17:16 <jdstrand> #startmeeting
17:16 <meetingology> Meeting started Mon Oct  6 17:16:55 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
17:16 <meetingology> 
17:16 <meetingology> Available commands: action commands idea info link nick
17:16 <jdstrand> The meeting agenda can be found at:
17:16 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
17:17 <jdstrand> [TOPIC] Review of any previous action items
17:17 <jdstrand> I'll go first
17:17 <jdstrand> I'm on community this week
17:17 <jdstrand> quite a few apparmor related items have come up that need to land
17:18 <jdstrand> there is a click-apparmor update for adjusting CLICK_DIR. it is ready, but it needs testing
17:18 <jdstrand> there is apparmor-easyprof-ubuntu for a new template (ubuntu-push-helper)
17:19 <jdstrand> and there is apparmor itself, which is mostly in sbeattie's court, but may need a couple of tweaks to the init script and bug #1377338
17:19 <jdstrand> that creates click-reviewers-tools changes
17:19 <ubottu> bug 1377338 in apparmor (Ubuntu) "apparmor may fail to load some profiles if one is corrupted" [Critical,New] https://launchpad.net/bugs/1377338
17:19 <jdstrand> and I still haven't updated UCT for derivative branches
17:20 <jdstrand> mdes laur is off today
17:20 <jdstrand> sbeattie: you're up
17:20 <sbeattie> I'm on apparmor this week
17:20 <jdstrand> sbeattie: (also, before you hand off to tyhicks, I'll have some questions)
17:20 <sbeattie> jdstrand: okay
17:20 <sbeattie> as jdstrand said, I need to poke at 1377338
17:21 <sbeattie> and work on the landing of a bugfix update for the apparmor package.
17:21 <sbeattie> I have a bit of upstream work I need to do around releases.
17:22 <sbeattie> jdstrand: what did you want to ask?
17:22 <jdstrand> first (and this may be for tyhicks as well), I was (perhaps mistakenly) thinking that the apparmor upload would fix the testsuite such that it would pass
17:23 <jdstrand> which would be part of my justification for uploading it
17:23 <tyhicks> there are outstanding kernel bugs
17:23 <jdstrand> yes
17:24 <jdstrand> but we did decide that the testsuite would be adjusted for the named path getopt (and friends) failures, correct?
17:24 <sbeattie> tyhicks: however, the getopt on dgram before there's a bound socket isn't going to get a fix, is it?
17:24 <tyhicks> I thought all of the getopt failures were addressed in the test suite
17:25 <jdstrand> sbeattie, tyhicks: can you sort that ^ out after the meeting?
17:25 <tyhicks> yes
17:25 <jdstrand> thanks
17:25 <sbeattie> jdstrand: yeah
17:25 <sbeattie> jdstrand: any other questions?
17:26 <jdstrand> so, I think that means that we should adjust QRT to not fail with the current expected failures (ie, if only those kernel bugs are making the testsuite fail, then we don't fail QRT). when our kernel bugs are fixed, we remove that
17:26 <jdstrand> sbeattie: what do you think? QA and kt are not happy with the current state
17:27 <jdstrand> (which you can point them to me if they are upset with you)
17:27 <jdstrand> (that was a collective you, not sbeattie-specific :)
17:27 <sbeattie> jdstrand: yeah, agreed.
17:27 <jdstrand> ok
17:27 <sbeattie> meh, KT/QA are always upset with me, it's a steady state of affairs.
17:28 <jdstrand> heh
17:28 <jdstrand> well, for apparmor's qrt, they can blame me
17:28 <jdstrand> (should've thought about it before the upload that broke it)
17:29 <jdstrand> sbeattie: so, at this point, I'm not sure that the new version of apparmor that you are working on will make it into rtm
17:29 <jdstrand> sbeattie: however, 1377338 has to be fixed in rtm
17:30 <jdstrand> sbeattie: so, I think priorities should be, get a patch going for 1377338, and I'll prepare an rtm upload for that and whatever else I need to do to the boot scripts
17:30 <sbeattie> okay
17:30 <jdstrand> sbeattie: then, get that patch into the ppa, after sorting out the testsuite
17:30 <jdstrand> sbeattie: then I can get that to utopic
17:31 <jdstrand> sbeattie: then someone can work on qrt
17:31 <jdstrand> sbeattie: sound like a plan?
17:31 <sbeattie> jdstrand: yeah, that works for me.
17:32 <jdstrand> sbeattie: we can play the postfix one by ear once jj can comment. maybe it'll be in your upload, maybe not
17:32 <jdstrand> sbeattie: cool, thanks
17:32 <jdstrand> that's it from me
17:32 <sbeattie> alright, thanks. tyhicks?
17:32 <jdstrand> sbeattie: oh, also, for it to be in rtm, it needs to land by thursday, which basically means I need a patch by tomorrow
17:32 <jdstrand> (bug 1377338)
17:33 <sbeattie> jdstrand: gotcha
17:33 <ubottu> bug 1377338 in apparmor (Ubuntu) "apparmor may fail to load some profiles if one is corrupted" [Critical,New] https://launchpad.net/bugs/1377338
17:33 <jdstrand> cool, thanks
17:33 <tyhicks> I'm now looking at the in-tree apparmor regression test suite to make sure it is failing when expected (as discussed above)
17:34 <tyhicks> I have a couple more eCryptfs kernel patches to review and test this week before I can send a pull request for the 3.18 merege window
17:34 <tyhicks> they're small and shouldn't take long
17:34 <sbeattie> tyhicks: note that the paste I sent you elsewhere were results using the apparmor package in the security-proposed ppa, which has everything that's in lp:apparmor.
17:34 <tyhicks> I misplaced them during the big apparmor landing push and just rediscovered them :/
17:34 <tyhicks> sbeattie: ack
17:35 <tyhicks> then I'm switching over to the upstream dbus-daemon apparmor mediation bug feedback
17:35 <tyhicks> that's probably all that I should commit to this week
17:36 <tyhicks> I spent more time than I expected last week on the apparmor kernel memory bug triage (LP: #1375416) so my planned work for this week looks similar to last week
17:36 <tyhicks> that's it for me
17:36 <ubottu> Launchpad bug 1375416 in linux (Ubuntu) "AppArmor leaks kernel memory during profile reloads" [Medium,Confirmed] https://launchpad.net/bugs/1375416
17:36 <tyhicks> jj isn't here so it is sarnold's turn
17:37 <jdstrand> I know the feeling regarding planned work looking similar...
17:38 <sarnold> I'm in happy place this week, on MIR duty; I still have ~five outstanding MIRs to work on, one is in progress
17:39 <sarnold> I'll try to quick-ack smallish apparmor patches this week, but longer / more involved patches just won't get any attention, sorry
17:40 <sarnold> I think that's it for me, chrisccoulson?
17:51 <tyhicks> maybe jjohansen should go now that he's here?
17:51 <tyhicks> jjohansen: sarnold had passed chrisccoulson the mic just before you joined but we haven't heard from him
17:52 <jjohansen> okay
17:52 <jjohansen> so I am primary working on apparmor bugs this week
17:52 <jjohansen> I need to look into 1373172, 1373174, and 1373176
17:53 <jdstrand> the testsuite bugs. cool
17:54 <jjohansen> and finish up with 1375417 and maybe poke at 1375416, and 1375410
17:54 <jjohansen> jdstrand: yep
17:54 <jdstrand> cool
17:55 <jjohansen> we also need to decide if we want to push the fix for docker.io LP: #1371310 out to the phone kernels
17:55 <ubottu> Launchpad bug 1371310 in linux (Ubuntu) "docker.io doesn't work with apparmor 3.0 RC1 kernel" [High,In progress] https://launchpad.net/bugs/1371310
17:55 * jdstrand pauses
17:55 <jjohansen> and if so send the pull request
17:55 <jdstrand> jjohansen: I wasn't thinking we would. all the phone policy seems fine atm
17:56 <jdstrand> jjohansen: I mean, we can for utopic to keep things tidy if people want
17:56 <jdstrand> but that bug on rtm kernels or even phablet utopic kernels doesn't bother me
17:57 <jjohansen> yeah, I am not bothered by it eiterh
17:57 <jdstrand> now, if we have updates for other kernel bugs, sure, we can toss it in there
17:58 <jdstrand> alright, let's not worry about it on phablet unless we can roll it in with other bug fixes
17:59 <jjohansen> ack
17:59 <jdstrand> jjohansen: did you have anything else to report
18:00 <jdstrand> ?
18:00 <jjohansen> okay, let see I have an embargo issue to look at closer, and some apparmor patches to upstream
18:00 <jjohansen> we also have apparmor 2.9 that we need to push out this week if there is going to be any chance of debian picking it up
18:00 <jjohansen> that is it for me
18:02 <jdstrand> jjohansen: I think sbeattie is close to finalizing that. those testsuite bugs you mentioned and one other bug (1377338) are the only thing holding up 2.9 aiui
18:02 <jdstrand> things*
18:03 <jdstrand> ok
18:03 <jjohansen> that sounds about right
18:03 <jdstrand> so, let's move on
18:03 <jdstrand> [TOPIC] Highlighted packages
18:03 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
18:03 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
18:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/fusionforge.html
18:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/iodine.html
18:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pigz.html
18:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/cakephp.html
18:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ekiga.html
18:03 <jdstrand> [TOPIC] Miscellaneous and Questions
18:04 <jdstrand> Does anyone have any other questions or items to discuss?
18:05 <jdstrand> sbeattie, tyhicks, jjohansen, sarnold: thanks!
18:05 <jdstrand> #endmeeting