** Tags added: testcase
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
To manage notifications about this bug go to:
** Changed in: apparmor (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) = Mark Valens (ever2note)
** Changed in: apparmor (Ubuntu)
Assignee: Mark Valens (ever2note) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Description changed:
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
To manage notifications about this bug go to:
** Changed in: apparmor (Ubuntu Lucid)
Assignee: Jamie Strandboge (jdstrand) = Karen Postmus (emetech)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files
** Changed in: apparmor (Ubuntu Lucid)
Assignee: Karen Postmus (emetech) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files
** Changed in: evince (Ubuntu Lucid)
Assignee: THILAGAN.K (kthilagan177) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should
** Changed in: evince (Ubuntu Lucid)
Assignee: (unassigned) = THILAGAN.K (kthilagan177)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should
** Changed in: apparmor (Ubuntu Lucid)
Assignee: Jamie Strandboge (jdstrand) = Moloisi Moloto (mmoloto)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files
** Changed in: apparmor (Ubuntu Lucid)
Assignee: Moloisi Moloto (mmoloto) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files
** Changed in: apparmor (Ubuntu Maverick)
Assignee: charanjeet singh (jeet-232) = Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files
** Changed in: apparmor (Ubuntu Maverick)
Assignee: Jamie Strandboge (jdstrand) = charanjeet singh (jeet-232)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files
** Tags added: verification-done
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.10.4
---
apparmor (2.5.1-0ubuntu0.10.10.4) maverick-proposed; urgency=low
* debian/patches/0012-lp698194.patch: explicitly deny access to autostart
directories, chromium, some popular email clients and kwallet
-
Tested maverick-proposed using:
* QRT:test-apparmor.py: PASS
* QRT:test-evince.py: PASS
* evince can no longer write to the ~/.config/autostart directory (the TEST
CASE): PASS
* evince can be launched from firefox: PASS
* evince can be launched from evolution (PDF attachment in email): PASS
This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.3
---
apparmor (2.5.1-0ubuntu0.10.04.3) lucid-proposed; urgency=low
* debian/patches/0014-lp698194.patch: explicitly deny access to autostart
directories, chromium, some popular email clients and kwallet
-
** Tags removed: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs mailing list
Accepted apparmor into maverick-proposed, the package will build now and
be available in a few hours. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Thank you in advance!
** Changed in: apparmor (Ubuntu
** Branch linked: lp:ubuntu/maverick-proposed/apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs
** Tags added: verification-done
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
Tested using:
* QRT:test-apparmor.py: PASS
* QRT:test-evince.py: PASS
* evince can no longer write to the ~/.config/autostart directory (the TEST
CASE): PASS
* evince can be launched from firefox: PASS
* evince can by launched from evolution (PDF attachment in email): PASS
* adjusting the
Accepted apparmor into lucid-proposed, the package will build now and be
available in a few hours. Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Thank you in advance!
** Changed in: apparmor (Ubuntu Lucid)
** Branch linked: lp:ubuntu/lucid-proposed/apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs
** Description changed:
+ SRU
+
+ 1. This update provides additional protection for consumers of the
+ private-files and private-files-strict abstractions. In Ubuntu, the
+ evince and firefox profiles use the private-files abstraction. The
+ firefox profile is disabled by default.
+
+ 2. This
** Patch added: apparmor_2.5.1-0ubuntu0.10.04.3.debdiff
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/698194/+attachment/1795899/+files/apparmor_2.5.1-0ubuntu0.10.04.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Patch added: apparmor_2.5.1-0ubuntu0.10.10.4.debdiff
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/698194/+attachment/1795900/+files/apparmor_2.5.1-0ubuntu0.10.10.4.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Uploaded to lucid and maverick proposed, pending SRU team approval.
** Description changed:
SRU
1. This update provides additional protection for consumers of the
private-files and private-files-strict abstractions. In Ubuntu, the
evince and firefox profiles use the private-files
** Visibility changed to: Public
** Also affects: apparmor (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Natty)
Importance: Undecided
Status: New
**
Thank you for reporting a bug and helping to make Ubuntu better.
We can't disable all of ~/.config because of the way that 'deny' works
in AppArmor (once you explicitly add a deny rule, you can't override it
later). However, I think it is appropriate to:
Add this to private-files:
audit deny
This should be added to private-files-strict as well:
audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl,
audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl,
And this to evince abstraction:
audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl,
audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl,
That's way more thorough than my suggestion. Thanks for looking into
this!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
** Changed in: apparmor (Ubuntu Natty)
Status: Triaged = In Progress
** Changed in: apparmor (Ubuntu Maverick)
Importance: High = Medium
** Changed in: apparmor (Ubuntu Lucid)
Importance: High = Medium
** Changed in: apparmor (Ubuntu Natty)
Importance: High = Medium
--
You
** Changed in: apparmor (Ubuntu Natty)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include
** Changed in: apparmor (Ubuntu Maverick)
Milestone: None = maverick-updates
** Changed in: apparmor (Ubuntu Lucid)
Milestone: None = lucid-updates
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package apparmor - 2.6~devel+bzr1617-0ubuntu1
---
apparmor (2.6~devel+bzr1617-0ubuntu1) natty; urgency=low
* Merge with upstream bzr revision 1617. Closes the following bugs:
- LP: #692406: temporarily disable the defunct repository until an
** Branch linked: lp:ubuntu/apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs mailing list
This bug was fixed in the package evince - 2.32.0-0ubuntu5
---
evince (2.32.0-0ubuntu5) natty; urgency=low
* debian/apparmor-profile.abstraction:
- deny access to kwallet, chromium configuration, writing to .pki/nssdb/*,
and some popular mail client files (LP: #698194)
** Branch linked: lp:ubuntu/evince
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs mailing list
37 matches
Mail list logo
