Merge lp:~mvo/snappy-hub/snappy-examples-snap-yaml into lp:~snappy-dev/snappy-hub/snappy-examples
- snappy-examples-snap-yaml
- Merge into snappy-examples
Proposed by
Michael Vogt
Status: | Merged |
---|---|
Merged at revision: | 88 |
Proposed branch: | lp:~mvo/snappy-hub/snappy-examples-snap-yaml |
Merge into: | lp:~snappy-dev/snappy-hub/snappy-examples |
Diff against target: |
1726 lines (+139/-1415) 26 files modified
config-example-bash/meta/readme.md (+0/-9) config-example-bash/meta/snap.yaml (+17/-5) config-example/meta/readme.md (+0/-9) config-example/meta/snap.yaml (+18/-5) framework-template/bin/cli (+0/-28) framework-template/bin/svc (+0/-23) framework-template/meta/framework-policy/apparmor/policygroups/client (+0/-18) framework-template/meta/framework-policy/seccomp/policygroups/client (+0/-16) framework-template/meta/package.yaml (+0/-18) framework-template/meta/readme.md (+0/-26) framework-template/meta/svc.apparmor (+0/-59) framework-template/meta/svc.apparmor.boilerplate (+0/-196) framework-template/meta/svc.apparmor.unconfined (+0/-32) framework-template/meta/svc.seccomp (+0/-459) framework-template/meta/svc.seccomp.boilerplate (+0/-435) framework-template/meta/svc.seccomp.unconfined (+0/-4) go-example-webserver/meta/readme.md (+0/-3) go-example-webserver/meta/snap.yaml (+16/-10) hello-dbus/package-dir-app/meta/readme.md (+0/-3) hello-dbus/package-dir-app/meta/snap.yaml (+14/-9) hello-dbus/package-dir-fwk/meta/snap.yaml (+17/-11) hello-world/meta/readme.md (+0/-3) hello-world/meta/snap.yaml (+27/-15) licensed/meta/readme.md (+0/-3) licensed/meta/snap.yaml (+13/-6) python-xkcd-webserver/meta/snap.yaml (+17/-10) |
To merge this branch: | bzr merge lp:~mvo/snappy-hub/snappy-examples-snap-yaml |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Snappy Developers | Pending | ||
Review via email: mp+283960@code.launchpad.net |
Commit message
Description of the change
Update for the new snap.yaml format.
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === renamed file 'config-example-bash/meta/hello.png' => 'config-example-bash/meta/icon.png' |
2 | === removed file 'config-example-bash/meta/readme.md' |
3 | --- config-example-bash/meta/readme.md 2015-05-29 08:24:53 +0000 |
4 | +++ config-example-bash/meta/readme.md 1970-01-01 00:00:00 +0000 |
5 | @@ -1,9 +0,0 @@ |
6 | -Configuration example |
7 | - |
8 | -This is a simple example to how how to write a configure hook with bash. |
9 | - |
10 | -Run: |
11 | - |
12 | - config-example-bash.hello |
13 | - |
14 | -for usage instructions. |
15 | |
16 | === renamed file 'config-example-bash/meta/package.yaml' => 'config-example-bash/meta/snap.yaml' |
17 | --- config-example-bash/meta/package.yaml 2016-01-14 07:36:50 +0000 |
18 | +++ config-example-bash/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
19 | @@ -1,7 +1,19 @@ |
20 | name: config-example-bash |
21 | -version: 2.0 |
22 | -vendor: Michael Vogt <mvo@ubuntu.com> |
23 | -icon: meta/hello.png |
24 | -binaries: |
25 | - - name: bin/hello |
26 | +version: 3.0 |
27 | +summary: Configuration example |
28 | +description: | |
29 | + This is a simple example to how how to write a configure hook with bash. |
30 | + |
31 | + Run: |
32 | + |
33 | + config-example-bash.hello |
34 | + |
35 | + for usage instructions. |
36 | +apps: |
37 | + hello: |
38 | + command: bin/hello |
39 | + uses: [hello] |
40 | +uses: |
41 | + hello: |
42 | + type: migration-skill |
43 | |
44 | |
45 | === removed file 'config-example/meta/readme.md' |
46 | --- config-example/meta/readme.md 2015-05-29 08:24:53 +0000 |
47 | +++ config-example/meta/readme.md 1970-01-01 00:00:00 +0000 |
48 | @@ -1,9 +0,0 @@ |
49 | -Configuration example |
50 | - |
51 | -This is a simple example to how how to write a configure hook. |
52 | - |
53 | -Run: |
54 | - |
55 | - config-example.hello |
56 | - |
57 | -for usage instructions. |
58 | |
59 | === renamed file 'config-example/meta/package.yaml' => 'config-example/meta/snap.yaml' |
60 | --- config-example/meta/package.yaml 2016-01-14 07:36:50 +0000 |
61 | +++ config-example/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
62 | @@ -1,7 +1,20 @@ |
63 | name: config-example |
64 | -version: 2.0 |
65 | -vendor: Michael Vogt <mvo@ubuntu.com> |
66 | -icon: meta/hello.png |
67 | -binaries: |
68 | - - name: bin/hello |
69 | +version: 3.0 |
70 | +summary: Configuration example |
71 | +description: | |
72 | + This is a simple example to how how to write a configure hook. |
73 | + |
74 | + Run: |
75 | + |
76 | + config-example.hello |
77 | + |
78 | + for usage instructions. |
79 | +apps: |
80 | + hello: |
81 | + command: bin/hello |
82 | + uses: [hello] |
83 | +uses: |
84 | + hello: |
85 | + type: migration-skill |
86 | + |
87 | |
88 | |
89 | === removed directory 'framework-template' |
90 | === removed directory 'framework-template/bin' |
91 | === removed file 'framework-template/bin/cli' |
92 | --- framework-template/bin/cli 2015-08-20 23:40:09 +0000 |
93 | +++ framework-template/bin/cli 1970-01-01 00:00:00 +0000 |
94 | @@ -1,28 +0,0 @@ |
95 | -#!/usr/bin/python3 |
96 | - |
97 | -import sys |
98 | -import socket |
99 | - |
100 | -sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) |
101 | -fn = "\0fwk-name.sock" |
102 | -try: |
103 | - sock.connect(fn) |
104 | -except socket.error as e: |
105 | - print(e) |
106 | - sys.exit(1) |
107 | - |
108 | -try: |
109 | - preamble = "Received: " |
110 | - message = "hi there!" |
111 | - sock.sendall(bytes(message, 'utf-8')) |
112 | - amount_received = 0 |
113 | - amount_expected = len(preamble) + len(message) |
114 | - |
115 | - s = "" |
116 | - while amount_received < amount_expected: |
117 | - data = sock.recv(16) |
118 | - amount_received += len(data) |
119 | - s += data.decode('ascii') |
120 | - print(s) |
121 | -finally: |
122 | - sock.close() |
123 | |
124 | === removed file 'framework-template/bin/svc' |
125 | --- framework-template/bin/svc 2015-08-20 23:40:09 +0000 |
126 | +++ framework-template/bin/svc 1970-01-01 00:00:00 +0000 |
127 | @@ -1,23 +0,0 @@ |
128 | -#!/usr/bin/python3 |
129 | - |
130 | -import socket |
131 | -import sys |
132 | -import os |
133 | - |
134 | -fn = "\0fwk-name.sock" |
135 | - |
136 | -sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) |
137 | -sock.bind(fn) |
138 | -sock.listen(1) |
139 | - |
140 | -while True: |
141 | - connection, client_address = sock.accept() |
142 | - try: |
143 | - data = connection.recv(16) |
144 | - if data: |
145 | - connection.sendall(bytes("Received: %s" % data.decode('ascii'), |
146 | - 'utf-8')) |
147 | - else: |
148 | - break |
149 | - finally: |
150 | - connection.close() |
151 | |
152 | === removed directory 'framework-template/meta' |
153 | === removed directory 'framework-template/meta/framework-policy' |
154 | === removed directory 'framework-template/meta/framework-policy/apparmor' |
155 | === removed directory 'framework-template/meta/framework-policy/apparmor/policygroups' |
156 | === removed file 'framework-template/meta/framework-policy/apparmor/policygroups/client' |
157 | --- framework-template/meta/framework-policy/apparmor/policygroups/client 2015-08-20 23:48:09 +0000 |
158 | +++ framework-template/meta/framework-policy/apparmor/policygroups/client 1970-01-01 00:00:00 +0000 |
159 | @@ -1,18 +0,0 @@ |
160 | -# Description: allow using fwk-name |
161 | -# Usage: common |
162 | - |
163 | -# Add any AppArmor rules here needed to access your framework |
164 | - |
165 | -# Eg, dbus rule |
166 | -# dbus (send) |
167 | -# bus=system |
168 | -# path=/com/vendor/FwkName/Svc |
169 | -# interface=com.vendor.FwkName.Svc |
170 | -# member=Method |
171 | -# peer=(label=fwk-name_src_*), |
172 | - |
173 | -# Eg, named socket/file rule |
174 | -# /var/lib/apps/fwk-name/*/svc.sock rw, |
175 | - |
176 | -# Eg, abstract socket rule (the below works with the example code) |
177 | -unix (connect, send, receive) peer=(label=fwk-name_svc_*), |
178 | |
179 | === removed directory 'framework-template/meta/framework-policy/seccomp' |
180 | === removed directory 'framework-template/meta/framework-policy/seccomp/policygroups' |
181 | === removed file 'framework-template/meta/framework-policy/seccomp/policygroups/client' |
182 | --- framework-template/meta/framework-policy/seccomp/policygroups/client 2015-08-20 23:48:09 +0000 |
183 | +++ framework-template/meta/framework-policy/seccomp/policygroups/client 1970-01-01 00:00:00 +0000 |
184 | @@ -1,16 +0,0 @@ |
185 | -# Description: allow using fwk-name |
186 | -# Usage: common |
187 | - |
188 | -# Add any additional syscalls needed to access your framework |
189 | - |
190 | -# Eg, can communicate with fwk-name_svc abstract socket (this works with the |
191 | -# example code) |
192 | -connect |
193 | -getsockname |
194 | -recv |
195 | -recvmsg |
196 | -send |
197 | -sendto |
198 | -sendmsg |
199 | -socket |
200 | -socketpair |
201 | |
202 | === removed file 'framework-template/meta/hello.png' |
203 | Binary files framework-template/meta/hello.png 2015-08-20 22:51:29 +0000 and framework-template/meta/hello.png 1970-01-01 00:00:00 +0000 differ |
204 | === removed file 'framework-template/meta/package.yaml' |
205 | --- framework-template/meta/package.yaml 2015-08-20 23:40:09 +0000 |
206 | +++ framework-template/meta/package.yaml 1970-01-01 00:00:00 +0000 |
207 | @@ -1,18 +0,0 @@ |
208 | -name: fwk-name |
209 | -version: 0.0.1 |
210 | -vendor: Your Name <your.name@vendor.com> |
211 | -icon: meta/hello.png |
212 | -type: framework |
213 | -services: |
214 | - - name: svc |
215 | - start: bin/svc |
216 | - description: "Example service" |
217 | - security-policy: |
218 | - apparmor: meta/svc.apparmor |
219 | - seccomp: meta/svc.seccomp |
220 | -binaries: |
221 | - - name: cli |
222 | - exec: bin/cli |
223 | - description: "Example command that uses the above service" |
224 | - caps: |
225 | - - fwk-name_client |
226 | |
227 | === removed file 'framework-template/meta/readme.md' |
228 | --- framework-template/meta/readme.md 2015-08-20 23:48:09 +0000 |
229 | +++ framework-template/meta/readme.md 1970-01-01 00:00:00 +0000 |
230 | @@ -1,26 +0,0 @@ |
231 | -fwk-name test service and framework-policy |
232 | - |
233 | -This packaging can be used as boilerplate. The example code provides a simple |
234 | -UNIX abstract socket server and a cli command to access it. |
235 | - |
236 | -For strict confinement that works with the example code, use: |
237 | - security-policy: |
238 | - apparmor: meta/svc.apparmor |
239 | - seccomp: meta/svc.seccomp |
240 | - |
241 | -For strict confinement for new projeccts, use (adjusting as necessary): |
242 | - security-policy: |
243 | - apparmor: meta/svc.apparmor.boilerplate |
244 | - seccomp: meta/svc.seccomp.boilerplate |
245 | - |
246 | -To use permissive confinement (for testing purposes only): |
247 | - security-policy: |
248 | - apparmor: meta/svc.apparmor.unconfined |
249 | - seccomp: meta/svc.seccomp.unconfined |
250 | - |
251 | -For more information, see: |
252 | - * https://developer.ubuntu.com/en/snappy/guides/security-policy/ |
253 | - * https://developer.ubuntu.com/en/snappy/guides/filesystem-layout/ |
254 | - * https://developer.ubuntu.com/en/snappy/guides/frameworks/ |
255 | - * https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement |
256 | - * https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement/DevelopingFrameworkPolicy |
257 | |
258 | === removed file 'framework-template/meta/svc.apparmor' |
259 | --- framework-template/meta/svc.apparmor 2015-08-20 23:40:09 +0000 |
260 | +++ framework-template/meta/svc.apparmor 1970-01-01 00:00:00 +0000 |
261 | @@ -1,59 +0,0 @@ |
262 | -# |
263 | -# AppArmor confinement for fwk-name_svc |
264 | -# |
265 | - |
266 | -#include <tunables/global> |
267 | - |
268 | -# Specified profile variables |
269 | -###VAR### |
270 | - |
271 | -###PROFILEATTACH### (attach_disconnected) { |
272 | - #include <abstractions/base> |
273 | - #include <abstractions/openssl> |
274 | - |
275 | - # Explicitly deny ptrace for now since it can be abused to break out of the |
276 | - # seccomp sandbox. https://lkml.org/lkml/2015/3/18/823 |
277 | - audit deny ptrace (trace), |
278 | - |
279 | - # Explicitly deny mount, remount and umount |
280 | - audit deny mount, |
281 | - audit deny remount, |
282 | - audit deny umount, |
283 | - |
284 | - # Read-only for the install directory |
285 | - @{CLICK_DIR}/@{APP_PKGNAME}/ r, |
286 | - @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/ r, |
287 | - @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/** mrklix, |
288 | - |
289 | - # Read-only home area for other versions |
290 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/ r, |
291 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/ r, |
292 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/** mrkix, |
293 | - |
294 | - # Writable home area for this version. |
295 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/ w, |
296 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl, |
297 | - |
298 | - # Read-only system area for other versions |
299 | - /var/lib/apps/@{APP_PKGNAME}/ r, |
300 | - /var/lib/apps/@{APP_PKGNAME}/** mrkix, |
301 | - |
302 | - # Writable system area only for this version |
303 | - /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/ w, |
304 | - /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl, |
305 | - |
306 | - # The ubuntu-core-launcher creates an app-specific private restricted /tmp |
307 | - # and will fail to launch the app if something goes wrong. As such, we can |
308 | - # simply allow full access to /tmp. |
309 | - /tmp/ r, |
310 | - /tmp/** mrwlkix, |
311 | - |
312 | - # Framework service/binary specific rules below this line |
313 | - #include <abstractions/python> |
314 | - /usr/bin/python3* ixr, |
315 | - /etc/passwd r, |
316 | - /etc/group r, |
317 | - /etc/nsswitch.conf r, |
318 | - unix type=stream addr="@fwk-name.sock", |
319 | - |
320 | -} |
321 | |
322 | === removed file 'framework-template/meta/svc.apparmor.boilerplate' |
323 | --- framework-template/meta/svc.apparmor.boilerplate 2015-09-25 14:40:25 +0000 |
324 | +++ framework-template/meta/svc.apparmor.boilerplate 1970-01-01 00:00:00 +0000 |
325 | @@ -1,196 +0,0 @@ |
326 | -# |
327 | -# AppArmor confinement for fwk-name_svc |
328 | -# |
329 | - |
330 | -#include <tunables/global> |
331 | - |
332 | -# Specified profile variables |
333 | -###VAR### |
334 | - |
335 | -###PROFILEATTACH### (attach_disconnected) { |
336 | - #include <abstractions/base> |
337 | - #include <abstractions/openssl> |
338 | - |
339 | - # Explicitly deny ptrace for now since it can be abused to break out of the |
340 | - # seccomp sandbox. https://lkml.org/lkml/2015/3/18/823 |
341 | - audit deny ptrace (trace), |
342 | - |
343 | - # Explicitly deny mount, remount and umount |
344 | - audit deny mount, |
345 | - audit deny remount, |
346 | - audit deny umount, |
347 | - |
348 | - # Read-only for the install directory |
349 | - @{CLICK_DIR}/@{APP_PKGNAME}/ r, |
350 | - @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/ r, |
351 | - @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/** mrklix, |
352 | - |
353 | - # Read-only home area for other versions |
354 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/ r, |
355 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/ r, |
356 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/** mrkix, |
357 | - |
358 | - # Writable home area for this version. |
359 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/ w, |
360 | - owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl, |
361 | - |
362 | - # Read-only system area for other versions |
363 | - /var/lib/apps/@{APP_PKGNAME}/ r, |
364 | - /var/lib/apps/@{APP_PKGNAME}/** mrkix, |
365 | - |
366 | - # Writable system area only for this version |
367 | - /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/ w, |
368 | - /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl, |
369 | - |
370 | - # The ubuntu-core-launcher creates an app-specific private restricted /tmp |
371 | - # and will fail to launch the app if something goes wrong. As such, we can |
372 | - # simply allow full access to /tmp. |
373 | - /tmp/ r, |
374 | - /tmp/** mrwlkix, |
375 | - |
376 | - # Miscellaneous accesses |
377 | - /etc/mime.types r, |
378 | - @{PROC}/ r, |
379 | - /etc/{,writable/}hostname r, |
380 | - /etc/{,writable/}localtime r, |
381 | - /etc/{,writable/}timezone r, |
382 | - @{PROC}/sys/kernel/hostname r, |
383 | - @{PROC}/sys/kernel/osrelease r, |
384 | - @{PROC}/sys/fs/file-max r, |
385 | - @{PROC}/sys/kernel/pid_max r, |
386 | - # this leaks interface names and stats, but not in a way that is traceable |
387 | - # to the user/device |
388 | - @{PROC}/net/dev r, |
389 | - |
390 | - # |
391 | - # Various accesses that may or may not be required for your framework. |
392 | - # Adjust as necessary for your services. |
393 | - # |
394 | - |
395 | - # Python |
396 | - #include <abstractions/python> |
397 | - /usr/bin/python{,2,2.[0-9]*,3,3.[0-9]*} ixr, |
398 | - deny /usr/lib/python3*/{,**/}__pycache__/ w, # noisy |
399 | - deny /usr/lib/python3*/{,**/}__pycache__/**.pyc.[0-9]* w, |
400 | - |
401 | - # Perl |
402 | - #include <abstractions/perl> |
403 | - /usr/bin/perl{,5*} ixr, |
404 | - |
405 | - # Shell (do not usually need abstractions/bash) |
406 | - #include <abstractions/consoles> |
407 | - /bin/bash ixr, |
408 | - /bin/dash ixr, |
409 | - /etc/bash.bashrc r, |
410 | - /usr/share/terminfo/** r, |
411 | - /etc/inputrc r, |
412 | - deny @{HOME}/.inputrc r, |
413 | - # Common utilities for shell scripts |
414 | - /{,usr/}bin/{,g,m}awk ixr, |
415 | - /{,usr/}bin/basename ixr, |
416 | - /{,usr/}bin/bunzip2 ixr, |
417 | - /{,usr/}bin/bzcat ixr, |
418 | - /{,usr/}bin/bzdiff ixr, |
419 | - /{,usr/}bin/bzgrep ixr, |
420 | - /{,usr/}bin/bzip2 ixr, |
421 | - /{,usr/}bin/cat ixr, |
422 | - /{,usr/}bin/chmod ixr, |
423 | - /{,usr/}bin/cmp ixr, |
424 | - /{,usr/}bin/cp ixr, |
425 | - /{,usr/}bin/cpio ixr, |
426 | - /{,usr/}bin/cut ixr, |
427 | - /{,usr/}bin/date ixr, |
428 | - /{,usr/}bin/dd ixr, |
429 | - /{,usr/}bin/diff{,3} ixr, |
430 | - /{,usr/}bin/dir ixr, |
431 | - /{,usr/}bin/dirname ixr, |
432 | - /{,usr/}bin/echo ixr, |
433 | - /{,usr/}bin/{,e,f,r}grep ixr, |
434 | - /{,usr/}bin/env ixr, |
435 | - /{,usr/}bin/expr ixr, |
436 | - /{,usr/}bin/false ixr, |
437 | - /{,usr/}bin/find ixr, |
438 | - /{,usr/}bin/fmt ixr, |
439 | - /{,usr/}bin/getopt ixr, |
440 | - /{,usr/}bin/head ixr, |
441 | - /{,usr/}bin/hostname ixr, |
442 | - /{,usr/}bin/id ixr, |
443 | - /{,usr/}bin/igawk ixr, |
444 | - /{,usr/}bin/kill ixr, |
445 | - /{,usr/}bin/ldd ixr, |
446 | - /{,usr/}bin/ln ixr, |
447 | - /{,usr/}bin/line ixr, |
448 | - /{,usr/}bin/link ixr, |
449 | - /{,usr/}bin/logger ixr, |
450 | - /{,usr/}bin/ls ixr, |
451 | - /{,usr/}bin/md5sum ixr, |
452 | - /{,usr/}bin/mkdir ixr, |
453 | - /{,usr/}bin/mktemp ixr, |
454 | - /{,usr/}bin/mv ixr, |
455 | - /{,usr/}bin/openssl ixr, # may cause harmless capability block_suspend denial |
456 | - /{,usr/}bin/pgrep ixr, |
457 | - /{,usr/}bin/printenv ixr, |
458 | - /{,usr/}bin/printf ixr, |
459 | - /{,usr/}bin/ps ixr, |
460 | - /{,usr/}bin/pwd ixr, |
461 | - /{,usr/}bin/readlink ixr, |
462 | - /{,usr/}bin/realpath ixr, |
463 | - /{,usr/}bin/rev ixr, |
464 | - /{,usr/}bin/rm ixr, |
465 | - /{,usr/}bin/rmdir ixr, |
466 | - /{,usr/}bin/sed ixr, |
467 | - /{,usr/}bin/seq ixr, |
468 | - /{,usr/}bin/sleep ixr, |
469 | - /{,usr/}bin/sort ixr, |
470 | - /{,usr/}bin/stat ixr, |
471 | - /{,usr/}bin/tac ixr, |
472 | - /{,usr/}bin/tail ixr, |
473 | - /{,usr/}bin/tar ixr, |
474 | - /{,usr/}bin/tee ixr, |
475 | - /{,usr/}bin/test ixr, |
476 | - /{,usr/}bin/tempfile ixr, |
477 | - /{,usr/}bin/touch ixr, |
478 | - /{,usr/}bin/tr ixr, |
479 | - /{,usr/}bin/true ixr, |
480 | - /{,usr/}bin/uname ixr, |
481 | - /{,usr/}bin/uniq ixr, |
482 | - /{,usr/}bin/unlink ixr, |
483 | - /{,usr/}bin/unxz ixr, |
484 | - /{,usr/}bin/unzip ixr, |
485 | - /{,usr/}bin/vdir ixr, |
486 | - /{,usr/}bin/wc ixr, |
487 | - /{,usr/}bin/which ixr, |
488 | - /{,usr/}bin/xargs ixr, |
489 | - /{,usr/}bin/xz ixr, |
490 | - /{,usr/}bin/yes ixr, |
491 | - /{,usr/}bin/zcat ixr, |
492 | - /{,usr/}bin/z{,e,f}grep ixr, |
493 | - /{,usr/}bin/zip ixr, |
494 | - /{,usr/}bin/zipgrep ixr, |
495 | - /{,usr/}bin/uptime ixr, |
496 | - @{PROC}/uptime r, |
497 | - @{PROC}/loadavg r, |
498 | - #deny /{,var/}run/utmp r, # information leak |
499 | - |
500 | - # Java |
501 | - @{PROC}/@{pid}/ r, |
502 | - @{PROC}/@{pid}/fd/ r, |
503 | - owner @{PROC}/@{pid}/auxv r, |
504 | - @{PROC}/@{pid}/version_signature r, |
505 | - @{PROC}/@{pid}/version r, |
506 | - @{PROC}/sys/vm/zone_reclaim_mode r, |
507 | - /etc/lsb-release r, |
508 | - /sys/devices/**/read_ahead_kb r, |
509 | - /sys/devices/system/cpu/** r, |
510 | - /sys/kernel/mm/transparent_hugepage/enabled r, |
511 | - /sys/kernel/mm/transparent_hugepage/defrag r, |
512 | - # NOTE: this leaks running process and java seems to want it, but operates |
513 | - # ok without it. Deny for now to silence the denial but we could allow |
514 | - # owner match until AppArmor kernel var is available to solve this properly. |
515 | - deny @{PROC}/@{pid}/cmdline r, |
516 | - #owner @{PROC}/@{pid}/cmdline r, |
517 | - |
518 | - # |
519 | - # Framework service/binary specific rules below here |
520 | - # |
521 | -} |
522 | |
523 | === removed file 'framework-template/meta/svc.apparmor.unconfined' |
524 | --- framework-template/meta/svc.apparmor.unconfined 2015-09-30 17:23:06 +0000 |
525 | +++ framework-template/meta/svc.apparmor.unconfined 1970-01-01 00:00:00 +0000 |
526 | @@ -1,32 +0,0 @@ |
527 | -# |
528 | -# Unrestricted AppArmor policy for fwk-name_svc |
529 | -# |
530 | - |
531 | -#include <tunables/global> |
532 | - |
533 | -# Specified profile variables |
534 | -###VAR### |
535 | - |
536 | -# This profile offers no protection at all and is provided to ease initial |
537 | -# framework packaging until something based on svc.apparmor can be used |
538 | -# instead. |
539 | -###PROFILEATTACH### (attach_disconnected) { |
540 | - capability, |
541 | - network, |
542 | - / rwkl, |
543 | - /** rwlkm, |
544 | - # Ubuntu Core is a minimal system so don't use 'pix' here. There are few |
545 | - # profiles to transition to, and those that exist either won't work right |
546 | - # anyway (eg, ubuntu-core-launcher) or would need to be modified to work |
547 | - # with snaps (dhclient). |
548 | - /** ix, |
549 | - |
550 | - mount, |
551 | - remount, |
552 | - umount, |
553 | - pivot_root, |
554 | - dbus, |
555 | - signal, |
556 | - ptrace, |
557 | - unix, |
558 | -} |
559 | |
560 | === removed file 'framework-template/meta/svc.seccomp' |
561 | --- framework-template/meta/svc.seccomp 2015-09-29 20:07:00 +0000 |
562 | +++ framework-template/meta/svc.seccomp 1970-01-01 00:00:00 +0000 |
563 | @@ -1,459 +0,0 @@ |
564 | -# |
565 | -# Seccomp policy for fwk-name_svc |
566 | -# |
567 | - |
568 | -# Dangerous syscalls that we don't ever want to allow |
569 | - |
570 | -# kexec |
571 | -deny kexec_load |
572 | - |
573 | -# kernel modules |
574 | -deny create_module |
575 | -deny init_module |
576 | -deny finit_module |
577 | -deny delete_module |
578 | - |
579 | -# these have a history of vulnerabilities, are not widely used, and |
580 | -# open_by_handle_at has been used to break out of docker containers by brute |
581 | -# forcing the handle value: http://stealth.openwall.net/xSports/shocker.c |
582 | -deny name_to_handle_at |
583 | -deny open_by_handle_at |
584 | - |
585 | -# Explicitly deny ptrace since it can be abused to break out of the seccomp |
586 | -# sandbox |
587 | -deny ptrace |
588 | - |
589 | -# Explicitly deny capability mknod so apps can't create devices |
590 | -deny mknod |
591 | -deny mknodat |
592 | - |
593 | -# Explicitly deny (u)mount so apps can't change mounts in their namespace |
594 | -deny mount |
595 | -deny umount |
596 | -deny umount2 |
597 | - |
598 | -# Explicitly deny kernel keyring access |
599 | -deny add_key |
600 | -deny keyctl |
601 | -deny request_key |
602 | - |
603 | -# end dangerous syscalls |
604 | - |
605 | -access |
606 | -faccessat |
607 | - |
608 | -alarm |
609 | -brk |
610 | - |
611 | -# ARM private syscalls |
612 | -breakpoint |
613 | -cacheflush |
614 | -set_tls |
615 | -usr26 |
616 | -usr32 |
617 | - |
618 | -capget |
619 | - |
620 | -chdir |
621 | -fchdir |
622 | - |
623 | -# We can't effectively block file perms due to open() with O_CREAT, so allow |
624 | -# chmod until we have syscall arg filtering (LP: #1446748) |
625 | -chmod |
626 | -fchmod |
627 | -fchmodat |
628 | - |
629 | -# snappy doesn't currently support per-app UID/GIDs so don't allow chown. To |
630 | -# properly support chown, we need to have syscall arg filtering (LP: #1446748) |
631 | -# and per-app UID/GIDs. |
632 | -#chown |
633 | -#chown32 |
634 | -#fchown |
635 | -#fchown32 |
636 | -#fchownat |
637 | -#lchown |
638 | -#lchown32 |
639 | - |
640 | -clock_getres |
641 | -clock_gettime |
642 | -clock_nanosleep |
643 | -clone |
644 | -close |
645 | -creat |
646 | -dup |
647 | -dup2 |
648 | -dup3 |
649 | -epoll_create |
650 | -epoll_create1 |
651 | -epoll_ctl |
652 | -epoll_ctl_old |
653 | -epoll_pwait |
654 | -epoll_wait |
655 | -epoll_wait_old |
656 | -eventfd |
657 | -eventfd2 |
658 | -execve |
659 | -execveat |
660 | -_exit |
661 | -exit |
662 | -exit_group |
663 | -fallocate |
664 | - |
665 | -# requires CAP_SYS_ADMIN |
666 | -#fanotify_init |
667 | -#fanotify_mark |
668 | - |
669 | -fcntl |
670 | -fcntl64 |
671 | -flock |
672 | -fork |
673 | -ftime |
674 | -futex |
675 | -get_mempolicy |
676 | -get_robust_list |
677 | -get_thread_area |
678 | -getcpu |
679 | -getcwd |
680 | -getdents |
681 | -getdents64 |
682 | -getegid |
683 | -getegid32 |
684 | -geteuid |
685 | -geteuid32 |
686 | -getgid |
687 | -getgid32 |
688 | -getgroups |
689 | -getgroups32 |
690 | -getitimer |
691 | -getpgid |
692 | -getpgrp |
693 | -getpid |
694 | -getppid |
695 | -getpriority |
696 | -getrandom |
697 | -getresgid |
698 | -getresgid32 |
699 | -getresuid |
700 | -getresuid32 |
701 | - |
702 | -getrlimit |
703 | -ugetrlimit |
704 | - |
705 | -getrusage |
706 | -getsid |
707 | -gettid |
708 | -gettimeofday |
709 | -getuid |
710 | -getuid32 |
711 | - |
712 | -getxattr |
713 | -fgetxattr |
714 | -lgetxattr |
715 | - |
716 | -inotify_add_watch |
717 | -inotify_init |
718 | -inotify_init1 |
719 | -inotify_rm_watch |
720 | - |
721 | -# Needed by shell |
722 | -ioctl |
723 | - |
724 | -io_cancel |
725 | -io_destroy |
726 | -io_getevents |
727 | -io_setup |
728 | -io_submit |
729 | -ioprio_get |
730 | -# affects other processes, requires CAP_SYS_ADMIN. Potentially allow with |
731 | -# syscall filtering of (at least) IOPRIO_WHO_USER (LP: #1446748) |
732 | -#ioprio_set |
733 | - |
734 | -ipc |
735 | -kill |
736 | -link |
737 | -linkat |
738 | - |
739 | -listxattr |
740 | -llistxattr |
741 | -flistxattr |
742 | - |
743 | -lseek |
744 | -llseek |
745 | -_llseek |
746 | -lstat |
747 | -lstat64 |
748 | - |
749 | -madvise |
750 | -fadvise64 |
751 | -fadvise64_64 |
752 | -arm_fadvise64_64 |
753 | - |
754 | -mbind |
755 | -mincore |
756 | -mkdir |
757 | -mkdirat |
758 | -mlock |
759 | -mlockall |
760 | -mmap |
761 | -mmap2 |
762 | -mprotect |
763 | - |
764 | -# LP: #1448184 - these aren't currently mediated by AppArmor. Deny for now |
765 | -#mq_getsetattr |
766 | -#mq_notify |
767 | -#mq_open |
768 | -#mq_timedreceive |
769 | -#mq_timedsend |
770 | -#mq_unlink |
771 | - |
772 | -mremap |
773 | -msgctl |
774 | -msgget |
775 | -msgrcv |
776 | -msgsnd |
777 | -msync |
778 | -munlock |
779 | -munlockall |
780 | -munmap |
781 | - |
782 | -nanosleep |
783 | - |
784 | -# LP: #1446748 - deny until we have syscall arg filtering. Alternatively, set |
785 | -# RLIMIT_NICE hard limit for apps, launch them under an appropriate nice value |
786 | -# and allow this call |
787 | -#nice |
788 | - |
789 | -# LP: #1446748 - support syscall arg filtering for mode_t with O_CREAT |
790 | -open |
791 | - |
792 | -openat |
793 | -pause |
794 | -pipe |
795 | -pipe2 |
796 | -poll |
797 | -ppoll |
798 | - |
799 | -# LP: #1446748 - support syscall arg filtering |
800 | -prctl |
801 | -arch_prctl |
802 | - |
803 | -read |
804 | -pread |
805 | -pread64 |
806 | -preadv |
807 | -readv |
808 | - |
809 | -readahead |
810 | -readdir |
811 | -readlink |
812 | -readlinkat |
813 | -remap_file_pages |
814 | - |
815 | -removexattr |
816 | -fremovexattr |
817 | -lremovexattr |
818 | - |
819 | -rename |
820 | -renameat |
821 | -renameat2 |
822 | - |
823 | -# The man page says this shouldn't be needed, but we've seen denials for it |
824 | -# in the wild |
825 | -restart_syscall |
826 | - |
827 | -rmdir |
828 | -rt_sigaction |
829 | -rt_sigpending |
830 | -rt_sigprocmask |
831 | -rt_sigqueueinfo |
832 | -rt_sigreturn |
833 | -rt_sigsuspend |
834 | -rt_sigtimedwait |
835 | -rt_tgsigqueueinfo |
836 | -sched_getaffinity |
837 | -sched_getattr |
838 | -sched_getparam |
839 | -sched_get_priority_max |
840 | -sched_get_priority_min |
841 | -sched_getscheduler |
842 | -sched_rr_get_interval |
843 | -# LP: #1446748 - when support syscall arg filtering, enforce pid_t is 0 so the |
844 | -# app may only change its own scheduler |
845 | -sched_setscheduler |
846 | - |
847 | -sched_yield |
848 | - |
849 | -select |
850 | -_newselect |
851 | -pselect |
852 | -pselect6 |
853 | - |
854 | -semctl |
855 | -semget |
856 | -semop |
857 | -semtimedop |
858 | -sendfile |
859 | -sendfile64 |
860 | - |
861 | -# snappy doesn't currently support per-app UID/GIDs so don't allow this family |
862 | -# of syscalls. To properly support these, we need to have syscall arg filtering |
863 | -# (LP: #1446748) and per-app UID/GIDs. |
864 | -#setgid |
865 | -#setgid32 |
866 | -#setgroups |
867 | -#setgroups32 |
868 | -#setregid |
869 | -#setregid32 |
870 | -#setresgid |
871 | -#setresgid32 |
872 | -#setresuid |
873 | -#setresuid32 |
874 | -#setreuid |
875 | -#setreuid32 |
876 | -#setuid |
877 | -#setuid32 |
878 | - |
879 | -# These break isolation but are common and can't be mediated at the seccomp |
880 | -# level with arg filtering |
881 | -setpgid |
882 | -setpgrp |
883 | - |
884 | -set_thread_area |
885 | -setitimer |
886 | - |
887 | -# apps don't have CAP_SYS_RESOURCE so these can't be abused to raise the hard |
888 | -# limits |
889 | -setrlimit |
890 | -prlimit64 |
891 | - |
892 | -set_mempolicy |
893 | -set_robust_list |
894 | -setsid |
895 | -set_tid_address |
896 | - |
897 | -setxattr |
898 | -fsetxattr |
899 | -lsetxattr |
900 | - |
901 | -shmat |
902 | -shmctl |
903 | -shmdt |
904 | -shmget |
905 | -signal |
906 | -sigaction |
907 | -signalfd |
908 | -signalfd4 |
909 | -sigaltstack |
910 | -sigpending |
911 | -sigprocmask |
912 | -sigreturn |
913 | -sigsuspend |
914 | -sigtimedwait |
915 | -sigwaitinfo |
916 | - |
917 | -# Per man page, on Linux this is limited to only AF_UNIX so it is ok to have |
918 | -# in the default template |
919 | -socketpair |
920 | - |
921 | -splice |
922 | - |
923 | -stat |
924 | -stat64 |
925 | -fstat |
926 | -fstat64 |
927 | -fstatat64 |
928 | -lstat |
929 | -newfstatat |
930 | -oldfstat |
931 | -oldlstat |
932 | -oldstat |
933 | - |
934 | -statfs |
935 | -statfs64 |
936 | -fstatfs |
937 | -fstatfs64 |
938 | -statvfs |
939 | -fstatvfs |
940 | -ustat |
941 | - |
942 | -symlink |
943 | -symlinkat |
944 | - |
945 | -sync |
946 | -sync_file_range |
947 | -sync_file_range2 |
948 | -arm_sync_file_range |
949 | -fdatasync |
950 | -fsync |
951 | -syncfs |
952 | -sysinfo |
953 | -syslog |
954 | -tee |
955 | -tgkill |
956 | -time |
957 | -timer_create |
958 | -timer_delete |
959 | -timer_getoverrun |
960 | -timer_gettime |
961 | -timer_settime |
962 | -timerfd_create |
963 | -timerfd_gettime |
964 | -timerfd_settime |
965 | -times |
966 | -tkill |
967 | - |
968 | -truncate |
969 | -truncate64 |
970 | -ftruncate |
971 | -ftruncate64 |
972 | - |
973 | -umask |
974 | - |
975 | -uname |
976 | -olduname |
977 | -oldolduname |
978 | - |
979 | -unlink |
980 | -unlinkat |
981 | - |
982 | -utime |
983 | -utimensat |
984 | -utimes |
985 | -futimesat |
986 | - |
987 | -vfork |
988 | -vmsplice |
989 | -wait4 |
990 | -oldwait4 |
991 | -waitpid |
992 | -waitid |
993 | - |
994 | -write |
995 | -writev |
996 | -pwrite |
997 | -pwrite64 |
998 | -pwritev |
999 | - |
1000 | -# Can create and listen on UNIX abstract sockets |
1001 | -accept |
1002 | -accept4 |
1003 | -bind |
1004 | -connect |
1005 | -getpeername |
1006 | -getsockname |
1007 | -getsockopt |
1008 | -listen |
1009 | -recv |
1010 | -recvfrom |
1011 | -recvmmsg |
1012 | -recvmsg |
1013 | -send |
1014 | -sendmmsg |
1015 | -sendmsg |
1016 | -sendto |
1017 | -setsockopt |
1018 | -shutdown |
1019 | - |
1020 | -# LP: #1446748 - limit this to AF_INET/AF_INET6 and possibly others not |
1021 | -# included in network-client |
1022 | -socket |
1023 | |
1024 | === removed file 'framework-template/meta/svc.seccomp.boilerplate' |
1025 | --- framework-template/meta/svc.seccomp.boilerplate 2015-09-29 20:07:00 +0000 |
1026 | +++ framework-template/meta/svc.seccomp.boilerplate 1970-01-01 00:00:00 +0000 |
1027 | @@ -1,435 +0,0 @@ |
1028 | -# |
1029 | -# Seccomp policy for fwk-name_svc |
1030 | -# |
1031 | - |
1032 | -# Dangerous syscalls that we don't ever want to allow |
1033 | - |
1034 | -# kexec |
1035 | -deny kexec_load |
1036 | - |
1037 | -# kernel modules |
1038 | -deny create_module |
1039 | -deny init_module |
1040 | -deny finit_module |
1041 | -deny delete_module |
1042 | - |
1043 | -# these have a history of vulnerabilities, are not widely used, and |
1044 | -# open_by_handle_at has been used to break out of docker containers by brute |
1045 | -# forcing the handle value: http://stealth.openwall.net/xSports/shocker.c |
1046 | -deny name_to_handle_at |
1047 | -deny open_by_handle_at |
1048 | - |
1049 | -# Explicitly deny ptrace since it can be abused to break out of the seccomp |
1050 | -# sandbox |
1051 | -deny ptrace |
1052 | - |
1053 | -# Explicitly deny capability mknod so apps can't create devices |
1054 | -deny mknod |
1055 | -deny mknodat |
1056 | - |
1057 | -# Explicitly deny (u)mount so apps can't change mounts in their namespace |
1058 | -deny mount |
1059 | -deny umount |
1060 | -deny umount2 |
1061 | - |
1062 | -# Explicitly deny kernel keyring access |
1063 | -deny add_key |
1064 | -deny keyctl |
1065 | -deny request_key |
1066 | - |
1067 | -# end dangerous syscalls |
1068 | - |
1069 | -access |
1070 | -faccessat |
1071 | - |
1072 | -alarm |
1073 | -brk |
1074 | - |
1075 | -# ARM private syscalls |
1076 | -breakpoint |
1077 | -cacheflush |
1078 | -set_tls |
1079 | -usr26 |
1080 | -usr32 |
1081 | - |
1082 | -capget |
1083 | - |
1084 | -chdir |
1085 | -fchdir |
1086 | - |
1087 | -# We can't effectively block file perms due to open() with O_CREAT, so allow |
1088 | -# chmod until we have syscall arg filtering (LP: #1446748) |
1089 | -chmod |
1090 | -fchmod |
1091 | -fchmodat |
1092 | - |
1093 | -# snappy doesn't currently support per-app UID/GIDs so don't allow chown. To |
1094 | -# properly support chown, we need to have syscall arg filtering (LP: #1446748) |
1095 | -# and per-app UID/GIDs. |
1096 | -#chown |
1097 | -#chown32 |
1098 | -#fchown |
1099 | -#fchown32 |
1100 | -#fchownat |
1101 | -#lchown |
1102 | -#lchown32 |
1103 | - |
1104 | -clock_getres |
1105 | -clock_gettime |
1106 | -clock_nanosleep |
1107 | -clone |
1108 | -close |
1109 | -creat |
1110 | -dup |
1111 | -dup2 |
1112 | -dup3 |
1113 | -epoll_create |
1114 | -epoll_create1 |
1115 | -epoll_ctl |
1116 | -epoll_ctl_old |
1117 | -epoll_pwait |
1118 | -epoll_wait |
1119 | -epoll_wait_old |
1120 | -eventfd |
1121 | -eventfd2 |
1122 | -execve |
1123 | -execveat |
1124 | -_exit |
1125 | -exit |
1126 | -exit_group |
1127 | -fallocate |
1128 | - |
1129 | -# requires CAP_SYS_ADMIN |
1130 | -#fanotify_init |
1131 | -#fanotify_mark |
1132 | - |
1133 | -fcntl |
1134 | -fcntl64 |
1135 | -flock |
1136 | -fork |
1137 | -ftime |
1138 | -futex |
1139 | -get_mempolicy |
1140 | -get_robust_list |
1141 | -get_thread_area |
1142 | -getcpu |
1143 | -getcwd |
1144 | -getdents |
1145 | -getdents64 |
1146 | -getegid |
1147 | -getegid32 |
1148 | -geteuid |
1149 | -geteuid32 |
1150 | -getgid |
1151 | -getgid32 |
1152 | -getgroups |
1153 | -getgroups32 |
1154 | -getitimer |
1155 | -getpgid |
1156 | -getpgrp |
1157 | -getpid |
1158 | -getppid |
1159 | -getpriority |
1160 | -getrandom |
1161 | -getresgid |
1162 | -getresgid32 |
1163 | -getresuid |
1164 | -getresuid32 |
1165 | - |
1166 | -getrlimit |
1167 | -ugetrlimit |
1168 | - |
1169 | -getrusage |
1170 | -getsid |
1171 | -gettid |
1172 | -gettimeofday |
1173 | -getuid |
1174 | -getuid32 |
1175 | - |
1176 | -getxattr |
1177 | -fgetxattr |
1178 | -lgetxattr |
1179 | - |
1180 | -inotify_add_watch |
1181 | -inotify_init |
1182 | -inotify_init1 |
1183 | -inotify_rm_watch |
1184 | - |
1185 | -# Needed by shell |
1186 | -ioctl |
1187 | - |
1188 | -io_cancel |
1189 | -io_destroy |
1190 | -io_getevents |
1191 | -io_setup |
1192 | -io_submit |
1193 | -ioprio_get |
1194 | -# affects other processes, requires CAP_SYS_ADMIN. Potentially allow with |
1195 | -# syscall filtering of (at least) IOPRIO_WHO_USER (LP: #1446748) |
1196 | -#ioprio_set |
1197 | - |
1198 | -ipc |
1199 | -kill |
1200 | -link |
1201 | -linkat |
1202 | - |
1203 | -listxattr |
1204 | -llistxattr |
1205 | -flistxattr |
1206 | - |
1207 | -lseek |
1208 | -llseek |
1209 | -_llseek |
1210 | -lstat |
1211 | -lstat64 |
1212 | - |
1213 | -madvise |
1214 | -fadvise64 |
1215 | -fadvise64_64 |
1216 | -arm_fadvise64_64 |
1217 | - |
1218 | -mbind |
1219 | -mincore |
1220 | -mkdir |
1221 | -mkdirat |
1222 | -mlock |
1223 | -mlockall |
1224 | -mmap |
1225 | -mmap2 |
1226 | -mprotect |
1227 | - |
1228 | -# LP: #1448184 - these aren't currently mediated by AppArmor. Deny for now |
1229 | -#mq_getsetattr |
1230 | -#mq_notify |
1231 | -#mq_open |
1232 | -#mq_timedreceive |
1233 | -#mq_timedsend |
1234 | -#mq_unlink |
1235 | - |
1236 | -mremap |
1237 | -msgctl |
1238 | -msgget |
1239 | -msgrcv |
1240 | -msgsnd |
1241 | -msync |
1242 | -munlock |
1243 | -munlockall |
1244 | -munmap |
1245 | - |
1246 | -nanosleep |
1247 | - |
1248 | -# LP: #1446748 - deny until we have syscall arg filtering. Alternatively, set |
1249 | -# RLIMIT_NICE hard limit for apps, launch them under an appropriate nice value |
1250 | -# and allow this call |
1251 | -#nice |
1252 | - |
1253 | -# LP: #1446748 - support syscall arg filtering for mode_t with O_CREAT |
1254 | -open |
1255 | - |
1256 | -openat |
1257 | -pause |
1258 | -pipe |
1259 | -pipe2 |
1260 | -poll |
1261 | -ppoll |
1262 | - |
1263 | -# LP: #1446748 - support syscall arg filtering |
1264 | -prctl |
1265 | -arch_prctl |
1266 | - |
1267 | -read |
1268 | -pread |
1269 | -pread64 |
1270 | -preadv |
1271 | -readv |
1272 | - |
1273 | -readahead |
1274 | -readdir |
1275 | -readlink |
1276 | -readlinkat |
1277 | -remap_file_pages |
1278 | - |
1279 | -removexattr |
1280 | -fremovexattr |
1281 | -lremovexattr |
1282 | - |
1283 | -rename |
1284 | -renameat |
1285 | -renameat2 |
1286 | - |
1287 | -# The man page says this shouldn't be needed, but we've seen denials for it |
1288 | -# in the wild |
1289 | -restart_syscall |
1290 | - |
1291 | -rmdir |
1292 | -rt_sigaction |
1293 | -rt_sigpending |
1294 | -rt_sigprocmask |
1295 | -rt_sigqueueinfo |
1296 | -rt_sigreturn |
1297 | -rt_sigsuspend |
1298 | -rt_sigtimedwait |
1299 | -rt_tgsigqueueinfo |
1300 | -sched_getaffinity |
1301 | -sched_getattr |
1302 | -sched_getparam |
1303 | -sched_get_priority_max |
1304 | -sched_get_priority_min |
1305 | -sched_getscheduler |
1306 | -sched_rr_get_interval |
1307 | -# LP: #1446748 - when support syscall arg filtering, enforce pid_t is 0 so the |
1308 | -# app may only change its own scheduler |
1309 | -sched_setscheduler |
1310 | - |
1311 | -sched_yield |
1312 | - |
1313 | -select |
1314 | -_newselect |
1315 | -pselect |
1316 | -pselect6 |
1317 | - |
1318 | -semctl |
1319 | -semget |
1320 | -semop |
1321 | -semtimedop |
1322 | -sendfile |
1323 | -sendfile64 |
1324 | - |
1325 | -# snappy doesn't currently support per-app UID/GIDs so don't allow this family |
1326 | -# of syscalls. To properly support these, we need to have syscall arg filtering |
1327 | -# (LP: #1446748) and per-app UID/GIDs. |
1328 | -#setgid |
1329 | -#setgid32 |
1330 | -#setgroups |
1331 | -#setgroups32 |
1332 | -#setregid |
1333 | -#setregid32 |
1334 | -#setresgid |
1335 | -#setresgid32 |
1336 | -#setresuid |
1337 | -#setresuid32 |
1338 | -#setreuid |
1339 | -#setreuid32 |
1340 | -#setuid |
1341 | -#setuid32 |
1342 | - |
1343 | -# These break isolation but are common and can't be mediated at the seccomp |
1344 | -# level with arg filtering |
1345 | -setpgid |
1346 | -setpgrp |
1347 | - |
1348 | -set_thread_area |
1349 | -setitimer |
1350 | - |
1351 | -# apps don't have CAP_SYS_RESOURCE so these can't be abused to raise the hard |
1352 | -# limits |
1353 | -setrlimit |
1354 | -prlimit64 |
1355 | - |
1356 | -set_mempolicy |
1357 | -set_robust_list |
1358 | -setsid |
1359 | -set_tid_address |
1360 | - |
1361 | -setxattr |
1362 | -fsetxattr |
1363 | -lsetxattr |
1364 | - |
1365 | -shmat |
1366 | -shmctl |
1367 | -shmdt |
1368 | -shmget |
1369 | -signal |
1370 | -sigaction |
1371 | -signalfd |
1372 | -signalfd4 |
1373 | -sigaltstack |
1374 | -sigpending |
1375 | -sigprocmask |
1376 | -sigreturn |
1377 | -sigsuspend |
1378 | -sigtimedwait |
1379 | -sigwaitinfo |
1380 | - |
1381 | -# Per man page, on Linux this is limited to only AF_UNIX so it is ok to have |
1382 | -# in the default template |
1383 | -socketpair |
1384 | - |
1385 | -splice |
1386 | - |
1387 | -stat |
1388 | -stat64 |
1389 | -fstat |
1390 | -fstat64 |
1391 | -fstatat64 |
1392 | -lstat |
1393 | -newfstatat |
1394 | -oldfstat |
1395 | -oldlstat |
1396 | -oldstat |
1397 | - |
1398 | -statfs |
1399 | -statfs64 |
1400 | -fstatfs |
1401 | -fstatfs64 |
1402 | -statvfs |
1403 | -fstatvfs |
1404 | -ustat |
1405 | - |
1406 | -symlink |
1407 | -symlinkat |
1408 | - |
1409 | -sync |
1410 | -sync_file_range |
1411 | -sync_file_range2 |
1412 | -arm_sync_file_range |
1413 | -fdatasync |
1414 | -fsync |
1415 | -syncfs |
1416 | -sysinfo |
1417 | -syslog |
1418 | -tee |
1419 | -tgkill |
1420 | -time |
1421 | -timer_create |
1422 | -timer_delete |
1423 | -timer_getoverrun |
1424 | -timer_gettime |
1425 | -timer_settime |
1426 | -timerfd_create |
1427 | -timerfd_gettime |
1428 | -timerfd_settime |
1429 | -times |
1430 | -tkill |
1431 | - |
1432 | -truncate |
1433 | -truncate64 |
1434 | -ftruncate |
1435 | -ftruncate64 |
1436 | - |
1437 | -umask |
1438 | - |
1439 | -uname |
1440 | -olduname |
1441 | -oldolduname |
1442 | - |
1443 | -unlink |
1444 | -unlinkat |
1445 | - |
1446 | -utime |
1447 | -utimensat |
1448 | -utimes |
1449 | -futimesat |
1450 | - |
1451 | -vfork |
1452 | -vmsplice |
1453 | -wait4 |
1454 | -oldwait4 |
1455 | -waitpid |
1456 | -waitid |
1457 | - |
1458 | -write |
1459 | -writev |
1460 | -pwrite |
1461 | -pwrite64 |
1462 | -pwritev |
1463 | |
1464 | === removed file 'framework-template/meta/svc.seccomp.unconfined' |
1465 | --- framework-template/meta/svc.seccomp.unconfined 2015-08-20 22:51:29 +0000 |
1466 | +++ framework-template/meta/svc.seccomp.unconfined 1970-01-01 00:00:00 +0000 |
1467 | @@ -1,4 +0,0 @@ |
1468 | -# |
1469 | -# Unrestricted seccomp policy for fwk-name_svc |
1470 | -# |
1471 | -@unrestricted |
1472 | |
1473 | === renamed file 'go-example-webserver/meta/go.png' => 'go-example-webserver/meta/icon.png' |
1474 | === removed file 'go-example-webserver/meta/readme.md' |
1475 | --- go-example-webserver/meta/readme.md 2015-03-27 10:00:35 +0000 |
1476 | +++ go-example-webserver/meta/readme.md 1970-01-01 00:00:00 +0000 |
1477 | @@ -1,3 +0,0 @@ |
1478 | -Minimal Golang webserver for snappy |
1479 | - |
1480 | -Mostly a example to show how to build a binary webserver for snappy. |
1481 | \ No newline at end of file |
1482 | |
1483 | === renamed file 'go-example-webserver/meta/package.yaml' => 'go-example-webserver/meta/snap.yaml' |
1484 | --- go-example-webserver/meta/package.yaml 2016-01-14 07:36:50 +0000 |
1485 | +++ go-example-webserver/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
1486 | @@ -1,13 +1,19 @@ |
1487 | name: go-example-webserver |
1488 | -vendor: Alexander Sack <asac@canonical.com> |
1489 | +version: 3.0 |
1490 | +summary: Minimal Golang webserver for snappy |
1491 | +description: | |
1492 | + Mostly a example to show how to build a binary webserver for snappy. |
1493 | architectures: [amd64, armhf] |
1494 | -icon: meta/go.png |
1495 | -version: 2.0 |
1496 | -services: |
1497 | - - name: webserver |
1498 | +apps: |
1499 | + webserver: |
1500 | + command: ./magic-bin/go-example-webserver |
1501 | + daemon: simple |
1502 | description: "snappy example: golang mini webserver" |
1503 | - start: ./magic-bin/go-example-webserver |
1504 | - caps: |
1505 | - - network-client |
1506 | - - network-service |
1507 | - |
1508 | + uses: [webserver] |
1509 | +uses: |
1510 | + webserver: |
1511 | + type: migration-skill |
1512 | + caps: |
1513 | + - network-client |
1514 | + - network-service |
1515 | + |
1516 | |
1517 | === renamed file 'hello-dbus/package-dir-app/meta/hello.png' => 'hello-dbus/package-dir-app/meta/icon.png' |
1518 | === removed file 'hello-dbus/package-dir-app/meta/readme.md' |
1519 | --- hello-dbus/package-dir-app/meta/readme.md 2015-04-28 20:53:10 +0000 |
1520 | +++ hello-dbus/package-dir-app/meta/readme.md 1970-01-01 00:00:00 +0000 |
1521 | @@ -1,3 +0,0 @@ |
1522 | -hello-dbus-app test client |
1523 | - |
1524 | -This is a simple dbus framework app example. |
1525 | |
1526 | === renamed file 'hello-dbus/package-dir-app/meta/package.yaml' => 'hello-dbus/package-dir-app/meta/snap.yaml' |
1527 | --- hello-dbus/package-dir-app/meta/package.yaml 2016-01-14 07:36:50 +0000 |
1528 | +++ hello-dbus/package-dir-app/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
1529 | @@ -1,16 +1,21 @@ |
1530 | name: hello-dbus-app |
1531 | -version: 2.0 |
1532 | +version: 3.0 |
1533 | architectures: |
1534 | - amd64 |
1535 | - armhf |
1536 | - i386 |
1537 | -vendor: Snappy Developers <snappy-devel@lists.ubuntu.com> |
1538 | -icon: meta/hello.png |
1539 | +summary: hello-dbus-app test client |
1540 | +description: | |
1541 | + This is a simple dbus framework app example. |
1542 | frameworks: |
1543 | - hello-dbus-fwk |
1544 | -binaries: |
1545 | - - name: client |
1546 | - exec: bin/dbus_message.client |
1547 | - description: "hello-dbus-fwk test client" |
1548 | - caps: |
1549 | - - hello-dbus-fwk_client |
1550 | +apps: |
1551 | + client: |
1552 | + command: bin/dbus_message.client |
1553 | + description: "hello-dbus-fwk test client" |
1554 | + uses: [client] |
1555 | +uses: |
1556 | + client: |
1557 | + type: migration-skill |
1558 | + caps: |
1559 | + - hello-dbus-fwk_client |
1560 | |
1561 | === renamed file 'hello-dbus/package-dir-fwk/meta/hello.png' => 'hello-dbus/package-dir-fwk/meta/icon.png' |
1562 | === renamed file 'hello-dbus/package-dir-fwk/meta/package.yaml' => 'hello-dbus/package-dir-fwk/meta/snap.yaml' |
1563 | --- hello-dbus/package-dir-fwk/meta/package.yaml 2016-01-14 07:36:50 +0000 |
1564 | +++ hello-dbus/package-dir-fwk/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
1565 | @@ -1,17 +1,23 @@ |
1566 | name: hello-dbus-fwk |
1567 | -version: 2.0 |
1568 | +version: 3.0 |
1569 | +summary: hello-dbus-fwk test service and framework-policy |
1570 | +description: | |
1571 | + This is a simple dbus framework example. |
1572 | architectures: |
1573 | - amd64 |
1574 | - armhf |
1575 | - i386 |
1576 | -vendor: Snappy Developers <snappy-devel@lists.ubuntu.com> |
1577 | -icon: meta/hello.png |
1578 | type: framework |
1579 | -services: |
1580 | - - name: srv |
1581 | - start: bin/dbus_service.start |
1582 | - description: "hello-dbus-fwk test service" |
1583 | - bus-name: "com.canonical.hello-dbus-fwk" |
1584 | - security-policy: |
1585 | - apparmor: meta/svc.apparmor |
1586 | - seccomp: meta/svc.seccomp |
1587 | +apps: |
1588 | + srv: |
1589 | + command: bin/dbus_service.start |
1590 | + daemon: simple |
1591 | + description: "hello-dbus-fwk test service" |
1592 | + bus-name: "com.canonical.hello-dbus-fwk" |
1593 | + uses: [srv] |
1594 | +uses: |
1595 | + srv: |
1596 | + type: migration-skill |
1597 | + security-policy: |
1598 | + apparmor: meta/svc.apparmor |
1599 | + seccomp: meta/svc.seccomp |
1600 | |
1601 | === renamed file 'hello-world/meta/hello.png' => 'hello-world/meta/icon.png' |
1602 | === removed file 'hello-world/meta/readme.md' |
1603 | --- hello-world/meta/readme.md 2014-12-02 13:55:30 +0000 |
1604 | +++ hello-world/meta/readme.md 1970-01-01 00:00:00 +0000 |
1605 | @@ -1,3 +0,0 @@ |
1606 | -Hello world example |
1607 | - |
1608 | -This is a simple hello world example. |
1609 | \ No newline at end of file |
1610 | |
1611 | === renamed file 'hello-world/meta/package.yaml' => 'hello-world/meta/snap.yaml' |
1612 | --- hello-world/meta/package.yaml 2016-01-14 07:36:50 +0000 |
1613 | +++ hello-world/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
1614 | @@ -1,17 +1,29 @@ |
1615 | name: hello-world |
1616 | -version: 2.0 |
1617 | -vendor: Snappy Developers <snappy-devel@lists.ubuntu.com> |
1618 | +version: 3.0 |
1619 | +summary: Hello world example |
1620 | +description: | |
1621 | + This is a simple hello world example. |
1622 | icon: meta/hello.png |
1623 | -binaries: |
1624 | - - name: bin/echo |
1625 | - caps: [] |
1626 | - - name: bin/env |
1627 | - caps: [] |
1628 | - - name: bin/evil |
1629 | - caps: [] |
1630 | - - name: bin/showdev |
1631 | - caps: [] |
1632 | - - name: bin/usehw |
1633 | - caps: [] |
1634 | - - name: bin/sh |
1635 | - caps: [] |
1636 | +apps: |
1637 | + echo: |
1638 | + command: bin/echo |
1639 | + uses: [nothing] |
1640 | + env: |
1641 | + command: bin/env |
1642 | + uses: [nothing] |
1643 | + evil: |
1644 | + command: bin/evil |
1645 | + uses: [nothing] |
1646 | + showdev: |
1647 | + command: bin/showdev |
1648 | + uses: [nothing] |
1649 | + usehw: |
1650 | + command: bin/usehw |
1651 | + uses: [nothing] |
1652 | + sh: |
1653 | + command: bin/sh |
1654 | + uses: [nothing] |
1655 | +uses: |
1656 | + nothing: |
1657 | + type: migration-skill |
1658 | + caps: [] |
1659 | |
1660 | === removed file 'licensed/meta/readme.md' |
1661 | --- licensed/meta/readme.md 2015-04-08 11:10:42 +0000 |
1662 | +++ licensed/meta/readme.md 1970-01-01 00:00:00 +0000 |
1663 | @@ -1,3 +0,0 @@ |
1664 | -Licensed example |
1665 | - |
1666 | -This is a simple example with a license that needs accepting. |
1667 | |
1668 | === renamed file 'licensed/meta/package.yaml' => 'licensed/meta/snap.yaml' |
1669 | --- licensed/meta/package.yaml 2016-01-14 07:36:50 +0000 |
1670 | +++ licensed/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
1671 | @@ -1,8 +1,15 @@ |
1672 | name: licensed |
1673 | -icon: meta/icon.png |
1674 | -version: 2.0 |
1675 | -vendor: John R. Lenton <john.lenton@canonical.com> |
1676 | -binaries: |
1677 | - - name: bin/printenv |
1678 | -explicit-license-agreement: Y |
1679 | +version: 3.0 |
1680 | +summary: Licensed example |
1681 | +description: | |
1682 | + This is a simple example with a license that needs accepting. |
1683 | +license-agreement: explicit |
1684 | +apps: |
1685 | + printenv: |
1686 | + command: bin/printenv |
1687 | + uses: [printenv] |
1688 | +uses: |
1689 | + printenv: |
1690 | + type: migration-skill |
1691 | + |
1692 | |
1693 | |
1694 | === renamed file 'python-xkcd-webserver/meta/xkcd.png' => 'python-xkcd-webserver/meta/icon.png' |
1695 | === renamed file 'python-xkcd-webserver/meta/package.yaml' => 'python-xkcd-webserver/meta/snap.yaml' |
1696 | --- python-xkcd-webserver/meta/package.yaml 2016-01-14 07:36:50 +0000 |
1697 | +++ python-xkcd-webserver/meta/snap.yaml 2016-01-26 14:09:34 +0000 |
1698 | @@ -1,11 +1,18 @@ |
1699 | name: xkcd-webserver |
1700 | -version: 2.0 |
1701 | -vendor: Snappy Developers <snappy-devel@lists.ubuntu.com> |
1702 | -icon: meta/xkcd.png |
1703 | -services: |
1704 | - - name: xkcd-webserver |
1705 | - start: ./bin/xkcd-webserver |
1706 | - description: A fun webserver |
1707 | - caps: |
1708 | - - network-client |
1709 | - - network-service |
1710 | +version: 3.0 |
1711 | +summary: Python based example webserver |
1712 | +description: | |
1713 | + Show random XKCD comic via a build-in webserver |
1714 | + This is meant as a fun example for a snappy package. |
1715 | +apps: |
1716 | + xkcd-webserver: |
1717 | + command: ./bin/xkcd-webserver |
1718 | + daemon: simple |
1719 | + description: A fun webserver |
1720 | + uses: [xkcd-webserver] |
1721 | +uses: |
1722 | + xkcd-webserver: |
1723 | + type: migration-skill |
1724 | + caps: |
1725 | + - network-client |
1726 | + - network-service |