[Bug 1784023] Re: Update profiles for usrmerge
Christian Ehrhardt
1784023 at bugs.launchpad.net
Mon Jul 30 06:00:13 UTC 2018
If https://wiki.debian.org/UsrMerge is what we follow here then the libvirt rules for:
/sbin/* PUx and /bin/* PUx are ok, they already have /usr/bin/* and /usr/sbin/* present.
(part of a very lenient profile I know)
They are also not part of the Ubuntu Delta, so we can leave those rules as-is.
More interesting are the lines in abstractions/libvirt-qemu
Those are of a powerpc specific delta we carry and refer to just /bin at the moment.
/bin/uname rmix,
/bin/grep rmix,
I guess if we'd convert those two on the next merge to
/{usr/,}bin/uname rmix,
/{usr/,}bin/grep rmix,
we will be safe for the usr merge and still very backward compatible.
I'll do that as part of the coming cosmic libvirt merge which is blocked by a few other things (so it will take a bit).
But I'll call this packages task triaged and assign it to me.
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
** Changed in: libvirt (Ubuntu)
Importance: Undecided => Medium
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
** Tags added: libvirt-18.10
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1784023
Title:
Update profiles for usrmerge
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Status in isc-dhcp package in Ubuntu:
New
Status in libvirt package in Ubuntu:
Triaged
Status in lightdm package in Ubuntu:
New
Status in man-db package in Ubuntu:
New
Status in snapd package in Ubuntu:
New
Status in telepathy-mission-control-5 package in Ubuntu:
New
Bug description:
this is about / and /usr merge.
/bin & /sbin merge is out of scope. Anything that was in /sbin/ will
remain in /{,usr/}sbin/.
= src:apparmor =
usr.bin.chromium-browser appears to be out of date w.r.t. apparmor-profiles upstream git tree
/usr/share/apparmor/extra-profiles/usr.sbin.useradd needs update
upstream https://gitlab.com/apparmor/apparmor/merge_requests/152/diffs
= other packages =
$ sudo grep '[[:space:]]/bin' -r .
./usr.bin.man: /bin/bzip2 rmCx -> &man_filter,
./usr.bin.man: /bin/gzip rmCx -> &man_filter,
./usr.bin.man: /bin/bzip2 rm,
./usr.bin.man: /bin/gzip rm,
./usr.sbin.libvirtd: /bin/* PUx,
./abstractions/lightdm: /bin/ rmix,
./abstractions/lightdm: /bin/fusermount Px,
./abstractions/lightdm: /bin/** rmix,
./abstractions/libvirt-qemu: /bin/uname rmix,
./abstractions/libvirt-qemu: /bin/grep rmix,
./usr.bin.chromium-browser: /bin/ps Uxr,
./usr.bin.chromium-browser: /bin/dash ixr,
./usr.bin.chromium-browser: /bin/grep ixr,
./usr.bin.chromium-browser: /bin/readlink ixr,
./usr.bin.chromium-browser: /bin/sed ixr,
./usr.bin.chromium-browser: /bin/which ixr,
./usr.bin.chromium-browser: /bin/mkdir ixr,
./usr.bin.chromium-browser: /bin/mv ixr,
./usr.bin.chromium-browser: /bin/touch ixr,
./usr.bin.chromium-browser: /bin/dash ixr,
./usr.bin.firefox: /bin/which ixr,
./usr.bin.firefox: /bin/ps Uxr,
./usr.bin.firefox: /bin/uname Uxr,
./usr.bin.firefox: /bin/dash ixr,
./sbin.dhclient: /bin/bash mr,
$ sudo grep '[[:space:]]/sbin' -r .
./usr.lib.telepathy: deny /sbin/ldconfig x,
./usr.sbin.libvirtd: /sbin/* PUx,
./abstractions/lightdm: /sbin/ r,
./abstractions/lightdm: /sbin/** rmixk,
./usr.bin.firefox: /sbin/killall5 ixr,
./sbin.dhclient: /sbin/dhclient mr,
./sbin.dhclient: # daemon to run arbitrary code via /sbin/dhclient-script, it would need to be
./sbin.dhclient: /sbin/dhclient-script Uxr,
$ sudo grep '[[:space:]]/lib' -r .
./snap.core.4917.usr.lib.snapd.snap-confine: /lib/udev/snappy-app-dev ixr, # drop
./usr.lib.snapd.snap-confine.real: /lib/udev/snappy-app-dev ixr, # drop
./abstractions/lightdm: /lib/ r,
./abstractions/lightdm: /lib/** rmixk,
./abstractions/lightdm: /lib32/ r,
./abstractions/lightdm: /lib32/** rmixk,
./abstractions/lightdm: /lib64/ r,
./abstractions/lightdm: /lib64/** rmixk,
./usr.bin.chromium-browser: /lib/libgcc_s.so* mr,
./usr.bin.chromium-browser: /lib/@{multiarch}/libgcc_s.so* mr,
./usr.bin.chromium-browser: /lib{,32,64}/libm-*.so* mr,
./usr.bin.chromium-browser: /lib/@{multiarch}/libm-*.so* mr,
./usr.bin.chromium-browser: /lib{,32,64}/libpthread-*.so* mr,
./usr.bin.chromium-browser: /lib/@{multiarch}/libpthread-*.so* mr,
./usr.bin.chromium-browser: /lib{,32,64}/libc-*.so* mr,
./usr.bin.chromium-browser: /lib/@{multiarch}/libc-*.so* mr,
./usr.bin.chromium-browser: /lib{,32,64}/libld-*.so* mr,
./usr.bin.chromium-browser: /lib/@{multiarch}/libld-*.so* mr,
./usr.bin.chromium-browser: /lib{,32,64}/ld-*.so* mr,
./usr.bin.chromium-browser: /lib/@{multiarch}/ld-*.so* mr,
./usr.bin.chromium-browser: /lib/tls/*/{cmov,nosegneg}/libm-*.so* mr,
./usr.bin.chromium-browser: /lib/tls/*/{cmov,nosegneg}/libpthread-*.so* mr,
./usr.bin.chromium-browser: /lib/tls/*/{cmov,nosegneg}/libc-*.so* mr,
above list might be incomplete
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784023/+subscriptions
More information about the foundations-bugs
mailing list