Package "apparmor-easyprof-ubuntu"
Name: |
apparmor-easyprof-ubuntu
|
Description: |
AppArmor easyprof templates for Ubuntu
|
Latest version: |
1.1.16 |
Release: |
trusty (14.04) |
Level: |
base |
Repository: |
main |
Links
Download "apparmor-easyprof-ubuntu"
Other versions of "apparmor-easyprof-ubuntu" in Trusty
No other version of this package is available
in the Trusty release.
Changelog
apparmor-easyprof-ubuntu (1.1.11) trusty; urgency=medium
* 1.0/ubuntu-*: explicitly deny access to oxide files so webbrowser-app's
fallback mechanism to QtWebKit works correctly. This is needed so 13.10
framework webapps don't regress
* 1.1/webview: prevent certificate db poisoning and disallow write access to
@{HOME}/.pki/nssdb/*. Note, while this prevents cert attacks, it doesn't
prevent information disclosure so once LP: 1260048 is fixed in oxide, we
can remove the read access.
-- Jamie Strandboge <email address hidden> Fri, 28 Mar 2014 09:57:13 -0500
|
Source diff to previous version |
apparmor-easyprof-ubuntu (1.1.10) trusty; urgency=medium
* 1.*/ubuntu-*:
- add read access to /usr/share/unity/icons/**. Why this isn't under
/usr/share/icons/unity instead, I don't know, but the access is
harmless, so allow it. This is currently needed by the gallery
- explicitly deny access to com.canonical.snapdecisions interface
(LP: #1291234)
* 1.*/friends: allow freedesktop.org notifications which is needed by the
gallery app to show that a picture has been uploaded (LP: #1279969)
* debian/control: Build-Depends on apparmor-easyprof since it is needed by
the testsuite. This is needed because dh-apparmor now only Suggests
apparmor-easyprof
-- Jamie Strandboge <email address hidden> Mon, 24 Mar 2014 17:20:42 -0500
|
Source diff to previous version |
1291234 |
Deny untrusted/confined apps to use \ |
1279969 |
When using the friends profile from a confined app, notifications are blocked |
|
apparmor-easyprof-ubuntu (1.1.9) trusty; urgency=medium
* adjustments for Qt5.2
- 1.*/networking: like with other NetworkManager access, explicitly deny
connecting to peer=(name=org.freedesktop.NetworkManager)
* 1.1/content_exchange: deny 'w' on ~/.cache/@{APP_PKGNAME}/HubIncoming/**.
The content-hub will create hard links in this directory for volatile
data, but using hard links means the content source file could be modified
by the app. This prevents that. (LP: #1293771)
-- Jamie Strandboge <email address hidden> Mon, 17 Mar 2014 15:04:33 -0500
|
Source diff to previous version |
1293771 |
Add deny rule in content_exchange |
|
apparmor-easyprof-ubuntu (1.1.8) trusty; urgency=medium
* 1.*/ubuntu-sdk: allow accesses to workaround intel driver crash on X
- allow read of /sys/devices/pci[0-9]*/**/uevent
- allow read of /etc/udev/udev.conf
- explicityly deny /run/udev/data/**, like we do elsewhere
- LP: #1286162
-- Jamie Strandboge <email address hidden> Wed, 05 Mar 2014 12:16:44 -0600
|
Source diff to previous version |
1286162 |
[gm45] False GPU lockup IPEHR: 0x89800000 |
|
apparmor-easyprof-ubuntu (1.1.7) trusty; urgency=medium
* 1.*/ubuntu-sdk: /usr/share/ubuntu-html5-theme moved to
/usr/share/ubuntu-html5-ui-toolkit (LP: #1287297)
-- Jamie Strandboge <email address hidden> Mon, 03 Mar 2014 12:18:22 -0600
|
1287297 |
Upgrade ubuntu-sdk profile to /usr/share/ubuntu-html5-ui-toolkit |
|
About
-
Send Feedback to @ubuntu_updates