desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #98849
[Bug 1415492] Re: Create a trusted socket for privileged processes
This bug was fixed in the package signon-apparmor-extension -
0.1+15.04.20150203-0ubuntu1
---------------
signon-apparmor-extension (0.1+15.04.20150203-0ubuntu1) vivid; urgency=medium
[ CI bot ]
* Resync trunk
[ Alberto Mardegan ]
* Treat p2p clients as unconfined (LP: #1415492)
[ Ubuntu daily release ]
* New rebuild forced
-- Ubuntu daily release <ps-jenkins@xxxxxxxxxxxxxxxxxxx> Tue, 03 Feb 2015 13:10:00 +0000
** Changed in: signon-apparmor-extension (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to signon in Ubuntu.
https://bugs.launchpad.net/bugs/1415492
Title:
Create a trusted socket for privileged processes
Status in apparmor-easyprof-ubuntu package in Ubuntu:
Fix Committed
Status in signon package in Ubuntu:
In Progress
Status in signon-apparmor-extension package in Ubuntu:
Fix Released
Bug description:
We want to let privileged processes (such as those using the
"unconfined" profile template) to access any online account without
having the need of being added to the account's ACL.
signond and libsignon-qt already support connecting via a p2p D-Bus
backed by a unix socket ("$XDG_RUNTIME_DIR/signond/socket"), but it's
currently switched off at build time. We should enable it.
signon-apparmor-extension has to be changed so that a peer connected
via the p2p D-Bus connection will always be treated as "unconfined".
While apparmor policy already disallows access to this socket,
apparmor-easyprof-ubuntu needs to be modified so that the "accounts"
policy will contain an explicity deny rule for
"$XDG_RUNTIME_DIR/signond/socket" to suppress logging the denial.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1415492/+subscriptions
References