lp:ubuntu/trusty/apparmor-easyprof-ubuntu
- Get this branch:
- bzr branch lp:ubuntu/trusty/apparmor-easyprof-ubuntu
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 61. By Jamie Strandboge
-
1.1/webview: update to allow exec of chrome-sandbox now that oxide is
doing a proper fork/exec - 60. By Jamie Strandboge
-
* 1.*/unconfined: update for ptrace and signal
* 1.1/music_files*: add rules for talking to the media-hub-server and read
access to mediascanner files
* 1.1/video_files*: add rules for talking to the media-hub-server and read
access to mediascanner files - 59. By Jamie Strandboge
-
* 1.1/webview: update for ptrace and signal mediation (LP: #1298611)
* debian/control: Depends on apparmor >= 2.8.95~2430-0ubuntu4 - 58. By Jamie Strandboge
-
* 1.1/webview (LP: #1301351)
- add 'mr' for chrome-sandbox and oxide-renderer
- allow 'r' for @{PROC}/sys/kernel/ yama/ptrace_ scope - 57. By Jamie Strandboge
-
1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for
/usr/lib/@{multiarch} /oxide- qt/locales/ already since it is confusing for
people who are diagnosing oxide issues (LP: #1260044) - 56. By Jamie Strandboge
-
* 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
fallback mechanism to QtWebKit works correctly. This is needed so 13.10
framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
@{HOME}/.pki/nssdb/ *. Note, while this prevents cert attacks, it doesn't
prevent information disclosure so once LP: 1260048 is fixed in oxide, we
can remove the read access. - 55. By Jamie Strandboge
-
* 1.*/ubuntu-*:
- add read access to /usr/share/unity/icons/ **. Why this isn't under
/usr/share/icons/ unity instead, I don't know, but the access is
harmless, so allow it. This is currently needed by the gallery
- explicitly deny access to com.canonical.snapdecisions interface
(LP: #1291234)
* 1.*/friends: allow freedesktop.org notifications which is needed by the
gallery app to show that a picture has been uploaded (LP: #1279969)
* debian/control: Build-Depends on apparmor-easyprof since it is needed by
the testsuite. This is needed because dh-apparmor now only Suggests
apparmor-easyprof - 54. By Jamie Strandboge
-
* adjustments for Qt5.2
- 1.*/networking: like with other NetworkManager access, explicitly deny
connecting to peer=(name=org.freedesktop .NetworkManager )
* 1.1/content_exchange: deny 'w' on ~/.cache/ @{APP_PKGNAME} /HubIncoming/ **.
The content-hub will create hard links in this directory for volatile
data, but using hard links means the content source file could be modified
by the app. This prevents that. (LP: #1293771) - 53. By Jamie Strandboge
-
* 1.*/ubuntu-sdk: allow accesses to workaround intel driver crash on X
- allow read of /sys/devices/pci[0-9] */**/uevent
- allow read of /etc/udev/udev.conf
- explicityly deny /run/udev/data/**, like we do elsewhere
- LP: #1286162 - 52. By Jamie Strandboge
-
1.*/ubuntu-sdk: /usr/share/
ubuntu- html5-theme moved to
/usr/share/ubuntu- html5-ui- toolkit (LP: #1287297)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)