Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/vivid-proposed/apparmor-easyprof-ubuntu
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

105. By Jamie Strandboge

templates/*: explicitly deny noisy access to accountsservice
(LP: #1433590)

104. By Jamie Strandboge

* templates/ubuntu-sdk|ubuntu-webapp: explicitly deny noisy /dev/tty access
* policygroups/accounts: also deny 'r' to /{,var/}run/user/*/signond/socket
  to silence expected noisy denial (LP: #1415492)

103. By Jamie Strandboge

hardware/video.d/apparmor-easyprof-ubuntu_mako: add accesses for
video4linux 1 and 2 devices needed by mediascanner2 (gst-plugin-scanner)
et al

102. By Jamie Strandboge

ubuntu/webview: allow oxide_helper read access to /sys/devices/system/cpu/
and /sys/devices/system/cpu/cpu[0-9]*/cpufreq/cpuinfo_max_freq

101. By Steve Beattie

ubuntu/1.0/ubuntu-{sdk,webapp}: also allow access to mir libraries via
the new mir abstraction for 1.0 templates (LP: #1422521)

100. By Jamie Strandboge

[ Alberto Mardegan ]
* ubuntu/accounts: explictly deny access to the p2p socket. This will now be
  available only to unconfined apps to support a trusted socket for
  privileged processes (LP: #1415492)

[ Jamie Strandboge ]
* add ubuntu/1.2/ubuntu-account-plugin template and add to 1.3 policy
  (LP: #1219644)
* adjust expected_templates_12 in autopkgtests to have ubuntu-account-plugin
* ubuntu/webview: allow /sys/devices/system/cpu/*/cpufreq/cpuinfo_max_freq
  readonly access

99. By Jamie Strandboge

ubuntu/{music,pictures,video}_files*: temporarily allow read access to
global SD card user directory (LP: #1392368). This can be removed once
there is a proper API for apps to find the SD card label.

98. By Jamie Strandboge

[ Ricardo Salveti de Araujo ]
Adding hardware/video.d/apparmor-easyprof-ubuntu_manta to allow rw on
/dev/video*, needed for hardware video decoding (LP: #1408130). (Note: we
may need to add rw on /dev/v4l-subdev*, but this seems to be enough for

97. By Jamie Strandboge

* ubuntu/ubuntu-sdk:
  - explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials.
    Undo this when LP: 1381620 is fixed in qtdeclarative-opensource-src
  - explicitly deny dbus bind on name="org.freedesktop.Application" since
    it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit
* ubuntu/1.3/ubuntu-sdk: drop html5-container policy. html5 apps should use
  webapp-container and specify the 'webview' policy group with 1.3 (15.04)
  policy (LP: #1392461)
* ubuntu/ubuntu-scope-network, pending/ubuntu-scope-local-content: allow
  scopes to read data from the apps data dir (LP: #1384286)
* adjust all dbus rules to use peer=(label=unconfined) to prevent
  coordinated communications between apps over DBus (LP: #1383824)
* ubuntu/{music,pictures,video}_files*: allow access to global SD card
  directories (LP: #1391930)
* debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer
  changes (we need at least apparmor_parser 2.9.beta4 for these)

96. By Jamie Strandboge

* debian/control:
  - add Vcs-Bzr and Vcs-Browser now that we have them
  - adjust Standards-Version
* add debian/make-new-version.sh and document how to use it
* create policy version 1.3
* adjust autopkgtests:
  - add tests for policy version 1.3
  - fix lintian warnings in naming of the tests
* debian/apparmor-easyprof-ubuntu.postinst: add #DEBHELPER# token

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.