lp://qastaging/ubuntu/vivid/apparmor-easyprof-ubuntu
- Get this branch:
- bzr branch lp://qastaging/ubuntu/vivid/apparmor-easyprof-ubuntu
Branch merges
Related bugs
Related blueprints
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 105. By Jamie Strandboge
-
templates/*: explicitly deny noisy access to accountsservice
(LP: #1433590) - 104. By Jamie Strandboge
-
* templates/
ubuntu- sdk|ubuntu- webapp: explicitly deny noisy /dev/tty access
* policygroups/accounts: also deny 'r' to /{,var/ }run/user/ */signond/ socket
to silence expected noisy denial (LP: #1415492) - 103. By Jamie Strandboge
-
hardware/
video.d/ apparmor- easyprof- ubuntu_ mako: add accesses for
video4linux 1 and 2 devices needed by mediascanner2 (gst-plugin-scanner)
et al - 102. By Jamie Strandboge
-
ubuntu/webview: allow oxide_helper read access to /sys/devices/
system/ cpu/
and /sys/devices/system/ cpu/cpu[ 0-9]*/cpufreq/ cpuinfo_ max_freq - 101. By Steve Beattie
-
ubuntu/
1.0/ubuntu- {sdk,webapp} : also allow access to mir libraries via
the new mir abstraction for 1.0 templates (LP: #1422521) - 100. By Jamie Strandboge
-
[ Alberto Mardegan ]
* ubuntu/accounts: explictly deny access to the p2p socket. This will now be
available only to unconfined apps to support a trusted socket for
privileged processes (LP: #1415492)[ Jamie Strandboge ]
* add ubuntu/1.2/ubuntu- account- plugin template and add to 1.3 policy
(LP: #1219644)
* adjust expected_templates_ 12 in autopkgtests to have ubuntu- account- plugin
* ubuntu/webview: allow /sys/devices/system/ cpu/*/cpufreq/ cpuinfo_ max_freq
readonly access - 99. By Jamie Strandboge
-
ubuntu/
{music, pictures, video}_ files*: temporarily allow read access to
global SD card user directory (LP: #1392368). This can be removed once
there is a proper API for apps to find the SD card label. - 98. By Jamie Strandboge
-
[ Ricardo Salveti de Araujo ]
Adding hardware/video.d/ apparmor- easyprof- ubuntu_ manta to allow rw on
/dev/video*, needed for hardware video decoding (LP: #1408130). (Note: we
may need to add rw on /dev/v4l-subdev*, but this seems to be enough for
now) - 97. By Jamie Strandboge
-
* ubuntu/ubuntu-sdk:
- explicitly deny reads on ~/.cache/QML/Apps/ to silence noisy denials.
Undo this when LP: 1381620 is fixed in qtdeclarative-opensource- src
- explicitly deny dbus bind on name="org.freedesktop. Application" since
it is noisy. Undo this when LP: 1378823 is fixed in ubuntu-ui-toolkit
* ubuntu/1.3/ubuntu- sdk: drop html5-container policy. html5 apps should use
webapp-container and specify the 'webview' policy group with 1.3 (15.04)
policy (LP: #1392461)
* ubuntu/ubuntu- scope-network, pending/ ubuntu- scope-local- content: allow
scopes to read data from the apps data dir (LP: #1384286)
* adjust all dbus rules to use peer=(label=unconfined) to prevent
coordinated communications between apps over DBus (LP: #1383824)
* ubuntu/{music, pictures, video}_ files*: allow access to global SD card
directories (LP: #1391930)
* debian/control: Depends on apparmor >= 2.8.98-0ubuntu2~ for the dbus peer
changes (we need at least apparmor_parser 2.9.beta4 for these) - 96. By Jamie Strandboge
-
* debian/control:
- add Vcs-Bzr and Vcs-Browser now that we have them
- adjust Standards-Version
* add debian/make-new- version. sh and document how to use it
* create policy version 1.3
* adjust autopkgtests:
- add tests for policy version 1.3
- fix lintian warnings in naming of the tests
* debian/apparmor- easyprof- ubuntu. postinst: add #DEBHELPER# token
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)