ubuntu-system-settings

Merge lp:~jdstrand/ubuntu-system-settings/ubuntu-system-settings-lp1296415 into lp:ubuntu-system-settings

  1. ubuntu-system-settings-lp1296415
  2. Merge into trunk
Proposed by Jamie Strandboge
Status: Merged
Approved by: Sebastien Bacher
Approved revision: 749
Merged at revision: 767
Proposed branch: lp:~jdstrand/ubuntu-system-settings/ubuntu-system-settings-lp1296415
Merge into: lp:ubuntu-system-settings
Diff against target: 79 lines (+35/-0)
6 files modified
debian/changelog (+12/-0)
debian/control (+1/-0)
debian/rules (+4/-0)
debian/ubuntu-system-settings.dirs (+1/-0)
debian/ubuntu-system-settings.install (+1/-0)
debian/usr.bin.system-settings (+16/-0)
To merge this branch: bzr merge lp:~jdstrand/ubuntu-system-settings/ubuntu-system-settings-lp1296415
Reviewer Review Type Date Requested Status
Sebastien Bacher (community) Approve
PS Jenkins bot continuous-integration Needs Fixing
Review via email: mp+224368@code.launchpad.net

Commit message

* add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)

Description of the change

  * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
    - add debian/usr.bin.system-settings
    - debian/control: Build-Depends on dh-apparmor
    - debian/rules: update override_dh_installdeb to use dh_apparmor
    - debian/ubuntu-system-settings.dirs: add etc/apparmor.d
    - debian/ubuntu-system-settings.install: install profile in to place

To post a comment you must log in.
lp:~jdstrand/ubuntu-system-settings/ubuntu-system-settings-lp1296415 updated
749. By Jamie Strandboge

debian/usr.bin.system-settings: more closely mimic unconfined with exec
transitions

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:748
No commit message was specified in the merge proposal. Click on the following link and set the commit message (if you want a jenkins rebuild you need to trigger it yourself):
https://code.launchpad.net/~jdstrand/ubuntu-system-settings/ubuntu-system-settings-lp1296415/+merge/224368/+edit-commit-message

http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-ci/894/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-deb-autopilot-utopic-touch/1169
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-utopic/1041
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-amd64-ci/86
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-armhf-ci/86
        deb: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-armhf-ci/86/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-i386-ci/86
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-deb-autopilot-runner-mako/1517
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-armhf/2027
        deb: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-armhf/2027/artifact/work/output/*zip*/output.zip
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/8809
    SUCCESS: http://jenkins.qa.ubuntu.com/job/autopilot-testrunner-otto-utopic/873
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-amd64/1184
        deb: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-amd64/1184/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-system-settings-ci/894/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:749
No commit message was specified in the merge proposal. Click on the following link and set the commit message (if you want a jenkins rebuild you need to trigger it yourself):
https://code.launchpad.net/~jdstrand/ubuntu-system-settings/ubuntu-system-settings-lp1296415/+merge/224368/+edit-commit-message

http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-ci/895/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-deb-autopilot-utopic-touch/1177
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-utopic/1047
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-amd64-ci/87
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-armhf-ci/87
        deb: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-armhf-ci/87/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-i386-ci/87
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-deb-autopilot-runner-mako/1523
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-armhf/2039
        deb: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-armhf/2039/artifact/work/output/*zip*/output.zip
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/8821
    SUCCESS: http://jenkins.qa.ubuntu.com/job/autopilot-testrunner-otto-utopic/877
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-amd64/1190
        deb: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-amd64/1190/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-system-settings-ci/895/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Sebastien Bacher (seb128) wrote :

those changes looks fine to me, thanks

review: Approve
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, we reverted this for now since we won't be implementing this (see bug description). It also caused a side-effect bug #1342321, so reverting this change fixes that bug. See https://code.launchpad.net/~laney/ubuntu-system-settings/revert-apparmor/+merge/227225

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2014-06-23 13:52:20 +0000
3+++ debian/changelog 2014-06-24 22:26:16 +0000
4@@ -1,3 +1,15 @@
5+ubuntu-system-settings (0.3+14.10.20140623-0ubuntu2) UNRELEASED; urgency=medium
6+
7+ [ Jamie Strandboge ]
8+ * add lenient AppArmor profile to allow connecting to ofono (LP: #1296415)
9+ - add debian/usr.bin.system-settings
10+ - debian/control: Build-Depends on dh-apparmor
11+ - debian/rules: update override_dh_installdeb to use dh_apparmor
12+ - debian/ubuntu-system-settings.dirs: add etc/apparmor.d
13+ - debian/ubuntu-system-settings.install: install profile in to place
14+
15+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 23 Jun 2014 17:27:13 -0500
16+
17 ubuntu-system-settings (0.3+14.10.20140623-0ubuntu1) utopic; urgency=low
18
19 [ Mathieu Trudel-Lapierre ]
20
21=== modified file 'debian/control'
22--- debian/control 2014-06-18 15:02:51 +0000
23+++ debian/control 2014-06-24 22:26:16 +0000
24@@ -31,6 +31,7 @@
25 cmake,
26 pep8,
27 pyflakes,
28+ dh-apparmor,
29 Standards-Version: 3.9.4
30 Homepage: https://launchpad.net/ubuntu-system-settings
31 # If you aren't a member of ~system-settings-touch but need to upload packaging
32
33=== modified file 'debian/rules'
34--- debian/rules 2014-05-27 09:28:42 +0000
35+++ debian/rules 2014-06-24 22:26:16 +0000
36@@ -25,3 +25,7 @@
37
38 %:
39 dh $@ --fail-missing --with python2,migrations
40+
41+override_dh_installdeb:
42+ dh_apparmor --profile-name=usr.bin.system-settings -pubuntu-system-settings
43+ dh_installdeb
44
45=== added file 'debian/ubuntu-system-settings.dirs'
46--- debian/ubuntu-system-settings.dirs 1970-01-01 00:00:00 +0000
47+++ debian/ubuntu-system-settings.dirs 2014-06-24 22:26:16 +0000
48@@ -0,0 +1,1 @@
49+etc/apparmor.d
50
51=== modified file 'debian/ubuntu-system-settings.install'
52--- debian/ubuntu-system-settings.install 2014-04-10 19:32:52 +0000
53+++ debian/ubuntu-system-settings.install 2014-06-24 22:26:16 +0000
54@@ -5,3 +5,4 @@
55 usr/share/locale
56 usr/share/ubuntu/settings/system
57 usr/share/url-dispatcher
58+debian/usr.bin.system-settings etc/apparmor.d
59
60=== added file 'debian/usr.bin.system-settings'
61--- debian/usr.bin.system-settings 1970-01-01 00:00:00 +0000
62+++ debian/usr.bin.system-settings 2014-06-24 22:26:16 +0000
63@@ -0,0 +1,16 @@
64+#include <tunables/global>
65+
66+# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
67+/usr/bin/system-settings (attach_disconnected) {
68+ capability,
69+ mount,
70+ remount,
71+ umount,
72+ network,
73+ / rwkl,
74+ /** rwlkm,
75+ /** pix,
76+ dbus,
77+ signal,
78+ ptrace,
79+}

Subscribers

People subscribed via source and target branches