[Bug 1852485] [NEW] [SRU] Add AssumedAppArmorLabel to fwupd service

Ken VanDine ken.vandine at canonical.com
Wed Nov 13 20:11:34 UTC 2019 

Public bug reported:

In order for strictly confined snaps to work with the host's fwupd we
need to add the AssumedAppArmorLabel=unconfined to the DBus service
file.

[Impact]

 * Without this label, strictly confined snaps can not work with the
host's fwupd service


[Test Case]

 * snap install --edge gnome-firmware
 * snap connect gnome-firmware:fwupd
 * snap run gnome-firmware
 * Expected results: Display devices with upgradable firmware
   
[Regression Potential] 

 * There should be no potential for regression, this is adding an
optional label that will not effect other services communicating with
the fwupd service.

** Affects: fwupd (Ubuntu)
     Importance: Low
     Assignee: Ken VanDine (ken-vandine)
         Status: New

** Affects: fwupd (Ubuntu Bionic)
     Importance: Low
     Assignee: Ken VanDine (ken-vandine)
         Status: New

** Affects: fwupd (Ubuntu Disco)
     Importance: Low
     Assignee: Ken VanDine (ken-vandine)
         Status: New

** Affects: fwupd (Ubuntu Eoan)
     Importance: Low
     Assignee: Ken VanDine (ken-vandine)
         Status: New

** Changed in: fwupd (Ubuntu)
     Assignee: (unassigned) => Ken VanDine (ken-vandine)

** Also affects: fwupd (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: fwupd (Ubuntu Eoan)
   Importance: Undecided
       Status: New

** Also affects: fwupd (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Changed in: fwupd (Ubuntu Bionic)
     Assignee: (unassigned) => Ken VanDine (ken-vandine)

** Changed in: fwupd (Ubuntu Disco)
     Assignee: (unassigned) => Ken VanDine (ken-vandine)

** Changed in: fwupd (Ubuntu Eoan)
     Assignee: (unassigned) => Ken VanDine (ken-vandine)

** Changed in: fwupd (Ubuntu)
   Importance: Undecided => Low

** Changed in: fwupd (Ubuntu Bionic)
   Importance: Undecided => Low

** Changed in: fwupd (Ubuntu Disco)
   Importance: Undecided => Low

** Changed in: fwupd (Ubuntu Eoan)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/1852485

Title:
  [SRU] Add AssumedAppArmorLabel to fwupd service

Status in fwupd package in Ubuntu:
  New
Status in fwupd source package in Bionic:
  New
Status in fwupd source package in Disco:
  New
Status in fwupd source package in Eoan:
  New

Bug description:
  In order for strictly confined snaps to work with the host's fwupd we
  need to add the AssumedAppArmorLabel=unconfined to the DBus service
  file.

  [Impact]

   * Without this label, strictly confined snaps can not work with the
  host's fwupd service

  
  [Test Case]

   * snap install --edge gnome-firmware
   * snap connect gnome-firmware:fwupd
   * snap run gnome-firmware
   * Expected results: Display devices with upgradable firmware
     
  [Regression Potential] 

   * There should be no potential for regression, this is adding an
  optional label that will not effect other services communicating with
  the fwupd service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1852485/+subscriptions

More information about the foundations-bugs mailing list