From the MIR re-review POV [2] the former MIR is not too old, but I'm happy
that you voluntarily pushed for a re-check.
But due to not being too old the list of new things to watch isn't too long.
Summary:
-MIR Ack on the re-review
I see three things to stand out worth to mention:
1. due to the rewrite in rust it has to follow the packaging guidelines for
that which I see is the case in [1]
The sections from the template we'd check:
- Rust package that has all dependencies vendored. It does neither
have *Built-Using (after build). Nor does the build log indicate
built-in sources that are missed to be reported as Built-Using.
=> only for the base
Static-Built-Using: rust-defaults (= 1.80.1ubuntu2)
which is fine
- rust package using dh_cargo (dh ... --buildsystem cargo)
Also using vendored sources per
https://github.com/canonical/ubuntu-mir/blob/main/vendoring/Rust.md#rust-vendored-sources-tracking
- Includes vendored code, the package has documented how to refresh this
code at d/rules, not just documented even automated as build targets.
This follows
https://github.com/canonical/ubuntu-mir/blob/main/vendoring/Rust.md
=> All ok
2. We'd nowadays insist a bit harder on dep-8 tests
But on one hand as you see in [2] those are recommended on re-reviews.
And on the other I see you already think about that as I saw "DEP-8: pending"
on the MR.
So you are on that before I even ask - thank you for that!
3. We are also suggesting isolation a bit more nowadays
And in this particular case i think those tools will read disk metadata
(which could be tampered with) and do privileged things (so they run
with power).
At the same time they do very particular things in many dedicated
binaries, not general purpose "do all that is possible" which is hard to
isolate.
Therefore they'd be a great candidate to write apparmor profiles for.
But on the other hand, it is also a complex task as you'd need all kinds
of storage hardware and use cases to be sure all is covered.
As this is a re-review this suggestion is good, but not blocking/gating.
Furthermore the rust rewrite should at least improve memory safety and that all
code was re-looked at in this decade - so it did improve.
Feel free to create a bug or item tracker to come back to isolating it once
capacity allows.
[1]:
https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/thin-provisioning-tools/+git/thin-provisioning-tools/+merge/478002
[2]: https://github.com/canonical/ubuntu-mir/issues/74
** Bug watch added: github.com/canonical/ubuntu-mir/issues #74
https://github.com/canonical/ubuntu-mir/issues/74
** Also affects: thin-provisioning-tools (Ubuntu Plucky)
Importance: Undecided
Status: Fix Released
** Changed in: thin-provisioning-tools (Ubuntu Eoan)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1828887
Title:
[MIR] thin-provisioning-tools
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thin-provisioning-tools/+bug/1828887/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
