Thanks for clearing that up, Seth!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notifications about this bug go to:
https://bugs
Ken,
The ptrace mediation in 12.04 LTS is very rudimentary; if you add
capability sys_ptrace, to a profile then processes running in that
profile are allowed to trace any process the discretionary access
controls allow. The fine-grained permissions introduced in 14.04 LTS
require both the new kern
Did these changes end up in Precise? I see no sensible way to tell
AppArmor to allow a ptrace. The parser is totally confused by this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[F
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.1.14
---
apparmor-easyprof-ubuntu (1.1.14) trusty; urgency=medium
* 1.1/webview: update for ptrace and signal mediation (LP: #1298611)
* debian/control: Depends on apparmor >= 2.8.95~2430-0ubuntu4
-- Jamie Strandboge
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5
---
apparmor (2.8.95~2430-0ubuntu5) trusty; urgency=medium
* debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof-ubuntu
apparmor (2.8.95~2430-0ubuntu4) trusty; urg
This bug was fixed in the package lxc - 1.0.2-0ubuntu2
---
lxc (1.0.2-0ubuntu2) trusty; urgency=medium
* updates for AppArmor signal and ptrace mediation (LP: #1298611)
- debian/patches/apparmor-signal-ptrace.patch: add signal and ptrace rules
to abstractions/container-bas
This bug was fixed in the package libvirt - 1.2.2-0ubuntu9
---
libvirt (1.2.2-0ubuntu9) trusty; urgency=medium
[ Jamie Strandboge ]
* updates for AppArmor signals and ptrace mediation (LP: #1298611)
- debian/apparmor/libvirt-qemu: allow guests to receive signals from and
This bug was fixed in the package lightdm - 1.9.14-0ubuntu2
---
lightdm (1.9.14-0ubuntu2) trusty; urgency=medium
* debian/patches/06_guest_signal_and_ptrace_aa_rules.patch: Grant
permission for guest session processes to signal and ptrace each
other (LP: #1298611)
* debian
** Branch linked: lp:ubuntu/trusty-proposed/apparmor-easyprof-ubuntu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notifications
The debdiff attached for apparmor looks good, aside from missing some
Breaks: on the old versions of the packages that need to go in at the
same time (because their policies will cease to be sufficient once
ptrace/signal mediation support lands). Jamie has pushed the added
Breaks; once they're ava
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => New
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Fix Committed => New
** Changed in: libvirt (Ubuntu)
Status: Fix Committed => New
** Changed in: lightdm (Ubuntu)
Status: Fix Committed => New
** Ch
FYI, retested all the packages in the PPA on desktop/server for TestPlan
with and without the kernel that supports signal/ptrace mediation and
everything passes (barring expected test-libvirt.py errors unrelated to
apparmor).
--
You received this bug notification because you are a member of Ubunt
** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: libvirt (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: lightdm (Ubuntu)
Status: In
Here's the apparmor debdiff. The testing performed in described in the
bug description. Let me know if there are any questions.
** Patch added: "apparmor_2.8.95~2430-0ubuntu4.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4064098/+files/apparmor_2.8.95%7E2
Here's the lightdm debdiff to allow the guest session to start with
AppArmor signal and ptrace mediation. It is tested on Trusty amd64.
** Patch added: "lightdm_1.9.14-0ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4064056/+files/lightdm_1.9.14-0u
Here's an updated libvirt debdiff. I rebase Jamie's debdiff on top of
the libvirt that was uploaded to the archive yesterday.
** Patch added: "libvirt_1.2.2-0ubuntu9.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611/+attachment/4064063/+files/libvirt_1.2.2-0ubuntu9.debdi
** Patch added: "apparmor-easyprof-ubuntu_1.1.14.debdiff"
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1298611/+attachment/4064055/+files/apparmor-easyprof-ubuntu_1.1.14.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0055
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0131
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
The apparmor-easyprof-ubuntu change is not strictly needed in this
upload since it is primarily used for Touch and the Touch kernels don't
yet have the updated patchset. However, it could affect people testing
click packages on the desktop and it is a change we need to make anyway.
** Also affects
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
The LXC change looks good, it's in line with what I was planning to push
upstream. Feel free to upload that directly to the archive and I'll do a
similar upstream change right around the same time so our PPA users
don't break, then shortly after that will tag 1.0.3 and get that into
trusty so we ca
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
Here is a debdiff for lxc. It is tested on trusty. To ease backporting,
I updated debian/rules for strip out the signal and ptrace rules for
Ubuntu releases earlier than 14.04 (using the same method as for
stripping out dbus for earlier than 13.10), but could not test earlier
releases because libcg
Note: I only did rudimentary testing: create, ls, start, shutdown,
destroy.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notific
Stéphane, all that is needed is to add the following to
abstractions/lxc/container-base and abstractions/lxc/start-container:
signal,
ptrace,
Obviously, confinement could be more interesting, but like with dbus we
should err on the side of caution and just let these through. Adding
this rules
I've added tasks for lightdm and lxc. The lightdm guest session
abstraction needs to be updated for signal and ptrace mediation and I'm
currently working on that. In previous IRC discussions, stgraber
mentioned that he had a handle on what was needed for the lxc policy so
I've assigned him but I ca
This bug was fixed in the package linux - 3.13.0-21.43
---
linux (3.13.0-21.43) trusty; urgency=low
[ Andy Whitcroft ]
* SAUCE: kvm: BIOS disabled kvm support should be a warning
- LP: #1300247
* SAUCE: nouveau: missing outputs should be warnings
- LP: #1300244
[ Joh
Adam, thanks for the review and we will test that kernel. FYI, if by
some chance the userspace bits aren't granted the FFe, the kernel bits
are safe to keep in trusty.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
Approving the kernel side of this. Please re-test against the -21
kernel when it spits out of the buildds.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptr
** Changed in: linux (Ubuntu)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notificatio
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
Adding libvirt task for if the apparmor and linux tasks are accepted.
Debdiff should be applied at same time as apparmor upload.
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may happen at
different times.
= linux =
Summary:
This featu
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notifications
** Tags removed: bot-stop-nagging
** Tags added: kernel-bot-stop-nagging
** Changed in: linux (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
** Changed in: linux (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298611
Title:
[FFe] apparmor signal and ptrace mediation
To manage notifications about
** Changed in: linux (Ubuntu)
Status: Incomplete => New
** Description changed:
Background: kernel and apparmor userspace updates to support signal and
ptrace mediation. These packages are listed in one bug because they are
related, but the FFes may be granted and the uploads may hap
** Description changed:
+ Background: kernel and apparmor userspace updates to support signal and
+ ptrace mediation. These packages are listed in one bug because they are
+ related, but the FFes may be granted and the uploads may happen at
+ different times.
+
= linux =
+ Summary:
This featu
** Description changed:
= linux =
This feature freeze exception is requested for signal and ptrace mediation
via apparmor in the kernel. When used with a compatible apparmor userspace,
signals and ptrace rules are supported. When used without a compatible apparmor
userspace (eg, on a precis
** Description changed:
= linux =
This feature freeze exception is requested for signal and ptrace mediation
via apparmor in the kernel. When used with a compatible apparmor userspace,
signals and ptrace rules are supported. When used without a compatible apparmor
userspace (eg, on a precis
46 matches
Mail list logo
