Here is the breakdown:
Fixed
- Systems with 4.14 or higher kernels have the fix
- Ubuntu deb kernels that have the fix based on their changelog:
- linux in xenial-updates, artful-updates and bionic
- linux-aws in xenial-updates
- linux-azure in xenial-updates
- linux-gcp in xenial-updates
- linux-gke in xenial-updates
- linux-hwe in xenial-updates
- linux-hwe-edge in xenial-updates
- linux-kvm in xenial-updates
- linux-lts-xenial in trusty-updates
- linux-oem in xenial-updates
- linux-raspi2 in xenial-updates
- linux-snapdragon in xenial-updates, artful, bionic
- Ubuntu derivatives and flavors that pull in the above kernels unmodified
- Canonical reference snaps have the fixed based on the changelog of the corresponding deb from which they are based:
- dragonboard-kernel snap
- pc-kernel snap
- pi2-kernel snap
Unfixed
- Ubuntu deb kernels that do not yet have the fix:
- linux-euclid in xenial*
- linux-raspi2 in artful*, bionic*
Unknown
- Ubuntu derivatives that use modified Ubuntu or other kernels < 4.14
- non-Canonical reference kernel snaps
Additional information
For systems not listed above, source code patches and LD_PRELOAD (eg, via the snapcraft-preload part) continue to work to address seccomp policy violations. The future uid/gid work will completely solve the issue for chown. Classic distro for systems without the seccomp sandbox continue to not be affected.