Tuesday, 4 September 2018

Call for testing to qemu -sandbox users

TL;DR: If you enabled -sandbox in your Bionic qemu, please test the PPA [2]

There is a CVE [1] which we fixed in Cosmic [3], but are unsure to backport to Bionic.
Reasons for that are:
- there is some regression risk associated which we want to minimize
- the sandbox feature it fixes is not enabled by default on Bionic (it is in Cosmic)

Per discussion between me and the security Team there are two things gating the backport of this to Bionic.
1. We'd want to know if anybody actually enables -sandbox explicitly in Bionic?
2. if so, it would be great if one of those with a real case could do a verification based on the ppa [2]

In case there is no feedback here (this poll might work, but no reply doesn't mean too much) we likely will wait until Cosmic is released for quite a while. That will implicitly test the -sandbox feature including the fix.

P.S.: sorry for the cross post, but this is trying to maximize the chance to actually find somebody with the conditions in a real setup

Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd