[Bug 1262440] Re: It should be possible to grant D-Bus eavesdropping permission to AppArmor confined processes
Tyler Hicks
tyhicks at canonical.com
Thu Dec 19 16:50:43 UTC 2013
On 2013-12-19 13:46:31, Jamie Strandboge wrote:
> Can you add a landing ask and enumerate your testing?
I see that you've already added a landing ask. Thanks!
Tests added:
1) I've added functional/regression tests to the apparmor source that
are ran by QRT's test-apparmor.py
- These tests start up a bus and then spawn processes, in a mixture
of confinement scenarios, that attempt to eavesdrop
2) I've added rule parsing tests to the apparmor source that are ran at
build time and by QRT's test-apparmor.py
- These tests generate test profiles containing D-Bus eavesdrop rule
and ensure that the parser acts as expected
- Additionally, there are tests that look at the parser's output
when parsing binary equal, but syntax unequal, profiles
3) I've added functional tests to the test-dbus.py script in QRT
- These tests are similar to the tests mentioned in #1 but they use
the python-dbus bindings
Tests performed:
1) QRT's test-apparmor.py and test-dbus.py on amd64
- Successful, but test-dbus.py has a pre-existing failure in the
dbus-glib test that I wasn't able to fix
2) QRT's test-click-apparmor.py and
tests/image/unprivileged/click-apparmor on goldfish
3) Manually installed an app on goldfish
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1262440
Title:
It should be possible to grant D-Bus eavesdropping permission to
AppArmor confined processes
Status in “apparmor” package in Ubuntu:
Confirmed
Status in “dbus” package in Ubuntu:
Confirmed
Bug description:
In 13.10, confined applications could not eavesdrop on a bus. There
was simply no way for confined applications to be granted permission
to eavesdrop. This should be configurable in the application's
AppArmor profile.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1262440/+subscriptions
More information about the Ubuntu-sponsors
mailing list