* 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
fallback mechanism to QtWebKit works correctly. This is needed so 13.10
framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
@{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
prevent information disclosure so once LP: 1260048 is fixed in oxide, we
can remove the read access.
Leaving the apparmor-easyprof-ubuntu task open since whenever oxide is updated we'll want to remove the workaround policy.
apparmor- easyprof- ubuntu (1.1.11) trusty; urgency=medium
* 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's /.pki/nssdb/ *. Note, while this prevents cert attacks, it doesn't
fallback mechanism to QtWebKit works correctly. This is needed so 13.10
framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
@{HOME}
prevent information disclosure so once LP: 1260048 is fixed in oxide, we
can remove the read access.
Leaving the apparmor- easyprof- ubuntu task open since whenever oxide is updated we'll want to remove the workaround policy.