptables rules.
---
Request to backport Kernel changes from Kernel 4.5 to lts kernel 4.4 for xenial and if possible to lts kernel for 14.04
Change upstream:
netfilter: Set /proc/net entries owner to root in namespace
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881
This is the Kernel-side part of the fix for "iptables-save does not work inside lxd containers"
https://github.com/lxc/lxd/issues/1978#issuecomment-220998013
The necessary changes in lxc landed in lxc/lxd https://github.com/lxc/lxc/pull/1014 and is available in version 2.0.1, currently in xenial-proposed.
It would be great if this would be backported asap. As it allows to manage the firewall within lxd instances using Puppet and probably other configuration management systems. And to use iptables-save manually |
|
2016-05-25 19:34:18 |
Kamal Mostafa |
linux (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2016-05-25 19:34:27 |
Kamal Mostafa |
linux (Ubuntu Vivid): status |
In Progress |
Fix Committed |
|
2016-05-25 19:34:36 |
Kamal Mostafa |
linux (Ubuntu Wily): status |
In Progress |
Fix Committed |
|
2016-05-25 19:34:44 |
Kamal Mostafa |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2016-05-25 19:34:54 |
Kamal Mostafa |
linux-lts-utopic (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2016-06-14 14:20:20 |
Kamal Mostafa |
tags |
|
verification-needed-trusty |
|
2016-06-14 14:20:43 |
Kamal Mostafa |
tags |
verification-needed-trusty |
verification-needed-trusty verification-needed-vivid |
|
2016-06-14 14:21:02 |
Kamal Mostafa |
tags |
verification-needed-trusty verification-needed-vivid |
verification-needed-trusty verification-needed-vivid verification-needed-wily |
|
2016-06-14 14:22:31 |
Kamal Mostafa |
tags |
verification-needed-trusty verification-needed-vivid verification-needed-wily |
verification-needed-trusty verification-needed-vivid verification-needed-wily verification-needed-xenial |
|
2016-06-20 09:14:53 |
Philipp Gassmann |
tags |
verification-needed-trusty verification-needed-vivid verification-needed-wily verification-needed-xenial |
verification-done-xenial verification-needed-trusty verification-needed-vivid verification-needed-wily |
|
2016-06-21 09:52:05 |
Philipp Gassmann |
tags |
verification-done-xenial verification-needed-trusty verification-needed-vivid verification-needed-wily |
verification-done-trusty verification-done-xenial verification-needed-vivid verification-needed-wily |
|
2016-06-21 14:35:07 |
Seth Forshee |
tags |
verification-done-trusty verification-done-xenial verification-needed-vivid verification-needed-wily |
verification-done-trusty verification-done-vivid verification-done-wily verification-done-xenial |
|
2016-06-27 18:27:24 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2016-06-27 18:27:24 |
Launchpad Janitor |
cve linked |
|
2016-4482 |
|
2016-06-27 18:27:24 |
Launchpad Janitor |
cve linked |
|
2016-4569 |
|
2016-06-27 18:27:24 |
Launchpad Janitor |
cve linked |
|
2016-4578 |
|
2016-06-27 18:27:24 |
Launchpad Janitor |
cve linked |
|
2016-4951 |
|
2016-06-27 18:42:53 |
Launchpad Janitor |
linux (Ubuntu Wily): status |
Fix Committed |
Fix Released |
|
2016-06-27 18:42:53 |
Launchpad Janitor |
cve linked |
|
2016-3134 |
|
2016-06-27 18:42:53 |
Launchpad Janitor |
cve linked |
|
2016-4580 |
|
2016-06-27 18:42:53 |
Launchpad Janitor |
cve linked |
|
2016-4913 |
|
2016-06-27 18:48:38 |
Launchpad Janitor |
linux (Ubuntu Vivid): status |
Fix Committed |
Fix Released |
|
2016-06-27 19:04:21 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2016-06-27 19:04:21 |
Launchpad Janitor |
cve linked |
|
2016-4565 |
|
2016-06-27 19:06:27 |
Launchpad Janitor |
linux-lts-utopic (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2016-08-12 17:19:49 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-updates/linux-lts-wily |
|
2016-08-12 18:30:37 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/linux-lts-vivid |
|