Ubuntu
click-apparmor package

[FFe] implement mechanism for additional access to security policy for snappy

Bug #1425151 reported by Jamie Strandboge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
click-apparmor (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

In order to support hardware access as described in this thread:
https://lists.ubuntu.com/archives/snappy-devel/2015-January/000134.html

we need a mechanism to extend the security json. Last cycle, we implemented overrides using a .override file. For additional accesses we will do something similar, but with a .additional file.

The branch to implement this adds many tests and maintains 100% test coverage (python coverage). autopkgtests are also added. Packages and build logs are available in https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages.

Testing:
- https://wiki.ubuntu.com/Process/Merges/TestPlans/ClickAppArmor: PASS
- internal testsuite: PASS
- autopkgtest: PASS
- manual testing on snappy to verify it implements the feature: PASS

The click-apparmor test plan covers Touch. These changes are not used by anything on the touch images.

See original description

Related branches

lp:~jdstrand/click-apparmor/click-apparmor.hw-access
Seth Arnold: Approve
Diff: 1183 lines (+965/-48)
7 files modified
aa-clickhook (+2/-0)
aa-clickhook.1 (+16/-5)
debian/changelog (+7/-0)
debian/tests/data/com.example.click-apparmor-test_0.1/apparmor.json.additional (+5/-0)
debian/tests/test_aa-clickhook (+35/-0)
src/apparmor/click.py (+81/-39)
test-clicktool.py (+819/-4)
lp:ubuntu/vivid-proposed/click-apparmor
Jamie Strandboge (jdstrand)
Changed in click-apparmor (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
description: updated
description: updated
Jamie Strandboge (jdstrand)
description: updated
Jamie Strandboge (jdstrand)
description: updated
Jamie Strandboge (jdstrand)
description: updated
description: updated
description: updated
summary: - [FFe] implement mechanism for adding access to security policy
+ [FFe] implement mechanism for additional access to security policy for
+ snappy
Changed in click-apparmor (Ubuntu):
status: In Progress → Confirmed
Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. Approved.

Changed in click-apparmor (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package click-apparmor - 0.3.3

---------------
click-apparmor (0.3.3) vivid; urgency=medium

  * implement policy additions for abstractions, policy_groups, read_path
    and write_path and adjust autopkgtests (LP: #1425151)
 -- Jamie Strandboge <email address hidden> Wed, 25 Feb 2015 16:38:49 -0600

Changed in click-apparmor (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.