touch-packages team mailing list archive

Thread
Date

[Bug 1489489] Re: The org.freedesktop.DBus.GetConnectionAppArmorSecurityContext() method is deprecated

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: James Henstridge <james.henstridge@xxxxxxxxxxxxx>
Date: Mon, 16 Nov 2015 08:34:19 -0000
Reply-to: Bug 1489489 <1489489@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

>From what I can see, GetConnectionCredentials() does not quite return
the same information as GetConnectionAppArmorSecurityContext().  With
the new API, I get back a value like "profile_name (enforce)".

I can extract the profile name using aa_splitcon(), but this was only
added in libapparmor 2.10.  Unfortunately vivid only provides version
2.9.1.

We're going to be stuck supporting vivid for a while, so I guess there
are two ways to solve this:

1. someone uploads a new libapparmor build for vivid to the stable-phone-overlay PPA.
2. I provide my own version of the label splitting code in my project.

(1) seems like the preferable option, since it would reduce code
duplication over all the projects listed in this bug.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to content-hub in Ubuntu.
https://bugs.launchpad.net/bugs/1489489

Title:
  The org.freedesktop.DBus.GetConnectionAppArmorSecurityContext() method
  is deprecated

Status in Ubuntu Online Accounts API:
  Confirmed
Status in apparmor package in Ubuntu:
  Triaged
Status in content-hub package in Ubuntu:
  Confirmed
Status in dbus package in Ubuntu:
  Triaged
Status in media-hub package in Ubuntu:
  Confirmed
Status in mediascanner2 package in Ubuntu:
  Confirmed
Status in signon-apparmor-extension package in Ubuntu:
  Confirmed
Status in ubuntu-download-manager package in Ubuntu:
  Confirmed
Status in ubuntu-system-settings-online-accounts package in Ubuntu:
  Confirmed

Bug description:
  When upstream D-Bus merged the AppArmor mediation patches, they did
  not like the GetConnectionAppArmorSecurityContext() bus method.
  Instead, they decided to expose a peer's AppArmor context using the
  org.freedesktop.DBus.GetConnectionCredentials() bus method. All users
  of the GetConnectionAppArmorSecurityContext() method should switch to
  the GetConnectionCredentials() method as soon as possible so that
  Ubuntu can drop the patch that implements
  GetConnectionAppArmorSecurityContext() by the time 16.04 LTS is
  released.

  In order to switch to the new method, you'll need to depend on
  libapparmor 2.10 or newer.

  I'll be adding example code that illustrates how to switch from
  GetConnectionAppArmorSecurityContext() to GetConnectionCredentials().

  content-hub, media-hub, mediascanner2, signon-apparmor-extension,
  ubuntu-download-manager, and ubuntu-system-settings-online-accounts
  all need to transition to the new method of obtaining the AppArmor
  label.

  The apparmor package should be updated to drop the libapparmor-
  mention-dbus-method-in-getcon-man.patch patch and the dbus package
  should be updated to drop the aa-get-connection-apparmor-security-
  context.patch patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/online-accounts-api/+bug/1489489/+subscriptions