Okay, whoopsie-daisy 0.1.3 is ready for review. The daemon now drops privileges and all capabilities, except for CAP_FOWNER. Keeping CAP_FOWNER allows it to ignore the sticky bit in /var/crash and remove the .upload files, which are created by regular users to indicate that a crash report should be submitted. It limits this capability to just /var/crash by bind-mounting / read-only in /var/tmp, then bind-mounting /var/crash read-write on top of it, and finally chrooting into this. It does all of this in a separate mount namespace.
I've moved away from NetworkManager to GNetworkMonitor. This removes the need to pass the at_console check, and affords us an easy way to check if the crash submission server is accessible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/913694 Title: [MIR] whoopsie-daisy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/913694/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
