| 2015-01-28 14:42:52 |
Alberto Mardegan |
bug |
|
|
added bug |
| 2015-01-28 14:43:19 |
Alberto Mardegan |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu) |
|
| 2015-01-28 14:44:06 |
Alberto Mardegan |
bug task added |
|
signon (Ubuntu) |
|
| 2015-01-28 14:55:24 |
Jamie Strandboge |
description |
We want to let privileged processes (such as those using the "unconfined" profile template) to access any online account without having the need of being added to the account's ACL.
signond and libsignon-qt already support connecting via a p2p D-Bus backed by a unix socket ("$XDG_RUNTIME_DIR/signond/socket"), but it's currently switched off at build time. We should enable it.
signon-apparmor-extension has to be changed so that a peer connected via the p2p D-Bus connection will always be treated as "unconfined".
apparmor-easyprof-ubuntu has to be modified so that the "accounts" policy will restrict access to "$XDG_RUNTIME_DIR/signond/socket" (which is currently allowed, though unused), but without logging a failure. |
We want to let privileged processes (such as those using the "unconfined" profile template) to access any online account without having the need of being added to the account's ACL.
signond and libsignon-qt already support connecting via a p2p D-Bus backed by a unix socket ("$XDG_RUNTIME_DIR/signond/socket"), but it's currently switched off at build time. We should enable it.
signon-apparmor-extension has to be changed so that a peer connected via the p2p D-Bus connection will always be treated as "unconfined".
While apparmor policy already disallows access to this socket, apparmor-easyprof-ubuntu needs to be modified so that the "accounts" policy will contain an explicity deny rule for "$XDG_RUNTIME_DIR/signond/socket" to suppress logging the denial. |
|
| 2015-01-28 14:55:30 |
Jamie Strandboge |
tags |
|
application-confinement |
|
| 2015-01-28 15:06:55 |
Alberto Mardegan |
signon-apparmor-extension (Ubuntu): assignee |
|
Alberto Mardegan (mardy) |
|
| 2015-01-28 15:06:57 |
Alberto Mardegan |
signon (Ubuntu): assignee |
|
Alberto Mardegan (mardy) |
|
| 2015-01-28 15:07:06 |
Alberto Mardegan |
signon (Ubuntu): status |
New |
In Progress |
|
| 2015-01-28 15:29:16 |
Launchpad Janitor |
branch linked |
|
lp:~online-accounts/signon/packaging |
|
| 2015-01-28 15:31:11 |
Launchpad Janitor |
branch linked |
|
lp:~mardy/signon-apparmor-extension/lp1415492 |
|
| 2015-01-28 15:35:50 |
Launchpad Janitor |
branch linked |
|
lp:~mardy/apparmor-easyprof-ubuntu/lp1415492 |
|
| 2015-01-28 22:53:48 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): status |
New |
Fix Committed |
|
| 2015-01-28 22:53:51 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2015-02-04 18:57:12 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/vivid/signon-apparmor-extension/vivid-proposed |
|
| 2015-02-04 19:25:26 |
Launchpad Janitor |
signon-apparmor-extension (Ubuntu): status |
New |
Fix Released |
|
| 2015-02-04 20:00:57 |
Launchpad Janitor |
signon (Ubuntu): status |
In Progress |
Fix Released |
|
| 2015-02-04 21:57:10 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/vivid-proposed/apparmor-easyprof-ubuntu |
|
| 2015-02-04 22:26:24 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2015-02-05 10:48:49 |
Launchpad Janitor |
branch linked |
|
lp:~mardy/signon-apparmor-extension/lp1415492-rtm |
|
| 2015-02-05 12:17:25 |
Launchpad Janitor |
branch linked |
|
lp:~mardy/signon/lp1415492-rtm |
|
| 2015-02-05 21:55:31 |
Jamie Strandboge |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu RTM) |
|
| 2015-02-05 21:55:43 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu RTM): status |
New |
Fix Committed |
|
| 2015-02-05 21:55:47 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu RTM): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2015-02-10 14:26:48 |
Pat McGowan |
bug task added |
|
canonical-devices-system-image |
|
| 2015-02-10 14:27:11 |
Pat McGowan |
canonical-devices-system-image: importance |
Undecided |
High |
|
| 2015-02-10 14:27:11 |
Pat McGowan |
canonical-devices-system-image: status |
New |
In Progress |
|
| 2015-02-10 14:27:11 |
Pat McGowan |
canonical-devices-system-image: milestone |
|
ww07-2015 |
|
| 2015-02-11 10:26:22 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu RTM): status |
Fix Committed |
Fix Released |
|
| 2015-02-11 10:26:30 |
Launchpad Janitor |
signon-apparmor-extension (Ubuntu RTM): status |
New |
Fix Released |
|
| 2015-02-11 15:15:12 |
Pat McGowan |
canonical-devices-system-image: status |
In Progress |
Fix Released |
|
| 2016-06-07 15:02:34 |
Alberto Mardegan |
branch unlinked |
lp:~online-accounts/signon/packaging |
|
|
