Merge ~sergiodj/ubuntu/+source/apparmor:bug1872564-boot_id-rule-missing into ubuntu/+source/apparmor:ubuntu/groovy-devel
Status: | Merged |
---|---|
Approved by: | Christian Ehrhardt |
Approved revision: | 2d16cbb2663ef2ea0e88d89f87eef8b40eed8e20 |
Merged at revision: | 2d16cbb2663ef2ea0e88d89f87eef8b40eed8e20 |
Proposed branch: | ~sergiodj/ubuntu/+source/apparmor:bug1872564-boot_id-rule-missing |
Merge into: | ubuntu/+source/apparmor:ubuntu/groovy-devel |
Diff against target: |
169 lines (+124/-0) 6 files modified
debian/apparmor.install (+1/-0) debian/changelog (+14/-0) debian/patches/series (+3/-0) debian/patches/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch (+37/-0) debian/patches/upstream-commit-454fca7-Add-run-variable.patch (+47/-0) debian/patches/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch (+22/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Steve Beattie (community) | Approve | ||
Canonical Server | Pending | ||
Canonical Server Core Reviewers | Pending | ||
Review via email: mp+383686@code.launchpad.net |
Description of the change
apparmor shipped on groovy lacks a rule to allow accessing the file '/proc/
The fix, which is cherry-picked from upstream, is to extend the current 'abstractions/
Another simple upstream commit had to be cherry-picked in order to import the definition of the variable '@{run}'.
The upstream commits are:
https:/
https:/
There's a PPA with the changes here:
https:/
autopkgtest is still happy:
autopkgtest [20:43:50]: test command1: /bin/true
autopkgtest [20:43:50]: test command1: [------
autopkgtest [20:43:50]: test command1: -------
autopkgtest [20:43:51]: test command1: - - - - - - - - - - results - - - - - - - - - -
command1 PASS (superficial)
autopkgtest [20:43:51]: @@@@@@@
compile-policy PASS
test-installed PASS (superficial)
command1 PASS (superficial)
Generally LGTM, I also added a focal task to the bug to later SRU it once groovy is fixed.
Changelog, patch headers and such look good.
The only thing that I found is that there was a follow on fix which IMHO should be included as well: /gitlab. com/apparmor/ apparmor/ -/commit/ ef591a67cedc1da 0676b26448ea96f a8c073c253
=> https:/
Due to that the state is "needs fixing", but other than this is already seems to be good.
Finally I'll add a review-slot for Ubuntu-security. That isn't strictly needed, but usually a good practice on security related changes.