Ubuntu
apparmor package

Merge ~penguin359/ubuntu/+source/apparmor:lp2110212-fix-lsusb-apparmor-profile-plucky into ubuntu/+source/apparmor:ubuntu/plucky-devel

  1. Git
  2. lp:~penguin359/ubuntu/+source/apparmor
  3. lp2110212-fix-lsusb-apparmor-profile-plucky
  4. Merge into ubuntu/plucky-devel
Proposed by Loren M. Lang
Status: Needs review
Proposed branch: ~penguin359/ubuntu/+source/apparmor:lp2110212-fix-lsusb-apparmor-profile-plucky
Merge into: ubuntu/+source/apparmor:ubuntu/plucky-devel
Diff against target: 90 lines (+68/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lsblk_sudo_and_tree.patch (+59/-0)
Reviewer Review Type Date Requested Status
Ubuntu Sponsors Pending
git-ubuntu import Pending
Review via email: mp+496472@code.launchpad.net

Description of the change

This cherry-picks the patch for the Apparmor profile issue with lsusb to Plucky. This is to resolve the issue documented in LP: #2110212.

To post a comment you must log in.

Unmerged commits

67f293a... by Loren M. Lang

4.1.0~beta5-0ubuntu14.3 (patches unapplied)

Cherry-picked patch to fix lsusb apparmor profile

7924fe2... by Loren M. Lang

[PATCH] profiles: add additional rules needed for lsusb under sudo +

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index ea809d8..0f558d5 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+apparmor (4.1.0~beta5-0ubuntu14.3) plucky; urgency=medium
7+
8+ * Non-maintainer upload.
9+ * Add a patch to fix lsblk and --tree (LP: #2110212):
10+ - d/p/u/lsblk_sudo_and_tree.patch
11+
12+ -- Loren M. Lang <lorenl@north-winds.org> Thu, 27 Nov 2025 02:09:37 -0800
13+
14 apparmor (4.1.0~beta5-0ubuntu14.2) plucky; urgency=medium
15
16 * profiles: make /sys/devices PCI paths hex-aware (LP: #2115234)
17diff --git a/debian/patches/series b/debian/patches/series
18index ef60b2e..8d4af23 100644
19--- a/debian/patches/series
20+++ b/debian/patches/series
21@@ -76,3 +76,4 @@ ubuntu/regression-verify-documented-mount-flag-behavior.patch
22 ubuntu/parser-fix-handling-of-norelatime-mount-rule-flag.patch
23 ubuntu/profiles-give-iotop-c-additional-accesses.patch
24 ubuntu/profiles_pci_hex_mr_1725.patch
25+ubuntu/lsblk_sudo_and_tree.patch
26diff --git a/debian/patches/ubuntu/lsblk_sudo_and_tree.patch b/debian/patches/ubuntu/lsblk_sudo_and_tree.patch
27new file mode 100644
28index 0000000..0f144ac
29--- /dev/null
30+++ b/debian/patches/ubuntu/lsblk_sudo_and_tree.patch
31@@ -0,0 +1,59 @@
32+From 9f700040587e69a5cc272ab607a12e7227404737 Mon Sep 17 00:00:00 2001
33+From: Ryan Lee <ryan.lee@canonical.com>
34+Date: Mon, 9 Jun 2025 12:56:36 -0700
35+Subject: [PATCH] profiles: add additional rules needed for lsusb under sudo +
36+ other flags
37+
38+Fixes: https://bugs.launchpad.net/ubuntu/+source/usbutils/+bug/2110212
39+Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
40+---
41+ profiles/apparmor.d/lsusb | 31 +++++++++++++++++++++++++++++++
42+ 1 file changed, 31 insertions(+)
43+
44+Index: b/profiles/apparmor.d/lsusb
45+===================================================================
46+--- a/profiles/apparmor.d/lsusb 2025-06-17 17:29:51.067827898 -0700
47++++ b/profiles/apparmor.d/lsusb 2025-06-17 17:29:51.064827909 -0700
48+@@ -20,6 +20,10 @@
49+
50+ network netlink raw,
51+
52++ # Needed for additional information gathered under sudo
53++ capability net_admin,
54++ /dev/bus/usb/@{d}@{d}@{d}/@{d}@{d}@{d} rw,
55++
56+ /dev/ r,
57+ /dev/bus/usb/ r,
58+ @{run}/udev/data/*usb:* r,
59+@@ -37,6 +41,31 @@
60+ @{sys}/devices/**/usb[0-9]**/manufacturer r,
61+ @{sys}/devices/**/usb[0-9]**/product r,
62+ @{sys}/devices/**/usb[0-9]**/serial r,
63++ # needed for --tree
64++ @{sys}/devices/**/usb[0-9]**/bAlternateSetting r,
65++ @{sys}/devices/**/usb[0-9]**/bInterfaceClass r,
66++ @{sys}/devices/**/usb[0-9]**/bInterfaceNumber r,
67++ @{sys}/devices/**/usb[0-9]**/bInterfaceProtocol r,
68++ @{sys}/devices/**/usb[0-9]**/bInterfaceSubClass r,
69++ @{sys}/devices/**/usb[0-9]**/bNumEndpoints r,
70++ @{sys}/devices/**/usb[0-9]**/bConfigurationValue r,
71++ @{sys}/devices/**/usb[0-9]**/bDeviceClass r,
72++ @{sys}/devices/**/usb[0-9]**/bDeviceProtocol r,
73++ @{sys}/devices/**/usb[0-9]**/bDeviceSubClass r,
74++ @{sys}/devices/**/usb[0-9]**/bMaxPacketSize0 r,
75++ @{sys}/devices/**/usb[0-9]**/bNumConfigurations r,
76++ @{sys}/devices/**/usb[0-9]**/bNumInterfaces r,
77++ @{sys}/devices/**/usb[0-9]**/bcdDevice r,
78++ @{sys}/devices/**/usb[0-9]**/bmAttributes r,
79++ @{sys}/devices/**/usb[0-9]**/configuration r,
80++ @{sys}/devices/**/usb[0-9]**/idProduct r,
81++ @{sys}/devices/**/usb[0-9]**/idVendor r,
82++ @{sys}/devices/**/usb[0-9]**/maxchild r,
83++ @{sys}/devices/**/usb[0-9]**/rx_lanes r,
84++ @{sys}/devices/**/usb[0-9]**/tx_lanes r,
85++ # Needed for --tree -v
86++ @{sys}/devices/**/usb[0-9]**/bMaxPower r,
87++ @{sys}/devices/**/usb[0-9]**/version r,
88+
89+ include if exists <local/lsusb>
90+ }

Subscribers

People subscribed via source and target branches