Merge into trunk : ubuntu-download-manager-lp1296415 : Code : ubuntu-download-manager

Status:

Rejected

Rejected by:

Jamie Strandboge on 2014-07-17

Proposed branch:

lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415

Merge into:

lp:ubuntu-download-manager

Diff against target:

64 lines (+24/-1)

5 files modified

debian/control (+2/-1)
debian/rules (+4/-0)
debian/ubuntu-download-manager.dirs (+1/-0)
debian/ubuntu-download-manager.install (+1/-0)
debian/usr.bin.ubuntu-download-manager (+16/-0)

To merge this branch:

bzr merge lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415

Wishlist

Triaged

Link a bug report

Reviewer	Review Type	Date Requested	Status
Manuel de la Peña (community)		2014-06-24	Needs Fixing on 2014-07-15
PS Jenkins bot	continuous-integration		Approve on 2014-06-25
Review via email: mp+224367@code.launchpad.net

Commit message

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.bin.ubuntu-download-manager
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/ubuntu-download-manager.dirs: add etc/apparmor.d
    - debian/ubuntu-download-manager.install: install profile in to place

Description of the change

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.bin.ubuntu-download-manager
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/ubuntu-download-manager.dirs: add etc/apparmor.d
    - debian/ubuntu-download-manager.install: install profile in to place

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2014-06-24:

#

PASSED: Continuous integration, rev:303
http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-ci/678/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-utopic-amd64-ci/37
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-utopic-armhf-ci/37
        deb: http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-utopic-armhf-ci/37/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-download-manager-ci/678/rebuild

review: Approve (continuous-integration)

lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415 updated on 2014-06-24

304. By Jamie Strandboge on 2014-06-24: debian/usr.bin.ubuntu-download-manager: more closely mimic unconfined with
exec transitions

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2014-06-25:

#

PASSED: Continuous integration, rev:304
http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-ci/679/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-utopic-amd64-ci/38
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-utopic-armhf-ci/38
        deb: http://jenkins.qa.ubuntu.com/job/ubuntu-download-manager-utopic-armhf-ci/38/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-download-manager-ci/679/rebuild

review: Approve (continuous-integration)

Revision history for this message

Manuel de la Peña (mandel) wrote on 2014-07-15:

#

The projects has two diff binaries that need the same rights, can you please update the MP so that ubuntu-upload-manager security is correctly set?

PS: Sorry for the late review.

review: Needs Fixing

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-07-17:

#

Rejecting for now since we won't be implementing this (see bug description).

Unmerged revisions

304. By Jamie Strandboge on 2014-06-24: debian/usr.bin.ubuntu-download-manager: more closely mimic unconfined with
exec transitions
303. By Jamie Strandboge on 2014-06-24: * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
   - add debian/usr.bin.ubuntu-download-manager
   - debian/control: Build-Depends on dh-apparmor
   - debian/rules: update override_dh_installdeb to use dh_apparmor
   - debian/ubuntu-download-manager.dirs: add etc/apparmor.d
   - debian/ubuntu-download-manager.install: install profile in to place

1	=== modified file 'debian/control'
2	--- debian/control 2014-04-30 14:59:42 +0000
3	+++ debian/control 2014-06-24 22:25:16 +0000
4	@@ -16,7 +16,8 @@
5	libgoogle-glog-dev,
6	qtdeclarative5-dev,
7	qtdeclarative5-dev-tools,
8	- qtdeclarative5-test-plugin
9	+ qtdeclarative5-test-plugin,
10	+ dh-apparmor
11	Maintainer: Manuel de la Peña <manuel.delapena@canonical.com>
12	Standards-Version: 3.9.5
13	Homepage: https://launchpad.net/ubuntu-system-image
14
15	=== modified file 'debian/rules'
16	--- debian/rules 2014-04-09 11:31:21 +0000
17	+++ debian/rules 2014-06-24 22:25:16 +0000
18	@@ -26,6 +26,10 @@
19	override_dh_auto_configure:
20	dh_auto_configure -- -DCMAKE_INSTALL_LIBEXECDIR=/usr/lib/$(DEB_HOST_MULTIARCH)
21
22	+override_dh_installdeb:
23	+ dh_apparmor --profile-name=usr.bin.ubuntu-download-manager -pubuntu-download-manager
24	+ dh_installdeb
25	+
26	dh_auto_install:
27	rm -f debian/tmp/usr/lib/*.so
28	dh_install --fail-missing
29
30	=== added file 'debian/ubuntu-download-manager.dirs'
31	--- debian/ubuntu-download-manager.dirs 1970-01-01 00:00:00 +0000
32	+++ debian/ubuntu-download-manager.dirs 2014-06-24 22:25:16 +0000
33	@@ -0,0 +1,1 @@
34	+etc/apparmor.d
35
36	=== modified file 'debian/ubuntu-download-manager.install'
37	--- debian/ubuntu-download-manager.install 2014-04-21 14:14:33 +0000
38	+++ debian/ubuntu-download-manager.install 2014-06-24 22:25:16 +0000
39	@@ -2,3 +2,4 @@
40	usr/share/dbus-1/services/ubuntu-download-manager.service
41	usr/share/dbus-1/system-services/com.canonical.applications.Downloader.service
42	etc/dbus-1/system.d/com.canonical.applications.Downloader.conf
43	+debian/usr.bin.ubuntu-download-manager etc/apparmor.d
44
45	=== added file 'debian/usr.bin.ubuntu-download-manager'
46	--- debian/usr.bin.ubuntu-download-manager 1970-01-01 00:00:00 +0000
47	+++ debian/usr.bin.ubuntu-download-manager 2014-06-24 22:25:16 +0000
48	@@ -0,0 +1,16 @@
49	+#include <tunables/global>
50	+
51	+# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
52	+/usr/bin/ubuntu-download-manager (attach_disconnected) {
53	+ capability,
54	+ mount,
55	+ remount,
56	+ umount,
57	+ network,
58	+ / rwkl,
59	+ /** rwlkm,
60	+ /** pix,
61	+ dbus,
62	+ signal,
63	+ ptrace,
64	+}

ubuntu-download-manager

Merge lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415 into lp:ubuntu-download-manager

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers