Mozilla Firefox

Merge lp:~jdstrand/firefox/firefox-3.5-apparmor into lp:firefox/3.5

  1. firefox-3.5-apparmor
  2. Merge into firefox-3.5.head
Proposed by Jamie Strandboge
Status: Superseded
Proposed branch: lp:~jdstrand/firefox/firefox-3.5-apparmor
Merge into: lp:firefox/3.5
Diff against target: None lines
To merge this branch: bzr merge lp:~jdstrand/firefox/firefox-3.5-apparmor
Reviewer Review Type Date Requested Status
Alexander Sack (community) Needs Resubmitting
Fabien Tassin packagin aspects Pending
Review via email: mp+10109@code.launchpad.net

This proposal has been superseded by a proposal from 2009-09-02.

To post a comment you must log in.
Revision history for this message
Alexander Sack (asac) wrote :

seems you forgot to add the profile itself? While at it, consider to use same changelog format as we usually do.

review: Needs Resubmitting
lp:~jdstrand/firefox/firefox-3.5-apparmor updated
453. By Jamie Strandboge

actually add the files

454. By Jamie Strandboge

update changelog to use what mozillateam uses

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Files added and changelog updated.

lp:~jdstrand/firefox/firefox-3.5-apparmor updated
455. By Jamie Strandboge

debian/usr.bin.firefox-3.5: also allow /usr/bin/totem

456. By Jamie Strandboge

add access to /proc/filesystems

457. By Jamie Strandboge

adjust profile for sun java:
- add network inet6 stream and proc entries for ipv6
- access to @{HOME}/.java
- access to /etc/java-*-sun/**
- access to /usr/lib/jvm/java-*-sun-1.*/jre/bin/java

reduce noise:
- deny write access to /usr/lib/firefox-3.*/**, /usr/lib/firefox-addons/** and
  deny /usr/lib/xulrunner-addons/**

work for new user (allow access to /bin/which)

mozplugger improvements (/etc/mozpluggerr and /usr/bin/mplayer)

adjust access to evince to be PUxr (ie use a profile if it is there, otherwise
run unconfined)

458. By Jamie Strandboge

add missing LP reference

459. By Jamie Strandboge

generalize apparmor profile packaging:
- debian/rules:
 - use .in files for firefox-3.5.postrm, firefox-3.5.preinst,
   usr.bin.firefox.apparmor, README.Debian.in
 - cp instead of dh_install the profile, since we need to rename
- debian/README.Debian.in: use @APPNAME@
- debian/firefox-3.5.postinst.in: use @APPNAME@
- debian/firefox-3.5.postrm.in: use @APPNAME@
- debian/firefox-3.5.preinst.in: use @APPNAME@
- debian/usr.bin.firefox.apparmor.in: use @APPNAME@

debian/apport/firefox-3.5.py: add apparmor info if profile is not disabled

460. By Jamie Strandboge

fix typo in changelog

461. By Jamie Strandboge

merge from trunk

462. By Jamie Strandboge

debian/firefox-3.5.preinst.in: allow for when apparmor is not installed

463. By Jamie Strandboge

merge from trunk

464. By Jamie Strandboge

merge from trunk

465. By Jamie Strandboge

[ Jamie Strandboge <email address hidden> ]
* debian/usr.bin.firefox-3.5:
  - allow gnash (LP: #429061)
  - allow access to plugins directory (LP: #428071)
  - allow access to abstractions/ubuntu-console-email,
    abstractions/ubuntu-email and abstractions/ubuntu-gnome-terminal
    for mailto:. Add commented section for using xterm and konsole

Unmerged revisions

465. By Jamie Strandboge

[ Jamie Strandboge <email address hidden> ]
* debian/usr.bin.firefox-3.5:
  - allow gnash (LP: #429061)
  - allow access to plugins directory (LP: #428071)
  - allow access to abstractions/ubuntu-console-email,
    abstractions/ubuntu-email and abstractions/ubuntu-gnome-terminal
    for mailto:. Add commented section for using xterm and konsole

464. By Jamie Strandboge

merge from trunk

463. By Jamie Strandboge

merge from trunk

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2009-08-10 15:06:32 +0000
3+++ debian/changelog 2009-08-13 16:15:27 +0000
4@@ -1,3 +1,18 @@
5+firefox-3.5 (3.5.2+nobinonly-0ubuntu3) UNRELEASED; urgency=low
6+
7+ * add AppArmor profile (disabled by default)
8+ - debian/firefox-3.5.dirs: add etc/apparmor.d/disable
9+ - add debian/firefox-3.5.preinst: disable the profile on new installs
10+ and upgrades to this version
11+ - debian/firefox-3.5.postinst.in: reload profile
12+ - add debian/firefox-3.5.postrm: cleanup force-complain and disable
13+ directories
14+ - add debian/usr.bin.firefox-3.5
15+ - debian/rules: install usr.bin.firefox-3.5
16+ - add debian/README.Debian with note about AppArmor
17+
18+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 13 Aug 2009 09:09:36 -0500
19+
20 firefox-3.5 (3.5.2+nobinonly-0ubuntu2) karmic; urgency=low
21
22 Firefox 3.5 by default upload
23
24=== modified file 'debian/firefox-3.5.dirs'
25--- debian/firefox-3.5.dirs 2009-03-18 01:10:51 +0000
26+++ debian/firefox-3.5.dirs 2009-08-13 16:15:27 +0000
27@@ -1,3 +1,4 @@
28+etc/apparmor.d/disable
29 usr/lib/firefox-addons/extensions
30 usr/lib/firefox-addons/plugins
31 usr/lib/firefox-addons/searchplugins
32
33=== modified file 'debian/firefox-3.5.postinst.in'
34--- debian/firefox-3.5.postinst.in 2009-07-18 18:30:27 +0000
35+++ debian/firefox-3.5.postinst.in 2009-08-13 16:15:27 +0000
36@@ -10,6 +10,12 @@
37 update-alternatives --install /usr/bin/x-www-browser \
38 x-www-browser /usr/bin/$APPNAME 40
39 touch $LIBDIR/.autoreg
40+
41+ # Reload AppArmor profile
42+ APP_PROFILE="/etc/apparmor.d/usr.bin.firefox-3.5"
43+ if [ -f "$APP_PROFILE" ] && aa-status --enabled 2>/dev/null; then
44+ apparmor_parser -r "$APP_PROFILE" || true
45+ fi
46 fi
47
48 echo "Please restart all running instances of $APPNAME, or you will experience problems."
49
50=== modified file 'debian/rules'
51--- debian/rules 2009-08-10 15:05:32 +0000
52+++ debian/rules 2009-08-13 16:15:27 +0000
53@@ -220,6 +220,7 @@
54 dh_link usr/share/myspell/dicts $(DEBIAN_FF3_DIR)/dictionaries
55 rm -f debian/$(DEBIAN_NAME)/$(DEBIAN_FF3_DIR)/chrome/browser-branding*
56 dh_install debian/distribution.ini $(DEBIAN_FF3_DIR)/distribution/
57+ dh_install debian/usr.bin.firefox-3.5 etc/apparmor.d
58
59 binary-install/$(DEBIAN_NAME_OTHER)-branding::
60 dh_install -p$(DEBIAN_NAME_OTHER)-branding \

Subscribers

People subscribed via source and target branches