lp:ubuntu/saucy/click-apparmor
- Get this branch:
- bzr branch lp:ubuntu/saucy/click-apparmor
Branch merges
Branch information
Recent revisions
- 14. By Jamie Strandboge
-
* work around lack of first boot postinst-style code in lxc-android-config
and ship a click-apparmor upstart job. This checks to see if apparmor or
apparmor-easyprof- ubuntu' s dpkg md5sums changed, and if so, runs
'aa-clickhook -f'. This allows us to update policy for click packages on
reboot after system-image updates. Note, the click system hooks job is
not enough, because that correctly uses 'aa-clickhook' without arguments.
'aa-clickhook -f' isn't normally needed so this job completes quickly
in typical reboots ('aa-clickhook -f' still only updates the click policy
that is affected). (LP: #1229449)
* don't verify the policy before load. It will error on load which is
equivalent to erroring out before load. This allows us to avoid parsing
policy twice which can save significant time when regenerating lots of
profiles, which is important during first boot after system upgrade
* generated policy should be readable by everyone (the click security
manifests are not private)
* fix default path to apparmor_parser (thus avoiding a needless 'which')
* debian/rules: cleanup .coverage and apparmor/__pycache_ _ - 12. By Jamie Strandboge
-
* apparmor/click.py: don't forget to delete temporary file when not
updating policy
* aa-clickhook, apparmor/click.py: add --include=PATH option for injecting
#include "PATH" into profiles to support QA testing (eg, autopilot) - 11. By Jamie Strandboge
-
* README: update to describe how to test
* add several new tests to complete coverage of apparmor/click.py
* apparmor/click.py
- don't overwrite existing file of policy is unchanged
- fix couple of tracebacks with error reporting found by new tests
* debian/control: Build-Depends on apparmor-easyprof- ubuntu since it is
needed by the testsuite - 9. By Jamie Strandboge
-
* add aa-exec-click
* debian/control: Depends on apparmor that ships aa-exec
* abstract out _unload_profile()
* clarify clickname, profile_filename (formerly profilename) and raw_name
* don't try to unload the profile from the kernel. Once there is a
guarantee that the app is not running, then we can remove the profile - 8. By Jamie Strandboge
-
[ Steve Beattie ]
* aa-clickhook: output to stdout instead of stderr if no output file
is specified.[ Jamie Strandboge ]
* add support for abstractions, read_paths and write_paths. These are not
generally allowed in the Ubuntu app store, but will be handled via the
review process.
* fix a few error strings
* policy_version is JSON Number, not string
* add some more policy_version tests
* Qt json outputs 1.0 as 1. Account for that in our transmogrification to
easyprof (LP: #1214618) - 7. By Jamie Strandboge
-
support different policy vendors since the click hook should be usable
with alternative app stores - 6. By Jamie Strandboge
-
* apparmor/click.py:
- add dbus_path() (uses libnih-dbus) to generate an APP_ID_DBUS template
variable
- rename APPNAME to APP_PKGNAME and APPVERSION to APP_VERSION to make
policy clear wrt click documentation
* aa-clickhook: report but don't trace back failures to generate the profile
* update tests for above
* debian/control:
- Build-Depends on libnih-dbus1 (needed for tests)
- python3-apparmor- click should Depends on libnih-dbus1
- python3-apparmor- click should Depends on apparmor- easyprof- ubuntu >=
1.0.17 (due to variable name changes)
- tighten up other dependencies
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)