[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-05 Thread Jamie Strandboge
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Critical ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-05 Thread Jamie Strandboge
isc-dhcp (4.2.4-7ubuntu14) utopic; urgency=medium * debian/apparmor-profile.dhclient: add file_inherit inet{,6} dgram rules for child profiles ** Changed in: isc-dhcp (Ubuntu) Status: In Progress = Fix Released -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1366314] Re: security issue? auto suggest seems to copy credentials into clipboard

2014-09-08 Thread Jamie Strandboge
It does seem that the keyboard shouldn't be putting whatever you type into the clipboard. That said, I wonder if this is also a bug in the terminal app? Maybe it isn't using these: Qt.ImhHiddenText - Characters should be hidden, as is typically used when entering passwords. This is

[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-08 Thread Jamie Strandboge
** Description changed: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times. +

[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-08 Thread Jamie Strandboge
** Description changed: Background: kernel and apparmor userspace updates to support abstract, anonymous and fine-grained netlink socket mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.

[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-08 Thread Jamie Strandboge
1) old kernel and new userspace - this is well tested and ready to land now 2) new kernel and old userspace 3) new kernel and new userspace - these are tested, but need more testing on the kernel side. We are finalizing the kernel and will have these in place for kernel pull requests Ah, I did

[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-08 Thread Jamie Strandboge
FYI, when booting new userspace with old kernel, the parser will output something like this: Warning from profile /usr/lib/telepathy/telepathy-ofono (/etc/apparmor.d/usr.lib.telepathy): downgrading extended network unix socket rule to generic network rule -- You received this bug notification

[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out

2014-09-09 Thread Jamie Strandboge
Attached is the output of 'find /opt/click.ubuntu.com -ls'. Also, from IRC: 11:38 jdstrand cjwatson: fyi, I currently have 252 json files in /var/lib/apparmor/clicks but only 113 apps listed with 'click list'. so, some apps do ship multiple profiles, but most apps do not. ** Attachment added:

[Touch-packages] [Bug 1367028] Re: [MIR] system-image

2014-09-09 Thread Jamie Strandboge
** Changed in: system-image (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) = Seth Arnold (seth-arnold) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to system-image in Ubuntu.

[Touch-packages] [Bug 1249586] Re: music stops when app goes to background

2014-09-09 Thread Jamie Strandboge
*** This bug is a duplicate of bug 1249387 *** https://bugs.launchpad.net/bugs/1249387 ** Tags removed: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-webapps-qml in Ubuntu.

[Touch-packages] [Bug 1368751] [NEW] [enhancement] allow MTP access for authenticated computers

2014-09-12 Thread Jamie Strandboge
Public bug reported: In accordance with https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData, MTP currently refuses to show any folders when connecting the device to a system and the device's screen is locked (good). A nice future enhancement might be to do something similar to

[Touch-packages] [Bug 1327139] Re: mirscreencast broke (moved socket) in #71

2014-09-12 Thread Jamie Strandboge
There are different sockets. Bug #1236912 was about the sockets apps in the user's session are supposed to be able to access, ie $XDG_RUNTIME_DIR/mir_socket. /run/mir_socket is AIUI different and not supposed to be accessed by apps. -- You received this bug notification because you are a member

[Touch-packages] [Bug 1326105] Re: AppArmor policy for scope zmq access is too lenient

2014-09-15 Thread Jamie Strandboge
** Changed in: unity-scopes-api (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-api in Ubuntu. https://bugs.launchpad.net/bugs/1326105 Title: AppArmor policy for scope

[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

2014-09-15 Thread Jamie Strandboge
Mirco, can you answer my question in comment #8? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu. https://bugs.launchpad.net/bugs/1306769 Title: pinlock snap decision potentially allows malicious app to

[Touch-packages] [Bug 1365875] Re: mail notification displayed even when phone locked

2014-09-15 Thread Jamie Strandboge
Since this was fixed in push notifications, I am closing the other tasks. Please reopen if this is in error. ** No longer affects: account-polld (Ubuntu) ** No longer affects: indicator-messages (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1369457] Re: able to left swipe and launch apps without unlocking phone

2014-09-15 Thread Jamie Strandboge
I think much of this is by design. The security team doesn't consider launching apps behind the lockscreen a security issue. These apps are subjected to application lifecycle and will not continue running. However, the other behaviors may be bugs-- I'll ask someone to comment. ** Information type

[Touch-packages] [Bug 1369453] Re: able to view and change indicators without unlocking phone

2014-09-15 Thread Jamie Strandboge
** Changed in: indicator-location (Ubuntu) Status: New = Confirmed ** Changed in: indicator-network (Ubuntu) Status: New = Confirmed ** Also affects: indicator-datetime (Ubuntu) Importance: Undecided Status: New ** Changed in: indicator-datetime (Ubuntu) Status:

[Touch-packages] [Bug 1369450] Re: adb shell sudo shows password in the clear

2014-09-15 Thread Jamie Strandboge
FYI, as a workaround I suggest using 'phablet-shell' since it behaves correctly. ** Changed in: android-tools (Ubuntu) Status: New = Confirmed ** Changed in: android-tools (Ubuntu) Importance: Undecided = High ** Tags added: rtm14 -- You received this bug notification because you

[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

2014-09-15 Thread Jamie Strandboge
Thanks for the feedback-- though I think we may need more information. Here is the current policy: dbus (receive) bus=session path=/com/canonical/hud/publisher* interface=org.gtk.Menus member=Start, dbus (receive) bus=session

[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

2014-09-15 Thread Jamie Strandboge
Shoot, I had a mispaste of the related policy. Here is all of it for clarity: dbus (send) bus=session path=/com/canonical/hud interface=org.freedesktop.DBus.Properties member=GetAll, dbus (send) bus=session path=/com/canonical/hud

[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

2014-09-15 Thread Jamie Strandboge
Bumping the priority since this would be a bad bug. Marking as rtm14 since we can't have apps phish for passwords. ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu.

[Touch-packages] [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode

2014-09-15 Thread Jamie Strandboge
I am going to mark this as incomplete. Antii says Currently the pinlock dialog is implemented as snapdecision and thus any application that is allowed to use the notifications can potentially trick the user to provide his PIN code or Passcode to the application by invoking the pinlock dialog.

[Touch-packages] [Bug 1324292] Re: re-add support for selecting text for copying

2014-09-16 Thread Jamie Strandboge
** Changed in: oxide Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1324292 Title: re-add support for selecting text for copying

[Touch-packages] [Bug 1369512] Re: None of the torch app starts

2014-09-17 Thread Jamie Strandboge
) Status: New = In Progress ** Changed in: qtubuntu-camera (Ubuntu) Status: New = Triaged ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Changed in: qtubuntu-camera (Ubuntu) Assignee: (unassigned) = Jim Hodapp (jhodapp

[Touch-packages] [Bug 1369512] Re: please move click sound out of qtubuntu-camera

2014-09-17 Thread Jamie Strandboge
In testing uTorch, I noticed it also doesn't specify the camera policy group. It will need to do so after this bug is marked fixed in apparmor- easyprof-ubuntu. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1362199] Re: [FFe] apparmor abstract, anonymous and netlink socket mediation

2014-09-17 Thread Jamie Strandboge
** Changed in: linux (Ubuntu) Importance: Undecided = Critical ** Changed in: linux (Ubuntu) Importance: Critical = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.

[Touch-packages] [Bug 1371170] [NEW] information disclosure: clipboard contents can be obtained without user knowledge

2014-09-18 Thread Jamie Strandboge
*** This bug is a security vulnerability *** Public security bug reported: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1.

[Touch-packages] [Bug 1371170] Re: information disclosure: clipboard contents can be obtained without user knowledge

2014-09-18 Thread Jamie Strandboge
** Description changed: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that

[Touch-packages] [Bug 1371170] Re: information disclosure: clipboard contents can be obtained without user knowledge

2014-09-18 Thread Jamie Strandboge
** Description changed: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that

[Touch-packages] [Bug 870373] Re: guest session will not open

2014-09-18 Thread Jamie Strandboge
Marking this as fixed. The user said a reinstall fixed it and the guest session has been working fine for a long time. Please file a new bug if you are still having issues. ** Changed in: lightdm (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you

[Touch-packages] [Bug 1361372] Re: Apparmor stopping Google Chrome from launching in guest session

2014-09-18 Thread Jamie Strandboge
** Changed in: lightdm (Ubuntu) Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1361372 Title: Apparmor stopping Google Chrome from

[Touch-packages] [Bug 1362469] Re: AppArmor unrequested reply protection generates unallowable denials

2014-09-18 Thread Jamie Strandboge
** Tags added: application-confinement -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1362469 Title: AppArmor unrequested reply protection generates unallowable denials

[Touch-packages] [Bug 1371310] [NEW] docker.io doesn't work with 3.0 RC1 kernel

2014-09-18 Thread Jamie Strandboge
Public bug reported: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from daemon: Cannot start

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel

2014-09-18 Thread Jamie Strandboge
Installing auditd does not help. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with 3.0 RC1 kernel Status in “apparmor” package

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel

2014-09-18 Thread Jamie Strandboge
The target profile is loaded: $ sudo aa-status|grep docker docker-default I tried this on the 3.16.0-9.14 and 3.16.0-16.22 distro kernels. The 'docker run' command succeeds. If I do this: $ sudo docker run -i -t ubuntu:trusty /bin/sh I can verify the container is launched under confinement

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel

2014-09-18 Thread Jamie Strandboge
Adding the following to /etc/apparmor.d/docker does not help: audit unix, audit signal, audit ptrace, change_profile - *, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel

2014-09-18 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Importance: Undecided = High ** Changed in: linux (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1362543] Re: Web Application fail to load properly every other time is launched

2014-09-19 Thread Jamie Strandboge
** Changed in: oxide Importance: Undecided = Critical ** Changed in: oxide Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1362543

[Touch-packages] [Bug 1370930] Re: apparmor cups samba problem no printing

2014-09-19 Thread Jamie Strandboge
Since 14.04, apparmor has signal mediation. Cups is trying to kill some processes. To obtain 13.10 behavior, you could add this to usr.sbin.cupsd: signal, However, this would obviously allow cups to send signals to anything. I'm guessing it is sending signals to third party backends. It would

[Touch-packages] [Bug 1370930] Re: apparmor cups samba problem no printing

2014-09-19 Thread Jamie Strandboge
Actually, I see more Ux rules. Try this instead (also untested): /usr/bin/hpijs Cx - third_party, /usr/Brother/** Cx - third_party, /usr/lib/cups/backend/* Cx - third_party, /usr/lib/cups/filter/** Cxr - third_party,

[Touch-packages] [Bug 1371765] [NEW] apparmor_parser should be able to recompile policy on bad cache

2014-09-19 Thread Jamie Strandboge
Public bug reported: Right now, if given --cache-loc the parser will see if there is a cache file. If there isn't and --write-cache is used, the parser will compile the policy and put the binary cache in --cache-loc (fine). If there is a cache file, it will load the cache file (also fine). If the

[Touch-packages] [Bug 1371771] [NEW] premature exit if find corrupted cache files

2014-09-19 Thread Jamie Strandboge
Public bug reported: 2.8.96~2652-0ubuntu4 did this: * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in foreach_configured_profile() when loading valid cache files. This used to be needed when apparmor_parser would generate different binary caches when compiling

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with 3.0 RC1 kernel

2014-09-19 Thread Jamie Strandboge
After discussing on IRC, we will revert the patch enabling stricter requirements to restore previous behavior while we investigate the best approach to resolve the issue properly. ** Changed in: linux (Ubuntu) Status: Confirmed = Triaged ** Changed in: apparmor (Ubuntu) Status: New

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with apparmor 3.0 RC1 kernel

2014-09-19 Thread Jamie Strandboge
** Description changed: Steps to reproduce (from https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor): 1. sudo apt-get install docker.io # 1.2.0~dfsg1-1 2. sudo docker pull ubuntu:trusty 3. sudo docker run ubuntu:trusty uptime 2014/09/18 15:48:48 Error response from

[Touch-packages] [Bug 1371765] Re: apparmor_parser should be able to recompile policy on bad cache

2014-09-19 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: Triaged = In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = John Johansen (jjohansen) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in

[Touch-packages] [Bug 1371835] [NEW] highlighting selected item displays incorrectly with OptionSelector

2014-09-19 Thread Jamie Strandboge
Public bug reported: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3. click Styles on the left 4. select the SuruDark theme Notice after selecting the dark theme that there is a light gray rectangle for the selected item. This light gray box expands outside the

[Touch-packages] [Bug 1371835] Re: highlighting selected item displays incorrectly with OptionSelector and ItemSelector

2014-09-19 Thread Jamie Strandboge
** Summary changed: - highlighting selected item displays incorrectly with OptionSelector + highlighting selected item displays incorrectly with OptionSelector and ItemSelector ** Description changed: Steps to reproduce: 1. open the Ubuntu SDK 2. Tools/Ubuntu/Showcase Gallery 3.

[Touch-packages] [Bug 1371835] Re: highlighting selected item displays incorrectly with OptionSelector and ItemSelector

2014-09-19 Thread Jamie Strandboge
Attached is an example of ItemSelector displaying the problem in my app. Specifically, the highlight is outside of the rounded corners and there is no way to turn of highlighting/adjust the color of the highlight that I can see. The default highlighting is garish in my app and not what I want. **

[Touch-packages] [Bug 1371846] [NEW] no way to disable PageHeadState actions highlighting

2014-09-19 Thread Jamie Strandboge
Public bug reported: On applications with a dark theme (eg, Authenticator, Blabble, Utudu) the highlight color of the PageHeadState actions is very noticeable. This is easily seen by simply pressing one of the actions. When using a light theme, the effect is much more subtle. It would be nice to

[Touch-packages] [Bug 1372011] [NEW] ListItem.Subtitled subText color is too dark with SuruDark

2014-09-20 Thread Jamie Strandboge
Public bug reported: It is hard to read ListItem.Subtitled subText when using the SuruDark theme (or other dark themes). ** Affects: permy Importance: Undecided Status: New ** Affects: ubuntu-ui-toolkit (Ubuntu) Importance: Undecided Status: Confirmed ** Also

[Touch-packages] [Bug 1372502] [NEW] usermetrics stopped working some time ago due to wrong group for files

2014-09-22 Thread Jamie Strandboge
Public bug reported: $ ls -ld /var/lib/usermetrics/ ; sudo ls -l /var/lib/usermetrics/ drwxr-x--- 2 messagebus usermetrics 4096 Aug 21 11:05 /var/lib/usermetrics/ total 28 -rw-r--r-- 1 messagebus usermetrics 22528 Aug 21 11:05 usermetrics6.db This may be related to bug #1363129, where rsyslog

[Touch-packages] [Bug 1359022] Re: Welcome screen on image #200 always states that there are no data sources available

2014-09-22 Thread Jamie Strandboge
See also bug #1372502. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libusermetrics in Ubuntu. https://bugs.launchpad.net/bugs/1359022 Title: Welcome screen on image #200 always states that there are no data sources

[Touch-packages] [Bug 1370228] Re: init script returns 0 even after parsing failure

2014-09-22 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: New = In Progress ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu

[Touch-packages] [Bug 1372579] Re: All apps need access to the D-Bus clipboard

2014-09-23 Thread Jamie Strandboge
Does this rule look ok: # Mir clicpboard dbus (receive, send) bus=session path=/com/canonical/QtMir/Clipboard interface=com.canonical.QtMir.Clipboard, To test, pick two confined applications: one that should paste into the clipboard and another to copy out of the clipboard.

[Touch-packages] [Bug 1371835] Re: highlighting selected item displays incorrectly with OptionSelector and ItemSelector

2014-09-23 Thread Jamie Strandboge
This actually does affect pre-install apps-- it just isn't as noticeable. Eg: open Contacts, create a new contact, go to the bottom to select an addressbook-- you can see the square corners outside of the rounded corners. Again, it isn't as easy to see as with a dark theme, but it gives the wrong

[Touch-packages] [Bug 1371310] Re: docker.io doesn't work with apparmor 3.0 RC1 kernel

2014-09-23 Thread Jamie Strandboge
** Tags added: apparmor -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371310 Title: docker.io doesn't work with apparmor 3.0 RC1 kernel Status in “apparmor” package

[Touch-packages] [Bug 1373085] Re: Parser error when using regex profile names in IPC rules

2014-09-23 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: New = Confirmed ** Changed in: apparmor (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1350324] [NEW] Incorrect warning with ubuntu-scope-network template: Character - was quoted unnecessarily, dropped preceding quote ('\') character

2014-07-30 Thread Jamie Strandboge
Public bug reported: $ cat /tmp/profile profile foo { owner /run/user/[0-9]*/zmq/{[^c]**,c[^\-]**}-r rw, } $ apparmor_parser -QTK /tmp/profile Warning from /tmp/profile (/tmp/profile line 4): Character - was quoted unnecessarily, dropped preceding quote ('\') character ** Affects:

[Touch-packages] [Bug 1186662] Re: isc-dhcp-server fails to renew lease file

2014-07-30 Thread Jamie Strandboge
As Michael said, this needs a code change to dchpd to open the files correctly. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1186662 Title: isc-dhcp-server fails to

[Touch-packages] [Bug 1350152] Re: [mako #158] apparmor denies access to /etc/ssl/openssl.cnf

2014-07-30 Thread Jamie Strandboge
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1350152 Title:

[Touch-packages] [Bug 1350152] Re: [mako #158] apparmor denies access to /etc/ssl/openssl.cnf

2014-07-31 Thread Jamie Strandboge
** Changed in: ubuntu-calculator-app Status: New = Invalid ** Changed in: gallery-app Status: New = Invalid ** Changed in: dropping-letters Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1350598] Re: apparmor_parser takes a long time

2014-07-31 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title: apparmor_parser takes a long time Status

[Touch-packages] [Bug 1350598] Re: apparmor_parser takes a long time

2014-07-31 Thread Jamie Strandboge
This is a known issue and most affects users who perform lots of system updates with certain kernel and/or policy changes and is exacerbated by a high number of installed packages. We employ caching in various ways to reduce the time to recompile all policy to only needing to do it for certain

[Touch-packages] [Bug 1340345] Re: please use exclusive pipe access for /dev/socket/micshm

2014-07-31 Thread Jamie Strandboge
** Summary changed: - please use exclusive pipe access for /android/micshm + please use exclusive pipe access for /dev/socket/micshm -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtubuntu-camera in Ubuntu.

[Touch-packages] [Bug 1348251] Re: please make use of pam_tally2 for Touch login and screenunlock

2014-07-31 Thread Jamie Strandboge
** Changed in: ubuntu-touch-session (Ubuntu) Importance: Undecided = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1348251 Title: please make use of

[Touch-packages] [Bug 1348365] Re: MTP should not respond to new connection requests if the screen is locked

2014-07-31 Thread Jamie Strandboge
** Changed in: mtp (Ubuntu) Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mtp in Ubuntu. https://bugs.launchpad.net/bugs/1348365 Title: MTP should not respond to new connection requests if

[Touch-packages] [Bug 1230366] Re: Please provide Ubuntu camera service that integrates with trust-store

2014-07-31 Thread Jamie Strandboge
** Changed in: qtubuntu-camera (Ubuntu) Importance: High = Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtubuntu-camera in Ubuntu. https://bugs.launchpad.net/bugs/1230366 Title: Please provide Ubuntu camera

[Touch-packages] [Bug 1224756] Re: Pulseaudio should integrate with trust-store

2014-07-31 Thread Jamie Strandboge
** Changed in: pulseaudio (Ubuntu Utopic) Importance: High = Critical ** No longer affects: pulseaudio (Ubuntu Saucy) ** No longer affects: pulseaudio (Ubuntu Trusty) ** No longer affects: pulseaudio (Ubuntu Utopic) -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1347177] Re: Unconfined aggregating scope can't call confined child scope to get results

2014-07-31 Thread Jamie Strandboge
** Changed in: savilerow Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1347177 Title: Unconfined aggregating

[Touch-packages] [Bug 1219164] Re: Implement missing functionality to make location-service a trusted helper.

2014-07-31 Thread Jamie Strandboge
Removing old tasks and raising priority to Critical per RTM bug triage procedures (we must deliver this for RTM). Thomas, can you adjust the location service task to be Critical? Thanks! ** No longer affects: location-service (Ubuntu Saucy) ** No longer affects: location-service (Ubuntu Trusty)

[Touch-packages] [Bug 1230091] Re: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows

2014-07-31 Thread Jamie Strandboge
If there is another bug that should be used for Mir trust session support and online accounts use of it for rtm, please let me know. For now, adding rtm14 tag. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1230091] Re: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows

2014-07-31 Thread Jamie Strandboge
Removing suayc and trusty tasks since we won't fix those and they are cluttering the reports. Adjusting the Ubuntu tasks to Critical since online accounts use of trust sessions is an rtm requirement. ** No longer affects: unity-mir (Ubuntu Saucy) ** No longer affects: unity-mir (Ubuntu Trusty)

[Touch-packages] [Bug 1319546] Re: Remove sync-monitor policy rules

2014-07-31 Thread Jamie Strandboge
Are these ready to be removed now? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1319546 Title: Remove sync-monitor policy rules Status in Address Book

[Touch-packages] [Bug 1235444] Re: pkg_name calculated incorrectly

2014-07-31 Thread Jamie Strandboge
** Changed in: thumbnailer Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to thumbnailer in Ubuntu. https://bugs.launchpad.net/bugs/1235444 Title: pkg_name calculated incorrectly

[Touch-packages] [Bug 1230391] Re: please provide visual cue during background recording

2014-07-31 Thread Jamie Strandboge
** Changed in: pulseaudio (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1230391 Title: please provide visual cue during

[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out

2014-07-31 Thread Jamie Strandboge
** Attachment added: click_list.phablet https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4166749/+files/click_list.phablet -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu.

[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out

2014-07-31 Thread Jamie Strandboge
Sorry I didn't see this until just now. Attached are the files you requested. ** Attachment added: _var_lib_apparmor_clicks_json.txt https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4166748/+files/_var_lib_apparmor_clicks_json.txt -- You received this bug

[Touch-packages] [Bug 1342858] Re: old click packages are not always cleaned out

2014-07-31 Thread Jamie Strandboge
** Attachment added: click_list.root https://bugs.launchpad.net/ubuntu/+source/click/+bug/1342858/+attachment/4166750/+files/click_list.root ** Changed in: click (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1350598] Re: apparmor_parser takes a long time

2014-07-31 Thread Jamie Strandboge
Also, bug #1342858 will also aggravate the situation since more policy is in the device than is required. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title:

[Touch-packages] [Bug 1340345] Re: please use exclusive pipe access for /dev/socket/micshm

2014-07-31 Thread Jamie Strandboge
Regarding the file permissions: since apps run in the user's session under the user's UID, apps would have this access. Apps with the camera policy group (a common policy group available to apps without restriction) would then be able to access the socket. I'm not sure what you mean by 'as a user

[Touch-packages] [Bug 1350673] Re: System policy cache may become stale after a system image update

2014-07-31 Thread Jamie Strandboge
That said, if the hash operation was very fast, that would be a useful improvement going forward (I don't think we could do that for rtm). I do worry that if we compute hashes for all policy on every boot to see if we need to recompile, that is going to be more costly for the average user. What we

[Touch-packages] [Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules

2014-07-31 Thread Jamie Strandboge
@erniecom: as of 0.34 ufw does have route rules now and it also supports customization scripts via /etc/ufw/before.init and /etc/ufw/after..init. See 'man ufw-framework' for details. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1353139] Re: [manta] video playback currently broken (denied by apparmor)

2014-08-06 Thread Jamie Strandboge
** Package changed: apparmor-easyprof-ubuntu (Ubuntu) = media-hub (Ubuntu) ** Also affects: mediascanner2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1353139] Re: [manta] video playback currently broken (denied by apparmor)

2014-08-06 Thread Jamie Strandboge
mediascanner2 needs to add this to its apparmor policy: /sys/devices/**/video4linux/video** r, media-hub needs to add this to its policy: /sys/devices/**/video4linux/video** r, The media-hub orcexec issue is already fixed, but you may not have the policy update loaded due to bug #1350673.

[Touch-packages] [Bug 1350673] Re: System policy cache may become stale after a system image update

2014-08-06 Thread Jamie Strandboge
** Changed in: apparmor (Ubuntu) Status: Triaged = In Progress ** Changed in: apparmor (Ubuntu) Importance: High = Critical ** Tags added: rtm14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1341548] Re: Online detection does not work with confined apps on Nexus 4

2014-08-06 Thread Jamie Strandboge
: Undecided = Critical ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New = Confirmed ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1341548] Re: Online detection does not work with confined apps on Nexus 4

2014-08-06 Thread Jamie Strandboge
Actually, I can do this now by simply using this rule: dbus (receive, send) bus=session path=/com/ubuntu/connectivity1/NetworkingStatus, Since the API is simple, we don't need to worry about being more fine- grained. -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1240875] Re: Need to reboot the phone to have it pick up a new language setting

2014-08-06 Thread Jamie Strandboge
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Medium ** Changed in: ubuntu-system-settings (Ubuntu) Importance: Undecided = Medium ** Changed in: unity8 (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1227818] Re: client apps using qtdeclarative5-ubuntu-contacts0.1 accesses the /org/freedesktop/Telepathy DBus API

2014-08-06 Thread Jamie Strandboge
) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1227818 Title: client apps using qtdeclarative5-ubuntu-contacts0.1 accesses

[Touch-packages] [Bug 1319546] Re: Remove sync-monitor policy rules

2014-08-06 Thread Jamie Strandboge
Marking apparmor-easyprof-ubuntu task as 'Low' since the contacts policy group is still reserved. ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1342129] Re: [webapps] should enable access to dbus org.freedesktop.Application

2014-08-07 Thread Jamie Strandboge
This is going to need a policy update, but it looks like we have everything needed to do it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1342129 Title:

[Touch-packages] [Bug 1230091] Re: [enhancement] Trusted Session surface management (required for appstore app trust model), modal subwindows

2014-08-08 Thread Jamie Strandboge
What is that bug? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1230091 Title: [enhancement] Trusted Session surface management (required for appstore

[Touch-packages] [Bug 1351113] Re: password input box after suspend/resume was not focused but looked like it was; keyboard input was being intercepted by another window

2014-08-08 Thread Jamie Strandboge
** Changed in: unity (Ubuntu) Status: New = Incomplete ** Changed in: unity Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1351113

[Touch-packages] [Bug 1086058] Re: my unity laucher and environment disappeared when i changed certain permission in dpkg file while installing hadoop.

2014-08-08 Thread Jamie Strandboge
Thanks for your comments. This does not appear to be a bug report and we are closing it. We appreciate the difficulties you are facing, but it would make more sense to raise your question in the support tracker. Please visit https://answers.launchpad.net/ubuntu/+addquestion ** Information type

[Touch-packages] [Bug 1351180] Re: Python security issue #16039, #16041 and #16042 looks not be fixed on Python 2.7.6 (smtplib/imaplib/poplib of python has a vulnerability due to unlimited readline()

2014-08-08 Thread Jamie Strandboge
This is CVE-2013-1752 which is rated as having a 'Low' priority. It should be fixed in a future python update. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-1752 ** Changed in: python2.7 (Ubuntu) Status: New = Triaged ** Changed in: python2.7 (Ubuntu)

[Touch-packages] [Bug 1354110] Re: please merge openssl from debian

2014-08-11 Thread Jamie Strandboge
Thanks for the debdiff. What is the justification for the sync? 1.0.1f- 1ubuntu7 in utopic contains all of the security fixes already. Considering the stabilization effrts for the upcoming phone release, I'd prefer to not update openssl at this time unless there is very a compelling reason to do

[Touch-packages] [Bug 1229066] Re: evince-thumbnailer can't run mktexpk

2014-08-12 Thread Jamie Strandboge
** Package changed: evince (Ubuntu) = apparmor (Ubuntu) ** Changed in: apparmor (Ubuntu) Status: Confirmed = Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1356302] Re: apparmor DENIED messages in syslog

2014-08-13 Thread Jamie Strandboge
*** This bug is a duplicate of bug 1353591 *** https://bugs.launchpad.net/bugs/1353591 The mediascanner already has a rule for this. On the emulator with r189 for utopic-proposed: $ grep orcexec /etc/apparmor.d/usr.bin.mediascanner-service-2.0 owner /tmp/orcexec* m, ... Based on the

[Touch-packages] [Bug 1356457] [NEW] bookmarks not easily found with new design

2014-08-13 Thread Jamie Strandboge
Public bug reported: I like the new design of the webbrowser-app, but putting bookmarks under New Tab is non-intuitive. Furthermore, you may want to navigate to a bookmark from the current tab, but this doesn't seem to be possible. ** Affects: webbrowser-app (Ubuntu) Importance: Undecided

[Touch-packages] [Bug 1356516] [NEW] consider shipping apparmor profile for webbrowser-app

2014-08-13 Thread Jamie Strandboge
Public bug reported: It would be nice if webbrowser-app itself could ship an apparmor profile. Since we are already confining webapps, we can leverage aa- easyprof to generate the apparmor profile. Eg, in debian/rules could have a target : apparmor: aa-easyprof --policy-version=1.2

  1   2   3   4   5   6   7   8   9   10   >