Merge lp:~ted/apparmor-easyprof-ubuntu/libual-tps into lp:apparmor-easyprof-ubuntu

Proposed by Ted Gould on 2015-06-05
Status: Merged
Merged at revision: 22
Proposed branch: lp:~ted/apparmor-easyprof-ubuntu/libual-tps
Merge into: lp:apparmor-easyprof-ubuntu
Diff against target: 19 lines (+9/-0)
1 file modified
data/templates/ubuntu/1.0/ubuntu-sdk (+9/-0)
To merge this branch: bzr merge lp:~ted/apparmor-easyprof-ubuntu/libual-tps
Reviewer Review Type Date Requested Status
Jamie Strandboge 2015-06-05 Approve on 2015-06-05
Review via email: mp+261268@code.launchpad.net

Commit message

DBus rule for UAL TPS untrusted helpers

To post a comment you must log in.
Jamie Strandboge (jdstrand) wrote :

We discussed this rule and the implementation at length in #ubuntu-hardened today. We would prefer another approach which would avoid some issues, but have agreed for now this is ok. Bug #1462492 tracks fixing this in a future iteration.

Jamie Strandboge (jdstrand) wrote :

As for this particular rule, it needs to be applied in all the version of the sdk template, not just 1.0. I can take care of that.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'data/templates/ubuntu/1.0/ubuntu-sdk'
2--- data/templates/ubuntu/1.0/ubuntu-sdk 2015-05-15 09:37:26 +0000
3+++ data/templates/ubuntu/1.0/ubuntu-sdk 2015-06-05 18:56:23 +0000
4@@ -188,6 +188,15 @@
5 member="Open"
6 peer=(label=unconfined),
7
8+ # Untrusted Helpers needed to use Trusted Prompt Sessions getting the
9+ # Mir socket from their trusted helper (who is setting up the TPS)
10+ dbus (receive, send)
11+ path=/com/canonical/UbuntuAppLaunch/@{APP_ID_DBUS}/*
12+ interface="org.canonical.UbuntuAppLaunch.SocketDemangler"
13+ member="GetMirSocket"
14+ bus=session
15+ peer=(label=unconfined),
16+
17 # TODO: finetune this
18 dbus (send)
19 bus=session

Subscribers

People subscribed via source and target branches