SDK applications require access to /dev/log_*
Bug #1197124 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned | ||
lxc-android-config (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned | ||
Saucy |
Won't Fix
|
Low
|
Unassigned | ||
qtbase-opensource-src (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Saucy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Not sure where this bug should be, but Ubuntu SDK applications need write access to various /dev/log_* files. It seems rather odd that, for example, the ubuntu-
/dev/log_main w,
/dev/log_radio w,
/dev/log_events w,
/dev/log_system w,
These rules are too lenient and presumably any app could spam/attack the system via these device files.
Related branches
tags: | added: application-confinement |
Changed in ubuntu-qtcreator-plugins: | |
assignee: | nobody → Timo Jyrinki (timo-jyrinki) |
affects: | ubuntu-qtcreator-plugins → ubuntu-ui-toolkit |
Changed in lxc-android-config (Ubuntu): | |
status: | New → Won't Fix |
Changed in qtbase-opensource-src (Ubuntu): | |
status: | New → Won't Fix |
To post a comment you must log in.
This bug was fixed in the package apparmor- easyprof- ubuntu - 1.0.2
--------------- easyprof- ubuntu (1.0.2) saucy; urgency=low
apparmor-
* add sdk-base policy group (based on apparmor's ubuntu-sdk-base) apps/tasks and dev/cpuctl/ apps/bg_ non_interactive /tasks /.local/ share/Qt Project/" w,'
- use 'owner' with @{PROC}/cmdline
- move gst-plugin-scanner to qmlscene-webview
- deny accesses to /dev/log_* (LP: #1197124)
- add bug reference for /dev/binder
- deny access to /dev/cpuctl/
/
* adjust qmlscene to have 'owner "@{HOME}
-- Jamie Strandboge <email address hidden> Wed, 03 Jul 2013 17:21:09 -0500