Network Menu

Merge lp:~jdstrand/indicator-network/indicator-network-lp1296415 into lp:indicator-network/14.10

  1. indicator-network-lp1296415
  2. Merge into trunk.14.10
Proposed by Jamie Strandboge
Status: Rejected
Rejected by: Charles Kerr
Proposed branch: lp:~jdstrand/indicator-network/indicator-network-lp1296415
Merge into: lp:indicator-network/14.10
Diff against target: 59 lines (+23/-0)
5 files modified
debian/control (+1/-0)
debian/indicator-network.dirs (+1/-0)
debian/indicator-network.install (+1/-0)
debian/rules (+4/-0)
debian/usr.lib.indicator-network-service (+16/-0)
To merge this branch: bzr merge lp:~jdstrand/indicator-network/indicator-network-lp1296415
Reviewer Review Type Date Requested Status
PS Jenkins bot (community) continuous-integration Approve
Indicator Applet Developers Pending
Review via email: mp+224364@code.launchpad.net

Commit message

   * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
     - add debian/usr.lib.indicator-network-service
     - debian/control: Build-Depends on dh-apparmor
     - debian/rules: update override_dh_installdeb to use dh_apparmor
     - debian/indicator-network.dirs: add etc/apparmor.d
     - debian/indicator-network.install: install profile in to place

Description of the change

   * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
     - add debian/usr.lib.indicator-network-service
     - debian/control: Build-Depends on dh-apparmor
     - debian/rules: update override_dh_installdeb to use dh_apparmor
     - debian/indicator-network.dirs: add etc/apparmor.d
     - debian/indicator-network.install: install profile in to place

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:350
http://jenkins.qa.ubuntu.com/job/indicator-network-ci/145/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/indicator-network-utopic-amd64-ci/19
    SUCCESS: http://jenkins.qa.ubuntu.com/job/indicator-network-utopic-armhf-ci/19
        deb: http://jenkins.qa.ubuntu.com/job/indicator-network-utopic-armhf-ci/19/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/indicator-network-ci/145/rebuild

review: Approve (continuous-integration)
lp:~jdstrand/indicator-network/indicator-network-lp1296415 updated
351. By Jamie Strandboge

debian/usr.lib.indicator-network-service: more closely mimic unconfined with
exec transitions

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:351
http://jenkins.qa.ubuntu.com/job/indicator-network-ci/146/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/indicator-network-utopic-amd64-ci/20
    SUCCESS: http://jenkins.qa.ubuntu.com/job/indicator-network-utopic-armhf-ci/20
        deb: http://jenkins.qa.ubuntu.com/job/indicator-network-utopic-armhf-ci/20/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/indicator-network-ci/146/rebuild

review: Approve (continuous-integration)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Please reject this. We won't be implementing this feature after all (see bug description for more info).

Revision history for this message
Charles Kerr (charlesk) wrote :

Rejecting as per Jamie's request

Unmerged revisions

351. By Jamie Strandboge

debian/usr.lib.indicator-network-service: more closely mimic unconfined with
exec transitions

350. By Jamie Strandboge

 * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
   - add debian/usr.lib.indicator-network-service
   - debian/control: Build-Depends on dh-apparmor
   - debian/rules: update override_dh_installdeb to use dh_apparmor
   - debian/indicator-network.dirs: add etc/apparmor.d
   - debian/indicator-network.install: install profile in to place

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/control'
2--- debian/control 2014-05-14 11:17:40 +0000
3+++ debian/control 2014-06-24 22:20:04 +0000
4@@ -24,6 +24,7 @@
5 python3-setuptools,
6 qtbase5-dev,
7 valgrind [amd64 armhf i386 powerpc],
8+ dh-apparmor
9 Standards-Version: 3.9.3
10 # If you aren't a member of ~indicator-applet-developers but need to upload
11 # packaging changes, just go ahead. ~indicator-applet-developers will notice
12
13=== added file 'debian/indicator-network.dirs'
14--- debian/indicator-network.dirs 1970-01-01 00:00:00 +0000
15+++ debian/indicator-network.dirs 2014-06-24 22:20:04 +0000
16@@ -0,0 +1,1 @@
17+etc/apparmor.d
18
19=== modified file 'debian/indicator-network.install'
20--- debian/indicator-network.install 2014-05-21 17:16:24 +0000
21+++ debian/indicator-network.install 2014-06-24 22:20:04 +0000
22@@ -7,3 +7,4 @@
23 usr/lib/*/indicator-network/indicator-network-service
24 etc/xdg/autostart/indicator-network.desktop
25 usr/share/locale
26+debian/usr.lib.indicator-network-service etc/apparmor.d
27
28=== modified file 'debian/rules'
29--- debian/rules 2014-05-14 11:20:55 +0000
30+++ debian/rules 2014-06-24 22:20:04 +0000
31@@ -28,3 +28,7 @@
32 mkdir -p debian/indicator-network/usr/share/apport/package-hooks
33 cp debian/source_indicator-network.py debian/indicator-network/usr/share/apport/package-hooks
34 dh_install -X'*.pyc' -X'__pycache__' --fail-missing
35+
36+override_dh_installdeb:
37+ dh_apparmor --profile-name=usr.lib.indicator-network-service -pindicator-network
38+ dh_installdeb
39
40=== added file 'debian/usr.lib.indicator-network-service'
41--- debian/usr.lib.indicator-network-service 1970-01-01 00:00:00 +0000
42+++ debian/usr.lib.indicator-network-service 2014-06-24 22:20:04 +0000
43@@ -0,0 +1,16 @@
44+#include <tunables/global>
45+
46+# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
47+/usr/lib/*/indicator-network/indicator-network-service (attach_disconnected) {
48+ capability,
49+ mount,
50+ remount,
51+ umount,
52+ network,
53+ / rwkl,
54+ /** rwlkm,
55+ /** pix,
56+ dbus,
57+ signal,
58+ ptrace,
59+}

Subscribers

People subscribed via source and target branches