qtcreator should use the click-apparmor query API to obtain the policy version
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qtcreator-plugin-ubuntu (Ubuntu) |
Fix Released
|
Medium
|
Benjamin Zeller |
Bug Description
Currently qtcreator hard codes the apparmor policy_version in the security manifest to be 1.0. With the new 14.04 framework definitions, the policy_version should be 1.1 for 14.04 and 1.0 for 13.10. In order to prevent this mapping being stored in multiple places, click-apparmor 0.2 now provides a python API and a CLI tool for querying the profile version and you may query for the policy_version for the specified framework (https:/
$ aa-clickquery --click-
Specific examples:
$ aa-clickquery --click-
1.0
Supported 14.04 frameworks as of ubuntu-touch-meta (1.115):
$ aa-clickquery --click-
1.1
$ aa-clickquery --click-
1.1
$ aa-clickquery --click-
1.1
Future 14.04 frameworks:
$ aa-clickquery --click-
1.1
$ aa-clickquery --click-
1.1
$ aa-clickquery --click-
1.1
Ie, this change will allow you to dynamically discover the policy_version based on the click framework that is installed on the system and you shouldn't have to do anything special when 14.10, 15.04, 15.10, etc are added.
IMPORTANT: click-apparmor does not currently use libclick but it is planned to do so this cycle. When it does use libclick, qtcreator may need to run aa-clickquery in a chroot that contains the installed framework, since libclick can only look at installed framework definitions for the API click-apparmor will use.
Related branches
Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
assignee: | nobody → Zoltan Balogh (bzoltan) |
importance: | Undecided → Critical |
status: | New → Confirmed |
Changed in qtcreator-plugin-ubuntu (Ubuntu): | |
assignee: | Zoltan Balogh (bzoltan) → zbenjamin (zeller-benjamin) |
importance: | Critical → Medium |
tags: | added: 1293586 |
Jamie: I'm sure we could allow libclick to look at a chroot. Get in touch with me when you're doing that work and I'll see what we can do.