apparmor prevents showing new click containers
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Libertine Scope | Status tracked in Trunk | |||||
Release |
Fix Released
|
Medium
|
Christopher Townsend | |||
Trunk |
Fix Released
|
Medium
|
Christopher Townsend | |||
libertine-scope (Ubuntu) |
Fix Released
|
Medium
|
Christopher Townsend |
Bug Description
The scope apparmor file provides a hard coded path to where it can read to find installed containers:
"read_path": [
That last line limits where it can find containers and it therefore only allows containers to be installed by a click with exactly the name com.ubuntu.
Expectation:
* I could install another click pkg with another container and it would display in the scope.
What happens:
* the new differently named container does not display in the scope (but it is listed by libertine-
Possible fix:
* work with apparmor/security folks to enable something like this:
"@{CLICK_
Related branches
- Larry Price: Approve
- Libertine CI Bot: Approve (continuous-integration)
-
Diff: 12 lines (+1/-1)1 file modifiedlibertine-scope.apparmor (+1/-1)
- Larry Price: Approve
-
Diff: 2064 lines (+1116/-263)42 files modified.bzrignore (+1/-0)
CMakeLists.txt (+11/-8)
data/CMakeLists.txt (+6/-9)
data/blacklist (+11/-0)
data/libertine-scope-settings.ini.in (+0/-24)
debian/changelog (+23/-0)
libertine-scope.apparmor (+1/-1)
libertine-scope/CMakeLists.txt (+4/-1)
libertine-scope/action.cpp (+66/-0)
libertine-scope/action.h (+45/-0)
libertine-scope/blacklist.cpp (+78/-0)
libertine-scope/blacklist.h (+36/-0)
libertine-scope/config.h.in (+26/-0)
libertine-scope/hidden_apps.cpp (+92/-0)
libertine-scope/hidden_apps.h (+38/-0)
libertine-scope/preview.cpp (+20/-0)
libertine-scope/preview.h (+0/-2)
libertine-scope/query.cpp (+192/-34)
libertine-scope/query.h (+26/-18)
libertine-scope/scope.cpp (+14/-37)
po/en_AU.po (+4/-3)
po/en_GB.po (+4/-3)
po/es.po (+9/-5)
po/fi.po (+4/-3)
po/fr.po (+4/-3)
po/gl.po (+8/-3)
po/libertine-scope.pot (+23/-1)
po/ms.po (+4/-3)
po/pt.po (+4/-3)
po/uk.po (+4/-3)
tests/CMakeLists.txt (+24/-21)
tests/TypedScopeFixture.h (+1/-0)
tests/data/blacklist (+9/-0)
tests/data/hidden (+1/-0)
tests/fake_container.cpp (+1/-2)
tests/fake_container_json.h (+2/-2)
tests/fake_libertine.cpp (+0/-6)
tests/fake_libertine.h (+2/-2)
tests/test_blacklist.cpp (+65/-0)
tests/test_hidden_apps.cpp (+107/-0)
tests/test_preview.cpp (+2/-1)
tests/test_query.cpp (+144/-65)
Changed in libertine-scope (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in libertine-scope (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | nobody → Christopher Townsend (townsend) |
Ok, got security's approval for this change:
(10:13:56 AM) ChrisTownsend: jdstrand: Hi! I have a follow up question to the libertine-scope read_path confinement. Currently, we have "@{CLICK_ DIR}/com. ubuntu. puritine/ ". Would you accept "@{CLICK_ DIR}/*puritine* /" instead to allow custom puritine clicks to work that have the name "puritine" in it's click package name?
(11:38:40 AM) jdstrand: ChrisTownsend: hey-- custom puritine clicks? can you explain what those are exactly?
(12:21:26 PM) ChrisTownsend: jdstrand: So, there is a commercial project going on to make a custom puritine click with apps that they want in it- (name redacted) is the customer and kyleN is working on it. So, really, I'd to change the read_path to account for any number of these clicks so the Libertine Scope can surface and launch the apps.
(12:27:39 PM) jdstrand: ChrisTownsend: that seems fine, yes
(12:28:17 PM) ChrisTownsend: jdstrand: Ok, thanks.