lp:ubuntu/utopic/apparmor-easyprof-ubuntu
- Get this branch:
- bzr branch lp:ubuntu/utopic/apparmor-easyprof-ubuntu
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 95. By Jamie Strandboge
-
ubuntu/networking: add rules for app-specific ubuntu-
download- manager
file downloads (LP: #1384349) - 94. By Jamie Strandboge
-
ubuntu/audio: also allow access to GetArtistArt when accessing the
thumbnailer (LP: #1381102) - 93. By Jamie Strandboge
-
* ubuntu/accounts: allow all on org.freedesktop
.DBus.Propertie s for
/com/google/ code/AccountsSS O/SingleSignOn/ ** (LP: #1378809)
* ubuntu/ubuntu-*, pending/ubuntu- scope-local- content, ubuntu/webview: also
allow read on /android/system/ build.prop (LP: #1378838) - 92. By Jamie Strandboge
-
* ubuntu/
1.2/push- notification- client: don't deny access to the clipboard
since sdk apps are supposed to be able to specify this policy group
* ubuntu/1.2: add ubuntu-push-helper for push-helpers to use which (among
other things) explicitly disables access to the clipboard (LP: #1371170)
* adjust autopackagetest for ubuntu-push-helper
* ubuntu/accounts: allow all on org.freedesktop.DBus.Propertie s for
/com/google/ code/AccountsSS O/SingleSignOn
* ubuntu/1.2/ubuntu- scope-network, pending/ ubuntu- scope-local- content: also
add remaining libhybris paths (/{,var/}run/shm/ hybris_ shm_data and
/system/build.prop)
* ubuntu/ubuntu-sdk: explicitly disallow gsettings (dconf) access
(LP: #1378115) - 91. By Jamie Strandboge
-
ubuntu/
1.[12]/ ubuntu- {sdk,webapp} : re-add still needed rule for
/{,run/}shm/shm/ WK2SharedMemory .[0-9]* . This needs to stay until qtwebkit
is removed from the image (LP: #1377648) - 90. By Jamie Strandboge
-
* ubuntu/accounts: allow access to GetAll on org.freedesktop
.DBus.Propertie s
for /com/google/code/AccountsSS O/SingleSignOn (LP: #1377205)
* ubuntu/webview: also deny access to /custom/etc/dconf_ profile. This is
fallout from Oxide trying to use gsettings, but we've been silently
denying that access since the webview policy group was added, so just
silence this denial too (LP: #1260101)
* ubuntu/ubuntu- {sdk,webapp} : also allow talking to clipboard on freedesktop
interface (LP: #1377221)
* tests/test-data.py: update hardware dir handling and also adjust policy
groups to use tmpdir
* debian/control: Build-Depends on apparmor so we can check syntax during
builds - 89. By Jamie Strandboge
-
* ubuntu/
1.2/ubuntu- scope-network, pending/ ubuntu- scope-local- content:
allow access to android libraries (LP: #1376430)
* ubuntu/ubuntu- {sdk,webapp} : allow read access for thumbnailer icons
(LP: #1376436) - 88. By Jamie Strandboge
-
* ubuntu/ubuntu-*: add owner /{run,dev}
/shm/shmfd- * rwk (LP: #1370218)
* ubuntu/microphone: remove shmfd access since it is in the templates now - 87. By Jamie Strandboge
-
ubuntu/webview: explicitly deny write access to @{PROC}
/[0-9]* /oom_adj
and @{PROC}/[0-9]* /oom_score_ adj. This is confirmed as a way to escape
application lifecycle (LP: #1260115) - 86. By Jamie Strandboge
-
* ubuntu/calendar: add missing rule for org.freedesktop
.DBus.Introspec table
on path /com/canonical/indicator/ datetime/ AlarmProperties (LP: #1374623)
* ubuntu/1.[12]/ ubuntu- {sdk,webapp} : remove no longer needed rule for
/{,run/}shm/shm/ WK2SharedMemory .[0-9]* (LP: #1197060)
* ubuntu/microphone:
- add temporary write access to /{run,dev}/shm/shmfd- * for QAudioRecorder
(LP: #1370218)
- explicitly deny read on /dev/
* ubuntu/1.1/webview: allow dbus send to RequestName on org.freedesktop.DBus
webapp-container needs corresponding 'bind' call on
org.freedesktop.Application, which we block elsewhere. webapp-container
shouldn't be doing this under confinement, but we allow this rule in
content_exchange, so just allow it to avoid confusion. (LP: #1357371)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/apparmor-easyprof-ubuntu