ubuntu-system-settings

Merge lp:~laney/ubuntu-system-settings/revert-apparmor into lp:ubuntu-system-settings

  1. revert-apparmor
  2. Merge into trunk
Proposed by Iain Lane
Status: Merged
Approved by: Sebastien Bacher
Approved revision: 806
Merged at revision: 812
Proposed branch: lp:~laney/ubuntu-system-settings/revert-apparmor
Merge into: lp:ubuntu-system-settings
Diff against target: 59 lines (+0/-23)
5 files modified
debian/control (+0/-1)
debian/rules (+0/-4)
debian/ubuntu-system-settings.dirs (+0/-1)
debian/ubuntu-system-settings.install (+0/-1)
debian/usr.bin.system-settings (+0/-16)
To merge this branch: bzr merge lp:~laney/ubuntu-system-settings/revert-apparmor
Reviewer Review Type Date Requested Status
Sebastien Bacher (community) Approve
PS Jenkins bot continuous-integration Approve
Review via email: mp+227225@code.launchpad.net

Commit message

revert lenient AppArmor profile since we won't be limiting access to ofono in this manner. Furthermore, due to a naive check in media-hub-server for the connecting process' profile name, this allows system-settings to playback files via media-hub-server again (LP: #1342321)

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:806
http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-ci/1014/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-deb-autopilot-utopic-touch/2147
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-utopic/1794
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-amd64-ci/206
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-armhf-ci/206
        deb: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-armhf-ci/206/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/ubuntu-system-settings-utopic-i386-ci/206
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-deb-autopilot-runner-mako/2361
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-armhf/3306
        deb: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-armhf/3306/artifact/work/output/*zip*/output.zip
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/10017
    SUCCESS: http://jenkins.qa.ubuntu.com/job/autopilot-testrunner-otto-utopic/1502
    SUCCESS: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-amd64/2007
        deb: http://jenkins.qa.ubuntu.com/job/generic-mediumtests-builder-utopic-amd64/2007/artifact/work/output/*zip*/output.zip

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/ubuntu-system-settings-ci/1014/rebuild

review: Approve (continuous-integration)
Revision history for this message
Sebastien Bacher (seb128) wrote :

thanks

review: Approve
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This probably also needs to create debian/ubuntu-system-settings.maintscript with:
rm_conffile /etc/apparmor.d/usr.bin.system-settings 0.3+14.10.20140715-0ubuntu2~

Revision history for this message
Iain Lane (laney) wrote :

On Fri, Jul 18, 2014 at 07:12:16PM -0000, Jamie Strandboge wrote:
> This probably also needs to create debian/ubuntu-system-settings.maintscript with:
> rm_conffile /etc/apparmor.d/usr.bin.system-settings 0.3+14.10.20140715-0ubuntu2~

True. I think this won't matter for system upgrades but for apt upgrades
we should do this. This branch landed so I'm going to propose another
one to add it.

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Right, I just confirmed this on r144, /etc/apparmor.d/usr.bin.system-settings is not present so the images are fixed now.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/control'
2--- debian/control 2014-07-11 23:29:19 +0000
3+++ debian/control 2014-07-17 16:39:20 +0000
4@@ -32,7 +32,6 @@
5 pep8,
6 python3-pep8,
7 pyflakes,
8- dh-apparmor,
9 Standards-Version: 3.9.4
10 Homepage: https://launchpad.net/ubuntu-system-settings
11 # If you aren't a member of ~system-settings-touch but need to upload packaging
12
13=== modified file 'debian/rules'
14--- debian/rules 2014-07-09 00:20:19 +0000
15+++ debian/rules 2014-07-17 16:39:20 +0000
16@@ -25,7 +25,3 @@
17
18 %:
19 dh $@ --fail-missing --with python3,migrations
20-
21-override_dh_installdeb:
22- dh_apparmor --profile-name=usr.bin.system-settings -pubuntu-system-settings
23- dh_installdeb
24
25=== removed file 'debian/ubuntu-system-settings.dirs'
26--- debian/ubuntu-system-settings.dirs 2014-06-24 20:15:04 +0000
27+++ debian/ubuntu-system-settings.dirs 1970-01-01 00:00:00 +0000
28@@ -1,1 +0,0 @@
29-etc/apparmor.d
30
31=== modified file 'debian/ubuntu-system-settings.install'
32--- debian/ubuntu-system-settings.install 2014-06-24 20:15:04 +0000
33+++ debian/ubuntu-system-settings.install 2014-07-17 16:39:20 +0000
34@@ -5,4 +5,3 @@
35 usr/share/locale
36 usr/share/ubuntu/settings/system
37 usr/share/url-dispatcher
38-debian/usr.bin.system-settings etc/apparmor.d
39
40=== removed file 'debian/usr.bin.system-settings'
41--- debian/usr.bin.system-settings 2014-06-24 22:25:42 +0000
42+++ debian/usr.bin.system-settings 1970-01-01 00:00:00 +0000
43@@ -1,16 +0,0 @@
44-#include <tunables/global>
45-
46-# Permissive profile to have profile name to limit access to ofonod (LP: #1296415)
47-/usr/bin/system-settings (attach_disconnected) {
48- capability,
49- mount,
50- remount,
51- umount,
52- network,
53- / rwkl,
54- /** rwlkm,
55- /** pix,
56- dbus,
57- signal,
58- ptrace,
59-}

Subscribers

People subscribed via source and target branches