Merge lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415 into lp:ubuntu-download-manager

Proposed by Jamie Strandboge on 2014-06-24
Status: Rejected
Rejected by: Jamie Strandboge on 2014-07-17
Proposed branch: lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415
Merge into: lp:ubuntu-download-manager
Diff against target: 64 lines (+24/-1)
5 files modified
debian/control (+2/-1)
debian/rules (+4/-0)
debian/ubuntu-download-manager.dirs (+1/-0)
debian/ubuntu-download-manager.install (+1/-0)
debian/usr.bin.ubuntu-download-manager (+16/-0)
To merge this branch: bzr merge lp:~jdstrand/ubuntu-download-manager/ubuntu-download-manager-lp1296415
Reviewer Review Type Date Requested Status
Manuel de la Peña (community) 2014-06-24 Needs Fixing on 2014-07-15
PS Jenkins bot continuous-integration Approve on 2014-06-25
Review via email: mp+224367@code.launchpad.net

Commit message

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.bin.ubuntu-download-manager
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/ubuntu-download-manager.dirs: add etc/apparmor.d
    - debian/ubuntu-download-manager.install: install profile in to place

Description of the change

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.bin.ubuntu-download-manager
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/ubuntu-download-manager.dirs: add etc/apparmor.d
    - debian/ubuntu-download-manager.install: install profile in to place

To post a comment you must log in.
304. By Jamie Strandboge on 2014-06-24

debian/usr.bin.ubuntu-download-manager: more closely mimic unconfined with
exec transitions

Manuel de la Peña (mandel) wrote :

The projects has two diff binaries that need the same rights, can you please update the MP so that ubuntu-upload-manager security is correctly set?

PS: Sorry for the late review.

review: Needs Fixing
Jamie Strandboge (jdstrand) wrote :

Rejecting for now since we won't be implementing this (see bug description).

Unmerged revisions

304. By Jamie Strandboge on 2014-06-24

debian/usr.bin.ubuntu-download-manager: more closely mimic unconfined with
exec transitions

303. By Jamie Strandboge on 2014-06-24

 * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
   - add debian/usr.bin.ubuntu-download-manager
   - debian/control: Build-Depends on dh-apparmor
   - debian/rules: update override_dh_installdeb to use dh_apparmor
   - debian/ubuntu-download-manager.dirs: add etc/apparmor.d
   - debian/ubuntu-download-manager.install: install profile in to place

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/control'
--- debian/control 2014-04-30 14:59:42 +0000
+++ debian/control 2014-06-24 22:25:16 +0000
@@ -16,7 +16,8 @@
16 libgoogle-glog-dev,16 libgoogle-glog-dev,
17 qtdeclarative5-dev,17 qtdeclarative5-dev,
18 qtdeclarative5-dev-tools,18 qtdeclarative5-dev-tools,
19 qtdeclarative5-test-plugin19 qtdeclarative5-test-plugin,
20 dh-apparmor
20Maintainer: Manuel de la Peña <manuel.delapena@canonical.com>21Maintainer: Manuel de la Peña <manuel.delapena@canonical.com>
21Standards-Version: 3.9.522Standards-Version: 3.9.5
22Homepage: https://launchpad.net/ubuntu-system-image23Homepage: https://launchpad.net/ubuntu-system-image
2324
=== modified file 'debian/rules'
--- debian/rules 2014-04-09 11:31:21 +0000
+++ debian/rules 2014-06-24 22:25:16 +0000
@@ -26,6 +26,10 @@
26override_dh_auto_configure:26override_dh_auto_configure:
27 dh_auto_configure -- -DCMAKE_INSTALL_LIBEXECDIR=/usr/lib/$(DEB_HOST_MULTIARCH)27 dh_auto_configure -- -DCMAKE_INSTALL_LIBEXECDIR=/usr/lib/$(DEB_HOST_MULTIARCH)
2828
29override_dh_installdeb:
30 dh_apparmor --profile-name=usr.bin.ubuntu-download-manager -pubuntu-download-manager
31 dh_installdeb
32
29dh_auto_install:33dh_auto_install:
30 rm -f debian/tmp/usr/lib/*.so34 rm -f debian/tmp/usr/lib/*.so
31 dh_install --fail-missing35 dh_install --fail-missing
3236
=== added file 'debian/ubuntu-download-manager.dirs'
--- debian/ubuntu-download-manager.dirs 1970-01-01 00:00:00 +0000
+++ debian/ubuntu-download-manager.dirs 2014-06-24 22:25:16 +0000
@@ -0,0 +1,1 @@
1etc/apparmor.d
02
=== modified file 'debian/ubuntu-download-manager.install'
--- debian/ubuntu-download-manager.install 2014-04-21 14:14:33 +0000
+++ debian/ubuntu-download-manager.install 2014-06-24 22:25:16 +0000
@@ -2,3 +2,4 @@
2usr/share/dbus-1/services/ubuntu-download-manager.service2usr/share/dbus-1/services/ubuntu-download-manager.service
3usr/share/dbus-1/system-services/com.canonical.applications.Downloader.service3usr/share/dbus-1/system-services/com.canonical.applications.Downloader.service
4etc/dbus-1/system.d/com.canonical.applications.Downloader.conf4etc/dbus-1/system.d/com.canonical.applications.Downloader.conf
5debian/usr.bin.ubuntu-download-manager etc/apparmor.d
56
=== added file 'debian/usr.bin.ubuntu-download-manager'
--- debian/usr.bin.ubuntu-download-manager 1970-01-01 00:00:00 +0000
+++ debian/usr.bin.ubuntu-download-manager 2014-06-24 22:25:16 +0000
@@ -0,0 +1,16 @@
1#include <tunables/global>
2
3# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
4/usr/bin/ubuntu-download-manager (attach_disconnected) {
5 capability,
6 mount,
7 remount,
8 umount,
9 network,
10 / rwkl,
11 /** rwlkm,
12 /** pix,
13 dbus,
14 signal,
15 ptrace,
16}

Subscribers

People subscribed via source and target branches