apparmor-easyprof-ubuntu

Merge lp://staging/~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-1.3 into lp://staging/~ubuntu-security/apparmor-easyprof-ubuntu/1.3-stable-phone-overlay

  1. fix-hybris-linker-1.3
  2. Merge into 1.3-stable-phone-overlay
Proposed by Simon Fels
Status: Merged
Merged at revision: 34
Proposed branch: lp://staging/~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-1.3
Merge into: lp://staging/~ubuntu-security/apparmor-easyprof-ubuntu/1.3-stable-phone-overlay
Diff against target: 123 lines (+13/-10)
9 files modified
data/templates/ubuntu/1.0/ubuntu-sdk (+1/-1)
data/templates/ubuntu/1.0/ubuntu-webapp (+1/-1)
data/templates/ubuntu/1.1/ubuntu-sdk (+1/-1)
data/templates/ubuntu/1.1/ubuntu-webapp (+1/-1)
data/templates/ubuntu/1.2/ubuntu-account-plugin (+1/-1)
data/templates/ubuntu/1.2/ubuntu-scope-network (+1/-1)
data/templates/ubuntu/1.3/ubuntu-sdk (+1/-1)
debian/changelog (+5/-2)
pending/templates/ubuntu-scope-local-content (+1/-1)
To merge this branch: bzr merge lp://staging/~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-1.3
Reviewer Review Type Date Requested Status
Pat McGowan (community) Approve
Jamie Strandboge (community) Approve
Review via email: mp+297627@code.staging.launchpad.net

Description of the change

Adjust libhybris rules for new dynamic linker loading

libhybris is now capable of loading a linker implementation dynamically at runtime. This requires us to allow another path for all applications to access.

To post a comment you must log in.
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This change on a 15.04 system will trigger an apparmor recompile for all policy on the next OTA upgrade. This may take 2-3 minutes on an average system and thus also requires an ack from the Touch release team.

That said, I suggest using this instead for future proofing:
- /usr/lib/@{multiarch}/libhybris/*.so mr,
+ /usr/lib/@{multiarch}/libhybris/**.so mr,

review: Needs Fixing
lp://staging/~morphis/apparmor-easyprof-ubuntu/fix-hybris-linker-1.3 updated
36. By Simon Fels

Apply review comments

Revision history for this message
Simon Fels (morphis) wrote :

@Jamie: Changed. Will talk with Pat about this.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Approve for merging, but please have Pat comment here and I'll merge.

review: Approve
Revision history for this message
Simon Fels (morphis) wrote :

@Jamie: I have this already in a silo. Will ask Pat today to comment here so we can publish that silo.

Revision history for this message
Simon Fels (morphis) wrote :

Included the package for landing in the overlay in silo https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/landing-016/

Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

After an update is downloaded can we detect that an apparmor recompile will be done and notify the user? If so we could add a message to the restart prompt.

review: Approve
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

@Pat, that might be the lowest hanging fruit. Basically all that needs to happen is that something needs to detect if apparmor, click-apparmor and/or apparmor-easyprof-ubuntu was updated, then say something along the lines of "Security policy will be updated after the device is restarted. This process may take several minutes."

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches