16:39 <tyhicks> #startmeeting 16:39 <meetingology> Meeting started Mon May 23 16:39:44 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:39 <meetingology> 16:39 <meetingology> Available commands: action commands idea info link nick 16:39 <tyhicks> The meeting agenda can be found at: 16:39 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:39 <tyhicks> [TOPIC] Weekly stand-up report 16:39 <tyhicks> jdstrand: you're up 16:40 <jdstrand> hello 16:40 <jdstrand> I'm focused on snappy this week 16:40 <jdstrand> specifically, I'm working on more sdoc policy updates, policy recompiles for apparmor upgrades on snappy and sprint outcomes 16:41 <jdstrand> tyhicks: I have a question on seccomp arg filtering. do you plan to review that this week? if not, I need to do an SRU for the ecryptfs denial in the launcher and will work on that. if so, I'll bundle together and work on that 16:42 <jdstrand> in addition, I need to followup on the click-apparmor SRU 16:43 <tyhicks> jdstrand: I do plan to review it this week 16:43 <jdstrand> ok, thanks 16:43 <jdstrand> then I'll also be doing the second part of that :) 16:44 <jdstrand> mdes laur is out, so, sbeattie, you're up 16:44 <sbeattie> I'm in the happy place this week 16:45 <sbeattie> I'm working on getting the glibc updates out this week 16:45 <sbeattie> I need to get back at looking at some of the build failures in yakkety caused by enabling pie 16:46 <sbeattie> I'll probably try to pick up another update in the background this week, since our backlog is long 16:47 <sbeattie> I also need to see where we're at with upstream apparmor on some things, whether we can release 2.11 and pull that into yakkety. 16:47 <sbeattie> That's probably it for me. tyhicks? 16:47 <tyhicks> I'm doing CVE triage this week 16:47 <tyhicks> otherwise, I'm mostly focused on snappy 16:48 <tyhicks> I'm fixing and SRUing bug #1584069 in support of bug #1583259 16:48 <ubottu> bug 1584069 in AppArmor "change_profile rules need a modifier to allow non-secureexec transitions" [High,In progress] https://launchpad.net/bugs/1584069 16:48 <ubottu> bug 1583259 in Snappy Launcher "Snappy needs to influence environment variables in applications " [Undecided,New] https://launchpad.net/bugs/1583259 16:48 <tyhicks> then I'll do some ubuntu-core-launcher MP reviews (including seccomp arg filtering) 16:49 <tyhicks> and then I'll be making the ubuntu-core-launcher changes for bug #1582781 16:49 <ubottu> bug 1582781 in Snappy "snapd needs a way to control mount points " [Undecided,In progress] https://launchpad.net/bugs/1582781 16:49 <tyhicks> that's it for me 16:49 <tyhicks> I don't see jj so you're up, sarnold 16:49 * jjohansen is here 16:49 <tyhicks> ah 16:49 <tyhicks> jjohansen: go ahead 16:50 <jjohansen> I am working on apparmor this week 16:51 <jjohansen> I have a user who has volunteered to run a test kernel for bug 1581990 which I think is the same as 1579135 16:51 <ubottu> bug 1581990 in apparmor (Ubuntu) "Profile reload leads to kernel NULL pointer dereference" [Undecided,New] https://launchpad.net/bugs/1581990 16:51 <jjohansen> so hopefully I can make some progress on it 16:51 <jdstrand> tyhicks: note that zyga is updating the launcher for 'snap-run' and the project is moving and possibly renamed 16:51 * jdstrand gets link 16:52 <jjohansen> bug 1579135 16:52 <ubottu> bug 1579135 in apparmor (Ubuntu) "kernel BUG on snap disconnect from within a snap" [Undecided,Incomplete] https://launchpad.net/bugs/1579135 16:53 <jdstrand> tyhicks: https://github.com/ubuntu-core/snap-run/pull/1/files 16:53 <jjohansen> I found a couple more bugs while auditing the code looking a fix for that and I need to clean those up a bit 16:54 <jjohansen> I need to finish reviewing the gsettings stuff and discuss that this week 16:54 <tyhicks> jdstrand: thanks 16:54 <jdstrand> tyhicks: I'm discussing how thi simpacts us in #snappy 16:55 <jjohansen> I expect to be reviewing some patches from tyhicks, and I'll be working on fixing up more stacking issues 16:56 <tyhicks> jjohansen: can you start putting together a list of bug links for stacking issues that need to be fixed by 16.04.1 so that we can allow unpriv policy loads? 16:56 <jjohansen> tyhicks: sure 16:56 <tyhicks> thanks 16:57 <jjohansen> thats it for me sarnold 16:57 <sarnold> I'm on bug triage this week; I'm working on getting the imagemagick updates out the door; I may also do some smallsih apparmor work for distraction, some wiki editing or patch reviews 16:57 <sarnold> that's it for me, chrisccoulson? 16:58 <chrisccoulson> No updates planned for me this week, although I'll probably be spending some time preparing the next oxide release (1.15) 16:59 <chrisccoulson> I also need to figure out what we're going to do with 32-bit builds, given that launchpad has no support for cross-compiling packages (confirmed by infinity last week) 16:59 <chrisccoulson> Other than that, I'll be working through bugs as usual 16:59 <chrisccoulson> that's me done 17:01 <tyhicks> chrisccoulson: is the GN transition done? 17:02 <chrisccoulson> tyhicks, no, as usual things seem to have slipped a bit upstream, taking the pressure off. So I used that to get some other stuff done last week 17:02 <chrisccoulson> (I'm still working on it) 17:02 <tyhicks> ok, thanks 17:02 <tyhicks> glad you got some breathing room there 17:03 <tyhicks> [TOPIC] Highlighted packages 17:03 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:03 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/cakephp.html 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/virtualbox.html 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/php-sabredav.html 17:03 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libiptables-parse-perl.html 17:03 <tyhicks> [TOPIC] Miscellaneous and Questions 17:03 <tyhicks> Does anyone have any other questions or items to discuss? 17:05 <tyhicks> jdstrand, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! 17:05 <tyhicks> #endmeeting