Created by Chad Miller and last modified
Get this branch:
bzr branch lp:~cmiller/ubuntu/trusty/apparmor/remove-chromium-browser
Only Chad Miller can upload to this branch. If you are Chad Miller please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Chad Miller

Recent revisions

66. By Chad Miller

Add bug number.

65. By Chad Miller

debian/patches/0001-add-chromium-browser.patch: Drop chromium-browser profile
in favor of moving it to chromium-browser package.

64. By Tyler Hicks

[ Tyler Hicks ]
* 0078-parser-check-for-dbus-kernel-support.patch: The parser should not
  include D-Bus rules in the binary policy that it loads into the kernel if
  the kernel does not support D-Bus rules (LP: #1231778)
* 0079-utils-ignore-unsupported-log-events.patch: aa-logprof should ignore
  audit events that it does not yet support instead of treating them as
  errors (LP: #1243932)
* 0080-tests-use-ldconfig-for-library-detection.patch: Fix libapparmor
  detection in regression tests after the multiarch changes

[ Jamie Strandboge ]
* 0081-python-abstraction-updates.patch: Add rules in support of Python 3.3

[ Chad Miller ]
* debian/patches/0001-add-chromium-browser.patch: Follow new chromium-browser
  sandbox name. Keep old name for now to allow transition. LP: #1247269

63. By Steve Langasek

* Convert to dh.
* Bump to debhelper compat level 9 for multiarch support.
* Mark libapparmor1, libapparmor-dev Multi-Arch: same. LP: #1246067.

62. By Jamie Strandboge

no change rebuild for perl 5.18

61. By Jamie Strandboge

0077_aa-status-is-bilingual.patch: aa-status was written to work with
python 2 or 3. Upstream is still using 2, so adjust ours to use
/usr/bin/python3 to avoid pulling python 2 back to the desktop images

60. By Tyler Hicks

[ Tyler Hicks ]
* debian/patches/0059-dbus-rules-for-dbus-abstractions.patch: Add an
  abstraction for the accessibility bus. It is currently very permissive,
  like the dbus and dbus-session abstractions, and grants all permissions on
  the accessibility bus. (LP: #1226141)
* debian/patches/0071-lp1226356.patch: Fix issues in parsing D-Bus and mount
  rules. Both rule classes suffered from unexpected auditing behavior when
  using the 'deny' and 'audit deny' rule modifiers. The 'deny' modifier
  resulting in accesses being audited and the 'audit deny' modifier
  resulting in accesses not being audited. (LP: #1226356)
* debian/patches/0072-lp1229393.patch: Fix cache location for .features
  file, which was not being written to the proper location if the parameter
  --cache-loc= is passed to apparmor_parser. This bug resulted in using the
  .features file from /etc/apparmor.d/cache or always recompiling policy.
  Patch thanks to John Johansen. (LP: #1229393)
* debian/patches/0073-lp1208988.patch: Update AppArmor file rules of UNIX
  domain sockets to include read and write permissions. Both permissions are
  required when a process connects to a UNIX domain socket. Also include new
  tests for mediation of UNIX domain sockets. Thanks to Jamie Strandboge for
  helping with the policy updates and testing. (LP: #1208988)
* debian/patches/0075-lp1211380.patch: Adjust the audio abstraction to only
  grant access to specific pulseaudio files in the pulse runtime directory
  to remove access to potentially dangerous files (LP: #1211380)

[ Jamie Strandboge ]
* debian/patches/0074-lp1228882.patch: typo in ubuntu-browsers.d/multimedia
  (LP: #1228882)
* 0076_sanitized_helper_dbus_access.patch: allow applications run under
  sanitized_helper to connect to DBus

59. By Martin Pitt

Add 0070-etc-writable.patch: Allow reading time configuration from
/etc/writable, as we have it on the phone. (LP: #1227520)

58. By Jamie Strandboge

[ Tyler Hicks ]
* Move the aa-exec man page out of apparmor-utils into apparmor, since
  aa-exec is now in apparmor
  - debian/control: adjust Breaks/Replaces to use apparmor-utils
    (<< 2.8.0-0ubuntu28)
  - debian/apparmor.manpages: install the aa-exec man page
  - debian/apparmor-utils.manpages: don't install the aa-exec man page
* debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement
  context strings returned from libapparmor (LP: #1220861)
* debian/patches/0066-lp1196880.patch: Don't assign mode pointer in
  aa_getprocattr() if caller passed in NULL (LP: #1196880)
* debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch:
  Update man page and code comments to make it clear that freeing the *con
  string returned from libapparmor's getcon functions also frees the *mode
* debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch:
  Document the D-Bus method, in the aa_getcon man page, that returns the
  AppArmor task confinement string of a D-Bus connection

[ Jamie Strandboge ]
* debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to

57. By Jamie Strandboge

debian/apport/source_apparmor.py: AppArmor logs DBus messages to syslog,
adjust apport hook to also search there for denials

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.