Public bug reported: [ Impact ]
* azure-proxy-agent is a new cloud agent from Microsoft Azure aimed at securing the IMDS service from within the guest OS. The agent proxies the requests to the IMDS service and verifies that these requests are issued by authorized users. * In order to make our VM images on Azure more secure, we want to SRU this agent to all stable releases. * Existing users of Ubuntu images in Azure will not be impacted. Once this package will included in main, we will start producing all our Azure images with this package pre-install on the system. [ Test Plan ] * Install the package on a running system on Azure and verify that the agent intercepts the requests as expected. This can be done using this script: https://git.launchpad.net/ubuntu/+source/azure-proxy-agent/tree/debian/tests/smoke?h=ubuntu/plucky-devel used for autopkgtest. * The same process will be repeated but with a cloud-image containing the agent pre-installed. [ Where problems could occur ] * The agent might receive future update and will probably require an SRU exception. * The vendored rust dependencies might not be easy to upgrade in case of a security issue but this will probably be discussed in the MIR process. * The agent uses eBPF to filter the requests. This might cause compatibility problems with older kernels. * Users might be confused by the introduction of the agent and install it outside of Azure. [ Other Info ] * An MIR bug request was filed for the azure-proxy-agent: https://bugs.launchpad.net/ubuntu/+source/azure-proxy- agent/+bug/2112359. The goal is to get the agent MIRed in all stable releases once the SRU will be done. ** Affects: azure-proxy-agent (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112539 Title: [SRU] azure-proxy-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/azure-proxy-agent/+bug/2112539/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
