** Branch linked: lp:ubuntu/evince
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986
Title:
use of Ux in ubuntu-* abstractions and profiles is too lenient and
should be
** Changed in: cups (Ubuntu)
Status: Triaged = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986
Title:
use of Ux in ubuntu-* abstractions and profiles is too
This bug was fixed in the package evince - 3.2.1-1ubuntu8
---
evince (3.2.1-1ubuntu8) precise; urgency=low
* debian/apparmor-profile*: update to use Cx - sanitized_helper instead of
Ux as a workaround until we get better environment filtering support in
AppArmor (LP:
The new firefox profile has moved all but 3 Ux out into the apparmor
ubuntu-browsers.d abstractions. The sanitizied_helper workaround has
been applied to those abstractions already, and the 3 Ux's in the
firefox profile are simple utilities (ps, uname and mkfifo). Since they
are ELF binaries, they
This bug was fixed in the package apparmor - 2.7.0-0ubuntu1
---
apparmor (2.7.0-0ubuntu1) precise; urgency=low
* New upstream release. Fixes the following:
- LP: #794974
- LP: #815883
- LP: #840973
* Drop the following patches, included upstream:
-
** Branch linked: lp:ubuntu/apparmor
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986
Title:
use of Ux in ubuntu-* abstractions and profiles is too lenient and
should be
** Changed in: apparmor (Ubuntu Oneiric)
Status: In Progress = Won't Fix
** Changed in: evince (Ubuntu Oneiric)
Status: In Progress = Won't Fix
** Changed in: firefox (Ubuntu Oneiric)
Status: Triaged = Won't Fix
** Changed in: firefox (Ubuntu Oneiric)
Assignee: Jamie
For now I am going to close the cups task as Won't Fix. We will
definitely revisit the cups helpers once proper environment filtering is
implemented upstream.
** Changed in: cups (Ubuntu Precise)
Status: New = Won't Fix
--
You received this bug notification because you are a member of
I have landed a sanitized helper ubuntu abstraction upstream that should
work for python and mmaping user owned files which is tested to work
with evince and the new QRT environment filtering tests in test-
apparmor.py. This is a workaround until proper environment filtering can
be implemented in
** Tags removed: rls-mgr-p-tracking
** Tags added: rls-p-tracking
** Changed in: evince (Ubuntu Precise)
Milestone: None = precise-alpha-2
** Changed in: evince (Ubuntu Precise)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu Precise)
Milestone:
** Also affects: apparmor (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: cups (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: evince (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: firefox (Ubuntu
** Tags added: rls-mgr-o-tracking
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986
Title:
use of Ux in ubuntu-* abstractions and profiles is too lenient and
should be
** Changed in: apparmor (Ubuntu Oneiric)
Milestone: ubuntu-11.10 = oneiric-updates
** Changed in: evince (Ubuntu Oneiric)
Milestone: ubuntu-11.10 = oneiric-updates
** Changed in: firefox (Ubuntu Oneiric)
Milestone: ubuntu-11.10 = oneiric-updates
--
You received this bug
** Changed in: apparmor (Ubuntu Oneiric)
Milestone: ubuntu-11.10-beta-2 = ubuntu-11.10
** Changed in: evince (Ubuntu Oneiric)
Milestone: ubuntu-11.10-beta-2 = ubuntu-11.10
** Changed in: firefox (Ubuntu Oneiric)
Milestone: ubuntu-11.10-beta-2 = ubuntu-11.10
--
You received this bug
Martin, actually it may not be such a large task (you should wait and
see the sanitizing child profile approach I am using) and while not a
regression (I don't think it was tagged as such?), it may be a
worthwhile enhancement.
--
You received this bug notification because you are a member of
We specifically added Ux because third-party filters sometimes to wildly
crazy things and we don't know about them. I wasn't happy about these
either, of course, but we basically have to design the profile against
an unknown target.
--
You received this bug notification because you are a member
Updating the cups AA profile is quite a large task, and this is not a
regression, un-targetting for oneiric.
** Changed in: cups (Ubuntu Oneiric)
Status: Confirmed = Won't Fix
** Changed in: cups (Ubuntu)
Status: Confirmed = Triaged
** Changed in: cups (Ubuntu Oneiric)
** Summary changed:
- use of Ux in ubuntu-* abstractions and profiles is too lenient
+ use of Ux in ubuntu-* abstractions and profiles is too lenient and should be
improved
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in
pitti, can you have a look into CUPS and its AppArmor profile? Thanks.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986
Title:
use of Ux in ubuntu-* abstractions and profiles
pitti, before you spend too much time on fixing anything (by all means,
investigate its impact), let me get a fix for evince going-- I'm working
on a 'sanitizing child profile' approach that we can reuse or adapt for
cups.
--
You received this bug notification because you are a member of Ubuntu
Let me clraify: I'm working on a 'sanitizing child profile' approach
that we *could maybe* reuse or adapt for cups.
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/851986
Title:
use
21 matches
Mail list logo