[FFe] implement mechanism for additional access to security policy for snappy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
click-apparmor (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
In order to support hardware access as described in this thread:
https:/
we need a mechanism to extend the security json. Last cycle, we implemented overrides using a .override file. For additional accesses we will do something similar, but with a .additional file.
The branch to implement this adds many tests and maintains 100% test coverage (python coverage). autopkgtests are also added. Packages and build logs are available in https:/
Testing:
- https:/
- internal testsuite: PASS
- autopkgtest: PASS
- manual testing on snappy to verify it implements the feature: PASS
The click-apparmor test plan covers Touch. These changes are not used by anything on the touch images.
Related branches
- Seth Arnold: Approve
-
Diff: 1183 lines (+965/-48)7 files modifiedaa-clickhook (+2/-0)
aa-clickhook.1 (+16/-5)
debian/changelog (+7/-0)
debian/tests/data/com.example.click-apparmor-test_0.1/apparmor.json.additional (+5/-0)
debian/tests/test_aa-clickhook (+35/-0)
src/apparmor/click.py (+81/-39)
test-clicktool.py (+819/-4)
Changed in click-apparmor (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Jamie Strandboge (jdstrand) |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
summary: |
- [FFe] implement mechanism for adding access to security policy + [FFe] implement mechanism for additional access to security policy for + snappy |
Changed in click-apparmor (Ubuntu): | |
status: | In Progress → Confirmed |
Ack. Approved.