AppArmor Profiles

Merge lp:~elmo/apparmor-profiles/wpa-supplicant into lp:apparmor-profiles

  1. wpa-supplicant
  2. Merge into master
Proposed by James Troup
Status: Needs review
Proposed branch: lp:~elmo/apparmor-profiles/wpa-supplicant
Merge into: lp:apparmor-profiles
Diff against target: 43 lines (+39/-0)
1 file modified
ubuntu/15.04/sbin.wpa_supplicant (+39/-0)
To merge this branch: bzr merge lp:~elmo/apparmor-profiles/wpa-supplicant
Reviewer Review Type Date Requested Status
Cameron Norman (community) Needs Fixing
AppArmor Developers Pending
Review via email: mp+257431@code.launchpad.net

Description of the change

A profile for wpa-supplicant. I've only tested WPA connectivity not anything more complex.

To post a comment you must log in.
Revision history for this message
Simon Déziel (sdeziel) wrote :

Hi James,

I know you are targeting 15.04, but I (minimally) tested your profile on Trusty and it works well with only this small diff:

$ diff -Naur /tmp/sbin.wpa_supplicant /etc/apparmor.d/sbin.wpa_supplicant
--- /tmp/sbin.wpa_supplicant 2015-04-24 15:39:06.105592941 -0400
+++ /etc/apparmor.d/sbin.wpa_supplicant 2015-04-24 15:57:48.692200225 -0400
@@ -21,10 +21,18 @@
   /run/dbus/system_bus_socket rw,
   /run/sendsigs.omit.d/wpasupplicant.pid rw,

- @{PROC}/@{pid}/psched r,
+ owner @{PROC}/@{pid}/net/psched r,

   /dev/rfkill r,

+ dbus send
+ bus=system
+ path=/org/freedesktop/DBus,
+
+ dbus bind
+ bus=system
+ name={fi.w1.wpa_supplicant1,fi.epitest.hostap.WPASupplicant},
+
   dbus (send, receive)
        bus=system
        path=/fi/w1/wpa_supplicant1,

I don't know if this would be compatible on 15.04 or not.

Reply
Revision history for this message
Cameron Norman (cameronnemo) wrote :

Some suggestions inline.

review: Needs Fixing
Reply
Revision history for this message
intrigeri (intrigeri) wrote :

James: do you plan to work on this merge request again and resubmit it? We've migrated this repository to Git, so very soon this merge request won't be on our radar anymore, hence this friendly heads up :)

Reply

Unmerged revisions

143. By James Troup

sbin.wpa_supplicant: new profile

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'ubuntu/15.04/sbin.wpa_supplicant'
2--- ubuntu/15.04/sbin.wpa_supplicant 1970-01-01 00:00:00 +0000
3+++ ubuntu/15.04/sbin.wpa_supplicant 2015-04-24 19:33:31 +0000
4@@ -0,0 +1,39 @@
5+# Author: James Troup <james.troup@canonical.com>
6+
7+#include <tunables/global>
8+
9+/sbin/wpa_supplicant {
10+ #include <abstractions/base>
11+ #include <abstractions/dbus-strict>
12+
13+ capability net_admin,
14+ capability net_raw,
15+ network inet dgram,
16+ network inet raw,
17+ network packet dgram,
18+ network netlink,
19+
20+ /sbin/wpa_supplicant mr,
21+
22+ /run/wpa_supplicant/ rw,
23+ /run/wpa_supplicant/** rw,
24+
25+ /run/dbus/system_bus_socket rw,
26+ /run/sendsigs.omit.d/wpasupplicant.pid rw,
27+
28+ @{PROC}/@{pid}/psched r,
29+
30+ /dev/rfkill r,
31+
32+ dbus (send, receive)
33+ bus=system
34+ path=/fi/w1/wpa_supplicant1,
35+
36+ dbus (send, receive)
37+ bus=system
38+ path=/fi/w1/wpa_supplicant1/**,
39+
40+ dbus (send,receive)
41+ bus=system
42+ path=/fi/epitest/hostap/WPASupplicant/**,
43+}

Subscribers

People subscribed via source and target branches

to status/vote changes: