apparmor-easyprof-ubuntu

Merge lp:~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-loading-16.04 into lp:~ubuntu-security/apparmor-easyprof-ubuntu/16.04-stable-phone-overlay

  1. fix-hybris-linker-loading-16.04
  2. Merge into 16.04-stable-phone-overlay
Proposed by Simon Fels
Status: Merged
Merged at revision: 49
Proposed branch: lp:~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-loading-16.04
Merge into: lp:~ubuntu-security/apparmor-easyprof-ubuntu/16.04-stable-phone-overlay
Diff against target: 121 lines (+15/-0)
10 files modified
data/templates/ubuntu/1.0/ubuntu-sdk (+1/-0)
data/templates/ubuntu/1.0/ubuntu-webapp (+1/-0)
data/templates/ubuntu/1.1/ubuntu-sdk (+1/-0)
data/templates/ubuntu/1.1/ubuntu-webapp (+1/-0)
data/templates/ubuntu/1.2/ubuntu-account-plugin (+1/-0)
data/templates/ubuntu/1.2/ubuntu-scope-network (+1/-0)
data/templates/ubuntu/1.3/ubuntu-sdk (+1/-0)
data/templates/ubuntu/15.10/ubuntu-account-plugin (+1/-0)
debian/changelog (+6/-0)
pending/templates/ubuntu-scope-local-content (+1/-0)
To merge this branch: bzr merge lp:~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-loading-16.04
Reviewer Review Type Date Requested Status
Pat McGowan (community) Approve
Jamie Strandboge (community) Needs Fixing
Review via email: mp+297626@code.launchpad.net

Description of the change

Adjust libhybris rules for new dynamic linker loading

libhybris is now capable of loading a linker implementation dynamically at runtime. This requires us to allow another path for all applications to access.

To post a comment you must log in.
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This change is fine for 16.04 since an upgrade to the 16.04 base from 15.04 will generate a policy recompile.

Importantly, this change on a 15.04 system will trigger an apparmor recompile for all policy on the next OTA upgrade. This may take 2-3 minutes on an average system and thus also requires an ack from the Touch release team.

That said, I suggest using this instead for future proofing:
- /usr/lib/@{multiarch}/libhybris/*.so mr,
+ /usr/lib/@{multiarch}/libhybris/**.so mr,

review: Needs Fixing
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Can you adjust this to use '/usr/lib/@{multiarch}/libhybris/**.so mr,' as well?

lp:~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-loading-16.04 updated
51. By Simon Fels

Respect review comments

Revision history for this message
Simon Fels (morphis) wrote :

@Jamie: Done

Revision history for this message
Simon Fels (morphis) wrote :

Included the package for landing in the overlay in silo https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/landing-016/

Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

lgtm

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'data/templates/ubuntu/1.0/ubuntu-sdk'
2--- data/templates/ubuntu/1.0/ubuntu-sdk 2015-07-08 14:08:47 +0000
3+++ data/templates/ubuntu/1.0/ubuntu-sdk 2016-07-08 08:01:59 +0000
4@@ -299,6 +299,7 @@
5 # libhybris
6 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
7 /usr/lib/@{multiarch}/libhybris/*.so mr,
8+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
9 /{,android/}system/build.prop r,
10 # These libraries can be in any of:
11 # /vendor/lib
12
13=== modified file 'data/templates/ubuntu/1.0/ubuntu-webapp'
14--- data/templates/ubuntu/1.0/ubuntu-webapp 2015-07-23 21:24:20 +0000
15+++ data/templates/ubuntu/1.0/ubuntu-webapp 2016-07-08 08:01:59 +0000
16@@ -262,6 +262,7 @@
17 # libhybris
18 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
19 /usr/lib/@{multiarch}/libhybris/*.so mr,
20+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
21 /{,android/}system/build.prop r,
22 # These libraries can be in any of:
23 # /vendor/lib
24
25=== modified file 'data/templates/ubuntu/1.1/ubuntu-sdk'
26--- data/templates/ubuntu/1.1/ubuntu-sdk 2015-07-08 14:08:47 +0000
27+++ data/templates/ubuntu/1.1/ubuntu-sdk 2016-07-08 08:01:59 +0000
28@@ -298,6 +298,7 @@
29 # libhybris
30 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
31 /usr/lib/@{multiarch}/libhybris/*.so mr,
32+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
33 /{,android/}system/build.prop r,
34 # These libraries can be in any of:
35 # /vendor/lib
36
37=== modified file 'data/templates/ubuntu/1.1/ubuntu-webapp'
38--- data/templates/ubuntu/1.1/ubuntu-webapp 2015-07-23 21:24:20 +0000
39+++ data/templates/ubuntu/1.1/ubuntu-webapp 2016-07-08 08:01:59 +0000
40@@ -269,6 +269,7 @@
41 # libhybris
42 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
43 /usr/lib/@{multiarch}/libhybris/*.so mr,
44+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
45 /{,android/}system/build.prop r,
46 # These libraries can be in any of:
47 # /vendor/lib
48
49=== modified file 'data/templates/ubuntu/1.2/ubuntu-account-plugin'
50--- data/templates/ubuntu/1.2/ubuntu-account-plugin 2015-07-08 14:08:47 +0000
51+++ data/templates/ubuntu/1.2/ubuntu-account-plugin 2016-07-08 08:01:59 +0000
52@@ -163,6 +163,7 @@
53 # libhybris
54 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
55 /usr/lib/@{multiarch}/libhybris/*.so mr,
56+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
57 /{,android/}system/build.prop r,
58 # These libraries can be in any of:
59 # /vendor/lib
60
61=== modified file 'data/templates/ubuntu/1.2/ubuntu-scope-network'
62--- data/templates/ubuntu/1.2/ubuntu-scope-network 2015-04-10 22:02:20 +0000
63+++ data/templates/ubuntu/1.2/ubuntu-scope-network 2016-07-08 08:01:59 +0000
64@@ -14,6 +14,7 @@
65 # libhybris
66 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
67 /usr/lib/@{multiarch}/libhybris/*.so mr,
68+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
69 /{,android/}system/build.prop r,
70 # These libraries can be in any of:
71 # /vendor/lib
72
73=== modified file 'data/templates/ubuntu/1.3/ubuntu-sdk'
74--- data/templates/ubuntu/1.3/ubuntu-sdk 2015-11-19 21:20:24 +0000
75+++ data/templates/ubuntu/1.3/ubuntu-sdk 2016-07-08 08:01:59 +0000
76@@ -298,6 +298,7 @@
77 # libhybris
78 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
79 /usr/lib/@{multiarch}/libhybris/*.so mr,
80+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
81 /{,android/}system/build.prop r,
82 # These libraries can be in any of:
83 # /vendor/lib
84
85=== modified file 'data/templates/ubuntu/15.10/ubuntu-account-plugin'
86--- data/templates/ubuntu/15.10/ubuntu-account-plugin 2015-07-29 20:16:27 +0000
87+++ data/templates/ubuntu/15.10/ubuntu-account-plugin 2016-07-08 08:01:59 +0000
88@@ -163,6 +163,7 @@
89 # libhybris
90 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
91 /usr/lib/@{multiarch}/libhybris/*.so mr,
92+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
93 /{,android/}system/build.prop r,
94 # These libraries can be in any of:
95 # /vendor/lib
96
97=== modified file 'debian/changelog'
98--- debian/changelog 2016-05-10 22:07:51 +0000
99+++ debian/changelog 2016-07-08 08:01:59 +0000
100@@ -1,3 +1,9 @@
101+apparmor-easyprof-ubuntu (16.04.7) xenial; urgency=medium
102+
103+ * Allow libhybris to load its linker implementation at runtime.
104+
105+ -- Simon Fels <simon.fels@canonical.com> Thu, 16 Jun 2016 11:56:04 +0200
106+
107 apparmor-easyprof-ubuntu (16.04.6) xenial; urgency=medium
108
109 * add reserved ubuntu/bluetooth (LP: #1569582)
110
111=== modified file 'pending/templates/ubuntu-scope-local-content'
112--- pending/templates/ubuntu-scope-local-content 2015-02-03 22:08:27 +0000
113+++ pending/templates/ubuntu-scope-local-content 2016-07-08 08:01:59 +0000
114@@ -16,6 +16,7 @@
115 # libhybris
116 /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific)
117 /usr/lib/@{multiarch}/libhybris/*.so mr,
118+ /usr/lib/@{multiarch}/libhybris/linker/**.so mr,
119 /{,android/}system/build.prop r,
120 # These libraries can be in any of:
121 # /vendor/lib

Subscribers

People subscribed via source and target branches