Media Hub

Merge lp:~jdstrand/media-hub/1356883 into lp:media-hub

  1. 1356883
  2. Merge into trunk
Proposed by Jamie Strandboge
Status: Merged
Approved by: Jim Hodapp
Approved revision: 58
Merged at revision: 75
Proposed branch: lp:~jdstrand/media-hub/1356883
Merge into: lp:media-hub
Diff against target: 31 lines (+8/-0)
1 file modified
debian/usr.bin.media-hub-server (+8/-0)
To merge this branch: bzr merge lp:~jdstrand/media-hub/1356883
Reviewer Review Type Date Requested Status
Jim Hodapp (community) Approve
PS Jenkins bot continuous-integration Approve
Review via email: mp+231962@code.launchpad.net

Commit message

debian/usr.bin.media-hub-server: update for recent denials:
- allow read access to /etc/udev/udev.conf (LP: #1356883)
- add video abstraction
- silence access to /run/udev/data/** like we do elsewhere
- allow read on /dev/video*
- allow read on /sys/devices/**/video4linux/video**
- allow read on /sys/devices/**/video4linux/**/uevent

Description of the change

allow read access to /etc/udev/udev.conf for gstreamer. This access is a common noisy denial and not high priority, but it may be confusing for people so just allow it (the contents of the file are harmless). Allow several other readonly accesses based on denials seen with mediascanner2.

The rules only add accesses that were previously denied so there should be no risk of regression. You can test the profile compiles with:
$ apparmor_parser -QTK ./debian/usr.bin.media-hub-server

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:57
http://jenkins.qa.ubuntu.com/job/media-hub-ci/86/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-amd64-ci/28
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-armhf-ci/27
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-armhf-ci/27/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-i386-ci/26

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/86/rebuild

review: Approve (continuous-integration)
lp:~jdstrand/media-hub/1356883 updated
58. By Jamie Strandboge

few more apparmor updates:
- add video abstraction
- silence access to /run/udev/data/** like we do elsewhere
- allow read on /dev/video*
- allow read on /sys/devices/**/video4linux/**/uevent

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:58
http://jenkins.qa.ubuntu.com/job/media-hub-ci/113/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-amd64-ci/55
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-armhf-ci/54
        deb: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-armhf-ci/54/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/media-hub-utopic-i386-ci/53

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/media-hub-ci/113/rebuild

review: Approve (continuous-integration)
Revision history for this message
Jim Hodapp (jhodapp) wrote :

Compiles fine with apparmor_parser and no regressions in functionality that I can find. Thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/usr.bin.media-hub-server'
2--- debian/usr.bin.media-hub-server 2014-08-18 19:53:50 +0000
3+++ debian/usr.bin.media-hub-server 2014-09-04 19:23:51 +0000
4@@ -7,6 +7,7 @@
5 #include <abstractions/dbus-session>
6 #include <abstractions/dbus-strict>
7 #include <abstractions/user-tmp>
8+ #include <abstractions/video>
9 #include "/usr/share/apparmor/hardware/audio.d"
10 #include "/usr/share/apparmor/hardware/graphics.d"
11 #include "/usr/share/apparmor/hardware/video.d"
12@@ -23,6 +24,9 @@
13 owner @{PROC}/[0-9]*/task/[0-9]*/ r,
14 owner @{PROC}/[0-9]*/cmdline r,
15
16+ /etc/udev/udev.conf r,
17+ deny /run/udev/data/** r,
18+
19 # specific to the mediatek soc
20 @{PROC}/xlog/setfil r,
21 @{PROC}/M4U_device r,
22@@ -32,6 +36,10 @@
23 /dev/devmap r,
24 @{PROC}/mtk_mdp_cmdq r,
25
26+ /dev/video* r,
27+ /sys/devices/**/video4linux/video** r,
28+ /sys/devices/**/video4linux/**/uevent r,
29+
30 /sys/kernel/debug/tracing/trace_marker w,
31 /dev/ashmem rw,
32

Subscribers

People subscribed via source and target branches