ubuntu/+source/apparmor-easyprof-ubuntu:ubuntu/trusty-proposed

Last commit made on 2014-04-09
Get this branch:
git clone -b ubuntu/trusty-proposed https://git.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-proposed
Repository:
lp:ubuntu/+source/apparmor-easyprof-ubuntu

Recent commits

d3d2f0f... by Jamie Strandboge on 2014-04-09

Import patches-unapplied version 1.1.16 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 38e8bd939bab0a261e711cf19c870caa8cedd241

New changelog entries:
  * 1.1/webview: update to allow exec of chrome-sandbox now that oxide is
    doing a proper fork/exec

38e8bd9... by Jamie Strandboge on 2014-04-08

Import patches-unapplied version 1.1.15 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: b8d2bfb31c4a9de23d3b404b25d5148cfc7ca42e

New changelog entries:
  * 1.*/unconfined: update for ptrace and signal
  * 1.1/music_files*: add rules for talking to the media-hub-server and read
    access to mediascanner files
  * 1.1/video_files*: add rules for talking to the media-hub-server and read
    access to mediascanner files

b8d2bfb... by Jamie Strandboge on 2014-04-03

Import patches-unapplied version 1.1.14 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7baff330fee37e869796ee395cdcd1fcb8ebf976

New changelog entries:
  * 1.1/webview: update for ptrace and signal mediation (LP: #1298611)
  * debian/control: Depends on apparmor >= 2.8.95~2430-0ubuntu4

7baff33... by Jamie Strandboge on 2014-04-02

Import patches-unapplied version 1.1.13 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7e91666d7e0d254d856bafa6a54d51e352a3afde

New changelog entries:
  * 1.1/webview (LP: #1301351)
    - add 'mr' for chrome-sandbox and oxide-renderer
    - allow 'r' for @{PROC}/sys/kernel/yama/ptrace_scope

7e91666... by Jamie Strandboge on 2014-03-31

Import patches-unapplied version 1.1.12 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4bb4161ed04364fa41ba72ad99fafd66575d2649

New changelog entries:
  * 1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for
    /usr/lib/@{multiarch}/oxide-qt/locales/ already since it is confusing for
    people who are diagnosing oxide issues (LP: #1260044)

4bb4161... by Jamie Strandboge on 2014-03-28

Import patches-unapplied version 1.1.11 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 6438de7cd8ae11ac962c9af48807aad8926bfe62

New changelog entries:
  * 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
    fallback mechanism to QtWebKit works correctly. This is needed so 13.10
    framework webapps don't regress
  * 1.1/webview: prevent certificate db poisoning and disallow write access to
    @{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
    prevent information disclosure so once LP: 1260048 is fixed in oxide, we
    can remove the read access.

6438de7... by Jamie Strandboge on 2014-03-24

Import patches-unapplied version 1.1.10 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f5da2ad3320c333213941cbeb88757259ac5f1f6

New changelog entries:
  * 1.*/ubuntu-*:
    - add read access to /usr/share/unity/icons/**. Why this isn't under
      /usr/share/icons/unity instead, I don't know, but the access is
      harmless, so allow it. This is currently needed by the gallery
    - explicitly deny access to com.canonical.snapdecisions interface
      (LP: #1291234)
  * 1.*/friends: allow freedesktop.org notifications which is needed by the
    gallery app to show that a picture has been uploaded (LP: #1279969)
  * debian/control: Build-Depends on apparmor-easyprof since it is needed by
    the testsuite. This is needed because dh-apparmor now only Suggests
    apparmor-easyprof

f5da2ad... by Jamie Strandboge on 2014-03-17

Import patches-unapplied version 1.1.9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 4fb9a79fb12053faabbf53080a2b1ce4e58140fa

New changelog entries:
  * adjustments for Qt5.2
    - 1.*/networking: like with other NetworkManager access, explicitly deny
      connecting to peer=(name=org.freedesktop.NetworkManager)
  * 1.1/content_exchange: deny 'w' on ~/.cache/@{APP_PKGNAME}/HubIncoming/**.
    The content-hub will create hard links in this directory for volatile
    data, but using hard links means the content source file could be modified
    by the app. This prevents that. (LP: #1293771)

4fb9a79... by Jamie Strandboge on 2014-03-05

Import patches-unapplied version 1.1.8 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: adcb6cec3624a067d04c78d18aba3c7f3ffa687d

New changelog entries:
  * 1.*/ubuntu-sdk: allow accesses to workaround intel driver crash on X
    - allow read of /sys/devices/pci[0-9]*/**/uevent
    - allow read of /etc/udev/udev.conf
    - explicityly deny /run/udev/data/**, like we do elsewhere
    - LP: #1286162

adcb6ce... by Jamie Strandboge on 2014-03-03

Import patches-unapplied version 1.1.7 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 59ee49e47d1df342386633a2c9d9013614744e2a

New changelog entries:
  * 1.*/ubuntu-sdk: /usr/share/ubuntu-html5-theme moved to
    /usr/share/ubuntu-html5-ui-toolkit (LP: #1287297)