Merge ~sergiodj/ubuntu/+source/sssd:bug1910611-update-apparmor-focal into ubuntu/+source/sssd:ubuntu/focal-devel
| Status: | Merged |
|---|---|
| Approved by: | Sergio Durigan Junior on 2021-01-21 |
| Approved revision: | 219ccf95c2bf926f9868c5abda944d24bef7f326 |
| Merge reported by: | Sergio Durigan Junior |
| Merged at revision: | 219ccf95c2bf926f9868c5abda944d24bef7f326 |
| Proposed branch: | ~sergiodj/ubuntu/+source/sssd:bug1910611-update-apparmor-focal |
| Merge into: | ubuntu/+source/sssd:ubuntu/focal-devel |
| Diff against target: |
36 lines (+13/-0) 2 files modified
debian/apparmor-profile (+5/-0) debian/changelog (+8/-0) |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Christian Ehrhardt | 2021-01-18 | Approve on 2021-01-19 | |
| Canonical Server Team | 2021-01-18 | Pending | |
|
Review via email:
|
|||
Description of the change
This is the fix for bug 1910611 on Focal.
The sssd apparmor profile is outdated with regards to a few aspects:
- It doesn't allow the execution of binaries under /usr/libexec/sssd/*
- It doesn't allow sssd to read configuration files under /etc/sssd/conf.d/*
- It doesn't allow sssd to read files under /etc/gss/mech.d/*
The original bug only complained about the first item, but while investigating I found the other two issues, so I'm fixing them as well.
The SRU template is already in place, and contains specific instructions for reproducing the bug and testing the package.
Here's a PPA with the proposed package:
https:/
And autopkgtest is still happy:
autopkgtest [18:00:56]: @@@@@@@
ldap-user-
ldap-user-
| Sergio Durigan Junior (sergiodj) wrote : | # |
| Christian Ehrhardt (paelzer) wrote : | # |
I have read the bug in the past on triage - taking a look.
| Christian Ehrhardt (paelzer) wrote : | # |
The changes LGTM and are rather trivial (no patches since it is in debian/*), ...
I assume as part of the Hirsute MP you'll also do a Debian submission?
BTW - we will also need a Groovy MP/upload - that built fine in your PPA, is there an MP for it?
Quite likely it is the same change there and an ultra fast-ack. So if you have the same change, don't bother (just for the process) to spin up that MP and wait for it.
But be careful there as groovy sssd is 2.3.1-3ubuntu2 which already was wrong - IMHO that should have been 2.3.1-3ubuntu0.x all the time. Not too bad since hirsute is on 2.4 but still I couldn't look away while reviewing this :-)
| Sergio Durigan Junior (sergiodj) wrote : | # |
On Tuesday, January 19 2021, Christian Ehrhardt wrote:
> Review: Approve
Thanks, Christian.
> The changes LGTM and are rather trivial (no patches since it is in debian/*), ...
> I assume as part of the Hirsute MP you'll also do a Debian submission?
Yep; I already did yesterday:
https:/
> BTW - we will also need a Groovy MP/upload - that built fine in your PPA, is there an MP for it?
Yes, I filed it at the same time yesterday:
https:/
Curious that you didn't see it!
> Quite likely it is the same change there and an ultra fast-ack. So if you have the same change, don't bother (just for the process) to spin up that MP and wait for it.
Exactly, it's the same change.
> But be careful there as groovy sssd is 2.3.1-3ubuntu2 which already
> was wrong - IMHO that should have been 2.3.1-3ubuntu0.x all the
> time. Not too bad since hirsute is on 2.4 but still I couldn't look
> away while reviewing this :-)
Yeah; unfortunately I was the one who introduced this versioning error
on Groovy. I talked to Robie when I noticed, but he told me it was OK
and that I shouldn't worry about it. Anyway, as you say, I'm glad that
we're on 2.4 on hirsute.
Thanks!
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
| Sergio Durigan Junior (sergiodj) wrote : | # |
Uploaded:
$ git push pkg upload/
Enumerating objects: 13, done.
Counting objects: 100% (13/13), done.
Delta compression using up to 8 threads
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.25 KiB | 106.00 KiB/s, done.
Total 9 (delta 6), reused 0 (delta 0)
To ssh://git.
* [new tag] upload/
$ dput sssd_2.
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/
Checking signature on .dsc
gpg: /home/sergio/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading sssd_2.
Uploading sssd_2.
Uploading sssd_2.
Uploading sssd_2.
Successfully uploaded packages.
I haven't been able to post an MP for hirsute yet because sssd doesn't compile on i386 there (there's a problem with uid-wrapper:i386 which I'm investigating). I know the SRU won't be accepted until the hirsute update is done, so even if this MP (and groovy's) is approved, I won't upload the package just yet.