After the current CVEs passed I verified the precheck PPA matches what we expected.
I did another test with the proposed SRU in regard to the opengl changes on UI based workflows.
Ensuring that by default nothing changes (speed/acceleration) and if tools like e.g. virt-manager would get into trouble once the option is supported.
At least for all my tests:
- UI behaves unchanged by default.
- opengl can be activated in UI and commandline
I realized from my notes to this bug we also need libvirt:
Switching gl on needs the apparmor rules that I mentioned in the description.
# For opengl based display options (LP: #1804766)
/dev/dri/ r,
/dev/dri/* r,
Along that as mentioned libvirt-qemu needs to become member of the video group.
sudo usermod -a -G video libvirt-qemu
I also want to check with the security Team how safe they consider this or if we want to make this an "admin has to opt in" thing.
Hmm, lets unbundle that from the SRU unless strictly required and only continue once better testable (HW availability)
I should add a libvirt task for that to cover it as well.
After the current CVEs passed I verified the precheck PPA matches what we expected.
I did another test with the proposed SRU in regard to the opengl changes on UI based workflows. acceleration) and if tools like e.g. virt-manager would get into trouble once the option is supported.
Ensuring that by default nothing changes (speed/
At least for all my tests:
- UI behaves unchanged by default.
- opengl can be activated in UI and commandline
I realized from my notes to this bug we also need libvirt:
Switching gl on needs the apparmor rules that I mentioned in the description.
# For opengl based display options (LP: #1804766)
/dev/dri/ r,
/dev/dri/* r,
Along that as mentioned libvirt-qemu needs to become member of the video group.
sudo usermod -a -G video libvirt-qemu
I also want to check with the security Team how safe they consider this or if we want to make this an "admin has to opt in" thing.
Hmm, lets unbundle that from the SRU unless strictly required and only continue once better testable (HW availability)
I should add a libvirt task for that to cover it as well.