This bug was fixed in the package adsys - 0.8.5~22.04
---------------
adsys (0.8.5~22.04) jammy; urgency=medium
[ Jean-Baptiste Lallement ]
[ Didier Roche ]
* Rename chapters to be in correct ascii order when viewed online.
Thanks to Anton Drastrup-Fjordbak.
* Include 22.04 in admx/adml for lts only releases. (LP: #1973745)
* Bump embedeed dependencies minor versions for both bug fixes and minor
security enhancements.
* Fix dconf keys not being readable by user after applying policy.
(LP: #1973748)
* Ensure we can execute machine and user scripts:
/run is now noexec on Ubuntu. Ensure that we can execute the scripts in
/run/adsys subdirectories. The scripts mecanism has been reviewed by the
security team, so we can reset them as executable. (LP: #1973751)
* Move integration tests under cmd/adsysd and admxgen binary to cmd/admxgen
to prepare future adwatchd daemon under cmd/ which will be SRUed with an
exception in next update. This is a no-op in the finale deploy binaries,
apart from admxgen which is now using Cobra. This binary though is not
shipped in any package and only used in CI.
* Fix privilege permission which can not be set to disabled. (LP: #1973752)
* Adaptation or new tests for all above changes.
* Add fuzz tests and include new potential crash fixes on invalid files
generated by Windows AD.
* CI fixes and changes (not impacting finale package):
- Move CI to Go 1.18 (package is already building with 1.18 in jammy).
- Fixes due to new github.
- Fix to generate all LTS releases in admx/adml (see above).
-- Didier Roche <didro...@ubuntu.com> Mon, 16 May 2022 14:09:36 +0200
** Changed in: adsys (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to adsys in Ubuntu.
https://bugs.launchpad.net/bugs/1973751
Title:
Machines or Users scripts are not executed
Status in adsys package in Ubuntu:
Fix Released
Status in adsys source package in Focal:
New
Status in adsys source package in Jammy:
Fix Released
Bug description:
[Impact]
Machine and user scripts are not executed on startup/shutdown/login/logoff.
/run has been recently changed to be noexec on jammy. Ensure that we can
execute the scripts in /run/adsys subdirectories. The scripts mecanism has been
reviewed by the security team, so we can reset them as executable.
[Test case]
* Setup some scripts under AD to be executed, one for machine scripts (on
startup), one for user scripts (on login). Those scripts can create some
temporary files under /tmp for instance.
* Reboot and login on the Ubuntu laptop connected with AD by adsys, with ua
attached
* Check that the scripts were executed by testing that the created file under
/tmp are present.
[Where problems could occur]
This is technically a new .mount systemd unit service which takes the same
mount option than /run, but don’t set noexec. The setup is similar than qemu
.mount unit for instance.
Worst impact could be that the script policy manager can’t run the scripts as
it is already the case today.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973751/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
