Merge lp:~ahayzen/webbrowser-app/fix-1620635-apparmor-download-rule into lp:webbrowser-app/staging

Proposed by Andrew Hayzen on 2017-03-21
Status: Merged
Merged at revision: 1637
Proposed branch: lp:~ahayzen/webbrowser-app/fix-1620635-apparmor-download-rule
Merge into: lp:webbrowser-app/staging
Diff against target: 25 lines (+2/-2)
2 files modified
debian/rules (+2/-1)
debian/webbrowser-app-apparmor.manifest (+0/-1)
To merge this branch: bzr merge lp:~ahayzen/webbrowser-app/fix-1620635-apparmor-download-rule
Reviewer Review Type Date Requested Status
Jamie Strandboge 2017-03-21 Approve on 2017-03-21
Review via email: mp+320521@code.launchpad.net

Commit message

* Add "@{HOME}/@{XDG_DOWNLOAD_DIR}/** rwk," manually rather than via write_paths as we don't want an owner. Due to bug 1620635 - content-hub uses libapparmor to check the read path and this fails with rules containing owner

Description of the change

* Add "@{HOME}/@{XDG_DOWNLOAD_DIR}/** rwk," manually rather than via write_paths as we don't want an owner. Due to bug 1620635 - content-hub uses libapparmor to check the read path and this fails with rules containing owner

To post a comment you must log in.
Jamie Strandboge (jdstrand) wrote :

This looks fine to me and works around the aforementioned bug.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/rules'
2--- debian/rules 2017-03-07 11:42:15 +0000
3+++ debian/rules 2017-03-21 17:00:36 +0000
4@@ -20,7 +20,8 @@
5 sed 's#^}$$#\n /sys/class/ r,\n /sys/class/input/ r,\n /run/udev/data/** r,\n}#g' | \
6 egrep -v '^\s*deny /dev/ r,\s*$$' | \
7 sed 's#^\(\s*\)deny\(\s\+/{run,dev}/shm/pulse-shm\*\s\+w,\).*$$#\1owner\2#g' | \
8- sed 's#^}$$#\n /dev/dri/ r,\n /sys/devices/pci[0-9]*/**/config r,\n}#g' \
9+ sed 's#^}$$#\n /dev/dri/ r,\n /sys/devices/pci[0-9]*/**/config r,\n}#g' | \
10+ sed 's#^}$$#\n @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwk,\n}#g' \
11 > ./debian/usr.bin.webbrowser-app
12 ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
13 apparmor_parser -QTK ./debian/usr.bin.webbrowser-app
14
15=== modified file 'debian/webbrowser-app-apparmor.manifest'
16--- debian/webbrowser-app-apparmor.manifest 2017-03-06 18:02:25 +0000
17+++ debian/webbrowser-app-apparmor.manifest 2017-03-21 17:00:36 +0000
18@@ -37,7 +37,6 @@
19 "/sys/devices/**/input*/"
20 ],
21 "write_path": [
22- "@{HOME}/@{XDG_DOWNLOAD_DIR}/"
23 ]
24 }
25 }

Subscribers

People subscribed via source and target branches