I have made a Bionic version with the fix available for testing in [1]. I'd ask people to test this. Since it changes behavior of a default disabled feature this call applies almost exclusively to people that have set up qemu with "-sandbox=..." or configured libvirt to do so with seccomp_sandbox = 1 in /etc/libvirt/qemu.conf.
@Seth - might I ask you to do a nicely worked call for testing since you so nicely coined it "cajole people to test and report results"? Depending on the feedback to that we can make a Bionic decision then. Note: there are plenty of qemu SRUs in flight (one in -proposed, one waiting) this PPA is ahead to all of them to be useful for a while - none of the other changes affect seccomp execution in any way. [1]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3395 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789551 Title: qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1789551/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs