Ubuntu
ubuntu-core-security package

Add support for socketpair() in the default profile

Bug #1470995 reported by Ted Gould
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
Invalid
Undecided
Unassigned
ubuntu-core-security (Ubuntu)
Fix Released
Medium
Jamie Strandboge

Bug Description

Socketpair() can only be used for local sockets, so it should be allowed in the default profile and not require network-client or network-server.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I agree QML apps should not require networking. For now I suggest an alternate approach from changing ubuntu-core-security policy as seen in this MP: https://code.launchpad.net/~jdstrand/mir/snappy-packaging.framework-policy-for-qml-apps/+merge/264439

Changed in ubuntu-core-security (Ubuntu):
status: New → Incomplete
Revision history for this message
Ted Gould (ted) wrote : Re: [Bug 1470995] Re: Add support for socketpair() in the default profile

I guess my only question would be how often socketpair() is used. This
solves the Mir case of course, but I figured it was more widely used
than just Mir and kinda a standard Unix feature. For instance two
processes in the same application could use it to communicate with each
other (backend/frontend type architecture).

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I think this is a good point. It is fixed now in mir framework-policy, but we should allow it in default policy too.

Changed in ubuntu-core-security (Ubuntu):
status: Incomplete → Triaged
Jamie Strandboge (jdstrand)
Changed in ubuntu-core-security (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: Triaged → Fix Committed
Jamie Strandboge (jdstrand)
Changed in snappy:
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded to wily and https://launchpad.net/~snappy-dev/+archive/ubuntu/image/.

Changed in snappy:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-core-security - 15.10.9

---------------
ubuntu-core-security (15.10.9) wily; urgency=medium

  * ubuntu-core/default, ubuntu-core/network-service: move socketpair from
    network-service policy group to default template since on Linux socketpair
    only supports AF_UNIX (LP: #1470995)
  * ubuntu-core/default: allow ixr of openssl (LP: #1480366)

 -- Jamie Strandboge <email address hidden> Fri, 31 Jul 2015 15:35:43 -0500

Changed in ubuntu-core-security (Ubuntu):
status: Fix Committed → Fix Released
Leo Arias (elopio)
Changed in snappy:
status: Fix Committed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.