Merge lp:~jdstrand/network-manager/network-manager-lp1296415 into lp:~network-manager/network-manager/ubuntu

Proposed by Jamie Strandboge on 2014-06-24
Status: Rejected
Rejected by: Jamie Strandboge on 2014-07-17
Proposed branch: lp:~jdstrand/network-manager/network-manager-lp1296415
Merge into: lp:~network-manager/network-manager/ubuntu
Diff against target: 116 lines (+54/-1)
7 files modified
debian/changelog (+12/-0)
debian/control (+2/-1)
debian/network-manager.dirs (+1/-0)
debian/network-manager.install (+1/-0)
debian/network-manager.upstart (+4/-0)
debian/rules (+4/-0)
debian/usr.sbin.NetworkManager (+30/-0)
To merge this branch: bzr merge lp:~jdstrand/network-manager/network-manager-lp1296415
Reviewer Review Type Date Requested Status
Network-manager 2014-06-24 Pending
Review via email: mp+224363@code.launchpad.net

Description of the change

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.sbin.NetworkManager
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/network-manager.dirs: add etc/apparmor.d
    - debian/network-manager.install: install profile in to place
    - debian/network-manager.upstart: update to load AppArmor profile

To post a comment you must log in.
842. By Jamie Strandboge on 2014-06-24

debian/usr.sbin.NetworkManager: use Pix for /usr/lib/NetworkManager/**

843. By Jamie Strandboge on 2014-06-24

debian/usr.sbin.NetworkManager: simplify exec transition and more closely mimic
unconfined

Jamie Strandboge (jdstrand) wrote :

Rejecting for now since we won't be implementing this (see bug description).

Unmerged revisions

843. By Jamie Strandboge on 2014-06-24

debian/usr.sbin.NetworkManager: simplify exec transition and more closely mimic
unconfined

842. By Jamie Strandboge on 2014-06-24

debian/usr.sbin.NetworkManager: use Pix for /usr/lib/NetworkManager/**

841. By Jamie Strandboge on 2014-06-24

* add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
  - add debian/usr.sbin.NetworkManager
  - debian/control: Build-Depends on dh-apparmor
  - debian/rules: update override_dh_installdeb to use dh_apparmor
  - debian/network-manager.dirs: add etc/apparmor.d
  - debian/network-manager.install: install profile in to place
  - debian/network-manager.upstart: update to load AppArmor profile

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2014-06-11 18:43:53 +0000
+++ debian/changelog 2014-06-24 22:15:21 +0000
@@ -1,3 +1,15 @@
1network-manager (0.9.8.8-0ubuntu19) UNRELEASED; urgency=medium
2
3 * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
4 - add debian/usr.sbin.NetworkManager
5 - debian/control: Build-Depends on dh-apparmor
6 - debian/rules: update override_dh_installdeb to use dh_apparmor
7 - debian/network-manager.dirs: add etc/apparmor.d
8 - debian/network-manager.install: install profile in to place
9 - debian/network-manager.upstart: update to load AppArmor profile
10
11 -- Jamie Strandboge <jamie@ubuntu.com> Tue, 24 Jun 2014 12:46:49 -0500
12
1network-manager (0.9.8.8-0ubuntu18) utopic; urgency=medium13network-manager (0.9.8.8-0ubuntu18) utopic; urgency=medium
214
3 * debian/control: allow for ofono to be installed instead of modemmanager15 * debian/control: allow for ofono to be installed instead of modemmanager
416
=== modified file 'debian/control'
--- debian/control 2014-06-11 18:43:53 +0000
+++ debian/control 2014-06-24 22:15:21 +0000
@@ -38,7 +38,8 @@
38 python-gobject-2,38 python-gobject-2,
39 python-dbus,39 python-dbus,
40 gir1.2-glib-2.0,40 gir1.2-glib-2.0,
41 gir1.2-freedesktop41 gir1.2-freedesktop,
42 dh-apparmor
42Standards-Version: 3.9.443Standards-Version: 3.9.4
43Vcs-Bzr: https://code.launchpad.net/~network-manager/network-manager/ubuntu44Vcs-Bzr: https://code.launchpad.net/~network-manager/network-manager/ubuntu
44Homepage: http://www.gnome.org/projects/NetworkManager/45Homepage: http://www.gnome.org/projects/NetworkManager/
4546
=== modified file 'debian/network-manager.dirs'
--- debian/network-manager.dirs 2013-03-07 19:23:26 +0000
+++ debian/network-manager.dirs 2014-06-24 22:15:21 +0000
@@ -2,3 +2,4 @@
2etc/NetworkManager/system-connections/2etc/NetworkManager/system-connections/
3etc/NetworkManager/VPN/3etc/NetworkManager/VPN/
4etc/NetworkManager/dnsmasq.d/4etc/NetworkManager/dnsmasq.d/
5etc/apparmor.d/
56
=== modified file 'debian/network-manager.install'
--- debian/network-manager.install 2014-04-22 15:05:52 +0000
+++ debian/network-manager.install 2014-06-24 22:15:21 +0000
@@ -26,3 +26,4 @@
26debian/source_network-manager.py /usr/share/apport/package-hooks/26debian/source_network-manager.py /usr/share/apport/package-hooks/
27debian/NetworkManager.conf etc/NetworkManager/27debian/NetworkManager.conf etc/NetworkManager/
28debian/debug-helper.py usr/lib/NetworkManager/28debian/debug-helper.py usr/lib/NetworkManager/
29debian/usr.sbin.NetworkManager etc/apparmor.d/
2930
=== modified file 'debian/network-manager.upstart'
--- debian/network-manager.upstart 2012-05-22 22:09:44 +0000
+++ debian/network-manager.upstart 2014-06-24 22:15:21 +0000
@@ -13,6 +13,10 @@
13expect fork13expect fork
14respawn14respawn
1515
16pre-start script
17 /lib/init/apparmor-profile-load usr.sbin.NetworkManager
18end script
19
16script20script
17 # set $LANG so that messages appearing on the GUI will be translated. See LP: 87501721 # set $LANG so that messages appearing on the GUI will be translated. See LP: 875017
18 if [ -r /etc/default/locale ]; then22 if [ -r /etc/default/locale ]; then
1923
=== modified file 'debian/rules'
--- debian/rules 2014-04-22 15:05:52 +0000
+++ debian/rules 2014-06-24 22:15:21 +0000
@@ -123,6 +123,10 @@
123 AUTOPOINT='intltoolize --automake --copy' autoreconf --force --install --verbose; \123 AUTOPOINT='intltoolize --automake --copy' autoreconf --force --install --verbose; \
124 fi124 fi
125125
126override_dh_installdeb:
127 dh_apparmor --profile-name=usr.sbin.NetworkManager -pnetwork-manager
128 dh_installdeb
129
126GET_SOURCE = \130GET_SOURCE = \
127 set -e; \131 set -e; \
128 tmpdir=`mktemp -d -t`; \132 tmpdir=`mktemp -d -t`; \
129133
=== added file 'debian/usr.sbin.NetworkManager'
--- debian/usr.sbin.NetworkManager 1970-01-01 00:00:00 +0000
+++ debian/usr.sbin.NetworkManager 2014-06-24 22:15:21 +0000
@@ -0,0 +1,30 @@
1#include <tunables/global>
2
3# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
4/usr/sbin/NetworkManager (attach_disconnected) {
5 capability,
6 mount,
7 remount,
8 umount,
9 network,
10 dbus,
11 signal,
12 ptrace,
13 / rwkl,
14 /** rwlkm,
15 /** pix,
16}
17
18/etc/NetworkManager/dispatcher.d/03mmsproxy (attach_disconnected) {
19 capability,
20 mount,
21 remount,
22 umount,
23 network,
24 / rwkl,
25 /** rwlkm,
26 /** pix,
27 dbus,
28 signal,
29 ptrace,
30}

Subscribers

People subscribed via source and target branches