NetworkManager

Merge lp:~jdstrand/network-manager/network-manager-lp1296415 into lp:~network-manager/network-manager/ubuntu

  1. network-manager-lp1296415
  2. Merge into ubuntu
Proposed by Jamie Strandboge
Status: Rejected
Rejected by: Jamie Strandboge
Proposed branch: lp:~jdstrand/network-manager/network-manager-lp1296415
Merge into: lp:~network-manager/network-manager/ubuntu
Diff against target: 116 lines (+54/-1)
7 files modified
debian/changelog (+12/-0)
debian/control (+2/-1)
debian/network-manager.dirs (+1/-0)
debian/network-manager.install (+1/-0)
debian/network-manager.upstart (+4/-0)
debian/rules (+4/-0)
debian/usr.sbin.NetworkManager (+30/-0)
To merge this branch: bzr merge lp:~jdstrand/network-manager/network-manager-lp1296415
Reviewer Review Type Date Requested Status
Network-manager Pending
Review via email: mp+224363@code.launchpad.net

Description of the change

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.sbin.NetworkManager
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/network-manager.dirs: add etc/apparmor.d
    - debian/network-manager.install: install profile in to place
    - debian/network-manager.upstart: update to load AppArmor profile

To post a comment you must log in.
lp:~jdstrand/network-manager/network-manager-lp1296415 updated
842. By Jamie Strandboge

debian/usr.sbin.NetworkManager: use Pix for /usr/lib/NetworkManager/**

843. By Jamie Strandboge

debian/usr.sbin.NetworkManager: simplify exec transition and more closely mimic
unconfined

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Rejecting for now since we won't be implementing this (see bug description).

Unmerged revisions

843. By Jamie Strandboge

debian/usr.sbin.NetworkManager: simplify exec transition and more closely mimic
unconfined

842. By Jamie Strandboge

debian/usr.sbin.NetworkManager: use Pix for /usr/lib/NetworkManager/**

841. By Jamie Strandboge

* add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
  - add debian/usr.sbin.NetworkManager
  - debian/control: Build-Depends on dh-apparmor
  - debian/rules: update override_dh_installdeb to use dh_apparmor
  - debian/network-manager.dirs: add etc/apparmor.d
  - debian/network-manager.install: install profile in to place
  - debian/network-manager.upstart: update to load AppArmor profile

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2014-06-11 18:43:53 +0000
3+++ debian/changelog 2014-06-24 22:15:21 +0000
4@@ -1,3 +1,15 @@
5+network-manager (0.9.8.8-0ubuntu19) UNRELEASED; urgency=medium
6+
7+ * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
8+ - add debian/usr.sbin.NetworkManager
9+ - debian/control: Build-Depends on dh-apparmor
10+ - debian/rules: update override_dh_installdeb to use dh_apparmor
11+ - debian/network-manager.dirs: add etc/apparmor.d
12+ - debian/network-manager.install: install profile in to place
13+ - debian/network-manager.upstart: update to load AppArmor profile
14+
15+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 24 Jun 2014 12:46:49 -0500
16+
17 network-manager (0.9.8.8-0ubuntu18) utopic; urgency=medium
18
19 * debian/control: allow for ofono to be installed instead of modemmanager
20
21=== modified file 'debian/control'
22--- debian/control 2014-06-11 18:43:53 +0000
23+++ debian/control 2014-06-24 22:15:21 +0000
24@@ -38,7 +38,8 @@
25 python-gobject-2,
26 python-dbus,
27 gir1.2-glib-2.0,
28- gir1.2-freedesktop
29+ gir1.2-freedesktop,
30+ dh-apparmor
31 Standards-Version: 3.9.4
32 Vcs-Bzr: https://code.launchpad.net/~network-manager/network-manager/ubuntu
33 Homepage: http://www.gnome.org/projects/NetworkManager/
34
35=== modified file 'debian/network-manager.dirs'
36--- debian/network-manager.dirs 2013-03-07 19:23:26 +0000
37+++ debian/network-manager.dirs 2014-06-24 22:15:21 +0000
38@@ -2,3 +2,4 @@
39 etc/NetworkManager/system-connections/
40 etc/NetworkManager/VPN/
41 etc/NetworkManager/dnsmasq.d/
42+etc/apparmor.d/
43
44=== modified file 'debian/network-manager.install'
45--- debian/network-manager.install 2014-04-22 15:05:52 +0000
46+++ debian/network-manager.install 2014-06-24 22:15:21 +0000
47@@ -26,3 +26,4 @@
48 debian/source_network-manager.py /usr/share/apport/package-hooks/
49 debian/NetworkManager.conf etc/NetworkManager/
50 debian/debug-helper.py usr/lib/NetworkManager/
51+debian/usr.sbin.NetworkManager etc/apparmor.d/
52
53=== modified file 'debian/network-manager.upstart'
54--- debian/network-manager.upstart 2012-05-22 22:09:44 +0000
55+++ debian/network-manager.upstart 2014-06-24 22:15:21 +0000
56@@ -13,6 +13,10 @@
57 expect fork
58 respawn
59
60+pre-start script
61+ /lib/init/apparmor-profile-load usr.sbin.NetworkManager
62+end script
63+
64 script
65 # set $LANG so that messages appearing on the GUI will be translated. See LP: 875017
66 if [ -r /etc/default/locale ]; then
67
68=== modified file 'debian/rules'
69--- debian/rules 2014-04-22 15:05:52 +0000
70+++ debian/rules 2014-06-24 22:15:21 +0000
71@@ -123,6 +123,10 @@
72 AUTOPOINT='intltoolize --automake --copy' autoreconf --force --install --verbose; \
73 fi
74
75+override_dh_installdeb:
76+ dh_apparmor --profile-name=usr.sbin.NetworkManager -pnetwork-manager
77+ dh_installdeb
78+
79 GET_SOURCE = \
80 set -e; \
81 tmpdir=`mktemp -d -t`; \
82
83=== added file 'debian/usr.sbin.NetworkManager'
84--- debian/usr.sbin.NetworkManager 1970-01-01 00:00:00 +0000
85+++ debian/usr.sbin.NetworkManager 2014-06-24 22:15:21 +0000
86@@ -0,0 +1,30 @@
87+#include <tunables/global>
88+
89+# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
90+/usr/sbin/NetworkManager (attach_disconnected) {
91+ capability,
92+ mount,
93+ remount,
94+ umount,
95+ network,
96+ dbus,
97+ signal,
98+ ptrace,
99+ / rwkl,
100+ /** rwlkm,
101+ /** pix,
102+}
103+
104+/etc/NetworkManager/dispatcher.d/03mmsproxy (attach_disconnected) {
105+ capability,
106+ mount,
107+ remount,
108+ umount,
109+ network,
110+ / rwkl,
111+ /** rwlkm,
112+ /** pix,
113+ dbus,
114+ signal,
115+ ptrace,
116+}

Subscribers

People subscribed via source and target branches