[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Critical ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1362199 Title: [FFe] apparmor abstract, anonymous and netlink socket mediation Status in “apparmor” package in Ubuntu: In Progress Status in “apparmor-easyprof-ubuntu” package in Ubuntu: In Progress Status in “isc-dhcp” package in Ubuntu: In Progress Status in “libvirt” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: In Progress Status in “linux” package in Ubuntu: In Progress Status in “rsyslog” package in Ubuntu: In Progress Status in “tlsdate” package in Ubuntu: In Progress Bug description: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. = linux = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket via apparmor in the kernel. When used with a compatible apparmor userspace, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this kernel with an old userspace without any issues). Testing: * 14.04 system with backported kernel: TODO * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) * aa-status: TODO * lxc: TODO (containers can be created, started, shutdown) * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) * 14.10 system (non-Touch) with current apparmor userspace: TODO (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor) * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) * aa-status: TODO * lxc: TODO (containers can be created, started, shutdown) * libvirt: TODO (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor)) * click-apparmor QRT touch image tests: TODO * apparmor-easyprof-ubuntu QRT touch image tests: TODO * 14.10 system (non-Touch) with updated apparmor userspace capable of supporting abstract, anonymous and fine-grained netlink socket: TODO (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor) * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) * aa-status: TODO * lxc: TODO (containers can be created, started, shutdown) * libvirt: TODO (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor)) * click-apparmor QRT touch image tests: TODO * apparmor-easyprof-ubuntu QRT touch image tests: TODO Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems. = apparmor userspace = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket for apparmor userspace. When used with a compatible kernel, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this userspace with an old kernel without any issues). Testing: * 14.10 system with current kernel: * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) * 14.10 system with previous kernel lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (exploratory manual testing, lxc, libvirt, etc) * test-apparmor.py: DONE * lightdm guest session: DONE (login, start browser, logout) * 14.10 system kernel capable of supporting abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges
[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
isc-dhcp (4.2.4-7ubuntu14) utopic; urgency=medium
* debian/apparmor-profile.dhclient: add file_inherit inet{,6} dgram rules
for child profiles
** Changed in: isc-dhcp (Ubuntu)
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1362199
Title:
[FFe] apparmor abstract, anonymous and netlink socket mediation
Status in “apparmor” package in Ubuntu:
In Progress
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
In Progress
Status in “isc-dhcp” package in Ubuntu:
Fix Released
Status in “libvirt” package in Ubuntu:
In Progress
Status in “lightdm” package in Ubuntu:
In Progress
Status in “linux” package in Ubuntu:
In Progress
Status in “rsyslog” package in Ubuntu:
In Progress
Status in “tlsdate” package in Ubuntu:
In Progress
Bug description:
Background: kernel and apparmor userspace updates to support abstract,
anonymous and fine-grained netlink socket mediation. These packages
are listed in one bug because they are related, but the FFes may be
granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for abstract, anonymous and
fine-grained netlink socket via apparmor in the kernel. When used with a
compatible apparmor userspace, 'unix' and 'network netlink' rules are
supported. When used without a compatible apparmor userspace (eg, on a trusty
system with an utopic backport kernel), abstract, anonymous and fine-grained
netlink socket mediation is not enforced (ie, you can use this kernel with an
old userspace without any issues).
Testing:
* 14.04 system with backported kernel: TODO
* test-apparmor.py: TODO (runs extensive tests (upstream and distro))
* exploratory manual testing: TODO (networking, aa-enforce with firefox,
firefox works, apparmor blocks access, etc)
* aa-status: TODO
* lxc: TODO (containers can be created, started, shutdown)
* libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT
passes all tests)
* 14.10 system (non-Touch) with current apparmor userspace: TODO (relevant
parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: TODO (runs extensive tests (upstream and distro))
* exploratory manual testing: TODO (networking, aa-enforce with firefox,
firefox works, apparmor blocks access, etc)
* aa-status: TODO
* lxc: TODO (containers can be created, started, shutdown)
* libvirt: TODO (QRT/script/test-libvirt.py (though there are 3 failures
unrelated to apparmor))
* click-apparmor QRT touch image tests: TODO
* apparmor-easyprof-ubuntu QRT touch image tests: TODO
* 14.10 system (non-Touch) with updated apparmor userspace capable of
supporting abstract, anonymous and fine-grained netlink socket: TODO (relevant
parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: TODO (runs extensive tests (upstream and distro))
* exploratory manual testing: TODO (networking, aa-enforce with firefox,
firefox works, apparmor blocks access, etc)
* aa-status: TODO
* lxc: TODO (containers can be created, started, shutdown)
* libvirt: TODO (QRT/script/test-libvirt.py (though there are 3 failures
unrelated to apparmor))
* click-apparmor QRT touch image tests: TODO
* apparmor-easyprof-ubuntu QRT touch image tests: TODO
Justification:
This feature is required to support comprehensive application confinement on
Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest
isolation which is fundamental to Ubuntu on Server/Cloud. This feature also
adds a welcome improvement to administrators wishing to further protect their
systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for abstract, anonymous and
fine-grained netlink socket for apparmor userspace. When used with a compatible
kernel, 'unix' and 'network netlink' rules are supported. When used without a
compatible apparmor userspace (eg, on a trusty system with an utopic backport
kernel), abstract, anonymous and fine-grained netlink socket mediation is not
enforced (ie, you can use this userspace with an old kernel without any issues).
Testing:
* 14.10 system with current kernel:
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (includes
click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.10 system with previous kernel lacking abstract, anonymous and
fine-grained netlink socket mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE
(exploratory manual testing, lxc, libvirt, etc)
* test-apparmor.py: DONE
* lightdm guest session: DONE (login, start browser, logout)
* 14.10 system kernel capable of supporting abstract, anonymous and
fine-grained netlink socket mediation (non-Touch):
[Touch-packages] [Bug 1366314] Re: security issue? auto suggest seems to copy credentials into clipboard
It does seem that the keyboard shouldn't be putting whatever you type into the clipboard. That said, I wonder if this is also a bug in the terminal app? Maybe it isn't using these: Qt.ImhHiddenText - Characters should be hidden, as is typically used when entering passwords. This is automatically set when setting echoMode to TextInput.Password. Qt.ImhSensitiveData - Typed text should not be stored by the active input method in any persistent storage like predictive user dictionary. Note, AIUI, the filemanager app uses the same embedded password checking backend as the terminal so it may be affected too. Reference: http://people.canonical.com/~dpm/sdk-docs/html.orig/qml-ubuntu-components0-textfield.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyboard in Ubuntu. https://bugs.launchpad.net/bugs/1366314 Title: security issue? auto suggest seems to copy credentials into clipboard Status in “ubuntu-keyboard” package in Ubuntu: New Bug description: on todays image (krillin rtm-proposed r21) with ONLY auto suggest language option on I get: 13:57 asac 1. kill terminal 13:57 asac 2. open terminal and enter pin 13:57 asac 3. click in terminal pastes my pin :) obviously not good for security. Think might be bad. Seems its not getting to dictionary at least: 13:58 asac 4. /me uses backspace to delete 13:58 asac 5. type ls 13:58 asac 6. type first digit of pin - does not suggest my pin This doesn't happen if I turn auto suggestion off. Not sure if the paste is what doesn't happen or the clipboarding doesn't happen. Surely important to check out and know for sure. We should check other credential prompts too: pin lock screen, sim pin etc. Haven't tried, but I assume UITK password fields and browser dont have that, but might be worth checking. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyboard/+bug/1366314/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
** Description changed: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. + + = apparmor userspace = + Summary: + This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket for apparmor userspace. When used with a compatible kernel, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this userspace with an old kernel without any issues). + + Testing: + * 14.10 system with previous kernel lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): + * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (exploratory manual testing, lxc, libvirt, etc) + * 14.10 system kernel capable of supporting abstract, anonymous and fine-grained netlink socket mediation (non-Touch): + * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc) + * Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: DONE (except juju since it doesn't have policy itself) + + Justification: + This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems. + + Extra information: + While the apparmor userspace and kernel changes to support abstract, anonymous and fine-grained netlink socket can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. + = linux = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket via apparmor in the kernel. When used with a compatible apparmor userspace, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this kernel with an old userspace without any issues). Testing: * 14.04 system with backported kernel: TODO - * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) - * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) - * aa-status: TODO - * lxc: TODO (containers can be created, started, shutdown) - * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) - * 14.10 system (non-Touch) with current apparmor userspace: TODO (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor) - * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) - * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) - * aa-status: TODO - * lxc: TODO (containers can be created, started, shutdown) - * libvirt: TODO (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor)) - * click-apparmor QRT touch image tests: TODO - * apparmor-easyprof-ubuntu QRT touch image tests: TODO - * 14.10 system (non-Touch) with updated apparmor userspace capable of supporting abstract, anonymous and fine-grained netlink socket: TODO (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor) - * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) - * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) - * aa-status: TODO - * lxc: TODO (containers can be created, started, shutdown) - * libvirt: TODO (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor)) - * click-apparmor QRT touch image tests: TODO - * apparmor-easyprof-ubuntu QRT touch image tests: TODO + * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) + * exploratory manual testing: TODO (networking, aa-enforce with
[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
** Description changed: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. = apparmor userspace = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket for apparmor userspace. When used with a compatible kernel, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this userspace with an old kernel without any issues). Testing: - * 14.10 system with previous kernel lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): + * 14.10 system with current kernels lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (exploratory manual testing, lxc, libvirt, etc) * 14.10 system kernel capable of supporting abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc) * Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: DONE (except juju since it doesn't have policy itself) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems. Extra information: While the apparmor userspace and kernel changes to support abstract, anonymous and fine-grained netlink socket can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. - = linux = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket via apparmor in the kernel. When used with a compatible apparmor userspace, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this kernel with an old userspace without any issues). Testing: * 14.04 system with backported kernel: TODO - * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) - * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) - * aa-status: TODO - * lxc: TODO (containers can be created, started, shutdown) - * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) + * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) + * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) + * aa-status: TODO + * lxc: TODO (containers can be created, started, shutdown) + * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) * 14.10 system (non-Touch) with updated kernel: - * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) + * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) * 14.10 system (Touch) with updated kernel: - * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) + * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud.
[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
1) old kernel and new userspace - this is well tested and ready to land now 2) new kernel and old userspace 3) new kernel and new userspace - these are tested, but need more testing on the kernel side. We are finalizing the kernel and will have these in place for kernel pull requests Ah, I did not update AppArmor's debian/control for the Breaks like I did for the signal and ptrace mediation, but meant to. Thanks for the reminder, I'll do that now. Here are the apparmor changes: https://code.launchpad.net/~apparmor-dev/apparmor/apparmor-ubuntu-citrain.abstract -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1362199 Title: [FFe] apparmor abstract, anonymous and netlink socket mediation Status in “apparmor” package in Ubuntu: In Progress Status in “apparmor-easyprof-ubuntu” package in Ubuntu: In Progress Status in “isc-dhcp” package in Ubuntu: Fix Released Status in “libvirt” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: In Progress Status in “linux” package in Ubuntu: In Progress Status in “rsyslog” package in Ubuntu: In Progress Status in “tlsdate” package in Ubuntu: In Progress Bug description: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. = apparmor userspace = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket for apparmor userspace. When used with a compatible kernel, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this userspace with an old kernel without any issues). Testing: * 14.10 system with current kernels lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (exploratory manual testing, lxc, libvirt, etc) * 14.10 system kernel capable of supporting abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc) * Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: DONE (except juju since it doesn't have policy itself) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems. Extra information: While the apparmor userspace and kernel changes to support abstract, anonymous and fine-grained netlink socket can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lightdm, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. = linux = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket via apparmor in the kernel. When used with a compatible apparmor userspace, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this kernel with an old userspace without any issues). Testing: * 14.04 system with backported kernel: TODO * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) * aa-status: TODO * lxc: TODO (containers can be created, started, shutdown) * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) * 14.10 system (non-Touch) with updated kernel: * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) * 14.10
[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
FYI, when booting new userspace with old kernel, the parser will output something like this: Warning from profile /usr/lib/telepathy/telepathy-ofono (/etc/apparmor.d/usr.lib.telepathy): downgrading extended network unix socket rule to generic network rule -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1362199 Title: [FFe] apparmor abstract, anonymous and netlink socket mediation Status in “apparmor” package in Ubuntu: In Progress Status in “apparmor-easyprof-ubuntu” package in Ubuntu: In Progress Status in “isc-dhcp” package in Ubuntu: Fix Released Status in “libvirt” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: In Progress Status in “linux” package in Ubuntu: In Progress Status in “rsyslog” package in Ubuntu: In Progress Status in “tlsdate” package in Ubuntu: In Progress Bug description: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. = apparmor userspace = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket for apparmor userspace. When used with a compatible kernel, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this userspace with an old kernel without any issues). Testing: * 14.10 system with current kernels lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (exploratory manual testing, lxc, libvirt, etc) * 14.10 system kernel capable of supporting abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc) * Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: DONE (except juju since it doesn't have policy itself) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems. Extra information: While the apparmor userspace and kernel changes to support abstract, anonymous and fine-grained netlink socket can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lightdm, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. = linux = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket via apparmor in the kernel. When used with a compatible apparmor userspace, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this kernel with an old userspace without any issues). Testing: * 14.04 system with backported kernel: TODO * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) * aa-status: TODO * lxc: TODO (containers can be created, started, shutdown) * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) * 14.10 system (non-Touch) with updated kernel: * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) * 14.10 system (Touch) with updated kernel: * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch.
[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out
Attached is the output of 'find /opt/click.ubuntu.com -ls'. Also, from IRC: 11:38 jdstrand cjwatson: fyi, I currently have 252 json files in /var/lib/apparmor/clicks but only 113 apps listed with 'click list'. so, some apps do ship multiple profiles, but most apps do not. ** Attachment added: cjwatson-1342858.txt.gz https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4199813/+files/cjwatson-1342858.txt.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1342858 Title: old click packages are not always cleaned out Status in “click” package in Ubuntu: Triaged Bug description: /var/lib/apparmor/clicks still has a lot of symlinks pointing to security manifests for click packages that are no longer installed. I haven't verified this, but I think it might have something to do with preinstalled packages and system-image updates. Eg: $ ls -1 /var/lib/apparmor/clicks/*json | wc -l 157 $ click list | wc -l 85 $ sudo click list | wc -l 19 None of the symlinks in /var/lib/apparmor/clicks are dangling, so while this doesn't actively harm the system AFAICT, the 70+ additional and unneeded apparmor profiles means a slower first boot when policy regeneration is required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1367028] Re: [MIR] system-image
** Changed in: system-image (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) = Seth Arnold (seth-arnold) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to system-image in Ubuntu. https://bugs.launchpad.net/bugs/1367028 Title: [MIR] system-image Status in “system-image” package in Ubuntu: New Bug description: Availability: universe Rationale: system-image is the client for image based upgrades. It is a core component and thus seeded in Ubuntu Touch. Security: No known issues. QA: Well supported upstream and in Ubuntu. Package has build-time unittests and DEP-8 tests. UI standards: n/a Dependencies: All non-main build- and run-time dependencies already or will soon have MIRs. Standards compliance: No known issues. Maintenance: No known issues. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/system-image/+bug/1367028/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1249586] Re: music stops when app goes to background
*** This bug is a duplicate of bug 1249387 *** https://bugs.launchpad.net/bugs/1249387 ** Tags removed: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-webapps-qml in Ubuntu. https://bugs.launchpad.net/bugs/1249586 Title: music stops when app goes to background Status in Oxide Webview: Confirmed Status in The Webapps-core project: Confirmed Status in Web Browser App: Confirmed Status in “unity-webapps-qml” package in Ubuntu: Confirmed Status in “webbrowser-app” package in Ubuntu: Confirmed Bug description: The issue did not exist on 14.04(r5) or 13.10(r100). I was even proud of this little feature :P :D When any online music is opened in the browser from the music lens, the music plays. But when a full swipe to the homescreen is done, or another app is brought to the foreground with the right swipe, the music abruptly stops. on bringing the browser app to the foreground, the music continues to play from where it stopped. Reproduced on soundcloud only. I dont think any other music site works in touch right now. On the earlier build of Trusty and saucy, i couldnt reproduce this issue. Atleast a full swipe in those builds did not stop the music. To manage notifications about this bug go to: https://bugs.launchpad.net/oxide/+bug/1249586/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1368751] [NEW] [enhancement] allow MTP access for authenticated computers
Public bug reported: In accordance with https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData, MTP currently refuses to show any folders when connecting the device to a system and the device's screen is locked (good). A nice future enhancement might be to do something similar to what is planned with adb-- using a certificate or token for each system the device connects to. Eg, it might look something like this: 1. Janet plugs in a locked device to her new laptop 2. MTP checks to see if this system (the new laptop) is known to the device 3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories 4. Janet unlocks the screen on the device and the files are exported to her laptop 5. Meanwhile on the device, MTP prompts Janet with: Detected new system. Unconditionally export MTP files to this system in the future? [ ] yes [ ] no 6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices 7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures 8. Janet returns home and plugs her locked device into her laptop 9. MTP checks to see if this system (the new laptop) is known to the device 10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen) and she can copy her fun pictures to her laptop If Janet answered 'no' in step '6', after performing step '9', MTP would proceed to step '3' instead of '10'. This probably requires design for the user interactions. Eg, perhaps it would be good to remember if the user answered 'no' in step '5'. Also, it would be good to be able to revoke systems from the database of known devices. This is not for RTM. This is not a security requirement. This is for UX. ** Affects: mtp (Ubuntu) Importance: Undecided Status: New ** Description changed: In accordance with https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData, MTP currently refuses to show any folders when connecting the device to - a system and the device's screen is locked. (good). A nice future + a system and the device's screen is locked (good). A nice future enhancement might be to do something similar to what is planned with adb-- using a certificate or token for each system the device connects to. Eg, it might look something like this: 1. Janet plugs in a locked device to her new laptop 2. MTP checks to see if this system (the new laptop) is known to the device 3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories 4. Janet unlocks the screen on the device and the files are exported to her laptop 5. MTP then prompts Janet with: - Detected new system. Unconditionally export MTP files to this system in the future? - [ ] yes [ ] no + Detected new system. Unconditionally export MTP files to this system in the future? + [ ] yes [ ] no 6. Janet answers 'yes' and MTP adds Janet's new laptop to its database of known devices 7. Janet performs file transfers via MTP, then unplugs the device and goes out to dinner, taking a lot of fun pictures 8. Janet returns home and plugs her locked device into her laptop 9. MTP checks to see if this system (the new laptop) is known to the device 10. Since Janet answered 'yes' in step '6', the files are exported to her laptop (without having to unlock the screen) If Janet answered 'no' in step '6', after performing step '9', MTP would proceed to step '3' instead of '10'. This probably requires design for the user interactions. Eg, perhaps it would be good to remember if the user answered 'no' in step '5'. Also, it would be good to be able to revoke systems from the database of known devices. This is not for RTM. This is not a security requirement. This is for UX. ** Description changed: In accordance with https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData, MTP currently refuses to show any folders when connecting the device to a system and the device's screen is locked (good). A nice future enhancement might be to do something similar to what is planned with adb-- using a certificate or token for each system the device connects to. Eg, it might look something like this: 1. Janet plugs in a locked device to her new laptop 2. MTP checks to see if this system (the new laptop) is known to the device 3. Since it is not, MTP checks the state of the screensaver and sees that it is locked, so refuses to export any directories 4. Janet unlocks the screen on the device and the files are exported to her laptop - 5. MTP then prompts Janet with: + 5. Meanwhile on the device, MTP prompts Janet with: Detected new system. Unconditionally export MTP files to this system in the future? [ ] yes [ ] no 6. Janet
[Touch-packages] [Bug 1327139] Re: mirscreencast broke (moved socket) in #71
There are different sockets. Bug #1236912 was about the sockets apps in the user's session are supposed to be able to access, ie $XDG_RUNTIME_DIR/mir_socket. /run/mir_socket is AIUI different and not supposed to be accessed by apps. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mir in Ubuntu. https://bugs.launchpad.net/bugs/1327139 Title: mirscreencast broke (moved socket) in #71 Status in Light Display Manager: New Status in Mir: Invalid Status in “mir” package in Ubuntu: Invalid Status in “phablet-tools” package in Ubuntu: Fix Released Bug description: Since the mir_socket moved from /tmp to /var/run, mirscreencast broke. $ adb shell mirscreencast -n 1 Failed to connect to server. Error was :connect: No such file or directory This works:- $ adb shell mirscreencast -m /var/run/mir_socket -n 1 ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mir-utils 0.1.9+14.10.20140430.1-0ubuntu1 Uname: Linux 3.4.0-5-mako armv7l ApportVersion: 2.14.3-0ubuntu1 Architecture: armhf Date: Fri Jun 6 10:47:19 2014 InstallationDate: Installed on 2014-06-06 (0 days ago) InstallationMedia: Ubuntu Utopic Unicorn (development branch) - armhf (20140606.1) SourcePackage: mir UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1327139/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1326105] Re: AppArmor policy for scope zmq access is too lenient
** Changed in: unity-scopes-api (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity-scopes-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1326105
Title:
AppArmor policy for scope zmq access is too lenient
Status in “unity-scopes-api” package in Ubuntu:
Confirmed
Bug description:
Currently in apparmor-easyprof-ubuntu 1.2.3 we have:
owner /run/user/[0-9]*/zmq/Registry-s rw,
owner /run/user/[0-9]*/zmq/Registry-pr,
owner /run/user/[0-9]*/zmq/c-*-r rw,
Note that all scopes, regardless of whether they use the ubuntu-scope-
network or ubuntu-scope-local-content templates have access to these
overlapped accesses. While we discussed the apparmor policy at length
at the recent sprint, in thinking about this more there are still a
few issues:
1. How will the scope-registry handle when either
/run/user/[0-9]*/zmq/Registry-s or /run/user/[0-9]*/zmq/Registry-p
already exists?
2. In addition to dealing with /run/user/[0-9]*/zmq/c-*-r possibly
already existing, there is an additional issue with this access--
because the ubuntu-scope-network and ubuntu-scope-local-content
templates both allow this access, this allows a malicious scope author
to create a scope using the ubuntu-scope-local-content template, then
collect files off the filesystem and store them in
/run/user/[0-9]*/zmq/c-I_can_leak_your_files.tar.gz-c, then upload a
new version of the scope using the ubuntu-scope-network template,
which can then ship
/run/user/[0-9]*/zmq/c-I_can_leak_your_files.tar.gz-c off to a remote
server when the user upgrades (the fact that it is in /run doesn't
really help-- the malicious scope can save the file in its scope-
specific directory then copy it in to place to make sure it is always
there).
For '1', standard defensive programming should be sufficient and
someone should verify that the scopes API is handling when these files
already exist (as sockets, regular files, etc, etc).
For '2', standard defensive programming should also be used, but that
isn't enough. I suggested at the sprint that these endpoints should be
made application specific by their name like with the other endpoints,
but was told this is problematic. I can (and will) update the apparmor
policy to use this rule:
owner
/run/user/[0-9]*/zmq/c-[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]-r
rw,
but this doesn't solve the problem since a malicious app writer will
just pick something matching that apparmor regular expression (AARE).
AIUI, it is difficult/impossible to make these endpoints application
specific (eg, /run/user/[0-9]*/zmq/c-@{APP_PKGNAME}-r which would be
the preferred fix). If that is the case, we can either namespace this
endpoint in zmq/local-fs/c-*r and zmq/local-net/c-*r and adjust the
policy templates accordingly. I have a feeling this will have the same
problems (or worse) as making the endpoint application specific since
you'd need to track the type of scope this is. Alternatively, you
could have a garbage collector to unconditionally remove any non-unix
domain socket files and unused unix domain socket files that match
zmq/c-*-r. While making these endpoints application specific would be
cleanest from a policy point of view, implementing good garbage
collection (perhaps triggered on scope start/register) would be
sufficient to close this bug.
Thanks!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1326105/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode
Mirco, can you answer my question in comment #8? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1306769 Title: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode Status in Server and client library for desktop notifications in Unity: Triaged Status in “unity8” package in Ubuntu: Triaged Bug description: Currently the pinlock dialog is implemented as snapdecision and thus any application that is allowed to use the notifications can potentially trick the user to provide his PIN code or Passcode to the application by invoking the pinlock dialog. As we want to allow applications to send normal notifications and snapdecisions we can't just block the whole notify service from them, but also we don't have any means to block just one of them. Thus the only solution is to remove the pinlock from snap decisions completely and implement a standalone dbus service for pinlock dialog which can be properly confined. To manage notifications about this bug go to: https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365875] Re: mail notification displayed even when phone locked
Since this was fixed in push notifications, I am closing the other tasks. Please reopen if this is in error. ** No longer affects: account-polld (Ubuntu) ** No longer affects: indicator-messages (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to indicator-messages in Ubuntu. https://bugs.launchpad.net/bugs/1365875 Title: mail notification displayed even when phone locked Status in Ubuntu Push Notifications: Fix Released Status in “unity8” package in Ubuntu: Opinion Bug description: I had just woken up the phone (screen was displaying the welcome greeter) but had not yet unlocked the device (I have set a pin code) when a mail notification appeared on screen that divulged the sender. This is a privacy issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-push/+bug/1365875/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1369457] Re: able to left swipe and launch apps without unlocking phone
I think much of this is by design. The security team doesn't consider launching apps behind the lockscreen a security issue. These apps are subjected to application lifecycle and will not continue running. However, the other behaviors may be bugs-- I'll ask someone to comment. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1369457 Title: able to left swipe and launch apps without unlocking phone Status in Ubuntu UX bugs: New Status in “unity8” package in Ubuntu: New Bug description: This is atleast a privacy issue but could also be a security depending on exactly what apps the user has pinned to their launcher. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ux/+bug/1369457/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1369453] Re: able to view and change indicators without unlocking phone
** Changed in: indicator-location (Ubuntu) Status: New = Confirmed ** Changed in: indicator-network (Ubuntu) Status: New = Confirmed ** Also affects: indicator-datetime (Ubuntu) Importance: Undecided Status: New ** Changed in: indicator-datetime (Ubuntu) Status: New = Confirmed ** Changed in: indicator-datetime (Ubuntu) Importance: Undecided = Critical ** Changed in: indicator-location (Ubuntu) Importance: Undecided = High ** Changed in: indicator-network (Ubuntu) Importance: Undecided = High ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to indicator-location in Ubuntu. https://bugs.launchpad.net/bugs/1369453 Title: able to view and change indicators without unlocking phone Status in “indicator-datetime” package in Ubuntu: Confirmed Status in “indicator-location” package in Ubuntu: Confirmed Status in “indicator-network” package in Ubuntu: Confirmed Bug description: This is a pretty significant security issue that affects: - networking - able to switch networks without entering pin to unlock phone - GPS - can toggle. - bluetooth - can toggle. - upcoming events - can view. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/indicator-datetime/+bug/1369453/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1369450] Re: adb shell sudo shows password in the clear
FYI, as a workaround I suggest using 'phablet-shell' since it behaves correctly. ** Changed in: android-tools (Ubuntu) Status: New = Confirmed ** Changed in: android-tools (Ubuntu) Importance: Undecided = High ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to android-tools in Ubuntu. https://bugs.launchpad.net/bugs/1369450 Title: adb shell sudo shows password in the clear Status in “android-tools” package in Ubuntu: Confirmed Bug description: $ adb shell sudo id [sudo] password for phablet: you should not be able to see this!!! ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: android-tools-adb 4.2.2+git20130218-3ubuntu35 ProcVersionSignature: Ubuntu 3.16.0-14.20-generic 3.16.2 Uname: Linux 3.16.0-14-generic x86_64 ApportVersion: 2.14.7-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Mon Sep 15 09:43:59 2014 InstallationDate: Installed on 2014-04-11 (156 days ago) InstallationMedia: Ubuntu 14.04 LTS Trusty Tahr - Daily amd64 (20140409) SourcePackage: android-tools UpgradeStatus: Upgraded to utopic on 2014-05-08 (129 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/android-tools/+bug/1369450/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode
Thanks for the feedback-- though I think we may need more information. Here is
the current policy:
dbus (receive)
bus=session
path=/com/canonical/hud/publisher*
interface=org.gtk.Menus
member=Start,
dbus (receive)
bus=session
path=/com/canonical/hud/publisher*
interface=org.gtk.Menus
member=End,
dbus (send)
bus=session
path=/com/canonical/hud/publisher*
interface=org.gtk.Menus
member=Changed
peer=(name=org.freedesktop.DBus),
dbus (receive)
bus=session
path=/com/canonical/unity/actions
interface=org.gtk.Actions
member={DescribeAll,Activate},
dbus (send)
bus=session
path=/com/canonical/unity/actions
interface=org.gtk.Actions
member=Changed
peer=(name=org.freedesktop.DBus),
dbus (receive)
bus=session
path=/context_*
interface=org.gtk.Actions
member=DescribeAll,
Related policy is:
dbus (send)
bus=session
path=/com/canonical/hud
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus (send)
bus=session
path=/com/canonical/hud
interface=com.canonical.hud
member=RegisterApplication,
dbus (receive, send)
bus=session
dbus (receive)
bus=session
path=/com/canonical/hud
interface=com.canonical.hud
member=UpdatedQuery,
dbus (receive)
bus=session
interface=com.canonical.hud.Awareness
member=CheckAwareness,
My understanding was that apps were *not* supposed to be allowed to use snap
decisions, which is why Mirco had me add this policy:
audit deny dbus bus=session
interface=com.canonical.snapdecisions,
Can this policy be circumvented? If yes, can someone demonstrate how? If not,
are you saying that the push notifications dialogs can be used to fake the
pinlock dialog? If so, moving the pin lock snap decision to another service
will not solve this and the only way to solve that would be to make sure that
the pinlock snap decision looks sufficiently visually different and that
applications can't influence a push notification to look like it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1306769
Title:
pinlock snap decision potentially allows malicious app to gain access
to user PIN and Passcode
Status in Server and client library for desktop notifications in Unity:
Triaged
Status in “unity8” package in Ubuntu:
Triaged
Bug description:
Currently the pinlock dialog is implemented as snapdecision and thus
any application that is allowed to use the notifications can
potentially trick the user to provide his PIN code or Passcode to the
application by invoking the pinlock dialog.
As we want to allow applications to send normal notifications and
snapdecisions we can't just block the whole notify service from them,
but also we don't have any means to block just one of them.
Thus the only solution is to remove the pinlock from snap decisions
completely and implement a standalone dbus service for pinlock dialog
which can be properly confined.
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode
Shoot, I had a mispaste of the related policy. Here is all of it for
clarity:
dbus (send)
bus=session
path=/com/canonical/hud
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus (send)
bus=session
path=/com/canonical/hud
interface=com.canonical.hud
member=RegisterApplication,
dbus (receive, send)
bus=session
path=/com/canonical/hud/applications/@{APP_ID_DBUS}*,
dbus (receive)
bus=session
path=/com/canonical/hud/publisher*
interface=org.gtk.Menus
member=Start,
dbus (receive)
bus=session
path=/com/canonical/hud/publisher*
interface=org.gtk.Menus
member=End,
dbus (send)
bus=session
path=/com/canonical/hud/publisher*
interface=org.gtk.Menus
member=Changed
peer=(name=org.freedesktop.DBus),
dbus (receive)
bus=session
path=/com/canonical/unity/actions
interface=org.gtk.Actions
member={DescribeAll,Activate},
dbus (send)
bus=session
path=/com/canonical/unity/actions
interface=org.gtk.Actions
member=Changed
peer=(name=org.freedesktop.DBus),
dbus (receive)
bus=session
path=/context_*
interface=org.gtk.Actions
member=DescribeAll,
dbus (receive)
bus=session
path=/com/canonical/hud
interface=com.canonical.hud
member=UpdatedQuery,
dbus (receive)
bus=session
interface=com.canonical.hud.Awareness
member=CheckAwareness,
...
audit deny dbus bus=session
interface=com.canonical.snapdecisions,
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity8 in Ubuntu.
https://bugs.launchpad.net/bugs/1306769
Title:
pinlock snap decision potentially allows malicious app to gain access
to user PIN and Passcode
Status in Server and client library for desktop notifications in Unity:
Triaged
Status in “unity8” package in Ubuntu:
Triaged
Bug description:
Currently the pinlock dialog is implemented as snapdecision and thus
any application that is allowed to use the notifications can
potentially trick the user to provide his PIN code or Passcode to the
application by invoking the pinlock dialog.
As we want to allow applications to send normal notifications and
snapdecisions we can't just block the whole notify service from them,
but also we don't have any means to block just one of them.
Thus the only solution is to remove the pinlock from snap decisions
completely and implement a standalone dbus service for pinlock dialog
which can be properly confined.
To manage notifications about this bug go to:
https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode
Bumping the priority since this would be a bad bug. Marking as rtm14 since we can't have apps phish for passwords. ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1306769 Title: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode Status in Server and client library for desktop notifications in Unity: Incomplete Status in “unity8” package in Ubuntu: Incomplete Bug description: Currently the pinlock dialog is implemented as snapdecision and thus any application that is allowed to use the notifications can potentially trick the user to provide his PIN code or Passcode to the application by invoking the pinlock dialog. As we want to allow applications to send normal notifications and snapdecisions we can't just block the whole notify service from them, but also we don't have any means to block just one of them. Thus the only solution is to remove the pinlock from snap decisions completely and implement a standalone dbus service for pinlock dialog which can be properly confined. To manage notifications about this bug go to: https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode
I am going to mark this as incomplete. Antii says Currently the pinlock dialog is implemented as snapdecision and thus any application that is allowed to use the notifications can potentially trick the user to provide his PIN code or Passcode to the application by invoking the pinlock dialog. However, AppArmor policy explicitly disables the snapdecisions interface and there is no code or described methodology describing the problem so I can't determine if this is mere concern that there might be a problem or that there is an actual problem. ** Changed in: unity-notifications Status: Triaged = Incomplete ** Changed in: unity8 (Ubuntu) Status: Triaged = Incomplete ** Changed in: unity8 (Ubuntu) Importance: Medium = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1306769 Title: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode Status in Server and client library for desktop notifications in Unity: Incomplete Status in “unity8” package in Ubuntu: Incomplete Bug description: Currently the pinlock dialog is implemented as snapdecision and thus any application that is allowed to use the notifications can potentially trick the user to provide his PIN code or Passcode to the application by invoking the pinlock dialog. As we want to allow applications to send normal notifications and snapdecisions we can't just block the whole notify service from them, but also we don't have any means to block just one of them. Thus the only solution is to remove the pinlock from snap decisions completely and implement a standalone dbus service for pinlock dialog which can be properly confined. To manage notifications about this bug go to: https://bugs.launchpad.net/unity-notifications/+bug/1306769/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1324292] Re: re-add support for selecting text for copying
** Changed in: oxide Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1324292 Title: re-add support for selecting text for copying Status in Oxide Webview: New Status in Web Browser App: Confirmed Status in “webbrowser-app” package in Ubuntu: Confirmed Bug description: in the qtwebkit browser we had the ability to create a selection region with handles for resizing. needs to bring this back for oxide based browser. To manage notifications about this bug go to: https://bugs.launchpad.net/oxide/+bug/1324292/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1369512] Re: None of the torch app starts
After discussion on IRC, this is because qtubuntu-camera implements the 'click' camera sound. The proper fix is to move this outside of qtubuntu-camera and apps can optionally make the click sound using Audio, which only then would bring in media-hub, and only then require the audio policy group. Since recording with the camera is moving to media-hub, I will be adding to the camera policy group a dbus rule to allow talking to it. This will workaround this bug for now. ** Also affects: qtubuntu-camera (Ubuntu) Importance: Undecided Status: New ** Summary changed: - None of the torch app starts + please move click sound out of qtubuntu-camera ** Also affects: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided Status: New ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Critical ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New = In Progress ** Changed in: qtubuntu-camera (Ubuntu) Status: New = Triaged ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Changed in: qtubuntu-camera (Ubuntu) Assignee: (unassigned) = Jim Hodapp (jhodapp) ** Tags added: touch-2014-09-25 ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtubuntu-camera in Ubuntu. https://bugs.launchpad.net/bugs/1369512 Title: please move click sound out of qtubuntu-camera Status in Media Hub: Confirmed Status in “apparmor-easyprof-ubuntu” package in Ubuntu: In Progress Status in “qtubuntu-camera” package in Ubuntu: Triaged Bug description: RTM image 39 on mako media-hub 1.0.0+14.10.20140908~rtm-0ubuntu1 The Ubuntu Store have three torch apps, I installed all but none of them starts. The upstart log shows something bad re: apparmor/media- hub To manage notifications about this bug go to: https://bugs.launchpad.net/media-hub/+bug/1369512/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1369512] Re: please move click sound out of qtubuntu-camera
In testing uTorch, I noticed it also doesn't specify the camera policy group. It will need to do so after this bug is marked fixed in apparmor- easyprof-ubuntu. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1369512 Title: please move click sound out of qtubuntu-camera Status in Media Hub: Confirmed Status in “apparmor-easyprof-ubuntu” package in Ubuntu: In Progress Status in “qtubuntu-camera” package in Ubuntu: Triaged Bug description: RTM image 39 on mako media-hub 1.0.0+14.10.20140908~rtm-0ubuntu1 The Ubuntu Store have three torch apps, I installed all but none of them starts. The upstart log shows something bad re: apparmor/media- hub To manage notifications about this bug go to: https://bugs.launchpad.net/media-hub/+bug/1369512/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation
** Changed in: linux (Ubuntu) Importance: Undecided = Critical ** Changed in: linux (Ubuntu) Importance: Critical = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1362199 Title: [FFe] apparmor abstract, anonymous and netlink socket mediation Status in “apparmor” package in Ubuntu: Fix Released Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Fix Released Status in “isc-dhcp” package in Ubuntu: Fix Released Status in “libvirt” package in Ubuntu: Fix Released Status in “lightdm” package in Ubuntu: Fix Released Status in “linux” package in Ubuntu: In Progress Status in “rsyslog” package in Ubuntu: Fix Released Status in “tlsdate” package in Ubuntu: Fix Released Bug description: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. = apparmor userspace = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket for apparmor userspace. When used with a compatible kernel, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this userspace with an old kernel without any issues). Testing: * 14.10 system with current kernels lacking abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: DONE (exploratory manual testing, lxc, libvirt, etc) * 14.10 system kernel capable of supporting abstract, anonymous and fine-grained netlink socket mediation (non-Touch): * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc) * Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: DONE (except juju since it doesn't have policy itself) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems. Extra information: While the apparmor userspace and kernel changes to support abstract, anonymous and fine-grained netlink socket can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lightdm, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. = linux = Summary: This feature freeze exception is requested for abstract, anonymous and fine-grained netlink socket via apparmor in the kernel. When used with a compatible apparmor userspace, 'unix' and 'network netlink' rules are supported. When used without a compatible apparmor userspace (eg, on a trusty system with an utopic backport kernel), abstract, anonymous and fine-grained netlink socket mediation is not enforced (ie, you can use this kernel with an old userspace without any issues). Testing: * 14.04 system with backported kernel: TODO * test-apparmor.py: TODO (runs extensive tests (upstream and distro)) * exploratory manual testing: TODO (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc) * aa-status: TODO * lxc: TODO (containers can be created, started, shutdown) * libvirt: TODO (VMs started via openstack, and test-libvirt.py from QRT passes all tests) * 14.10 system (non-Touch) with updated kernel: * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) * 14.10 system (Touch) with updated kernel: * https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc) Justification: This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This
[Touch-packages] [Bug 1371170] [NEW] information disclosure: clipboard contents can be obtained without user knowledge
*** This bug is a security vulnerability *** Public security bug reported: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. ** Affects: content-hub (Ubuntu) Importance: High Status: New ** Affects: mir (Ubuntu) Importance: High Status: New ** Affects: unity8 (Ubuntu) Importance: High Status: New ** Tags: application-confinement ** Summary changed: - information disclosure: clipboard contents can be leaked to other applications + information disclosure: clipboard contents can be obtained in the background ** Also affects: mir (Ubuntu) Importance: Undecided Status: New ** Also affects: content-hub (Ubuntu) Importance: Undecided Status: New ** Changed in: content-hub (Ubuntu) Importance: Undecided = High ** Changed in: mir (Ubuntu) Importance: Undecided = High ** Changed in: unity8 (Ubuntu) Importance: Undecided = High ** Description changed: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. + + Ideally this would be handled via wholly user-driven interactions. While + this could be achieved via keyboard driven interactions, it is difficult + with toolkit driven interactions (ie, 'Paste' from a menu is necessarily + a pull operation). One idea is not to block access but instead make + users aware of the clipboard access (eg, an overlay that says Pasted + from clipboard and then fades out)-- this should be as unobtrusive as + possible. ** Tags added: application-confinement ** Information type changed from Public to Public Security ** Summary changed: - information disclosure: clipboard contents can be obtained in the background + information disclosure: clipboard contents can be obtained without user knowledge -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1371170 Title: information disclosure: clipboard contents can be obtained without user knowledge Status in “content-hub” package in Ubuntu: New Status in “mir” package in Ubuntu: New Status in “unity8” package in Ubuntu: New Bug description: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded
[Touch-packages] [Bug 1371170] Re: information disclosure: clipboard contents can be obtained without user knowledge
** Description changed: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. + In the short term, we should require that only a foregrounded app whould + be able to get clipboard contents. Push helpers should have an explicit + deny to the (upcoming) DBus clipboard access. + Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. ** Also affects: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided Status: New ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = High ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to content-hub in Ubuntu. https://bugs.launchpad.net/bugs/1371170 Title: information disclosure: clipboard contents can be obtained without user knowledge Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Triaged Status in “content-hub” package in Ubuntu: New Status in “mir” package in Ubuntu: New Status in “unity8” package in Ubuntu: New Bug description: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. In the short term, we should require that only a foregrounded app whould be able to get clipboard contents. Push helpers should have an explicit deny to the (upcoming) DBus clipboard access. Background apps should not be allowed to push content into the clipboard (application lifecycle deals with this, but we need this for the future). Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1371170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371170] Re: information disclosure: clipboard contents can be obtained without user knowledge
** Description changed: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. In the short term, we should require that only a foregrounded app whould be able to get clipboard contents. Push helpers should have an explicit - deny to the (upcoming) DBus clipboard access. + deny to the (upcoming) DBus clipboard access. Background apps should not + be allowed to push content into the clipboard (application lifecycle + deals with this, but we need this for the future). Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1371170 Title: information disclosure: clipboard contents can be obtained without user knowledge Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Triaged Status in “content-hub” package in Ubuntu: New Status in “mir” package in Ubuntu: New Status in “unity8” package in Ubuntu: New Bug description: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. In the short term, we should require that only a foregrounded app whould be able to get clipboard contents. Push helpers should have an explicit deny to the (upcoming) DBus clipboard access. Background apps should not be allowed to push content into the clipboard (application lifecycle deals with this, but we need this for the future). Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1371170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 870373] Re: guest session will not open
Marking this as fixed. The user said a reinstall fixed it and the guest session has been working fine for a long time. Please file a new bug if you are still having issues. ** Changed in: lightdm (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/870373 Title: guest session will not open Status in “lightdm” package in Ubuntu: Fix Released Bug description: What I expected to happen: By choosing the guest session option (either from the login screen or the user menu when logged in to a normal account) a guest session should be launched. What happened instead: By choosing either method, the screen goes blank for a moment before I am returned to the login screen. Looking at the logs, it looks like the guest /home is created in /tmp, but for whatever reason it can't be used. At first I thought it was due to the apparmor profile for the guest session, since it throws up a lot of denied entries, but even after putting that profile in complain mode, the issue persists. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: lightdm 1.0.1-0ubuntu6 ProcVersionSignature: Ubuntu 3.0.0-12.19-generic 3.0.4 Uname: Linux 3.0.0-12-generic i686 ApportVersion: 1.23-0ubuntu2 Architecture: i386 Date: Fri Oct 7 23:55:29 2011 InstallationMedia: Ubuntu 11.10 Oneiric Ocelot - Beta i386 (20110901) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/870373/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1361372] Re: Apparmor stopping Google Chrome from launching in guest session
** Changed in: lightdm (Ubuntu) Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1361372 Title: Apparmor stopping Google Chrome from launching in guest session Status in “lightdm” package in Ubuntu: In Progress Bug description: As mentioned in comment 5 of bug #1298021, it seems that Google have modified how they package Chrome in their repository. Based on the fix for that bug, it appears that Chrome was packaged as /opt/google/chrome-stable/google-chrome-stable, /opt/google/chrome- beta/google-chrome-beta or /opt/google/chrome-unstable/google-chrome- unstable based on the package version. The current stable package, google-chrome-stable version 36.0.1985.143-1, from the repository at http://dl.google.com/linux/chrome/deb/installs the binary as /opt/google/chrome/google-chrome, which doesn't match any of the rules added to Apparmor. Adding the following additional line caused the browser to work in guest mode for me: /opt/google/chrome/google-chrome Cx - chromium, $ lsb_release -rd Description: Ubuntu 14.04.1 LTS Release: 14.04 $ apt-cache policy lightdm lightdm: Installed: 1.10.1-0ubuntu1 Candidate: 1.10.1-0ubuntu1 Version table: *** 1.10.1-0ubuntu1 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.10.0-0ubuntu3 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1361372/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1362469] Re: AppArmor unrequested reply protection generates unallowable denials
** Tags added: application-confinement -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1362469 Title: AppArmor unrequested reply protection generates unallowable denials Status in “dbus” package in Ubuntu: Triaged Bug description: Starting with utopic's dbus 1.8.6-1ubuntu1 package, the new AppArmor unrequested reply protections can generate some denials that can't easily be allowed in policy. For example, when running a confined pasaffe, you see these denials when starting and closing pasaffe: apparmor=DENIED operation=dbus_error bus=session error_name=org.freedesktop.DBus.Error.UnknownMethod mask=send name=:1.22 pid=4993 profile=/usr/bin/pasaffe peer_pid=3624 peer_profile=unconfined It isn't obvious how to construct an AppArmor D-Bus rule to allow that operation. A bare dbus, rule allows it but that's not acceptable for profiles implementing tight D-Bus confinement. The code that implements unrequested reply protections should be reviewed for issues and, if everything looks good there, investigations into how to allow the operation that triggers the above denial should occur. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1362469/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] [NEW] docker.io doesn't work with 3.0 RC1 kernel
Public bug reported: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Affects: docker.io (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Also affects: docker.io (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: New Status in “docker.io” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel
Installing auditd does not help. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: New Status in “docker.io” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel
The target profile is loaded: $ sudo aa-status|grep docker docker-default I tried this on the 3.16.0-9.14 and 3.16.0-16.22 distro kernels. The 'docker run' command succeeds. If I do this: $ sudo docker run -i -t ubuntu:trusty /bin/sh I can verify the container is launched under confinement here: sudo aa-status|grep docker docker-default docker-default (2209) $ ps -Z 2209 LABEL PID TTY STAT TIME COMMAND docker-default 2209 pts/1Ss+0:00 /bin/sh -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: New Status in “docker.io” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel
Adding the following to /etc/apparmor.d/docker does not help: audit unix, audit signal, audit ptrace, change_profile - *, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: New Status in “docker.io” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel
** Changed in: apparmor (Ubuntu) Importance: Undecided = High ** Changed in: linux (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: New Status in “docker.io” package in Ubuntu: New Status in “linux” package in Ubuntu: Confirmed Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1362543] Re: Web Application fail to load properly every other time is launched
** Changed in: oxide Importance: Undecided = Critical ** Changed in: oxide Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1362543 Title: Web Application fail to load properly every other time is launched Status in Oxide Webview: Confirmed Status in Web Browser App: In Progress Status in “webbrowser-app” package in Ubuntu: In Progress Bug description: I am testing a game called ninjaflips. Works fine the first time you launch it , but the second time wont load correctly. If you close it and try again it will launch fine and so on.. Attached logs for working and not working plus click package To manage notifications about this bug go to: https://bugs.launchpad.net/oxide/+bug/1362543/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370930] Re: apparmor cups samba problem no printing
Since 14.04, apparmor has signal mediation. Cups is trying to kill some
processes. To obtain 13.10 behavior, you could add this to usr.sbin.cupsd:
signal,
However, this would obviously allow cups to send signals to anything. I'm
guessing it is sending signals to third party backends. It would probably be
best to change this rule:
/usr/lib/cups/backend/* Ux,
to something like (untested):
/usr/lib/cups/backend/* Cx - cups_backends,
signal (send) peer=cups_backends,
profile cups_backends {
file,
capability,
network,
audit deny capability mac_admin,
dbus,
signal,
ptrace,
unix,
}
In addition to fixing the above, this adds a modest improvement over
what we have now: backends aren't allowed to change MAC policy, can't
change_profile and can't use mount.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1370930
Title:
apparmor cups samba problem no printing
Status in “cups” package in Ubuntu:
New
Bug description:
I configured a usb brother printer correctly (working) on ubuntu 14.04.1.
Then I installed a samba server to share this printer on a windows network
The samba printing from windows machines works correctly. The usb direct cups
printing inform printing OK, jobs completed, but nothing prints. On syslog I
see this apparmor DENIED messages:
Sep 18 08:51:57 gabi-K55A kernel: [ 844.181601] type=1400
audit(1411023117.729:74): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd
name=/var/cache/samba/gencache.tdb pid=3353 comm=smb requested_mask=r
denied_mask=r fsuid=7 ouid=0
Sep 18 08:51:57 gabi-K55A kernel: [ 844.181649] type=1400
audit(1411023117.729:75): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd
name=/var/cache/samba/gencache.tdb pid=3353 comm=smb requested_mask=r
denied_mask=r fsuid=7 ouid=0
Sep 18 08:51:57 gabi-K55A kernel: [ 844.182286] type=1400
audit(1411023117.729:76): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd
name=/var/cache/samba/gencache.tdb pid=3353 comm=smb requested_mask=r
denied_mask=r fsuid=7 ouid=0
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394145] type=1400
audit(1411023244.943:77): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394155] type=1400
audit(1411023244.943:78): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394161] type=1400
audit(1411023244.943:79): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394166] type=1400
audit(1411023244.943:80): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
I install with apt-get last apparmor profiles, but I get this messages yet,
with the same result (no printing):
Sep 18 09:15:06 gabi-K55A kernel: [ 100.620853] usblp0: removed
Sep 18 09:15:06 gabi-K55A kernel: [ 100.878155] usblp 1-4:1.0: usblp0: USB
Bidirectional printer dev 3 if 0 alt 0 proto 2 vid 0x04F9 pid 0x0037
Sep 18 09:16:39 gabi-K55A kernel: [ 193.894732] type=1400
audit(1411024599.437:117): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd name=/var/cache/samba/gencache.tdb pid=2384
comm=smb requested_mask=r denied_mask=r fsuid=7 ouid=0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1370930/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370930] Re: apparmor cups samba problem no printing
Actually, I see more Ux rules. Try this instead (also untested):
/usr/bin/hpijs Cx - third_party,
/usr/Brother/** Cx - third_party,
/usr/lib/cups/backend/* Cx - third_party,
/usr/lib/cups/filter/** Cxr - third_party,
/usr/lib/cups/driver/* Cxr - third_party,
signal (send) peer=third_party,
profile third_party {
file,
capability,
network,
audit deny capability mac_admin,
dbus,
signal,
ptrace,
unix,
}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1370930
Title:
apparmor cups samba problem no printing
Status in “cups” package in Ubuntu:
New
Bug description:
I configured a usb brother printer correctly (working) on ubuntu 14.04.1.
Then I installed a samba server to share this printer on a windows network
The samba printing from windows machines works correctly. The usb direct cups
printing inform printing OK, jobs completed, but nothing prints. On syslog I
see this apparmor DENIED messages:
Sep 18 08:51:57 gabi-K55A kernel: [ 844.181601] type=1400
audit(1411023117.729:74): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd
name=/var/cache/samba/gencache.tdb pid=3353 comm=smb requested_mask=r
denied_mask=r fsuid=7 ouid=0
Sep 18 08:51:57 gabi-K55A kernel: [ 844.181649] type=1400
audit(1411023117.729:75): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd
name=/var/cache/samba/gencache.tdb pid=3353 comm=smb requested_mask=r
denied_mask=r fsuid=7 ouid=0
Sep 18 08:51:57 gabi-K55A kernel: [ 844.182286] type=1400
audit(1411023117.729:76): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd
name=/var/cache/samba/gencache.tdb pid=3353 comm=smb requested_mask=r
denied_mask=r fsuid=7 ouid=0
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394145] type=1400
audit(1411023244.943:77): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394155] type=1400
audit(1411023244.943:78): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394161] type=1400
audit(1411023244.943:79): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394166] type=1400
audit(1411023244.943:80): apparmor=DENIED operation=signal
profile=/usr/sbin/cup
sd pid=2034 comm=cupsd requested_mask=send denied_mask=send
signal=term peer=unconfined
I install with apt-get last apparmor profiles, but I get this messages yet,
with the same result (no printing):
Sep 18 09:15:06 gabi-K55A kernel: [ 100.620853] usblp0: removed
Sep 18 09:15:06 gabi-K55A kernel: [ 100.878155] usblp 1-4:1.0: usblp0: USB
Bidirectional printer dev 3 if 0 alt 0 proto 2 vid 0x04F9 pid 0x0037
Sep 18 09:16:39 gabi-K55A kernel: [ 193.894732] type=1400
audit(1411024599.437:117): apparmor=DENIED operation=open
profile=/usr/sbin/cupsd name=/var/cache/samba/gencache.tdb pid=2384
comm=smb requested_mask=r denied_mask=r fsuid=7 ouid=0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1370930/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371765] [NEW] apparmor_parser should be able to recompile policy on bad cache
Public bug reported: Right now, if given --cache-loc the parser will see if there is a cache file. If there isn't and --write-cache is used, the parser will compile the policy and put the binary cache in --cache-loc (fine). If there is a cache file, it will load the cache file (also fine). If the cache file is corrupt, the policy is not loaded into the kernel. Not loading the policy into the kernel may be fine for certain environments, but there should be an option on if the cache file is corrupt, to delete it, recompile the policy and write out a new cache file. This would be very worthwhile for Ubuntu's cache loading since there is no way to recover from a bad cache file without user intervention. Setting to 'High' with tags to indicate that we want to include this on shipping devices but that it can be delivered as OTA. ** Affects: apparmor (Ubuntu) Importance: High Status: Triaged ** Tags: ota-1 rtm14 ** Changed in: apparmor (Ubuntu) Importance: Undecided = High ** Changed in: apparmor (Ubuntu) Status: New = Triaged ** Tags added: ota-1 rtm14 ** Description changed: Right now, if given --cache-loc the parser will see if there is a cache file. If there isn't and --write-cache is used, the parser will compile the policy and put the binary cache in --cache-loc (fine). If there is a cache file, it will load the cache file (also fine). If the cache file is corrupt, the policy is not loaded into the kernel. Not loading the policy into the kernel may be fine for certain environments, but there should be an option on if the cache file is corrupt, to delete it, recompile the policy and write out a new cache file. This would be very worthwhile for Ubuntu's cache loading since there is no way to recover from a bad cache file without user intervention. + + Setting to 'High' with tags to indicate that we want to include this on + shipping devices but that it can be delivered as OTA. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371765 Title: apparmor_parser should be able to recompile policy on bad cache Status in “apparmor” package in Ubuntu: Triaged Bug description: Right now, if given --cache-loc the parser will see if there is a cache file. If there isn't and --write-cache is used, the parser will compile the policy and put the binary cache in --cache-loc (fine). If there is a cache file, it will load the cache file (also fine). If the cache file is corrupt, the policy is not loaded into the kernel. Not loading the policy into the kernel may be fine for certain environments, but there should be an option on if the cache file is corrupt, to delete it, recompile the policy and write out a new cache file. This would be very worthwhile for Ubuntu's cache loading since there is no way to recover from a bad cache file without user intervention. Setting to 'High' with tags to indicate that we want to include this on shipping devices but that it can be delivered as OTA. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371765/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371771] [NEW] premature exit if find corrupted cache files
Public bug reported: 2.8.96~2652-0ubuntu4 did this: * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in foreach_configured_profile() when loading valid cache files. This used to be needed when apparmor_parser would generate different binary caches when compiling policy one profile at a time and all at once. That bug is long fixed and removing -n1 gives a significant performance improvement for boots with valid cache files (~65% on armhf) This is great except there is a parser bug that if there is a corrupted cache file, all further cache files fail to load. While it is unusual to have corrupted cache files, the damage is catastrophic if an early cache file is corrupt since all remaining policy fails to load and requires the user to manually delete the corrupted cache files. Fixing the premature exit will not address corrupt cache files, but will allow the remaining good cache files to load. Please see bug #1371765 on how to make cache usage more robust. ** Affects: apparmor (Ubuntu) Importance: Critical Assignee: John Johansen (jjohansen) Status: In Progress ** Tags: rtm14 touch-2014-09-25 ** Changed in: apparmor (Ubuntu) Status: New = In Progress ** Changed in: apparmor (Ubuntu) Importance: Undecided = Critical ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = John Johansen (jjohansen) ** Tags added: rtm14 touch-2014-09-25 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371771 Title: premature exit if find corrupted cache files Status in “apparmor” package in Ubuntu: In Progress Bug description: 2.8.96~2652-0ubuntu4 did this: * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in foreach_configured_profile() when loading valid cache files. This used to be needed when apparmor_parser would generate different binary caches when compiling policy one profile at a time and all at once. That bug is long fixed and removing -n1 gives a significant performance improvement for boots with valid cache files (~65% on armhf) This is great except there is a parser bug that if there is a corrupted cache file, all further cache files fail to load. While it is unusual to have corrupted cache files, the damage is catastrophic if an early cache file is corrupt since all remaining policy fails to load and requires the user to manually delete the corrupted cache files. Fixing the premature exit will not address corrupt cache files, but will allow the remaining good cache files to load. Please see bug #1371765 on how to make cache usage more robust. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel
After discussing on IRC, we will revert the patch enabling stricter requirements to restore previous behavior while we investigate the best approach to resolve the issue properly. ** Changed in: linux (Ubuntu) Status: Confirmed = Triaged ** Changed in: apparmor (Ubuntu) Status: New = Invalid ** Changed in: docker.io (Ubuntu) Importance: Undecided = High ** Changed in: docker.io (Ubuntu) Status: New = Invalid ** Changed in: linux (Ubuntu) Assignee: (unassigned) = John Johansen (jjohansen) ** Summary changed: - docker.io doesn't work with 3.0 RC1 kernel + docker.io doesn't work with apparmor 3.0 RC1 kernel -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with apparmor 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: Invalid Status in “docker.io” package in Ubuntu: Invalid Status in “linux” package in Ubuntu: Triaged Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic, which will affect docker.io in Ubuntu. Workaround until this bug is fixed is to boot into 3.16.0-16.22 or earlier. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with apparmor 3.0 RC1 kernel
** Description changed: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime - 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 + 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 + I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing + apparmor related in the logs. If I boot an earlier kernel without the + 3.0 RC1 patches, it works. - I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. + FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic, + which will affect docker.io in Ubuntu. Workaround until this bug is + fixed is to boot into 3.16.0-16.22 or earlier. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with apparmor 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: Invalid Status in “docker.io” package in Ubuntu: Invalid Status in “linux” package in Ubuntu: Triaged Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic, which will affect docker.io in Ubuntu. Workaround until this bug is fixed is to boot into 3.16.0-16.22 or earlier. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371765] Re: apparmor_parser should be able to recompile policy on bad cache
** Changed in: apparmor (Ubuntu) Status: Triaged = In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371765 Title: apparmor_parser should be able to recompile policy on bad cache Status in “apparmor” package in Ubuntu: In Progress Bug description: Right now, if given --cache-loc the parser will see if there is a cache file. If there isn't and --write-cache is used, the parser will compile the policy and put the binary cache in --cache-loc (fine). If there is a cache file, it will load the cache file (also fine). If the cache file is corrupt, the policy is not loaded into the kernel. Not loading the policy into the kernel may be fine for certain environments, but there should be an option on if the cache file is corrupt, to delete it, recompile the policy and write out a new cache file. This would be very worthwhile for Ubuntu's cache loading since there is no way to recover from a bad cache file without user intervention. Setting to 'High' with tags to indicate that we want to include this on shipping devices but that it can be delivered as OTA. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371765/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371835] [NEW] highlighting selected item displays incorrectly with OptionSelector
Public bug reported: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the rounded corners of the OptionSelector and looks wrong. If you look very carefully at the Ambiance theme, the same thing happens there with the selected item-- it is just that the highlight color is much closer to the background color. I have an application that is affected by this and it makes it look horrible. I think two things should be fixed to address this bug: 1. the highlight color should fill within the rounded corners but not outside) 2. you should be able to disable highlighting or make the color configurable, since not all users of OptionSelector will want to have the default highlight color (I do not in my application). Adding rtm14 tag and marking as Critical because many applications use OptionSelector and this bug makes these applications look bad. ** Affects: ubuntu-ui-toolkit (Ubuntu) Importance: Critical Status: New ** Tags: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1371835 Title: highlighting selected item displays incorrectly with OptionSelector Status in “ubuntu-ui-toolkit” package in Ubuntu: New Bug description: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the rounded corners of the OptionSelector and looks wrong. If you look very carefully at the Ambiance theme, the same thing happens there with the selected item-- it is just that the highlight color is much closer to the background color. I have an application that is affected by this and it makes it look horrible. I think two things should be fixed to address this bug: 1. the highlight color should fill within the rounded corners but not outside) 2. you should be able to disable highlighting or make the color configurable, since not all users of OptionSelector will want to have the default highlight color (I do not in my application). Adding rtm14 tag and marking as Critical because many applications use OptionSelector and this bug makes these applications look bad. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/+bug/1371835/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371835] Re: highlighting selected item displays incorrectly with OptionSelector and ItemSelector
** Summary changed: - highlighting selected item displays incorrectly with OptionSelector + highlighting selected item displays incorrectly with OptionSelector and ItemSelector ** Description changed: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the rounded corners of the OptionSelector and looks wrong. If you look very carefully at the Ambiance theme, the same thing happens there with the selected item-- it is just that the highlight color is much closer to the background color. I have an application that is affected by this and it makes it look horrible. I think two things should be fixed to address this bug: 1. the highlight color should fill within the rounded corners but not outside) 2. you should be able to disable highlighting or make the color configurable, since not all users of OptionSelector will want to have the default highlight color (I do not in my application). Adding rtm14 tag and marking as Critical because many applications use OptionSelector and this bug makes these applications look bad. + + I just noticed the same thing happens with ItemSelector. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1371835 Title: highlighting selected item displays incorrectly with OptionSelector and ItemSelector Status in “ubuntu-ui-toolkit” package in Ubuntu: New Bug description: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the rounded corners of the OptionSelector and looks wrong. If you look very carefully at the Ambiance theme, the same thing happens there with the selected item-- it is just that the highlight color is much closer to the background color. I have an application that is affected by this and it makes it look horrible. I think two things should be fixed to address this bug: 1. the highlight color should fill within the rounded corners but not outside) 2. you should be able to disable highlighting or make the color configurable, since not all users of OptionSelector will want to have the default highlight color (I do not in my application). Adding rtm14 tag and marking as Critical because many applications use OptionSelector and this bug makes these applications look bad. I just noticed the same thing happens with ItemSelector. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/+bug/1371835/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371835] Re: highlighting selected item displays incorrectly with OptionSelector and ItemSelector
Attached is an example of ItemSelector displaying the problem in my app. Specifically, the highlight is outside of the rounded corners and there is no way to turn of highlighting/adjust the color of the highlight that I can see. The default highlighting is garish in my app and not what I want. ** Attachment added: itemselector_highlight.png https://bugs.launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/+bug/1371835/+attachment/4209398/+files/itemselector_highlight.png -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1371835 Title: highlighting selected item displays incorrectly with OptionSelector and ItemSelector Status in “ubuntu-ui-toolkit” package in Ubuntu: New Bug description: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the rounded corners of the OptionSelector and looks wrong. If you look very carefully at the Ambiance theme, the same thing happens there with the selected item-- it is just that the highlight color is much closer to the background color. I have an application that is affected by this and it makes it look horrible. I think two things should be fixed to address this bug: 1. the highlight color should fill within the rounded corners but not outside) 2. you should be able to disable highlighting or make the color configurable, since not all users of OptionSelector will want to have the default highlight color (I do not in my application). Adding rtm14 tag and marking as Critical because many applications use OptionSelector and this bug makes these applications look bad. I just noticed the same thing happens with ItemSelector. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/+bug/1371835/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371846] [NEW] no way to disable PageHeadState actions highlighting
Public bug reported: On applications with a dark theme (eg, Authenticator, Blabble, Utudu) the highlight color of the PageHeadState actions is very noticeable. This is easily seen by simply pressing one of the actions. When using a light theme, the effect is much more subtle. It would be nice to be able to disable the highlight or to set the highlight to a custom color. Setting as rtm14 with High priority since as an application writer it is very frustrating not being able to adjust this when using dark colors for the theme. On a possibly related note-- perhaps this is all configurable via Theme, but I've tried several times to figure out to do it. There appears to be no documentation on it (and I've mentioned this at least 3 times to people that we need it). ** Affects: ubuntu-ui-toolkit (Ubuntu) Importance: High Status: New ** Tags: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1371846 Title: no way to disable PageHeadState actions highlighting Status in “ubuntu-ui-toolkit” package in Ubuntu: New Bug description: On applications with a dark theme (eg, Authenticator, Blabble, Utudu) the highlight color of the PageHeadState actions is very noticeable. This is easily seen by simply pressing one of the actions. When using a light theme, the effect is much more subtle. It would be nice to be able to disable the highlight or to set the highlight to a custom color. Setting as rtm14 with High priority since as an application writer it is very frustrating not being able to adjust this when using dark colors for the theme. On a possibly related note-- perhaps this is all configurable via Theme, but I've tried several times to figure out to do it. There appears to be no documentation on it (and I've mentioned this at least 3 times to people that we need it). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/+bug/1371846/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1372011] [NEW] ListItem.Subtitled subText color is too dark with SuruDark
Public bug reported: It is hard to read ListItem.Subtitled subText when using the SuruDark theme (or other dark themes). ** Affects: permy Importance: Undecided Status: New ** Affects: ubuntu-ui-toolkit (Ubuntu) Importance: Undecided Status: Confirmed ** Also affects: permy Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1372011 Title: ListItem.Subtitled subText color is too dark with SuruDark Status in Permy: New Status in “ubuntu-ui-toolkit” package in Ubuntu: Confirmed Bug description: It is hard to read ListItem.Subtitled subText when using the SuruDark theme (or other dark themes). To manage notifications about this bug go to: https://bugs.launchpad.net/permy/+bug/1372011/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1372502] [NEW] usermetrics stopped working some time ago due to wrong group for files
Public bug reported: $ ls -ld /var/lib/usermetrics/ ; sudo ls -l /var/lib/usermetrics/ drwxr-x--- 2 messagebus usermetrics 4096 Aug 21 11:05 /var/lib/usermetrics/ total 28 -rw-r--r-- 1 messagebus usermetrics 22528 Aug 21 11:05 usermetrics6.db This may be related to bug #1363129, where rsyslog stopped working because /var/log/syslog was owned by 'usermetrics'. Workaround: $ sudo chown -R usermetrics /var/lib/usermetrics/ ** Affects: libusermetrics (Ubuntu) Importance: Undecided Status: New ** Description changed: $ ls -ld /var/lib/usermetrics/ ; sudo ls -l /var/lib/usermetrics/ drwxr-x--- 2 messagebus usermetrics 4096 Aug 21 11:05 /var/lib/usermetrics/ total 28 -rw-r--r-- 1 messagebus usermetrics 22528 Aug 21 11:05 usermetrics6.db This may be related to bug #1363129, where rsyslog stopped working because /var/log/syslog was owned by 'usermetrics'. + + Workaround: + $ sudo chown -R usermetrics /var/lib/usermetrics/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libusermetrics in Ubuntu. https://bugs.launchpad.net/bugs/1372502 Title: usermetrics stopped working some time ago due to wrong group for files Status in “libusermetrics” package in Ubuntu: New Bug description: $ ls -ld /var/lib/usermetrics/ ; sudo ls -l /var/lib/usermetrics/ drwxr-x--- 2 messagebus usermetrics 4096 Aug 21 11:05 /var/lib/usermetrics/ total 28 -rw-r--r-- 1 messagebus usermetrics 22528 Aug 21 11:05 usermetrics6.db This may be related to bug #1363129, where rsyslog stopped working because /var/log/syslog was owned by 'usermetrics'. Workaround: $ sudo chown -R usermetrics /var/lib/usermetrics/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libusermetrics/+bug/1372502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1359022] Re: Welcome screen on image #200 always states that there are no data sources available
See also bug #1372502. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libusermetrics in Ubuntu. https://bugs.launchpad.net/bugs/1359022 Title: Welcome screen on image #200 always states that there are no data sources available Status in Music application for Ubuntu devices: New Status in “libusermetrics” package in Ubuntu: New Status in “unity8” package in Ubuntu: Incomplete Bug description: Upon upgrading to image 200 [1]. The welcome screen does not see any data sources for User Metrics. Even doing tasks that would normally add sources does not do so. To reproduce: 1. Upgrade to image 200. Note that there are no sources found by the No data sources available message on the Welcome screen. 2. Play a few songs on the music app, letting each play for more than 10 seconds. 3. Take a few pictures with the camera app. 4. Note that the Welcome screen still reports No data sources available Expected results: Steps 3 and 4 would each lead to the Welcome screen showing valid data in libusermetrics and Step 1 should have retained the previous metrics. I've looked at the music app logs and it doesn't look like libusermetrics is returning any sort of error and dmesg seems to be free of apparmor denials. [1] http://people.canonical.com/~ogra/touch-image-stats/200.changes To manage notifications about this bug go to: https://bugs.launchpad.net/music-app/+bug/1359022/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370228] Re: init script returns 0 even after parsing failure
** Changed in: apparmor (Ubuntu) Status: New = In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1370228 Title: init script returns 0 even after parsing failure Status in “apparmor” package in Ubuntu: In Progress Bug description: The apparmor init script (and likely the upstart job, but haven't checked) returns exit code 0 even when a profile can't be loaded. In /lib/apparmor/functions foreach_configured_profile first loads profiles from /etc/apparmor.d and then from /var/lib/apparmor/profiles. Parsing errors in the first dir are ignored. The attached patch returns the first non-zero return code or zero if there are no errors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370228/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1372579] Re: All apps need access to the D-Bus clipboard
Does this rule look ok: # Mir clicpboard dbus (receive, send) bus=session path=/com/canonical/QtMir/Clipboard interface=com.canonical.QtMir.Clipboard, To test, pick two confined applications: one that should paste into the clipboard and another to copy out of the clipboard. Then, open the corresponding apparmor profile in /var/lib/apparmor/profiles/click_... for the applications, add the above before the file '}', save them and then run: 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_...' for the profiles you edited. Now, try the clipboard operations. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1372579 Title: All apps need access to the D-Bus clipboard Status in “apparmor-easyprof-ubuntu” package in Ubuntu: New Bug description: All apps need to have send and receive access to the following: Service: com.canonical.QtMir, Object: /com/canonical/QtMir/Clipboard, Interface: com.canonical.QtMir.Clipboard, It will be provided by the /usr/bin/unity8 binary. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1372579/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371835] Re: highlighting selected item displays incorrectly with OptionSelector and ItemSelector
This actually does affect pre-install apps-- it just isn't as noticeable. Eg: open Contacts, create a new contact, go to the bottom to select an addressbook-- you can see the square corners outside of the rounded corners. Again, it isn't as easy to see as with a dark theme, but it gives the wrong impression. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1371835 Title: highlighting selected item displays incorrectly with OptionSelector and ItemSelector Status in “ubuntu-ui-toolkit” package in Ubuntu: New Bug description: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the rounded corners of the OptionSelector and looks wrong. If you look very carefully at the Ambiance theme, the same thing happens there with the selected item-- it is just that the highlight color is much closer to the background color. I have an application that is affected by this and it makes it look horrible. I think two things should be fixed to address this bug: 1. the highlight color should fill within the rounded corners but not outside) 2. you should be able to disable highlighting or make the color configurable, since not all users of OptionSelector will want to have the default highlight color (I do not in my application). Adding rtm14 tag and marking as Critical because many applications use OptionSelector and this bug makes these applications look bad. I just noticed the same thing happens with ItemSelector. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-ui-toolkit/+bug/1371835/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with apparmor 3.0 RC1 kernel
** Tags added: apparmor -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with apparmor 3.0 RC1 kernel Status in “apparmor” package in Ubuntu: Invalid Status in “docker.io” package in Ubuntu: Invalid Status in “linux” package in Ubuntu: Triaged Bug description: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start container fcdfaaf7945bcd9455fb5e0bde9950451152af14556880033818df7b50ddb1f4: set apparmor profile docker-default: permission denied What is expected? uptime to return something like: $ sudo docker run ubuntu:trusty uptime 20:31:21 up 1 min, 0 users, load average: 0.09, 0.06, 0.03 I set 'sudo sysctl -w kernel.printk_ratelimit=0' but there is nothing apparmor related in the logs. If I boot an earlier kernel without the 3.0 RC1 patches, it works. FYI, 3.16.0-17.23 is in utopic-proposed now and on its way to utopic, which will affect docker.io in Ubuntu. Workaround until this bug is fixed is to boot into 3.16.0-16.22 or earlier. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371310/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373085] Re: Parser error when using regex profile names in IPC rules
** Changed in: apparmor (Ubuntu)
Status: New = Confirmed
** Changed in: apparmor (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1373085
Title:
Parser error when using regex profile names in IPC rules
Status in “apparmor” package in Ubuntu:
Confirmed
Bug description:
I tried to add this rule to the firefox profile:
unix (send, receive) type=stream
peer=(label=/usr/lib/firefox/firefox\{,\*\[^s\]\[^h\]\}//plugincontainer),
apparmor_parser fails with:
syntax error, unexpected TOK_CONDID, expecting TOK_EQUALS or TOK_IN
When I add quotes around the label the parser fails with:
Found unexpected character: ''
I found this minimal test case:
unix peer=(label=\{,\}),
and
unix peer=(label=\{,\}),
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1373085/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350324] [NEW] Incorrect warning with ubuntu-scope-network template: Character - was quoted unnecessarily, dropped preceding quote ('\') character
Public bug reported:
$ cat /tmp/profile
profile foo {
owner /run/user/[0-9]*/zmq/{[^c]**,c[^\-]**}-r rw,
}
$ apparmor_parser -QTK /tmp/profile
Warning from /tmp/profile (/tmp/profile line 4): Character - was quoted
unnecessarily, dropped preceding quote ('\') character
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1350324
Title:
Incorrect warning with ubuntu-scope-network template: Character - was
quoted unnecessarily, dropped preceding quote ('\') character
Status in “apparmor” package in Ubuntu:
New
Bug description:
$ cat /tmp/profile
profile foo {
owner /run/user/[0-9]*/zmq/{[^c]**,c[^\-]**}-r rw,
}
$ apparmor_parser -QTK /tmp/profile
Warning from /tmp/profile (/tmp/profile line 4): Character - was quoted
unnecessarily, dropped preceding quote ('\') character
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1350324/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1186662] Re: isc-dhcp-server fails to renew lease file
As Michael said, this needs a code change to dchpd to open the files correctly. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1186662 Title: isc-dhcp-server fails to renew lease file Status in “isc-dhcp” package in Ubuntu: Triaged Bug description: After raring upgrade, the dhcp server fails to renew lease file when it tries to (about every hour). The syslog says: dhcpd: Can't create new lease file: Permission denied It looks like a permission problem, because # chown -R dhcpd:dhcpd /var/lib/dhcp the above command temporarily solves the issue, until dhcpd is restarted: at that time, the ownership of the directory and the lease file is set back to root:root. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350152] Re: [mako #158] apparmor denies access to /etc/ssl/openssl.cnf
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1350152
Title:
[mako #158] apparmor denies access to /etc/ssl/openssl.cnf
Status in Camera App:
New
Status in Dropping Letters:
New
Status in Gallery App:
New
Status in Calculator application for Ubuntu devices:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Committed
Bug description:
A number of apps do not start on image #158 on either Mako or Flo.
They each generate the following output in their respective
application log:
Auto configuration failed
3020522732:error:0200100D:system library:fopen:Permission
denied:bss_file.c:169:
fopen('/usr/lib/ssl/openssl.cnf','rb')
3020522732:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:174:
3020522732:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:199:
To manage notifications about this bug go to:
https://bugs.launchpad.net/camera-app/+bug/1350152/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350152] Re: [mako #158] apparmor denies access to /etc/ssl/openssl.cnf
** Changed in: ubuntu-calculator-app
Status: New = Invalid
** Changed in: gallery-app
Status: New = Invalid
** Changed in: dropping-letters
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1350152
Title:
[mako #158] apparmor denies access to /etc/ssl/openssl.cnf
Status in Camera App:
Invalid
Status in Dropping Letters:
Invalid
Status in Gallery App:
Invalid
Status in Calculator application for Ubuntu devices:
Invalid
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Bug description:
A number of apps do not start on image #158 on either Mako or Flo.
They each generate the following output in their respective
application log:
Auto configuration failed
3020522732:error:0200100D:system library:fopen:Permission
denied:bss_file.c:169:
fopen('/usr/lib/ssl/openssl.cnf','rb')
3020522732:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:174:
3020522732:error:0E078002:configuration file routines:DEF_LOAD:system
lib:conf_def.c:199:
To manage notifications about this bug go to:
https://bugs.launchpad.net/camera-app/+bug/1350152/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350598] Re: apparmor_parser takes a long time
** Changed in: apparmor (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title: apparmor_parser takes a long time Status in “apparmor” package in Ubuntu: Confirmed Bug description: Just updated my Nexus 7 2013 from #160 to #161. It's been sat at the Google logo for 15 minutes now. It looks and feels like it's hung. As a user I'd be rebooting it thinking it had crashed by now. I shell in and find apparmor_parser using a lot of cpu for a long time. top - 00:14:01 up 15 min, 2 users, load average: 5.12, 4.85, 3.21 Tasks: 202 total, 2 running, 200 sleeping, 0 stopped, 0 zombie %Cpu(s): 50.5 us, 0.8 sy, 0.0 ni, 48.5 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem: 1848024 total, 787400 used, 1060624 free,54216 buffers KiB Swap:32764 total,0 used,32764 free. 579228 cached Mem PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 1970 root 20 04976 3652852 R 99.8 0.2 14:31.04 apparmor_parser 2596 phablet 20 05996 1264824 R 1.3 0.1 0:08.79 top 914 root 0 -207572552396 S 0.7 0.0 0:05.02 mpdecision 21 root 20 0 0 0 0 S 0.3 0.0 0:00.92 kworker/0:1 229 root 20 0 0 0 0 S 0.3 0.0 0:00.10 jbd2/mmcblk0p30 982 root 20 0 38856 1164868 S 0.3 0.1 0:01.77 adbd 2570 phablet 20 0 10540 1456692 S 0.3 0.1 0:02.30 sshd 1 root 20 03884 2648 1068 S 0.0 0.1 0:05.98 init 2 root -2 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:00.04 ksoftirqd/0 ... it eventually finished after 18 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1350598/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350598] Re: apparmor_parser takes a long time
This is a known issue and most affects users who perform lots of system updates with certain kernel and/or policy changes and is exacerbated by a high number of installed packages. We employ caching in various ways to reduce the time to recompile all policy to only needing to do it for certain first boot situations. Recently, there was an update that required recompiling the policy. The next time you boot, the cache will be used again. This will not normally affect consumers because neither the kernel nor the policy will change during the system image update process. There are plans to make some sort of progress bar when it does happen, and to improve policy compiles. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title: apparmor_parser takes a long time Status in “apparmor” package in Ubuntu: Confirmed Bug description: Just updated my Nexus 7 2013 from #160 to #161. It's been sat at the Google logo for 15 minutes now. It looks and feels like it's hung. As a user I'd be rebooting it thinking it had crashed by now. I shell in and find apparmor_parser using a lot of cpu for a long time. top - 00:14:01 up 15 min, 2 users, load average: 5.12, 4.85, 3.21 Tasks: 202 total, 2 running, 200 sleeping, 0 stopped, 0 zombie %Cpu(s): 50.5 us, 0.8 sy, 0.0 ni, 48.5 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem: 1848024 total, 787400 used, 1060624 free,54216 buffers KiB Swap:32764 total,0 used,32764 free. 579228 cached Mem PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 1970 root 20 04976 3652852 R 99.8 0.2 14:31.04 apparmor_parser 2596 phablet 20 05996 1264824 R 1.3 0.1 0:08.79 top 914 root 0 -207572552396 S 0.7 0.0 0:05.02 mpdecision 21 root 20 0 0 0 0 S 0.3 0.0 0:00.92 kworker/0:1 229 root 20 0 0 0 0 S 0.3 0.0 0:00.10 jbd2/mmcblk0p30 982 root 20 0 38856 1164868 S 0.3 0.1 0:01.77 adbd 2570 phablet 20 0 10540 1456692 S 0.3 0.1 0:02.30 sshd 1 root 20 03884 2648 1068 S 0.0 0.1 0:05.98 init 2 root -2 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:00.04 ksoftirqd/0 ... it eventually finished after 18 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1350598/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1340345] Re: please use exclusive pipe access for /dev/socket/micshm
** Summary changed: - please use exclusive pipe access for /android/micshm + please use exclusive pipe access for /dev/socket/micshm -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtubuntu-camera in Ubuntu. https://bugs.launchpad.net/bugs/1340345 Title: please use exclusive pipe access for /dev/socket/micshm Status in “qtubuntu-camera” package in Ubuntu: Triaged Bug description: 13:28 jdstrand jhodapp: ok, so, unless there are implementation flaws (which are just bugs that we can fix later on), a malicious app with access to /android/micshm can't do anything to DoS the service or to record in the background, correct? 13:29 jhodapp jdstrand: correct, because there technically would be a reader on the Android side always open, but it won't be doing any reads unless triggered by kicking off the recording process 13:34 jdstrand jhodapp: could a malicious app could in theory interfere with an app that is already recording? 13:35 jhodapp jdstrand: in theory yes...I need to see if I could have the active reader/writer pair open the named pipe exclusively 13:36 jhodapp jdstrand: so that only one writer is allowed 13:49 jdstrand jhodapp: I think that would be a reasonable security improvement. I won't block adding the rule to policy though. pulseaudio itself isn't particularly great on this point aiui, and it too will need to be hardened 13:49 jhodapp jdstrand: indeed...exclusive pipe access would actually be an improvement over how AudioFlinger does it...I'm pretty sure it's using an unprotected pipe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtubuntu-camera/+bug/1340345/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1348251] Re: please make use of pam_tally2 for Touch login and screenunlock
** Changed in: ubuntu-touch-session (Ubuntu) Importance: Undecided = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1348251 Title: please make use of pam_tally2 for Touch login and screenunlock Status in Light Display Manager: Fix Released Status in “lightdm” package in Ubuntu: Fix Released Status in “ubuntu-touch-session” package in Ubuntu: New Bug description: Ubuntu Touch will soon have/now has the ability to set a PIN/password for the user. If the password is set, we should provide some protection against brute force password guessing since many users will choose to use PINs rather than proper passwords. This is required for devices for RTM, but not for the traditional Ubuntu desktop. To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1348251/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1348365] Re: MTP should not respond to new connection requests if the screen is locked
** Changed in: mtp (Ubuntu) Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mtp in Ubuntu. https://bugs.launchpad.net/bugs/1348365 Title: MTP should not respond to new connection requests if the screen is locked Status in “mtp” package in Ubuntu: New Bug description: Ubuntu Touch will soon have/now has the ability to set a PIN/password for the user. If the password is set and the screen is locked, MTP should not respond to new connection requests per Phone Delivery requirements. This is needed for RTM. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mtp/+bug/1348365/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1230366] Re: Please provide Ubuntu camera service that integrates with trust-store
** Changed in: qtubuntu-camera (Ubuntu) Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtubuntu-camera in Ubuntu. https://bugs.launchpad.net/bugs/1230366 Title: Please provide Ubuntu camera service that integrates with trust-store Status in “qtubuntu-camera” package in Ubuntu: Triaged Bug description: Currently Ubuntu Touch is using the android camera-service and that is the plan for 13.10. Going forward in 14.04, the android camera-service will no longer be used and camera access is going to move to the Ubuntu side. There was discussion of either using HAL directly (direct access to devices) or using a camera-service type thing in Ubuntu. Using devices directly causes at least a few problems: * can't prevent more than one user from accessing the device at a time * enumerating camera devices for apparmor policy is extra maintenance for porters * can't provide a contextual runtime prompt for access (like we (will) do with online accounts, location, microphone). This is particularly important for application confinement. Instead of direct hardware access, an out of process helper (in relation to the app) can be used to address all of these problems, similar to what pulseaudio does for audio. This service can ensure only one user can access the device at a time and since the service accesses the the device files on the app's behalf, we don't need to enumerate devices in /dev in policy. Furthermore, when an app accesses the service (ideally over DBus), the service can contact trust-store, the trust-store will prompt the user (Foo wants to access the camera. Is this ok? Yes|No), then optionally cache the result and return the result to the service. In this manner the user is given a contextual prompt at the time of access by the app. By using caching this decision can be remembered the next time. If caching is used, there should be a method to change the decision in system settings. If direct hardware access is needed for performance reasons, it is possible to use fd delegation in AppArmor and have the service open the device and pass the fd to the app without having to enumerate the /dev devices. Please talk to jjohansen if pursuing this option. Lastly, bug #1230391 discusses providing a visual cue during background recording for audio. We will need to do the same for video recording. Feel free to add a task to bug #1230391 if there is work to integrate this new service with that visual cuing. This should be implemented in time for shippable devices to address the application confinement concern. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtubuntu-camera/+bug/1230366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1224756] Re: Pulseaudio should integrate with trust-store
** Changed in: pulseaudio (Ubuntu Utopic) Importance: High = Critical ** No longer affects: pulseaudio (Ubuntu Saucy) ** No longer affects: pulseaudio (Ubuntu Trusty) ** No longer affects: pulseaudio (Ubuntu Utopic) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1224756 Title: Pulseaudio should integrate with trust-store Status in “pulseaudio” package in Ubuntu: Triaged Bug description: Currently the 'audio' policy group allows access to pulseaudio which allows apps to use the microphone and eavesdrop on the user. Pulseaudio needs to be modified to use trust-store, like location- service does. Integrating with trust-store means that when an app tries use the microphone via pulseaudio, pulseaudio will contact trust-store, the trust-store will prompt the user (Foo wants to use the microphone. Is this ok? Yes|No), optionally cache the result and return the result to pulseaudio. In this manner the user is given a contextual prompt at the time of access by the app. Using caching this decision can be remembered the next time. If caching is used, there should be a method to change the decision in settings. Targeting to T-Series for now, since the trust-store is not in a reusable form yet. Original description: David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere. Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective. Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1224756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1347177] Re: Unconfined aggregating scope can't call confined child scope to get results
** Changed in: savilerow Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1347177 Title: Unconfined aggregating scope can't call confined child scope to get results Status in The Savilerow project: Fix Released Status in API for Unity scopes integration: Invalid Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Fix Released Bug description: An unconfined scope is getting apparmor denials while getting results from a confined child scope. The denials: Jul 22 17:06:40 ubuntu-phablet kernel: [30750.996517] type=1400 audit(1406063200.136:2410): apparmor=DENIED operation=connect profile=com.canonical.scopes.etsy_etsy_1.0.9 name=/run/user/32011/zmq/unity-scope-shopping-r pid=19097 comm=com.canonical.s requested_mask=rw denied_mask=rw fsuid=32011 ouid=32011 The child scope has the template: ubuntu-scope-network and can run fine on its own To manage notifications about this bug go to: https://bugs.launchpad.net/savilerow/+bug/1347177/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1219164] Re: Implement missing functionality to make location-service a trusted helper.
Removing old tasks and raising priority to Critical per RTM bug triage procedures (we must deliver this for RTM). Thomas, can you adjust the location service task to be Critical? Thanks! ** No longer affects: location-service (Ubuntu Saucy) ** No longer affects: location-service (Ubuntu Trusty) ** No longer affects: location-service (Ubuntu Utopic) ** Changed in: location-service (Ubuntu) Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to location-service in Ubuntu. https://bugs.launchpad.net/bugs/1219164 Title: Implement missing functionality to make location-service a trusted helper. Status in Location Service: In Progress Status in “location-service” package in Ubuntu: In Progress Bug description: Address FIXME in code and query the user if an app wants to access the location service: if (credentials.pid != pid || credentials.uid != uid) return Result::granted; // FIXME(tvoss): This should return rejected. To manage notifications about this bug go to: https://bugs.launchpad.net/location-service/+bug/1219164/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1230091] Re: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows
If there is another bug that should be used for Mir trust session support and online accounts use of it for rtm, please let me know. For now, adding rtm14 tag. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1230091 Title: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows Status in Content sharing/picking infrastructure and service: Triaged Status in Mir: Triaged Status in Unity Mir: Triaged Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Confirmed Status in “signon” package in Ubuntu: Confirmed Status in “unity-mir” package in Ubuntu: Confirmed Bug description: (I'm filing this as a bug in order to be able to point other people to it, and to track its progress; if there's a blueprint containing this task, please let me know) Some components (such as the Online Accounts trusted helper) need to be able to pop-up a window (typically, a dialog) on top of the running application. Such windows should be modal to the application, that is the user should not be able to interact with the application while the modal window is displayed on top of them. This also means that in the task switcher one shouldn't see two windows, but only the topmost modal window (and parts of the application window, in case the modal window on top is a non-fullscreen dialog). For developers, this API already exists in Qt: see https://qt-project.org/doc/qt-5.1/qtgui/qwindow.html#fromWinId It needs to be implemented in the QPA plugin, so feel free to add the relevant projects to the bug report. From jdstrand This is a hard requirement for application confinement because of our trust model-- permission to access sensitive data by AppStore apps is typically granted or denied at the time of access (caching the result for later use as appropriate), so users have a context for the access being requested. We do this instead of throwing up a permissions prompt at installation. However, for it to work, trusted helpers like online accounts and location require this functionality from unity-mir. A trust-store is also being implemented so other services like calendar and contacts can do the same. Because this feature is not implemented, the implementation for online accounts, location and the trust-store is blocked and appstore apps are therefore able to access these services without the user knowing. To manage notifications about this bug go to: https://bugs.launchpad.net/content-hub/+bug/1230091/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1319546] Re: Remove sync-monitor policy rules
Are these ready to be removed now? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1319546 Title: Remove sync-monitor policy rules Status in Address Book App: New Status in Calendar application for Ubuntu devices: New Status in “apparmor-easyprof-ubuntu” package in Ubuntu: New Bug description: Sync monitor should not be accessed by the applications, the sync operation should be triggered by the push notification. We should remove any policy rules related with sync monitor as soon as we get sync monitor integrated with push notification system. To manage notifications about this bug go to: https://bugs.launchpad.net/address-book-app/+bug/1319546/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1235444] Re: pkg_name calculated incorrectly
** Changed in: thumbnailer
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to thumbnailer in Ubuntu.
https://bugs.launchpad.net/bugs/1235444
Title:
pkg_name calculated incorrectly
Status in Thumbnail generator for all kinds of files:
Fix Released
Status in “thumbnailer” package in Ubuntu:
Fix Released
Status in “thumbnailer” source package in Saucy:
Fix Released
Bug description:
get_app_pkg_name() parses the value of /proc/self/attr/current to determine
the value to use for the cache directory, but it has an off by one error as
seen with this apparmor denial:
Oct 4 14:47:00 localhost kernel: [ 2456.617111] type=1400
audit(1380916020.878:369): apparmor=DENIED operation=mkdir parent=3324
profile=net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6
name=/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo/
pid=15749 comm=qmlscene requested_mask=c denied_mask=c fsuid=1000
ouid=1000
The app's apparmor label is
net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.6
so it should use:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos
however is actually uses:
/home/jamie/.cache/net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demo
This can perhaps be seen more clearly with the attached test program. Steps
to reproduce:
$ cat /tmp/bug.profile EOM
#include tunables/global
profile test_me {
file,
}
EOM
$ sudo apparmor_parser -r /tmp/bug.profile
$ g++ /tmp/bug.cpp -o /tmp/bug
$ aa-exec -p test_me -- /tmp/bug
/proc/self/attr/current=test_me (enforce)
app_pkg_name=tes
$
In addition to the above, get_app_pkg_name() is not careful enough in
determining the package name. It should throw an error if the value of
/proc/self/attr/current doesn't match the following regex:
^[a-z0-9][a-z0-9+.-]+_[a-zA-Z0-9+.-]+_[0-9][a-zA-Z0-9.+:~-]*$
(see https://wiki.ubuntu.com/AppStore/Interfaces/ApplicationId for details).
To consider why, consider the following valid profile names:
/usr/bin/lsb_release
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper//chromium_browser
/opt/foo/_bar
To manage notifications about this bug go to:
https://bugs.launchpad.net/thumbnailer/+bug/1235444/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1230391] Re: please provide visual cue during background recording
** Changed in: pulseaudio (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1230391 Title: please provide visual cue during background recording Status in “pulseaudio” package in Ubuntu: Confirmed Bug description: After bug #1224756 is fixed, we should provide a visual cue for when an app moves to the background and is recording audio. This will allow an app like Skype to work normally in the foreground, but if the user launches another app into the foreground, the user is able to see that he/she is still on the Skype call. In addition to the usability benefit, this provides a security benefit because it stops eavesdropping because the user will have a visual cue that the malicious/misbehaving app is recording audio. This needs design. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1230391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out
** Attachment added: click_list.phablet https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4166749/+files/click_list.phablet -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1342858 Title: old click packages are not always cleaned out Status in “click” package in Ubuntu: New Bug description: /var/lib/apparmor/clicks still has a lot of symlinks pointing to security manifests for click packages that are no longer installed. I haven't verified this, but I think it might have something to do with preinstalled packages and system-image updates. Eg: $ ls -1 /var/lib/apparmor/clicks/*json | wc -l 157 $ click list | wc -l 85 $ sudo click list | wc -l 19 None of the symlinks in /var/lib/apparmor/clicks are dangling, so while this doesn't actively harm the system AFAICT, the 70+ additional and unneeded apparmor profiles means a slower first boot when policy regeneration is required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out
Sorry I didn't see this until just now. Attached are the files you requested. ** Attachment added: _var_lib_apparmor_clicks_json.txt https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4166748/+files/_var_lib_apparmor_clicks_json.txt -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1342858 Title: old click packages are not always cleaned out Status in “click” package in Ubuntu: New Bug description: /var/lib/apparmor/clicks still has a lot of symlinks pointing to security manifests for click packages that are no longer installed. I haven't verified this, but I think it might have something to do with preinstalled packages and system-image updates. Eg: $ ls -1 /var/lib/apparmor/clicks/*json | wc -l 157 $ click list | wc -l 85 $ sudo click list | wc -l 19 None of the symlinks in /var/lib/apparmor/clicks are dangling, so while this doesn't actively harm the system AFAICT, the 70+ additional and unneeded apparmor profiles means a slower first boot when policy regeneration is required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out
** Attachment added: click_list.root https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4166750/+files/click_list.root ** Changed in: click (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1342858 Title: old click packages are not always cleaned out Status in “click” package in Ubuntu: New Bug description: /var/lib/apparmor/clicks still has a lot of symlinks pointing to security manifests for click packages that are no longer installed. I haven't verified this, but I think it might have something to do with preinstalled packages and system-image updates. Eg: $ ls -1 /var/lib/apparmor/clicks/*json | wc -l 157 $ click list | wc -l 85 $ sudo click list | wc -l 19 None of the symlinks in /var/lib/apparmor/clicks are dangling, so while this doesn't actively harm the system AFAICT, the 70+ additional and unneeded apparmor profiles means a slower first boot when policy regeneration is required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350598] Re: apparmor_parser takes a long time
Also, bug #1342858 will also aggravate the situation since more policy is in the device than is required. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title: apparmor_parser takes a long time Status in “apparmor” package in Ubuntu: Confirmed Bug description: Just updated my Nexus 7 2013 from #160 to #161. It's been sat at the Google logo for 15 minutes now. It looks and feels like it's hung. As a user I'd be rebooting it thinking it had crashed by now. I shell in and find apparmor_parser using a lot of cpu for a long time. top - 00:14:01 up 15 min, 2 users, load average: 5.12, 4.85, 3.21 Tasks: 202 total, 2 running, 200 sleeping, 0 stopped, 0 zombie %Cpu(s): 50.5 us, 0.8 sy, 0.0 ni, 48.5 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem: 1848024 total, 787400 used, 1060624 free,54216 buffers KiB Swap:32764 total,0 used,32764 free. 579228 cached Mem PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 1970 root 20 04976 3652852 R 99.8 0.2 14:31.04 apparmor_parser 2596 phablet 20 05996 1264824 R 1.3 0.1 0:08.79 top 914 root 0 -207572552396 S 0.7 0.0 0:05.02 mpdecision 21 root 20 0 0 0 0 S 0.3 0.0 0:00.92 kworker/0:1 229 root 20 0 0 0 0 S 0.3 0.0 0:00.10 jbd2/mmcblk0p30 982 root 20 0 38856 1164868 S 0.3 0.1 0:01.77 adbd 2570 phablet 20 0 10540 1456692 S 0.3 0.1 0:02.30 sshd 1 root 20 03884 2648 1068 S 0.0 0.1 0:05.98 init 2 root -2 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:00.04 ksoftirqd/0 ... it eventually finished after 18 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1350598/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1340345] Re: please use exclusive pipe access for /dev/socket/micshm
Regarding the file permissions: since apps run in the user's session under the user's UID, apps would have this access. Apps with the camera policy group (a common policy group available to apps without restriction) would then be able to access the socket. I'm not sure what you mean by 'as a user by the same name'. Apps can fork and change their exec line to fake being another app's executable. Can you elaborate? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtubuntu-camera in Ubuntu. https://bugs.launchpad.net/bugs/1340345 Title: please use exclusive pipe access for /dev/socket/micshm Status in “qtubuntu-camera” package in Ubuntu: Triaged Bug description: 13:28 jdstrand jhodapp: ok, so, unless there are implementation flaws (which are just bugs that we can fix later on), a malicious app with access to /android/micshm can't do anything to DoS the service or to record in the background, correct? 13:29 jhodapp jdstrand: correct, because there technically would be a reader on the Android side always open, but it won't be doing any reads unless triggered by kicking off the recording process 13:34 jdstrand jhodapp: could a malicious app could in theory interfere with an app that is already recording? 13:35 jhodapp jdstrand: in theory yes...I need to see if I could have the active reader/writer pair open the named pipe exclusively 13:36 jhodapp jdstrand: so that only one writer is allowed 13:49 jdstrand jhodapp: I think that would be a reasonable security improvement. I won't block adding the rule to policy though. pulseaudio itself isn't particularly great on this point aiui, and it too will need to be hardened 13:49 jhodapp jdstrand: indeed...exclusive pipe access would actually be an improvement over how AudioFlinger does it...I'm pretty sure it's using an unprotected pipe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtubuntu-camera/+bug/1340345/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1350673] Re: System policy cache may become stale after a system image update
That said, if the hash operation was very fast, that would be a useful improvement going forward (I don't think we could do that for rtm). I do worry that if we compute hashes for all policy on every boot to see if we need to recompile, that is going to be more costly for the average user. What we really need to do is fix parser performance (bug #1350598. I realize we had a lot of improvements, but we are up to ~4 seconds per click profile on Touch, and users can easily have 100 or more profiles). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350673 Title: System policy cache may become stale after a system image update Status in “apparmor” package in Ubuntu: Triaged Bug description: The system policy cache, in /etc/apparmor.d/cache, may become stale if a certain sequence of events occur at the correct time. 1. Ubuntu developer modifies a profile and uploads a new apparmor package 2. New apparmor package, with an updated profile, is used to build a new system image 3. System policy cache on user's system gets regenerated 4. User applies image update After 4), the timestamps on the files in the user's system policy cache will be newer than the timestamps on system profiles. The parser will not be able to detect that it ought to regenerate the policy cache so it will load the cached, but stale, binary policies. This can result in unexpected AppArmor denials if, for example, the apparmor package update loosens the confinement. On the flip side, it can result in a looser than expected confinement if the update further restricts confinement. The fix is to update the apparmor.conf upstart job to call clear_cache() if the apparmor package has been updated since the last time the job was invoked. Additionally, we may want to update the parser itself to manually set the mtime of a generate binary cache file to the earliest mtime seen while compiling the profile (this includes the mtime of the profile itself as well as any #include's). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1350673/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules
@erniecom: as of 0.34 ufw does have route rules now and it also supports customization scripts via /etc/ufw/before.init and /etc/ufw/after..init. See 'man ufw-framework' for details. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/881137 Title: UFW does not clean iptables setting from /etc/ufw/before.rules Status in “ufw” package in Ubuntu: Won't Fix Bug description: Adding some additional settings to /etc/ufw/before.rules is not deleted when ufw is stopped. I added these lines at top of file /etc/ufw/before.rules *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT Then I reloaded ufw firewall with command: ufw reload. Output from iptables-save $ iptables-save -t nat *nat :PREROUTING ACCEPT [4:478] :INPUT ACCEPT [4:478] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT Then I reloaded ufw firewall again: $ iptables-save -t nat *nat :PREROUTING ACCEPT [4:478] :INPUT ACCEPT [4:478] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT And ufw reload again $ iptables-save -t nat *nat :PREROUTING ACCEPT [4:478] :INPUT ACCEPT [4:478] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT And again and postrouting is never deleted when ufw is stopped and added again when stared. Same happen if I stop ufw firewall with: $ stop ufw. nat lines are not cleaned. UFW should remove all iptables settings specified in config files after ufw is stopped! This can be dangerous if apt-get is updating some ufw files and scripts needs to reload ufw (some lines will be more times). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/881137/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1353139] Re: [manta] video playback currently broken (denied by apparmor)
** Package changed: apparmor-easyprof-ubuntu (Ubuntu) = media-hub (Ubuntu) ** Also affects: mediascanner2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1353139 Title: [manta] video playback currently broken (denied by apparmor) Status in “media-hub” package in Ubuntu: New Status in “mediascanner2” package in Ubuntu: New Bug description: current build number: 173 device name: manta channel: ubuntu-touch/utopic-proposed last update: 2014-08-05 21:10:15 version version: 173 version ubuntu: 20140805.2 version device: 20140805.2 When trying to scan/play: root@ubuntu-phablet:~# grep DENIED /var/log/syslog Aug 5 21:21:32 ubuntu-phablet kernel: [ 67.561632] type=1400 audit(1407273692.712:87): apparmor=DENIED operation=file_mmap profile=/usr/bin/media-hub-server name=/tmp/orcexec.IdUnsY pid=3673 comm=aqueue:src requested_mask=m denied_mask=m fsuid=32011 ouid=32011 Aug 5 21:21:32 ubuntu-phablet kernel: [ 67.561956] type=1400 audit(1407273692.712:88): apparmor=DENIED operation=mknod profile=/usr/bin/media-hub-server name=/run/user/32011/orcexec.UVatQM pid=3673 comm=aqueue:src requested_mask=c denied_mask=c fsuid=32011 ouid=32011 Aug 5 21:21:32 ubuntu-phablet kernel: [ 67.562246] type=1400 audit(1407273692.712:89): apparmor=DENIED operation=mknod profile=/usr/bin/media-hub-server name=/home/phablet/orcexec.CiEwdB pid=3673 comm=aqueue:src requested_mask=c denied_mask=c fsuid=32011 ouid=32011 Aug 5 21:36:48 ubuntu-phablet kernel: [ 162.522469] type=1400 audit(1407274608.938:87): apparmor=DENIED operation=open profile=com.ubuntu.gallery_gallery_2.9.1.1025 name=/dev/video6 pid=3688 comm=CodecLooper requested_mask=w denied_mask=w fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506075] type=1400 audit(1407274678.859:87): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/s5p-mfc/video4linux/video6/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506184] type=1400 audit(1407274678.859:88): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/s5p-mfc/video4linux/video7/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506312] type=1400 audit(1407274678.859:89): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/virtual/video4linux/video11/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506401] type=1400 audit(1407274678.859:90): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/virtual/video4linux/video12/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506508] type=1400 audit(1407274678.859:91): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/exynos-mdev.0/video4linux/video16/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506674] type=1400 audit(1407274678.859:92): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/exynos-mdev.0/video4linux/video17/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.183344] type=1400 audit(1407274989.967:111): apparmor=DENIED operation=open profile=/usr/bin/media-hub-server name=/sys/devices/platform/s5p-mfc/video4linux/video6/name pid=3535 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.186568] type=1400 audit(1407274989.972:112): apparmor=DENIED operation=open profile=/usr/bin/media-hub-server name=/sys/devices/platform/s5p-mfc/video4linux/video7/name pid=3535 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.187156] type=1400 audit(1407274989.972:113): apparmor=DENIED operation=open profile=/usr/bin/media-hub-server name=/sys/devices/virtual/video4linux/video11/name pid=3535 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.187560] type=1400 audit(1407274989.972:114): apparmor=DENIED operation=open profile=/usr/bin/media-hub-server name=/sys/devices/virtual/video4linux/video12/name pid=3535 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.188111] type=1400
[Touch-packages] [Bug 1353139] Re: [manta] video playback currently broken (denied by apparmor)
mediascanner2 needs to add this to its apparmor policy: /sys/devices/**/video4linux/video** r, media-hub needs to add this to its policy: /sys/devices/**/video4linux/video** r, The media-hub orcexec issue is already fixed, but you may not have the policy update loaded due to bug #1350673. This will be fixed in the next apparmor upload (scheduled for next week). To workaround the orcexec issue, please do: $ sudo rm -f /etc/apparmor.d/cache/* $ sudo reboot ** Changed in: media-hub (Ubuntu) Status: New = Triaged ** Changed in: mediascanner2 (Ubuntu) Status: New = Triaged ** Changed in: media-hub (Ubuntu) Importance: Undecided = Critical ** Changed in: mediascanner2 (Ubuntu) Importance: Undecided = Critical ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mediascanner2 in Ubuntu. https://bugs.launchpad.net/bugs/1353139 Title: [manta] video playback currently broken (denied by apparmor) Status in “media-hub” package in Ubuntu: Triaged Status in “mediascanner2” package in Ubuntu: Triaged Bug description: current build number: 173 device name: manta channel: ubuntu-touch/utopic-proposed last update: 2014-08-05 21:10:15 version version: 173 version ubuntu: 20140805.2 version device: 20140805.2 When trying to scan/play: root@ubuntu-phablet:~# grep DENIED /var/log/syslog Aug 5 21:21:32 ubuntu-phablet kernel: [ 67.561632] type=1400 audit(1407273692.712:87): apparmor=DENIED operation=file_mmap profile=/usr/bin/media-hub-server name=/tmp/orcexec.IdUnsY pid=3673 comm=aqueue:src requested_mask=m denied_mask=m fsuid=32011 ouid=32011 Aug 5 21:21:32 ubuntu-phablet kernel: [ 67.561956] type=1400 audit(1407273692.712:88): apparmor=DENIED operation=mknod profile=/usr/bin/media-hub-server name=/run/user/32011/orcexec.UVatQM pid=3673 comm=aqueue:src requested_mask=c denied_mask=c fsuid=32011 ouid=32011 Aug 5 21:21:32 ubuntu-phablet kernel: [ 67.562246] type=1400 audit(1407273692.712:89): apparmor=DENIED operation=mknod profile=/usr/bin/media-hub-server name=/home/phablet/orcexec.CiEwdB pid=3673 comm=aqueue:src requested_mask=c denied_mask=c fsuid=32011 ouid=32011 Aug 5 21:36:48 ubuntu-phablet kernel: [ 162.522469] type=1400 audit(1407274608.938:87): apparmor=DENIED operation=open profile=com.ubuntu.gallery_gallery_2.9.1.1025 name=/dev/video6 pid=3688 comm=CodecLooper requested_mask=w denied_mask=w fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506075] type=1400 audit(1407274678.859:87): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/s5p-mfc/video4linux/video6/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506184] type=1400 audit(1407274678.859:88): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/s5p-mfc/video4linux/video7/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506312] type=1400 audit(1407274678.859:89): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/virtual/video4linux/video11/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506401] type=1400 audit(1407274678.859:90): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/virtual/video4linux/video12/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506508] type=1400 audit(1407274678.859:91): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/exynos-mdev.0/video4linux/video16/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:37:58 ubuntu-phablet kernel: [ 15.506674] type=1400 audit(1407274678.859:92): apparmor=DENIED operation=open profile=/usr/bin/mediascanner-service-2.0 name=/sys/devices/platform/exynos-mdev.0/video4linux/video17/name pid=1739 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.183344] type=1400 audit(1407274989.967:111): apparmor=DENIED operation=open profile=/usr/bin/media-hub-server name=/sys/devices/platform/s5p-mfc/video4linux/video6/name pid=3535 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.186568] type=1400 audit(1407274989.972:112): apparmor=DENIED operation=open profile=/usr/bin/media-hub-server name=/sys/devices/platform/s5p-mfc/video4linux/video7/name pid=3535 comm=CodecLooper requested_mask=r denied_mask=r fsuid=32011 ouid=0 Aug 5 21:43:09 ubuntu-phablet kernel: [ 294.187156]
[Touch-packages] [Bug 1350673] Re: System policy cache may become stale after a system image update
** Changed in: apparmor (Ubuntu) Status: Triaged = In Progress ** Changed in: apparmor (Ubuntu) Importance: High = Critical ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350673 Title: System policy cache may become stale after a system image update Status in “apparmor” package in Ubuntu: In Progress Bug description: The system policy cache, in /etc/apparmor.d/cache, may become stale if a certain sequence of events occur at the correct time. 1. Ubuntu developer modifies a profile and uploads a new apparmor package 2. New apparmor package, with an updated profile, is used to build a new system image 3. System policy cache on user's system gets regenerated 4. User applies image update After 4), the timestamps on the files in the user's system policy cache will be newer than the timestamps on system profiles. The parser will not be able to detect that it ought to regenerate the policy cache so it will load the cached, but stale, binary policies. This can result in unexpected AppArmor denials if, for example, the apparmor package update loosens the confinement. On the flip side, it can result in a looser than expected confinement if the update further restricts confinement. The fix is to update the apparmor.conf upstart job to call clear_cache() if the apparmor package has been updated since the last time the job was invoked. Additionally, we may want to update the parser itself to manually set the mtime of a generate binary cache file to the earliest mtime seen while compiling the profile (this includes the mtime of the profile itself as well as any #include's). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1350673/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1341548] Re: Online detection does not work with confined apps on Nexus 4
Adding apparmor-easyprof-ubuntu task. When indicator-network implements this, I will update the connectivity policy group accordingly. ** Also affects: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided Status: New ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Critical ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New = Confirmed ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1341548 Title: Online detection does not work with confined apps on Nexus 4 Status in dekko: Incomplete Status in Network Menu: Triaged Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Confirmed Bug description: Dekko is not detecting if Online correctly. If I look at the server logs, I don't see anything in the email server logs for dekko to connect. If I look in ~/.cache/upstart/application-click- com.ubuntu.developer.dpniel.dekko_dekko_0.2.2.log, I don't see anything about connecting. If I click the globe in dekko, I see that it is in offline mode and selecting one of the others seems to make no difference (I see nothing in the server logs and the upstart logs) and the setting doesn't stick (ie, it *always* says 'Offline mode'). I thought this might be bug #1226844, but if I adjust /var/lib/apparmor/profiles/*dekko* to remove 'deny' from in front of the NetworkManager and ofono rules and run apparmor_parser -r /var/lib/apparmor/profiles/*dekko*, there are no denials but it still doesn't detect if I am online or not when on 3G. If I get on wifi instead of 3G, dekko can detect if I am online if I apply the apparmor changes I mentioned above (though, there are still NetworkManager dbus denials). For dekko to work as a confined application (ie, shipped in the Ubuntu App Store) it is going to need to operate without these NetworkManager and ofono DBus APIs, because they are not allowed to app store apps. Previous description: In addidtion to TLS on port 143, it would be nice to support imaps on port 993. To manage notifications about this bug go to: https://bugs.launchpad.net/dekko/+bug/1341548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1341548] Re: Online detection does not work with confined apps on Nexus 4
Actually, I can do this now by simply using this rule: dbus (receive, send) bus=session path=/com/ubuntu/connectivity1/NetworkingStatus, Since the API is simple, we don't need to worry about being more fine- grained. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1341548 Title: Online detection does not work with confined apps on Nexus 4 Status in dekko: Incomplete Status in Network Menu: Triaged Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Confirmed Bug description: Dekko is not detecting if Online correctly. If I look at the server logs, I don't see anything in the email server logs for dekko to connect. If I look in ~/.cache/upstart/application-click- com.ubuntu.developer.dpniel.dekko_dekko_0.2.2.log, I don't see anything about connecting. If I click the globe in dekko, I see that it is in offline mode and selecting one of the others seems to make no difference (I see nothing in the server logs and the upstart logs) and the setting doesn't stick (ie, it *always* says 'Offline mode'). I thought this might be bug #1226844, but if I adjust /var/lib/apparmor/profiles/*dekko* to remove 'deny' from in front of the NetworkManager and ofono rules and run apparmor_parser -r /var/lib/apparmor/profiles/*dekko*, there are no denials but it still doesn't detect if I am online or not when on 3G. If I get on wifi instead of 3G, dekko can detect if I am online if I apply the apparmor changes I mentioned above (though, there are still NetworkManager dbus denials). For dekko to work as a confined application (ie, shipped in the Ubuntu App Store) it is going to need to operate without these NetworkManager and ofono DBus APIs, because they are not allowed to app store apps. Previous description: In addidtion to TLS on port 143, it would be nice to support imaps on port 993. To manage notifications about this bug go to: https://bugs.launchpad.net/dekko/+bug/1341548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1240875] Re: Need to reboot the phone to have it pick up a new language setting
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Medium ** Changed in: ubuntu-system-settings (Ubuntu) Importance: Undecided = Medium ** Changed in: unity8 (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1240875 Title: Need to reboot the phone to have it pick up a new language setting Status in Ubuntu UI Toolkit: New Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Confirmed Status in “ubuntu-system-settings” package in Ubuntu: Confirmed Status in “unity8” package in Ubuntu: Confirmed Bug description: in ubuntu touch, if you select a language via system-settings, the settings app itself as well as all other newly started apps pick up the translations for their UI. unity itself does stay in english though. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ui-toolkit/+bug/1240875/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1227818] Re: client apps using qtdeclarative5-ubuntu-contacts0.1 accesses the /org/freedesktop/Telepathy DBus API
Workaround policy was added to apparmor-easyprof-ubuntu in 13.10 so
marking Fix Released. This policy was not removed in 14.04 like it
should've been when address-book-app was fixed, so marking Won't Fix.
I'll fix 14.10 policy in 1.2.16.
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Saucy)
Status: Fix Committed = Fix Released
** Changed in: apparmor-easyprof-ubuntu (Ubuntu Trusty)
Status: Confirmed = Won't Fix
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Confirmed = In Progress
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1227818
Title:
client apps using qtdeclarative5-ubuntu-contacts0.1 accesses the
/org/freedesktop/Telepathy DBus API
Status in “address-book-app” package in Ubuntu:
Fix Released
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
In Progress
Status in “address-book-app” source package in Saucy:
Won't Fix
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
Fix Released
Status in “address-book-app” source package in Trusty:
Fix Released
Status in “apparmor-easyprof-ubuntu” source package in Trusty:
Won't Fix
Bug description:
Using this:
import Ubuntu.Contacts 0.1
...
Tab {
title: i18n.tr(Contacts)
page: Page {
ContactListView {
anchors.fill: parent
onContactClicked: console.debug(Contact ID: + contact.contactId)
}
}
In addition to using com.canonical.pim, it also accesses:
org.freedesktop.Telepathy.AccountManager
org.freedesktop.Telepathy.ChannelDispatcher
I saw this when profiling applications for apparmor policy groups. Here are
the apparmor rules I needed to list the contacts on my desktop system:
dbus (receive, send)
bus=session
path=/org/freedesktop/Telepathy/AccountManager
peer=(name=org.freedesktop.Telepathy.AccountManager),
dbus (receive, send)
bus=session
path=/org/freedesktop/Telepathy/ChannelDispatcher
peer=(name=org.freedesktop.Telepathy.ChannelDispatcher),
dbus (receive, send)
bus=session
path=/org/freedesktop/Telepathy/Account/**
member=Get{,All}
peer=(name=org.freedesktop.Telepathy.AccountManager),
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/address-book-app/+bug/1227818/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1319546] Re: Remove sync-monitor policy rules
Marking apparmor-easyprof-ubuntu task as 'Low' since the contacts policy group is still reserved. ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1319546 Title: Remove sync-monitor policy rules Status in Address Book App: New Status in Calendar application for Ubuntu devices: New Status in “apparmor-easyprof-ubuntu” package in Ubuntu: New Bug description: Sync monitor should not be accessed by the applications, the sync operation should be triggered by the push notification. We should remove any policy rules related with sync monitor as soon as we get sync monitor integrated with push notification system. To manage notifications about this bug go to: https://bugs.launchpad.net/address-book-app/+bug/1319546/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1342129] Re: [webapps] should enable access to dbus org.freedesktop.Application
This is going to need a policy update, but it looks like we have everything needed to do it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1342129 Title: [webapps] should enable access to dbus org.freedesktop.Application Status in The Savilerow project: New Status in “apparmor-easyprof-ubuntu” package in Ubuntu: New Bug description: Webapps recently add the capability to be invoked open to custom urls (not default), but the apparmor profile needs to be updated to enable the org.freedesktop.Application dbus if to be accessed/created: Jul 15 13:57:14 ubuntu-phablet dbus[2689]: apparmor=DENIED operation=dbus_bind bus=session name=org.freedesktop.Application mask=bind pid=28561 profile=com.ubuntu.developer.webapps.webapp-gmail_webapp- gmail_1.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/savilerow/+bug/1342129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1230091] Re: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows
What is that bug? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1230091 Title: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows Status in Content sharing/picking infrastructure and service: Triaged Status in Mir: Triaged Status in Unity Mir: Triaged Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Confirmed Status in “signon” package in Ubuntu: Confirmed Status in “unity-mir” package in Ubuntu: Confirmed Bug description: (I'm filing this as a bug in order to be able to point other people to it, and to track its progress; if there's a blueprint containing this task, please let me know) Some components (such as the Online Accounts trusted helper) need to be able to pop-up a window (typically, a dialog) on top of the running application. Such windows should be modal to the application, that is the user should not be able to interact with the application while the modal window is displayed on top of them. This also means that in the task switcher one shouldn't see two windows, but only the topmost modal window (and parts of the application window, in case the modal window on top is a non-fullscreen dialog). For developers, this API already exists in Qt: see https://qt-project.org/doc/qt-5.1/qtgui/qwindow.html#fromWinId It needs to be implemented in the QPA plugin, so feel free to add the relevant projects to the bug report. From jdstrand This is a hard requirement for application confinement because of our trust model-- permission to access sensitive data by AppStore apps is typically granted or denied at the time of access (caching the result for later use as appropriate), so users have a context for the access being requested. We do this instead of throwing up a permissions prompt at installation. However, for it to work, trusted helpers like online accounts and location require this functionality from unity-mir. A trust-store is also being implemented so other services like calendar and contacts can do the same. Because this feature is not implemented, the implementation for online accounts, location and the trust-store is blocked and appstore apps are therefore able to access these services without the user knowing. To manage notifications about this bug go to: https://bugs.launchpad.net/content-hub/+bug/1230091/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1351113] Re: password input box after suspend/resume was not focused but looked like it was; keyboard input was being intercepted by another window
** Changed in: unity (Ubuntu) Status: New = Incomplete ** Changed in: unity Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1351113 Title: password input box after suspend/resume was not focused but looked like it was; keyboard input was being intercepted by another window Status in Unity: Incomplete Status in “unity” package in Ubuntu: Incomplete Bug description: This is a HUGE SECURITY ISSUE. I suspended, then I resumed. Upon resume, I was presented the usual screen where you have to insert the password to unlock the screen. The password input box had a blinking cursor, as expected. I tried to type the password but it appeared to be not responding to keystrokes (from an external usb keyboard), meaning the usual dots would not appear at every keystroke. I thought the external usb keyboard was not working (due to another known bug) so I plugged it to another port, with no luck. So I tried to use the builtin keyboard of the laptop, but it wouldn't (apparently) respond to keystrokes either. So I clicked with the mouse on the language selection indicator in the upper right corner of the screen, and selected the (unique and already selected) language: spanish. A posteriori I think this was irrelevant. What I guess was relevant is that I gave focus to anything other than the password input box and then clicked on the password input box again. So now it worked and I could type my password and unlock the screen. AND HERE'S THE TERRIFYING THING: after inserting the password and unlocking the screen, Google Chrome was the active window (because it had been prior to suspending), and in the active tab there was facebook open. In the status-update textarea there were all the keys that I had been hitting when trying to input the password. Do you realize the enormous security hazard here? If I had typed the whole password quickly without looking at the screen and hit Enter before realizing the keystrokes were not being intercepted by the password input box, I could have posted my password on facebook without seeing it. Perhaps even twice. Fortunately, I saw the keystrokes were not being registered from the very beginning, and reacted by repeating the first few characters several times, and then hitting random keys, so I only typed a nonsense sequence of characters that doesn't even remotely resemble my password and I never got to hit the Enter key anyway. So, to sum up the issue: - after resume, the password input box wasn't focused and it should have been - worse: it completely looked like it was focused, with a blinking cursor inside, so everything looked like keyboard was not working at all - worst of all: keystrokes were actually being intercepted by an active application (which was not visible because the screen was locked). NOTHING that is behind the locked screen should be able to intercept keystrokes or mouse interaction, under any circumstance. If you are not seing something, that something must be non-existent to keyboard and mouse interaction. This is far from systematically reproducible. This is the first time I have observed this, ever, and have no idea what triggered this. I suspend and resume very often on a daily basis so this must be something pretty rare. Yet it is hugely dangerous. My very real-life case could have led to posting my password on facebook. Imagine if the active window was a terminal and if you happen to have a funny password such as sudo rm -f /* ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: unity 7.2.2+14.04.20140714-0ubuntu1 ProcVersionSignature: Ubuntu 3.13.0-32.57-generic 3.13.11.4 Uname: Linux 3.13.0-32-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CurrentDesktop: Unity Date: Fri Aug 1 02:40:29 2014 InstallationDate: Installed on 2013-10-11 (293 days ago) InstallationMedia: Ubuntu 13.04 Raring Ringtail - Release amd64 (20130424) SourcePackage: unity UpgradeStatus: Upgraded to trusty on 2014-05-24 (68 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1351113/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1086058] Re: my unity laucher and environment disappeared when i changed certain permission in dpkg file while installing hadoop.
Thanks for your comments. This does not appear to be a bug report and we are closing it. We appreciate the difficulties you are facing, but it would make more sense to raise your question in the support tracker. Please visit https://answers.launchpad.net/ubuntu/+addquestion ** Information type changed from Private Security to Public ** Changed in: unity Status: New = Invalid ** Changed in: unity (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1086058 Title: my unity laucher and environment disappeared when i changed certain permission in dpkg file while installing hadoop. Status in Unity: Invalid Status in “unity” package in Ubuntu: Invalid Bug description: my settings for flashdrive is not working. users and groups are disabled. error: configuration cannot be loaded. To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1086058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1351180] Re: Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline()
This is CVE-2013-1752 which is rated as having a 'Low' priority. It should be fixed in a future python update. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-1752 ** Changed in: python2.7 (Ubuntu) Status: New = Triaged ** Changed in: python2.7 (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1351180 Title: Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline() from connection) Status in “python2.7” package in Ubuntu: Triaged Bug description: I found that below Python security issues may not be yet fixed on Python 2.7.6 bundled with 14.04LTS. It looks those patches are already applied to Python 3.4 on 14.04LTS. It looks those patches are not included in upstream souce codes on both 2.7.6 and latest 2.7 version (2.7.8). http://bugs.python.org/issue16039 http://bugs.python.org/issue16041 http://bugs.python.org/issue16042 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1351180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354110] Re: please merge openssl from debian
Thanks for the debdiff. What is the justification for the sync? 1.0.1f- 1ubuntu7 in utopic contains all of the security fixes already. Considering the stabilization effrts for the upcoming phone release, I'd prefer to not update openssl at this time unless there is very a compelling reason to do so. ** Changed in: openssl (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1354110 Title: please merge openssl from debian Status in “openssl” package in Ubuntu: Incomplete Bug description: debdiff attached To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1354110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1229066] Re: evince-thumbnailer can't run mktexpk
** Package changed: evince (Ubuntu) = apparmor (Ubuntu) ** Changed in: apparmor (Ubuntu) Status: Confirmed = Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1229066 Title: evince-thumbnailer can't run mktexpk Status in “apparmor” package in Ubuntu: Triaged Bug description: On Ubuntu 12.04, when running /usr/bin/evince-thumbnailer on a .dvi file that references a font for which there is no PK file on the system yet, AppArmor blocks the execution of /usr/share/texmf/web2c/mktexnam etc. Here are sample audit log messages: [ 5720.378549] type=1400 audit(1379921624.784:28): apparmor=DENIED operation=exec parent=6181 profile=/usr/bin/evince-thumbnailer//sanitized_helper name=/usr/share/texmf/web2c/mktexnam pid=6204 comm=mktexpk requested_mask=x denied_mask=x fsuid=1000 ouid=0 [ 5720.384833] type=1400 audit(1379921624.788:29): apparmor=DENIED operation=exec parent=6181 profile=/usr/bin/evince-thumbnailer//sanitized_helper name=/usr/share/texmf/web2c/mktexupd pid=6209 comm=mktexpk requested_mask=x denied_mask=x fsuid=1000 ouid=0 I suspect this is because the sanitized_helper profile in /etc/apparmor.d/abstractions/ubuntu-helpers only covers /bin, /sbin, /usr/bin and /usr/sbin, not /usr/share/texmf/web2c . I'm not sure whether this bug should be filed against apparmor, evince or texlive-binaries; I can think of at least three ways of addressing the issue: 1) add /usr/share/texmf/web2c/* Pixr to the sanitized_helper profile; 2) modify the profile for /usr/bin/evince-thumbnailer to use something other than sanitized_helper; 3) provide a separate AppArmor profile for the /usr/bin/mktexpk wrapper (and its siblings). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1229066/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356302] Re: apparmor DENIED messages in syslog
*** This bug is a duplicate of bug 1353591 *** https://bugs.launchpad.net/bugs/1353591 The mediascanner already has a rule for this. On the emulator with r189 for utopic-proposed: $ grep orcexec /etc/apparmor.d/usr.bin.mediascanner-service-2.0 owner /tmp/orcexec* m, ... Based on the timestamp of the denial (Jan 1 20:35:30), I believe you are suffering from https://bugs.launchpad.net/ubuntu/+bug/1353591. I am going to mark this as a duplicate of that. Please adjust if this is in error. ** This bug has been marked a duplicate of bug 1353591 Ubuntu Touch devices sometimes come up with hwclock set to 1970 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mediascanner in Ubuntu. https://bugs.launchpad.net/bugs/1356302 Title: apparmor DENIED messages in syslog Status in “mediascanner” package in Ubuntu: New Bug description: I see messages like this with image 185. The phone is not a Nexus 4. Jan 1 20:35:30 ubuntu-phablet kernel: [ 880.144484] (1)[14171:multiqueue0:src]type=1400 audit(1388608530.011:386): apparmor=DENIED operation=file_mmap profile=/usr/bin/mediascanner-service-2.0 name=/tmp/orcexec.omt3ac pid=14171 comm=multiqueue0:src requested_mask=m denied_mask=m fsuid=32011 ouid=32011 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mediascanner/+bug/1356302/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356457] [NEW] bookmarks not easily found with new design
Public bug reported: I like the new design of the webbrowser-app, but putting bookmarks under New Tab is non-intuitive. Furthermore, you may want to navigate to a bookmark from the current tab, but this doesn't seem to be possible. ** Affects: webbrowser-app (Ubuntu) Importance: Undecided Status: New ** Summary changed: - can't find bookmarks with new design + bookmarks not easily found with new design ** Description changed: - I like the new design of the webbrowser-app, but I can't seem to find - where my bookmarks are. + I like the new design of the webbrowser-app, but putting bookmarks under + New Tab is non-intuitive. Furthermore, you may want to navigate to a + bookmark from the current tab, but this doesn't seem to be possible. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1356457 Title: bookmarks not easily found with new design Status in “webbrowser-app” package in Ubuntu: New Bug description: I like the new design of the webbrowser-app, but putting bookmarks under New Tab is non-intuitive. Furthermore, you may want to navigate to a bookmark from the current tab, but this doesn't seem to be possible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1356457/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356516] [NEW] consider shipping apparmor profile for webbrowser-app
Public bug reported:
It would be nice if webbrowser-app itself could ship an apparmor
profile. Since we are already confining webapps, we can leverage aa-
easyprof to generate the apparmor profile. Eg, in debian/rules could
have a target :
apparmor:
aa-easyprof --policy-version=1.2 --policy-vendor=ubuntu \
-t ubuntu-webapp \
--policy-groups=accounts,audio,content_exchange,content_exchange_source,location,networking,push-notification-client,video,webview
\
--template-var=@{APP_ID_DBUS}=webbrowser_2dapp \
--template-var=@{APP_PKGNAME_DBUS}=webbrowser_2dapp \
--template-var=@{APP_PKGNAME}=webbrowser-app \
--template-var=@{CLICK_DIR}=/usr/share/webbrowser-app \
--abstraction=user-tmp \
--read-path=/usr/share/applications/ \
--read-path=@{HOME}/.local/share/applications/ \
--profile-name=webbrowser-app \
--no-verify /usr/bin/webbrowser-app | \
grep -v CLICK_DIR | \
sed 's/signal peer=@{APP_PKGNAME}_\*_@{APP_VERSION},/signal
peer=@{APP_PKGNAME},/g' \
./debian/usr.bin.webbrowser-app
apparmor_parser -QTK ./debian/usr.bin.webbrowser-app
In this manner, you could this to update the apparmor profile:
$ debian/rules apparmor
I use '--no-verify' because we need to very lightly tidy up the profile
with the 'grep -v' and the 'sed', which is why after it is cleaned I run
'apparmor_parser -QTK' on the profile to verify it. This could probably
be done as part of the build too. Once the profile is in place, you can
simply do something along the lines of
http://bazaar.launchpad.net/~jdstrand/ubuntu-system-settings/ubuntu-
system-settings-lp1296415/revision/748.
I have lightly tested this on the phone for the following:
* http
* https
* sharing to messaging app
* url-dispatcher via messaging-app to open a link (with the browser open and
closed)
* maps.google.com (prompted for access)
* youtube (one denial: apparmor=DENIED operation=dbus_method_call
bus=system path=/com/canonical/Unity/Screen
interface=com.canonical.Unity.Screen member=keepDisplayOn mask=send
name=com.canonical.Unity.Screen pid=12566 profile=webbrowser-app
peer_pid=1575 peer_profile=unconfined)
* html5.grooveshark.com
* grooveshark via music scope
I also even more lightly tested it on the desktop, and it appears to
work ok.
** Affects: webbrowser-app (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1356516
Title:
consider shipping apparmor profile for webbrowser-app
Status in “webbrowser-app” package in Ubuntu:
New
Bug description:
It would be nice if webbrowser-app itself could ship an apparmor
profile. Since we are already confining webapps, we can leverage aa-
easyprof to generate the apparmor profile. Eg, in debian/rules could
have a target :
apparmor:
aa-easyprof --policy-version=1.2 --policy-vendor=ubuntu \
-t ubuntu-webapp \
--policy-groups=accounts,audio,content_exchange,content_exchange_source,location,networking,push-notification-client,video,webview
\
--template-var=@{APP_ID_DBUS}=webbrowser_2dapp \
--template-var=@{APP_PKGNAME_DBUS}=webbrowser_2dapp \
--template-var=@{APP_PKGNAME}=webbrowser-app \
--template-var=@{CLICK_DIR}=/usr/share/webbrowser-app \
--abstraction=user-tmp \
--read-path=/usr/share/applications/ \
--read-path=@{HOME}/.local/share/applications/ \
--profile-name=webbrowser-app \
--no-verify /usr/bin/webbrowser-app | \
grep -v CLICK_DIR | \
sed 's/signal peer=@{APP_PKGNAME}_\*_@{APP_VERSION},/signal
peer=@{APP_PKGNAME},/g' \
./debian/usr.bin.webbrowser-app
apparmor_parser -QTK ./debian/usr.bin.webbrowser-app
In this manner, you could this to update the apparmor profile:
$ debian/rules apparmor
I use '--no-verify' because we need to very lightly tidy up the
profile with the 'grep -v' and the 'sed', which is why after it is
cleaned I run 'apparmor_parser -QTK' on the profile to verify it. This
could probably be done as part of the build too. Once the profile is
in place, you can simply do something along the lines of
http://bazaar.launchpad.net/~jdstrand/ubuntu-system-settings/ubuntu-
system-settings-lp1296415/revision/748.
I have lightly tested this on the phone for the following:
* http
* https
* sharing to messaging app
* url-dispatcher via messaging-app to open a link (with the browser open and
closed)
* maps.google.com (prompted for access)
* youtube (one denial: apparmor=DENIED operation=dbus_method_call
bus=system path=/com/canonical/Unity/Screen
interface=com.canonical.Unity.Screen member=keepDisplayOn mask=send
name=com.canonical.Unity.Screen
[Touch-packages] [Bug 1356516] Re: consider shipping apparmor profile for webbrowser-app
** Description changed:
It would be nice if webbrowser-app itself could ship an apparmor
profile. Since we are already confining webapps, we can leverage aa-
easyprof to generate the apparmor profile. Eg, in debian/rules could
have a target :
apparmor:
- aa-easyprof --policy-version=1.2 --policy-vendor=ubuntu \
- -t ubuntu-webapp \
-
--policy-groups=accounts,audio,content_exchange,content_exchange_source,location,networking,push-notification-client,video,webview
\
- --template-var=@{APP_ID_DBUS}=webbrowser_2dapp \
- --template-var=@{APP_PKGNAME_DBUS}=webbrowser_2dapp \
- --template-var=@{APP_PKGNAME}=webbrowser-app \
- --template-var=@{CLICK_DIR}=/usr/share/webbrowser-app \
- --abstraction=user-tmp \
- --read-path=/usr/share/applications/ \
- --read-path=@{HOME}/.local/share/applications/ \
- --profile-name=webbrowser-app \
- --no-verify /usr/bin/webbrowser-app | \
- grep -v CLICK_DIR | \
- sed 's/signal peer=@{APP_PKGNAME}_\*_@{APP_VERSION},/signal
peer=@{APP_PKGNAME},/g' \
- ./debian/usr.bin.webbrowser-app
- apparmor_parser -QTK ./debian/usr.bin.webbrowser-app
+ aa-easyprof --policy-version=1.2 --policy-vendor=ubuntu \
+ -t ubuntu-webapp \
+
--policy-groups=accounts,audio,content_exchange,content_exchange_source,location,networking,push-notification-client,video,webview
\
+ --template-var=@{APP_ID_DBUS}=webbrowser_2dapp \
+ --template-var=@{APP_PKGNAME_DBUS}=webbrowser_2dapp \
+ --template-var=@{APP_PKGNAME}=webbrowser-app \
+ --template-var=@{CLICK_DIR}=/usr/share/webbrowser-app \
+ --abstraction=user-tmp \
+ --read-path=/usr/share/applications/ \
+ --read-path=@{HOME}/.local/share/applications/ \
+ --profile-name=webbrowser-app \
+ --no-verify /usr/bin/webbrowser-app | \
+ grep -v CLICK_DIR | \
+ sed 's/signal peer=@{APP_PKGNAME}_\*_@{APP_VERSION},/signal
peer=@{APP_PKGNAME},/g' \
+ ./debian/usr.bin.webbrowser-app
+ apparmor_parser -QTK ./debian/usr.bin.webbrowser-app
In this manner, you could this to update the apparmor profile:
$ debian/rules apparmor
I use '--no-verify' because we need to very lightly tidy up the profile
- with the 'grep -v' and the 'sed'. This could probably be done as part of
- the build too. Once the profile is in place, you can simply do something
- along the lines of http://bazaar.launchpad.net/~jdstrand/ubuntu-system-
- settings/ubuntu-system-settings-lp1296415/revision/748.
+ with the 'grep -v' and the 'sed', which is why after it is cleaned I run
+ 'apparmor_parser -QTK' on the profile to verify it. This could probably
+ be done as part of the build too. Once the profile is in place, you can
+ simply do something along the lines of
+ http://bazaar.launchpad.net/~jdstrand/ubuntu-system-settings/ubuntu-
+ system-settings-lp1296415/revision/748.
I have lightly tested this on the phone for the following:
- * http
- * https
- * sharing to messaging app
- * url-dispatcher via messaging-app to open a link (with the browser open and
closed)
- * maps.google.com (prompted for access)
- * youtube (one denial: apparmor=DENIED operation=dbus_method_call
bus=system path=/com/canonical/Unity/Screen
interface=com.canonical.Unity.Screen member=keepDisplayOn mask=send
name=com.canonical.Unity.Screen pid=12566 profile=webbrowser-app
peer_pid=1575 peer_profile=unconfined)
- * html5.grooveshark.com
- * grooveshark via music scope
+ * http
+ * https
+ * sharing to messaging app
+ * url-dispatcher via messaging-app to open a link (with the browser open and
closed)
+ * maps.google.com (prompted for access)
+ * youtube (one denial: apparmor=DENIED operation=dbus_method_call
bus=system path=/com/canonical/Unity/Screen
interface=com.canonical.Unity.Screen member=keepDisplayOn mask=send
name=com.canonical.Unity.Screen pid=12566 profile=webbrowser-app
peer_pid=1575 peer_profile=unconfined)
+ * html5.grooveshark.com
+ * grooveshark via music scope
I also even more lightly tested it on the desktop, and it appears to
work ok.
** Description changed:
It would be nice if webbrowser-app itself could ship an apparmor
profile. Since we are already confining webapps, we can leverage aa-
easyprof to generate the apparmor profile. Eg, in debian/rules could
have a target :
apparmor:
aa-easyprof --policy-version=1.2 --policy-vendor=ubuntu \
-t ubuntu-webapp \
--policy-groups=accounts,audio,content_exchange,content_exchange_source,location,networking,push-notification-client,video,webview
\
--template-var=@{APP_ID_DBUS}=webbrowser_2dapp \
--template-var=@{APP_PKGNAME_DBUS}=webbrowser_2dapp \
--template-var=@{APP_PKGNAME}=webbrowser-app \
