/usr/share/ca-certificates is missing from /etc/apparmor.d/abstractions/ssl_certs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
1. impact of the bug is low for stable releases, but the fix is non-intrusive. It is included here as part of the 2.5.1 update for Lucid (LP: #660077)
2. This has been addressed during the maverick development cycle.
3. Patch adds read access to /usr/share/
4. TEST CASE:
The test case is not straightforward as default configurations of applications in Ubuntu are not affected. While a contrived script and profile could be constructed, simply regenerating a profile that uses the ssl_certs abstraction should be enough to prove that there are no regressions (ie, the parser will fail with syntax errors). As such:
$ grep ssl_certs /etc/apparmor.
#include <abstractions/
#include <abstractions/
$ grep 'ca-certificates' /etc/apparmor.
/usr/
/usr/
$ sudo apparmor_parser -r -T -W /etc/apparmor.
5. The regression potential is very low for this patch as it only adds additional access for ca-certificates
Binary package hint: apparmor
This breaks, for example, openldap with syncrepl replication and private CA:
Related branches
Changed in apparmor (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in apparmor (Ubuntu Lucid): | |
status: | New → In Progress |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
tags: | added: testcase |
Thanks for taking the time to report this bug and helping to make Ubuntu better. I'll get this fixed up.