Add deny rule in content_exchange
Bug #1293771 reported by
Ken VanDine
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
The content-hub will be using hardlinks whenever possible to avoid copying content into multiple locations, however we don't want the destination app to be able to edit content owned by the source app. To prevent this, the following rule should be added to the content_exchange policy:
deny @{HOME}
This will allow the destination app to read the contents safely, without risking the content integrity for the source app.
Related branches
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
To post a comment you must log in.
This bug was fixed in the package apparmor- easyprof- ubuntu - 1.1.9
--------------- easyprof- ubuntu (1.1.9) trusty; urgency=medium
apparmor-
* adjustments for Qt5.2 org.freedesktop .NetworkManager ) exchange: deny 'w' on ~/.cache/ @{APP_PKGNAME} /HubIncoming/ **.
- 1.*/networking: like with other NetworkManager access, explicitly deny
connecting to peer=(name=
* 1.1/content_
The content-hub will create hard links in this directory for volatile
data, but using hard links means the content source file could be modified
by the app. This prevents that. (LP: #1293771)
-- Jamie Strandboge <email address hidden> Mon, 17 Mar 2014 15:04:33 -0500