| 2014-03-27 20:49:56 |
Jamie Strandboge |
bug |
|
|
added bug |
| 2014-03-27 20:53:17 |
John Johansen |
description |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with update apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles will be tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with update apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles will be tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-27 20:56:12 |
Jamie Strandboge |
description |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with update apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles will be tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with updated apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles will be tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-27 20:57:40 |
Jamie Strandboge |
description |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with updated apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles will be tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with updated apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-27 20:58:00 |
Jamie Strandboge |
bug task added |
|
linux (Ubuntu) |
|
| 2014-03-27 20:58:43 |
Jamie Strandboge |
tags |
|
bot-stop-nagging |
|
| 2014-03-27 21:00:08 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2014-03-27 21:07:12 |
Jamie Strandboge |
description |
= linux =
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
This feature has been tested on a 12.04 system, 14.04 system with current apparmor userspace, and 14.04 system with updated apparmor userspace capable of supporting signal and ptrace mediation. This feature has been tested to work on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
This feature has been tested on a 14.04 system with current kernel and a 14.04 system with updated kernel capable of supporting signal and ptrace mediation. This feature has been tested to work with on systems using lxc containers.
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server)
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server)
* 14.04 system using lxc containers (Touch, Desktop, Server)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-27 21:14:47 |
Jamie Strandboge |
linux (Ubuntu): status |
Incomplete |
New |
|
| 2014-03-27 21:15:23 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server)
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server)
* 14.04 system using lxc containers (Touch, Desktop, Server)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-27 21:30:08 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2014-03-28 02:51:04 |
Jamie Strandboge |
linux (Ubuntu): status |
Incomplete |
New |
|
| 2014-03-28 03:00:08 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2014-03-28 03:23:18 |
Jamie Strandboge |
tags |
bot-stop-nagging |
kernel-bot-stop-nagging |
|
| 2014-03-28 03:24:12 |
Jamie Strandboge |
linux (Ubuntu): status |
Incomplete |
New |
|
| 2014-03-28 03:30:08 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2014-03-28 14:03:27 |
Jamie Strandboge |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2014-03-30 22:32:56 |
John Johansen |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-31 11:50:15 |
John Johansen |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
|
| 2014-03-31 13:05:58 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: INPROGRESS
* 14.04 system (non-Touch) with current apparmor userspace: INPROGRESS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: INPROGRESS
* 14.04 system (non-Touch) using lxc containers: INPROGRESS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch (a separate pull will be requested at a later date). This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, immediately on Ubuntu Touch or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa. |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirtt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-03-31 13:06:45 |
Jamie Strandboge |
apparmor (Ubuntu): status |
New |
Confirmed |
|
| 2014-03-31 13:06:49 |
Jamie Strandboge |
linux (Ubuntu): importance |
Undecided |
High |
|
| 2014-03-31 13:06:51 |
Jamie Strandboge |
apparmor (Ubuntu): importance |
Undecided |
High |
|
| 2014-03-31 13:07:06 |
Jamie Strandboge |
linux (Ubuntu): assignee |
|
John Johansen (jjohansen) |
|
| 2014-03-31 13:07:16 |
Jamie Strandboge |
apparmor (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2014-03-31 13:07:35 |
Jamie Strandboge |
bug task added |
|
libvirt (Ubuntu) |
|
| 2014-03-31 13:08:02 |
Jamie Strandboge |
libvirt (Ubuntu): status |
New |
Triaged |
|
| 2014-03-31 13:08:07 |
Jamie Strandboge |
libvirt (Ubuntu): importance |
Undecided |
High |
|
| 2014-03-31 13:08:11 |
Jamie Strandboge |
libvirt (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2014-03-31 13:09:37 |
Jamie Strandboge |
attachment added |
|
libvirt_1.2.2-0ubuntu8.debdiff https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1298611/+attachment/4055646/+files/libvirt_1.2.2-0ubuntu8.debdiff |
|
| 2014-03-31 13:14:22 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirtt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirtt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-03-31 13:17:03 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirtt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-03-31 14:12:53 |
John Johansen |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-03-31 14:13:16 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-03-31 14:28:09 |
Jamie Strandboge |
bug |
|
|
added subscriber Ubuntu Release Team |
| 2014-03-31 16:00:31 |
Tim Gardner |
linux (Ubuntu): status |
Confirmed |
Fix Committed |
|
| 2014-04-02 07:13:27 |
Launchpad Janitor |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2014-04-02 07:13:27 |
Launchpad Janitor |
cve linked |
|
2014-0055 |
|
| 2014-04-02 07:13:27 |
Launchpad Janitor |
cve linked |
|
2014-0131 |
|
| 2014-04-02 20:09:32 |
Tyler Hicks |
bug task added |
|
lightdm (Ubuntu) |
|
| 2014-04-02 20:09:52 |
Tyler Hicks |
lightdm (Ubuntu): status |
New |
In Progress |
|
| 2014-04-02 20:09:55 |
Tyler Hicks |
lightdm (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2014-04-02 20:09:57 |
Tyler Hicks |
lightdm (Ubuntu): importance |
Undecided |
High |
|
| 2014-04-02 20:10:02 |
Tyler Hicks |
apparmor (Ubuntu): status |
Confirmed |
In Progress |
|
| 2014-04-02 20:10:11 |
Tyler Hicks |
bug task added |
|
lxc (Ubuntu) |
|
| 2014-04-02 20:10:36 |
Tyler Hicks |
lxc (Ubuntu): assignee |
|
Stéphane Graber (stgraber) |
|
| 2014-04-02 20:10:39 |
Tyler Hicks |
lxc (Ubuntu): importance |
Undecided |
High |
|
| 2014-04-03 12:40:13 |
Jamie Strandboge |
attachment added |
|
lxc_1.0.2-0ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1298611/+attachment/4063121/+files/lxc_1.0.2-0ubuntu2.debdiff |
|
| 2014-04-03 12:40:28 |
Jamie Strandboge |
lxc (Ubuntu): status |
New |
In Progress |
|
| 2014-04-03 12:40:33 |
Jamie Strandboge |
lxc (Ubuntu): assignee |
Stéphane Graber (stgraber) |
Jamie Strandboge (jdstrand) |
|
| 2014-04-03 12:40:38 |
Jamie Strandboge |
libvirt (Ubuntu): status |
Triaged |
In Progress |
|
| 2014-04-03 13:01:57 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, Desktop, Server): TODO
* 14.04 system with updated kernel capable of supporting signal and ptrace mediation (Touch, Desktop, Server): INPROGRESS
* 14.04 system using lxc containers (Touch, Desktop, Server): TODO
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: INPROGRESS
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-03 13:48:07 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: INPROGRESS
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: PASS
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-03 14:33:34 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: PASS
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-03 20:16:56 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-03 20:45:39 |
Jamie Strandboge |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu) |
|
| 2014-04-03 20:47:29 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): importance |
Undecided |
Medium |
|
| 2014-04-03 20:47:29 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): status |
New |
In Progress |
|
| 2014-04-03 20:47:29 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2014-04-03 21:14:58 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt, etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-03 21:24:32 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: INPROGRESS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* test-apparmor.py: INPROGRESS
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-03 21:44:21 |
Jamie Strandboge |
cve unlinked |
2014-0055 |
|
|
| 2014-04-03 21:44:38 |
Jamie Strandboge |
cve unlinked |
2014-0131 |
|
|
| 2014-04-03 21:50:26 |
Jamie Strandboge |
attachment added |
|
apparmor-easyprof-ubuntu_1.1.14.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1298611/+attachment/4064055/+files/apparmor-easyprof-ubuntu_1.1.14.debdiff |
|
| 2014-04-03 21:50:35 |
Tyler Hicks |
attachment added |
|
lightdm_1.9.14-0ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4064056/+files/lightdm_1.9.14-0ubuntu2.debdiff |
|
| 2014-04-03 21:52:46 |
Tyler Hicks |
attachment added |
|
libvirt_1.2.2-0ubuntu9.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4064063/+files/libvirt_1.2.2-0ubuntu9.debdiff |
|
| 2014-04-03 21:53:06 |
Tyler Hicks |
attachment removed |
libvirt_1.2.2-0ubuntu8.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4055646/+files/libvirt_1.2.2-0ubuntu8.debdiff |
|
|
| 2014-04-03 21:59:40 |
Tyler Hicks |
attachment added |
|
apparmor_2.8.95~2430-0ubuntu4.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4064098/+files/apparmor_2.8.95%7E2430-0ubuntu4.debdiff |
|
| 2014-04-04 04:34:27 |
Jamie Strandboge |
apparmor (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2014-04-04 04:34:32 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2014-04-04 04:34:36 |
Jamie Strandboge |
libvirt (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2014-04-04 04:34:39 |
Jamie Strandboge |
lightdm (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2014-04-04 04:34:45 |
Jamie Strandboge |
lxc (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2014-04-04 04:37:28 |
Jamie Strandboge |
description |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* test-apparmor.py: INPROGRESS
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
Background: kernel and apparmor userspace updates to support signal and ptrace mediation. These packages are listed in one bug because they are related, but the FFes may be granted and the uploads may happen at different times.
= linux =
Summary:
This feature freeze exception is requested for signal and ptrace mediation via apparmor in the kernel. When used with a compatible apparmor userspace, signals and ptrace rules are supported. When used without a compatible apparmor userspace (eg, on a precise system with a trusty backport kernel), signal and ptrace mediation is not enforced (ie, you can use this kernel with an old userspace without any issues).
The fine grained mediation of signals and ptraces also incorporates improved
versioning support that allows this kernel to better support older and newer
userspaces. This allows for this version of the kernel to work as a backport
kernel unmodified (currently a patch and config are used to provide backport
kernels).
The kernel patch is available at git://kernel.ubuntu.com/jj/ubuntu-trusty.git
in the trusty-alpha6 branch apparmor-alpha6-sync
Testing:
* 12.04 system with backported kernel: DONE
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (VMs started via openstack, and test-libvirt.py from QRT passes all tests)
* 14.04 system (non-Touch) with current apparmor userspace: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
* 14.04 system (non-Touch) with updated apparmor userspace capable of supporting signal and ptrace mediation: DONE (relevant parts of https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor. Note: this is marked 'done' from the kernel perspective-- the apparmor userspace upload is being prepared and tests assume userspace is using latest patches on the list)
* test-apparmor.py: PASS (runs extensive tests (upstream and distro))
* exploratory manual testing: PASS (networking, aa-enforce with firefox, firefox works, apparmor blocks access, etc)
* aa-status: PASS
* lxc: PASS (containers can be created, started, shutdown)
* libvirt: PASS (QRT/script/test-libvirt.py (though there are 3 failures unrelated to apparmor))
* click-apparmor QRT touch image tests: PASS
* apparmor-easyprof-ubuntu QRT touch image tests: PASS
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
= apparmor userspace =
Summary:
This feature freeze exception is requested for signal and ptrace mediation for apparmor userspace. When used with a compatible kernel, signals and ptrace rules are supported. When used without a compatible kernel (eg, on Ubuntu Touch for a few weeks or with upstream kernels), signal and ptrace rules are skipped (ie, you can use this userspace with other kernels without issue).
Testing:
* 14.04 system with current kernel (Touch, kernel doesn't have signal and ptrace mediation yet):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes click-apparmor, apparmor-easyprof-ubuntu, exploratory manual testing, etc)
* 14.04 system with previous kernel lacking signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* test-apparmor.py: PASS
* lightdm guest session: PASS (login, start browser, logout)
* 14.04 system kernel capable of supporting signal and ptrace mediation (non-Touch):
* https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor: PASS (includes test-apparmor.py, exploratory manual testing, lxc, libvirt (3 failures unrelated to apparmor), etc)
* Verify everything in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles: PASS (except juju since it doesn't have policy itself)
* lightdm guest session: PASS (login, start browser, logout)
Justification:
This feature is required to support comprehensive application confinement on Ubuntu Touch. This feature adds a significant security benefit to libvirt's qemu guest isolation which is fundamental to Ubuntu on Server/Cloud. This feature also adds a welcome improvement to administrators wishing to further protect their systems.
Extra information:
While the apparmor userspace and kernel changes to support signal and ptrace mediation can happen at different times, the apparmor userspace upload must correspond with uploads for packages that ship AppArmor policy that require updates (eg, libvirt, lxc, etc). The packages outlined in https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles have been tested to either work without modification to the policy or updated and tested to work with updated policy. Common rules will be added to the apparmor base abstraction such that most packages shipping apparmor policy will not require updating. These updates will be prepared, tested and published en masse via a silo ppa.
Common rules added to the base abstraction are (ie, these rules will be included in all policy on Ubuntu since the base abstractions is always used in distro policy):
# Allow other processes to read our /proc entries, futexes, perf tracing and
# kcmp for now
ptrace (readby),
# Allow other processes to trace us by default (they will need 'trace' in
# the first place). Administrators can override with:
# deny ptrace (tracedby) ...
ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow us to signal ourselves
signal peer=@{profile_name},
# Checking for PID existence is quite common so add it by default for now
signal (receive, send) set=("exists"), |
|
| 2014-04-04 05:21:37 |
Steve Langasek |
apparmor (Ubuntu): status |
Fix Committed |
New |
|
| 2014-04-04 05:21:39 |
Steve Langasek |
apparmor-easyprof-ubuntu (Ubuntu): status |
Fix Committed |
New |
|
| 2014-04-04 05:21:42 |
Steve Langasek |
libvirt (Ubuntu): status |
Fix Committed |
New |
|
| 2014-04-04 05:21:46 |
Steve Langasek |
lightdm (Ubuntu): status |
Fix Committed |
New |
|
| 2014-04-04 05:21:50 |
Steve Langasek |
lxc (Ubuntu): status |
Fix Committed |
New |
|
| 2014-04-04 05:58:13 |
Steve Langasek |
apparmor (Ubuntu): status |
New |
Confirmed |
|
| 2014-04-04 07:27:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/apparmor-easyprof-ubuntu |
|
| 2014-04-04 08:04:32 |
Launchpad Janitor |
lightdm (Ubuntu): status |
New |
Fix Released |
|
| 2014-04-04 08:28:19 |
Launchpad Janitor |
libvirt (Ubuntu): status |
New |
Fix Released |
|
| 2014-04-04 08:53:33 |
Launchpad Janitor |
lxc (Ubuntu): status |
New |
Fix Released |
|
| 2014-04-04 08:53:35 |
Launchpad Janitor |
apparmor (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2014-04-04 08:59:14 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu): status |
New |
Fix Released |
|
| 2014-04-04 09:49:04 |
Launchpad Janitor |
branch linked |
|
lp:~tyhicks/lightdm/guest-session-policy-updates |
|
| 2014-04-04 21:51:12 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/trusty/lxc/trusty |
|
| 2014-05-06 06:28:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/lightdm |
|
| 2015-04-11 01:08:46 |
Ken Sharp |
bug |
|
|
added subscriber Ken Sharp |
