Ubuntu
ubuntu-core-security package

lp:ubuntu/vivid/ubuntu-core-security

Vivid (15.04)
vivid

Created by Ubuntu Package Importer on 2015-04-10 and last modified on 2015-04-22

Get this branch:: bzr branch lp:ubuntu/vivid/ubuntu-core-security

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

7. By Jamie Strandboge on 2015-04-22: * seccomp/default:
  - add ARM private syscalls: breakpoint, cacheflush, set_tls, usr26, usr32
  - add getrandom, ugetrlimit, sched_getattr, sched_rr_get_interval
  - add getxattr, setxattr and listxattr family of calls
6. By Jamie Strandboge on 2015-04-22: * seccomp/default: allow futimesat, utime, utimensat, and utimes
* apparmor/default: revert /dev/** change. Snappy will instead maintain
  click-apparmor .additional files for these (and add the access only if
  cgroups restrictions are in effect)
* allow 'udevadm trigger --verbose --dry-run --tag-match=snappy-assign'.
  Access for using '--property-match=SNAPPY_APP=<pkgname>' will be handled
  elsewhere for now
5. By Jamie Strandboge on 2015-04-21: debian/control: ubuntu-core-security-utils Depends on python3-yaml
4. By Jamie Strandboge on 2015-04-20: * explicity deny mount and mknod too
* add some missing syscalls: eventfd, eventfd2, exit, ftime, get_mempolicy,
  get_robust_list, ipc, mremap, msgctl, msgget, msgrcv, msgsnd,
  restart_syscall, rt_sigqueueinfo, rt_tgsigqueueinfo, set_thread_area,
  signal, sigaction, sigaltstack, sigpending, sigprocmask, sigreturn and
  sigsuspend to seccomp default policy
3. By Jamie Strandboge on 2015-04-14: * explicitly deny ptrace (trace) in the policy since it currently allows
breaking out of seccomp sandbox
* correct path to policy groups for --include-policy-dir
2. By Jamie Strandboge on 2015-04-10: * update autopkgtests to include compatibility templates and policy groups
* debian/control:
  - don't Build-Depends on seccomp (it is not needed at this time)
  - adjust ubuntu-core-security-seccomp to not Depends on seccomp (it only
    ships data files)
  - adjust ubuntu-core-security-utils to Depends on seccomp for amd64, i386
    and armhf
* update default apparmor policy to allow running /usr/bin/ldd
* add app-specific rules for access to /{dev,run}/shm (LP: #1443612)
1. By Jamie Strandboge on 2015-04-09: * Initial release. It provides:
  - the apparmor policies for Ubuntu Core
  - the seccomp policies for Ubuntu Core
  - various utilies including sc-filtergen for generating template-based
    seccomp filters
  - replaces apparmor-easyprof-ubuntu-snappy and sets up compatibility
    symlinks which can be dropped when packages stop using them

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/wily/ubuntu-core-security

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntuubuntu-core-security package