This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.19.10.3
---
libseccomp (2.4.3-1ubuntu3.19.10.3) eoan; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to ad
** Project changed: snapd => ubuntu-translations
** No longer affects: ubuntu-translations
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177
Title:
seccomp_rule_a
Marking Eoan as Won't fix due to EOL.
** Changed in: libseccomp (Ubuntu Eoan)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/186
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.16.04.3
---
libseccomp (2.4.3-1ubuntu3.16.04.3) xenial; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.18.04.3
---
libseccomp (2.4.3-1ubuntu3.18.04.3) bionic; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.16.04.3
---
libseccomp (2.4.3-1ubuntu3.16.04.3) xenial; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.18.04.3
---
libseccomp (2.4.3-1ubuntu3.18.04.3) bionic; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.20.04.3
---
libseccomp (2.4.3-1ubuntu3.20.04.3) focal; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to a
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.20.04.3
---
libseccomp (2.4.3-1ubuntu3.20.04.3) focal; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to a
# autopkgtest regression in EOAN
There is an autopkgtest regression in EOAN on ppc64el for systemd package.
The regression is caused by the 'upstream' test.
As it's shown here
http://autopkgtest.ubuntu.com/packages/s/systemd/eoan/ppc64el this test
has always been failing since systemd version 240
#VERIFICATION EOAN
---> Old version
# dpkg -l | grep libseccomp
ii libseccomp2:amd64 2.4.3-1ubuntu3.19.10.2amd64 high level interface to
Linux seccomp filter
# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 9.374s
---> New version
# dpkg -l | grep
#VERIFICATION BIONIC
---> Old version
# dpkg -l | grep libseccomp
ii libseccomp2:amd64 2.4.3-1ubuntu3.18.04.2 amd64 high level interface to
Linux seccomp filter
# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 8.148s
---> New version
# dpkg -l | grep li
#VERIFICATION FOCAL
---> Old version
# dpkg -l | grep libseccomp
ii libseccomp2:amd642.4.3-1ubuntu3.20.04.2
amd64high level interface to Linux seccomp filter
# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 10.176s
-
#VERIFICATION XENIAL
---> Old version
# dpkg -l | grep libseccomp
ii libseccomp2:amd64 2.4.3-1ubuntu3.16.04.2
amd64high level interface to Linux seccomp filte
# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu4
---
libseccomp (2.4.3-1ubuntu4) groovy; urgency=medium
* d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
* d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performa
Hello Sam, or anyone else affected,
Accepted libseccomp into eoan-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.4.3-1ubuntu3.19.10.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello Sam, or anyone else affected,
Accepted libseccomp into focal-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.4.3-1ubuntu3.20.04.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
As discussed on IRC, I have reviewed all the SRUs. They looked correct
from my POV (although I guess I'd appreciate a second opinion from the
security team).
Since we want to include those in the -security pockets as well, I have
uploaded all of them to a security-only Bileto PPA. I have confirmed
Currently, there are autopkgtest regressions on Groovy for the docker.io
package :
https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#libseccomp
These regressions are not due to the new libseccomp (can be reproduced
with previous libseccomp version). They a
uploaded to x/b/e/f/g, thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177
Title:
seccomp_rule_add is very slow
Status in snapd:
Invalid
Status in libsecc
Debdiff for Xenial.
** Patch added: "lp1861177_xenial.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388142/+files/lp1861177_xenial.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscr
Debdiff for Bionic.
** Patch added: "lp1861177_bionic.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388141/+files/lp1861177_bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscr
Debdiff for Focal.
** Patch added: "lp1861177_focal.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388139/+files/lp1861177_focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribe
Debdiff for Eoan.
** Patch added: "lp1861177_eoan.debdiff"
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388140/+files/lp1861177_eoan.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed t
Debdiff for Groovy.
Currently, there is an ongoing sru of libseccomp for F,E,B and X stuck in
proposed.
Once it is released in updates, I'll sru this one for F,E,B and X.
** Description changed:
- There is a known and patched issue with version 2.4 of libseccomp where
- certain operations have
** Also affects: libseccomp (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: libseccomp (Ubuntu Groovy)
Importance: Medium
Status: In Progress
** Also affects: libseccomp
Thanks for the follow ups. If the server team doesn't want to take this
on, could someone provide me with a team or person I could contact to
try and gently prod this forward (maybe someone on the security team)?
I've got some customers that are running into this and telling them to
rebuild this li
There isn't a snapd task (snap-seccomp is compiled against libseccomp
but it can't influence this behavior), so unassigning Ian and marking
that task as Invalid.
** Changed in: snapd
Status: Triaged => Invalid
** Changed in: snapd
Assignee: Ian Johnson (anonymouse67) => (unassigned)
FYI, a 2.4.3 SRU is in flight (by amurray), but looking at
https://github.com/seccomp/libseccomp/pull/180 (the fix for the bug),
https://github.com/seccomp/libseccomp/issues/187 (2.4.3 backports), and
code inspection, the fix for the bug is not in 2.4.3 and will come in
2.5.
The security team is n
I asked Dimitri about this on IRC. He isn't expecting to work on this,
and nor is the server team. We think the security team will take this on
according to their priorities? If this does need the server team's
attention, please let us know.
** Tags removed: server-next
--
You received this bug
** Changed in: libseccomp (Ubuntu)
Importance: High => Medium
** Changed in: libseccomp (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.laun
I can't seem to assign this bug to Dimitri, but as per
https://github.com/snapcore/core20/issues/48, Dimitri should be
preparing a libseccomp 2.4.2 SRU.
** Bug watch added: github.com/snapcore/core20/issues #48
https://github.com/snapcore/core20/issues/48
--
You received this bug notification
Gentle ping. Can this be assigned to someone? Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177
Title:
seccomp_rule_add is very slow
Status in snapd:
Tr
I'll take a look at measuring this with snapd $SOON
** Changed in: snapd
Assignee: (unassigned) => Ian Johnson (anonymouse67)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.n
** Changed in: snapd
Status: New => Triaged
** Changed in: snapd
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177
Title:
I'm leaving the snapd bug task as New so mvo or ian can take a look when
it's their triage day, at the latest; I have nothing useful to do here
other than "ouch".
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in U
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177
Title:
seccomp_rule_add is very slow
Status in snapd:
New
Status in libseccomp package in
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177
Title:
seccomp_rule_add is very slow
Status in snapd:
New
Status in libseccomp pack
2.4.1 is currently available from xenial, bionic, disco, eoan; focal
carries 2.4.2. None of these carry the patches for this bug report yet.
** Changed in: libseccomp (Ubuntu)
Importance: Undecided => High
** Changed in: libseccomp (Ubuntu)
Status: New => Triaged
--
You received this
The patch mentioned in the OP is attached for reference. Per [1] it was
proposed for inclusion in Debian last November as patches db-
consolidate-some-of-the-code-which-adds-rules-to-.patch and db-add-
shadow-transactions.patch.
The corresponding bug report upstream is [2].
1: https://bugs.debia
@mvo and @ijohnson, fyi, the fix for this may help with slow snap-
seccomp (unconfirmed; not actively working on it at this time).
** Also affects: snapd
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, wh
41 matches
Mail list logo
