lp:~intrigeri/apparmor/firefox
- Get this branch:
- bzr branch lp:~intrigeri/apparmor/firefox
Branch merges
- Jamie Strandboge: Approve
-
Diff: 13 lines (+1/-2)1 file modifiedprofiles/apparmor.d/abstractions/ubuntu-browsers (+1/-2)
Recent revisions
- 3688. By intrigeri
-
abstractions/
ubuntu- browsers: support Debian's Firefox non-ESR path. The updated rule covers the old-style /usr/lib/
firefox/ firefox. sh
wrapper and the current /usr/lib/firefox{ ,-esr}/ firefox{ ,-esr} paths. It is a tiny bit wide but let's lean on the side of compatibility with
whatever similar paths are used in the future. It doesn't grant access
to anything we don't want on a current Debian sid system. - 3687. By Steve Beattie
-
abstractions/gnome: allow reading GLib schemas.
Merge from intrigeri based on original work by Cameron Norman.Acked-by: Steve Beattie <email address hidden>
- 3686. By Steve Beattie
-
wayland abstraction: allow wayland-
cursor- shared- * Merge from intrigeri.
Bug: https:/
/bugs.debian. org/cgi- bin/bugreport. cgi?bug= 870807
Acked-by: Steve Beattie <email address hidden> - 3685. By Christian Boltz
-
update netstat profile
- allow reading @{PROC}
/@{pid} /net/netstat and @{PROC} /@{pid} /net/snmp
- drop owner conditional - /proc/*/net/* is always owned by root, and
the owner conditional means breaking netstat for non-root users
- drop "@{PROC}/@{pids}/fd r," - /proc/*/fd is a directory, so this rule
would never applyAcked-by: Steve Beattie <email address hidden>
Addition by Steve Beattie:
- also allow @{PROC}/@{pid} /net/udplite and @{PROC} /@{pid} /net/udplit6 Acked-by: Christian Boltz <email address hidden>
- 3684. By Christian Boltz
-
Prevent 'wa' conflicts for file rules
get_file_perms() and propose_
file_rules( ) happily collect all file
permissions. This could lead to proposing 'wa' permissions in
aa-logprof, which then errored out because of conflicting permissions.This patch adds a check to both functions that removes 'a' if 'w' is
present, and extends the tests to check this.Acked-by: Seth Arnold <email address hidden> for trunk and 2.11.
Note: Both functions (including this bug) were introduced together with
FileRule, so older releases are not affected. - 3683. By Christian Boltz
-
Carry over all autodep-generated rules in handle_children()
When creating a new child profile, handle_children() did only copy over
include and path rules. While this was correct in the past, path rules
got changed to FileRule in the meantime and were therefore lost.
(In practise, this means the "$binary mr," rule wasn't added to the new
child profile, causing a "superfluous" question in aa-logprof.)This patch changes handle_children() to carry over the complete new
child profile instead of only cherry-picking include and path rules.Acked-by: Steve Beattie <email address hidden> for trunk and 2.11.
Older versions (with path as hasher) are not affected.
- 3682. By Tyler Hicks
-
utils: update aa-status.pod to unify exit status and bugs sections
Create an EXIT STATUS header and place the BUGS section after the EXIT
STATUS section to match the style in aa-enabled.pod.Signed-off-by: Tyler Hicks <email address hidden>
Acked-By: Jamie Strandboge <email address hidden> - 3681. By Tyler Hicks
-
binutils: update aa-enabled.pod to unify exit status styles
Make the possible exit status values bold to match the style used in
aa-status.pod as of r3680.Signed-off-by: Tyler Hicks <email address hidden>
Acked-By: Jamie Strandboge <email address hidden> - 3680. By Jamie Strandboge
-
update aa-status.pod for updated podchecker
Bug-Ubuntu: https:/
/launchpad. net/bugs/ 1707614 Signed-Off-By: Jamie Strandboge <email address hidden>
Acked-by: Christian Boltz <email address hidden> - 3679. By Christian Boltz
-
Remove duplicate rule from userdel profiles
Acked-by: Seth Arnold <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12