Ubuntu
apparmor-easyprof-ubuntu package

lp:ubuntu/trusty/apparmor-easyprof-ubuntu

Trusty (14.04)
trusty

Created by Ubuntu Package Importer on 2013-10-19 and last modified on 2014-04-09

Get this branch:: bzr branch lp:ubuntu/trusty/apparmor-easyprof-ubuntu

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Status:: Development

Recent revisions

61. By Jamie Strandboge on 2014-04-09: 1.1/webview: update to allow exec of chrome-sandbox now that oxide is
doing a proper fork/exec
60. By Jamie Strandboge on 2014-04-08: * 1.*/unconfined: update for ptrace and signal
* 1.1/music_files*: add rules for talking to the media-hub-server and read
access to mediascanner files
* 1.1/video_files*: add rules for talking to the media-hub-server and read
access to mediascanner files
59. By Jamie Strandboge on 2014-04-03: * 1.1/webview: update for ptrace and signal mediation (LP: #1298611)
* debian/control: Depends on apparmor >= 2.8.95~2430-0ubuntu4
58. By Jamie Strandboge on 2014-04-02: * 1.1/webview (LP: #1301351)
- add 'mr' for chrome-sandbox and oxide-renderer
- allow 'r' for @{PROC}/sys/kernel/yama/ptrace_scope
57. By Jamie Strandboge on 2014-03-31: 1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for
/usr/lib/@{multiarch}/oxide-qt/locales/ already since it is confusing for
people who are diagnosing oxide issues (LP: #1260044)
56. By Jamie Strandboge on 2014-03-28: * 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
  fallback mechanism to QtWebKit works correctly. This is needed so 13.10
  framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
  @{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
  prevent information disclosure so once LP: 1260048 is fixed in oxide, we
  can remove the read access.
55. By Jamie Strandboge on 2014-03-24: * 1.*/ubuntu-*:
  - add read access to /usr/share/unity/icons/**. Why this isn't under
    /usr/share/icons/unity instead, I don't know, but the access is
    harmless, so allow it. This is currently needed by the gallery
  - explicitly deny access to com.canonical.snapdecisions interface
    (LP: #1291234)
* 1.*/friends: allow freedesktop.org notifications which is needed by the
  gallery app to show that a picture has been uploaded (LP: #1279969)
* debian/control: Build-Depends on apparmor-easyprof since it is needed by
  the testsuite. This is needed because dh-apparmor now only Suggests
  apparmor-easyprof
54. By Jamie Strandboge on 2014-03-17: * adjustments for Qt5.2
  - 1.*/networking: like with other NetworkManager access, explicitly deny
    connecting to peer=(name=org.freedesktop.NetworkManager)
* 1.1/content_exchange: deny 'w' on ~/.cache/@{APP_PKGNAME}/HubIncoming/**.
  The content-hub will create hard links in this directory for volatile
  data, but using hard links means the content source file could be modified
  by the app. This prevents that. (LP: #1293771)
53. By Jamie Strandboge on 2014-03-05: * 1.*/ubuntu-sdk: allow accesses to workaround intel driver crash on X
  - allow read of /sys/devices/pci[0-9]*/**/uevent
  - allow read of /etc/udev/udev.conf
  - explicityly deny /run/udev/data/**, like we do elsewhere
  - LP: #1286162
52. By Jamie Strandboge on 2014-03-03: 1.*/ubuntu-sdk: /usr/share/ubuntu-html5-theme moved to
/usr/share/ubuntu-html5-ui-toolkit (LP: #1287297)

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntuapparmor-easyprof-ubuntu package