[Bug 1262440] Re: It should be possible to grant D-Bus eavesdropping permission to AppArmor confined processes

Tyler Hicks tyhicks at canonical.com
Thu Dec 19 16:50:43 UTC 2013 

On 2013-12-19 13:46:31, Jamie Strandboge wrote:
> Can you add a landing ask and enumerate your testing?

I see that you've already added a landing ask. Thanks!

Tests added:

 1) I've added functional/regression tests to the apparmor source that
    are ran by QRT's test-apparmor.py
    - These tests start up a bus and then spawn processes, in a mixture
      of confinement scenarios, that attempt to eavesdrop
 2) I've added rule parsing tests to the apparmor source that are ran at
    build time and by QRT's test-apparmor.py
    - These tests generate test profiles containing D-Bus eavesdrop rule
      and ensure that the parser acts as expected
    - Additionally, there are tests that look at the parser's output
      when parsing binary equal, but syntax unequal, profiles
 3) I've added functional tests to the test-dbus.py script in QRT
    - These tests are similar to the tests mentioned in #1 but they use
      the python-dbus bindings

Tests performed:

 1) QRT's test-apparmor.py and test-dbus.py on amd64
    - Successful, but test-dbus.py has a pre-existing failure in the
      dbus-glib test that I wasn't able to fix
 2) QRT's test-click-apparmor.py and
    tests/image/unprivileged/click-apparmor on goldfish
 3) Manually installed an app on goldfish

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1262440

Title:
  It should be possible to grant D-Bus eavesdropping permission to
  AppArmor confined processes

Status in “apparmor” package in Ubuntu:
  Confirmed
Status in “dbus” package in Ubuntu:
  Confirmed

Bug description:
  In 13.10, confined applications could not eavesdrop on a bus. There
  was simply no way for confined applications to be granted permission
  to eavesdrop. This should be configurable in the application's
  AppArmor profile.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1262440/+subscriptions

More information about the Ubuntu-sponsors mailing list