Snappy

/usr/bin/openssl should be allowed in default apparmor profile

Bug #1480366 reported by Simon Eisenmann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
Undecided
Unassigned
ubuntu-core-security (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

To be able to generate random values, certificates and keys from a snap, /usr/bin/openssl should be allowed in the default AppArmor template

The line which needs to be added is

  /usr/bin/openssl ixr,

 OpenSSL should be a standard thing everyone can use from snaps to create cryptographically secure stuff on first run.

Jamie Strandboge (jdstrand)
Changed in ubuntu-core-security (Ubuntu):
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
Changed in snappy:
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded to wily and https://launchpad.net/~snappy-dev/+archive/ubuntu/image/.

Changed in snappy:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-core-security - 15.10.9

---------------
ubuntu-core-security (15.10.9) wily; urgency=medium

  * ubuntu-core/default, ubuntu-core/network-service: move socketpair from
    network-service policy group to default template since on Linux socketpair
    only supports AF_UNIX (LP: #1470995)
  * ubuntu-core/default: allow ixr of openssl (LP: #1480366)

 -- Jamie Strandboge <email address hidden> Fri, 31 Jul 2015 15:35:43 -0500

Changed in ubuntu-core-security (Ubuntu):
status: In Progress → Fix Released
Michael Vogt (mvo)
Changed in snappy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.