#ubuntu-meeting log

16:37 <tyhicks> #startmeeting
16:37 <meetingology> Meeting started Mon Mar  2 16:37:20 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:37 <meetingology> 
16:37 <meetingology> Available commands: action commands idea info link nick
16:37 <tyhicks> The meeting agenda can be found at:
16:37 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:37 <tyhicks> [TOPIC] Weekly stand-up report
16:37 <tyhicks> jdstrand: you're up
16:38 <jdstrand> I'm working on the store review tools wrt snappy
16:38 <jdstrand> I'm also helping with the oxide FFe and helping coordinate some oxide work
16:39 <jdstrand> I also have performance reviews to do
16:40 <jdstrand> I hope to work on snappy hw access some more. phase 1 landed, but need to be thinking longer term now
16:40 <jdstrand> I'd like to sync up with tyhicks and/or jjohansen on overlayfs/apparmor at some point this week too
16:40 <jdstrand> that's it from me
16:41 <mdeslaur> I'm on community this week
16:41 <mdeslaur> and tomorrow, I have patch piloting
16:41 <mdeslaur> I'm still banging my head on the icu updates
16:42 <mdeslaur> that's probably going to take up a couple of days still
16:42 <mdeslaur> after that, I'll continue down the CVE list
16:42 <mdeslaur> that's it for me
16:42 <mdeslaur> sbeattie: you're up
16:42 <sbeattie> I'm on security bug triage this week
16:43 <sbeattie> I also need to correct the mir abstraction library paths for bug 1422521
16:43 <ubottu> bug 1422521 in apparmor (Ubuntu) "mmap of ...mir/client-platform/mesa.so DENIED" [High,In progress] https://launchpad.net/bugs/1422521
16:43 <sbeattie> I'm continuing to test gcc-5 with pie enabled by default.
16:44 <sbeattie> I have some apparmor patches to review and am hoping to release 2.9.2 soon.
16:44 <sbeattie> That's pretty much it for me.
16:44 <sbeattie> tyhicks: tag.
16:44 <jdstrand> sbeattie: will 2.9.2 contain the mir abstraction?
16:44 <jdstrand> or we still want it to mature?
16:45 <sbeattie> Maybe. I'd kind of like it to mature a bit, perhaps move the unpriv mir client socket there as well.
16:46 <sbeattie> But I can also see the desire to get it in place upstream and fleshed out there instead.
16:47 <tyhicks> sbeattie: have you wrapped up the work to look at how well the apparmor init script is working with systemd?
16:48 <sbeattie> tyhicks: mostly, I want to poke at it a little more, but things are looking okay so far.
16:48 <tyhicks> sbeattie: good to hear - thanks for looking at that :)
16:48 <tyhicks> I'm on CVE triage this week
16:48 <tyhicks> it is the first time in a long time so it'll take me a while to get back in the swing of things
16:49 <tyhicks> I still need to land fixes upstream, retest and publish ecryptfs-utils security updates
16:49 <tyhicks> I'm going to add the ability to check subfeatures and then send out v2 of the libapparmor API changes
16:49 <tyhicks> by subfeatures, I mean the permissions typically found in the "mask" files of apparmorfs (such as apparmorfs/dbus/mask)
16:50 <tyhicks> then I'll restart my work on AppArmor kernel keyring mediation for user data encryption
16:50 <tyhicks> that's it for me
16:50 <tyhicks> jjohansen: you're up
16:50 <jjohansen> I need to finish testing the fix for the fd_inheritance Bug 1423810 (it is backport kernels only),
16:50 <jjohansen> I still need to finish looking into Bug 1425398, a first glance lead me to believe its actually a bug fix against the trusty version of apparmor that is causing the issue.
16:50 <jjohansen> push the current stack of bug fixes up to the kt
16:50 <jjohansen> Finish my review of the latest revision of the LSM stacking patches
16:50 <jjohansen> sync up discuss the libapparmor policy load api
16:50 <jjohansen> sync up with jdstrand on overlayfs
16:50 <jjohansen> and of course get back to upstreaming cleanup
16:50 <ubottu> bug 1423810 in apparmor (Ubuntu) "[krillin] apparmor fd_inheritance regression test causes kernel to crash" [Undecided,New] https://launchpad.net/bugs/1423810
16:50 <ubottu> bug 1425398 in linux-lts-utopic (Ubuntu) "Apparmor uses rsyslogd profile for different processes - utopic HWE" [Undecided,New] https://launchpad.net/bugs/1425398
16:51 <jdstrand> sbeattie: re systemd> I just noticed on a snappy system:
16:51 <jdstrand> 1 processes are unconfined but have a profile defined.
16:51 <jdstrand> /sbin/dhclient (723)
16:52 <jdstrand> sbeattie: that may be known-- dhclient is a system profile and not a snap profile, but seems we need to do something special there *if* we weren't going to land cache loading
16:52 <jjohansen> that isn't surprising
16:52 <jdstrand> no, it isn'
16:52 <jdstrand> t
16:52 <sbeattie> jdstrand: hunh, okay. I didn't see that in a vm, but I'll try and play around with snappy this week
16:52 <jdstrand> also, I'm not sure how tradition server software is doing
16:53 <jdstrand> traditional*
16:53 <jdstrand> sbeattie: thanks
16:53 <jdstrand> sbeattie: it might be a race. ping me if you need help with snappy kvm
16:54 <jjohansen> that is it for me sarnold you're up
16:55 <sarnold> I'm in happy place this week; I'm working on several MIR requests and back-burnered the horizon updates; those are blocked on the server team's work on preparing their servrestack testing environment to handle precise with distro-supplied openstack
16:55 <sarnold> when they have something far enough along to test, I'll head over to that
16:56 <sarnold> and I'll try to review some of the apparmor patches coming this week or already outstanding, but it's also not going to be a top priority
16:56 <sarnold> that's it for me, chrisccoulson?
16:56 <tyhicks> sarnold: lets continue to wait on the precise-essex serverstack enablement this week
16:57 <tyhicks> sarnold: if it doesn't happen this week, we need to go back to the wiki page for precise testing next week
16:57 <sarnold> tyhicks: makes sense
16:57 <tyhicks> thanks
16:57 <chrisccoulson> This week, I'll be getting thunderbird out. I also expect a chromium update, which means there'll be a corresponding oxide update
16:58 <chrisccoulson> Other than that, I'll be working on oxide bugs
16:58 <chrisccoulson> That's me done
16:59 <tyhicks> [TOPIC] Highlighted packages
16:59 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:59 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:59 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html
16:59 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libphp-adodb.html
16:59 <tyhicks> [TOPIC] Miscellaneous and Questions
16:59 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/maildrop.html
16:59 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/xlockmore.html
16:59 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/python-soappy.html
16:59 <tyhicks> Does anyone have any other questions or items to discuss?
17:01 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
17:01 <tyhicks> #endmeeting