touch-packages team mailing list archive

Thread
Date

[Bug 1260115] Re: oxide's chrome-sandbox needs access to @{PROC}/[0-9]/oom_ which may conflict with application lifecycle

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1260115@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2014 21:16:24 -0000
Reply-to: Bug 1260115 <1260115@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.29

---------------
apparmor-easyprof-ubuntu (1.2.29) utopic; urgency=medium

  * ubuntu/webview: explicitly deny write access to @{PROC}/[0-9]*/oom_adj
    and @{PROC}/[0-9]*/oom_score_adj. This is confirmed as a way to escape
    application lifecycle (LP: #1260115)
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Mon, 29 Sep 2014 12:28:39 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260115

Title:
  oxide's chrome-sandbox needs access to @{PROC}/[0-9]*/oom_* which may
  conflict with application lifecycle

Status in Oxide Webview:
  Won't Fix
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Fix Released

Bug description:
  The following accesses are required by chrome-sandbox:
  owner @{PROC}/[0-9]*/oom_adj w,
  owner @{PROC}/[0-9]*/oom_score_adj w,

  It needs to be confirmed that chrome-sandbox's adjustments will not
  interfere with application lifecycle.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260115/+subscriptions

touch-packages team mailing list archive

[Bug 1260115] Re: oxide's chrome-sandbox needs access to @{PROC}/[0-9]*/oom_* which may conflict with application lifecycle

[Bug 1260115] Re: oxide's chrome-sandbox needs access to @{PROC}/[0-9]/oom_ which may conflict with application lifecycle