Ubuntu
signon-apparmor-extension package

Create a trusted socket for privileged processes

Bug #1415492 reported by Alberto Mardegan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
Unassigned
Canonical System Image ww07-2015
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
Undecided
Jamie Strandboge
apparmor-easyprof-ubuntu (Ubuntu RTM)
Fix Released
Undecided
Jamie Strandboge
signon (Ubuntu)
Fix Released
Undecided
Alberto Mardegan
signon-apparmor-extension (Ubuntu)
Fix Released
Undecided
Alberto Mardegan
signon-apparmor-extension (Ubuntu RTM)
Fix Released
Undecided
Unassigned

Bug Description

We want to let privileged processes (such as those using the "unconfined" profile template) to access any online account without having the need of being added to the account's ACL.

signond and libsignon-qt already support connecting via a p2p D-Bus backed by a unix socket ("$XDG_RUNTIME_DIR/signond/socket"), but it's currently switched off at build time. We should enable it.

signon-apparmor-extension has to be changed so that a peer connected via the p2p D-Bus connection will always be treated as "unconfined".

While apparmor policy already disallows access to this socket, apparmor-easyprof-ubuntu needs to be modified so that the "accounts" policy will contain an explicity deny rule for "$XDG_RUNTIME_DIR/signond/socket" to suppress logging the denial.

See original description

Related branches

lp://staging/~mardy/signon-apparmor-extension/lp1415492
PS Jenkins bot (community): Needs Fixing (continuous-integration)
David Barth (community): Approve
Diff: 72 lines (+7/-24)
2 files modified
src/access-control-manager.cpp (+6/-21)
tests/tst_extension.cpp (+1/-3)
lp://staging/~mardy/apparmor-easyprof-ubuntu/lp1415492
Jamie Strandboge (community): Approve
David Barth (community): Approve
Diff: 29 lines (+4/-4)
2 files modified
data/policygroups/ubuntu/1.0/accounts (+2/-2)
data/policygroups/ubuntu/1.2/accounts (+2/-2)
lp://staging/ubuntu/vivid-proposed/signon-apparmor-extension
lp://staging/ubuntu/vivid-proposed/apparmor-easyprof-ubuntu
lp://staging/~mardy/signon-apparmor-extension/lp1415492-rtm
Alberto Mardegan (community): Approve
Diff: 72 lines (+7/-24)
2 files modified
src/access-control-manager.cpp (+6/-21)
tests/tst_extension.cpp (+1/-3)
lp://staging/~mardy/signon/lp1415492-rtm
Alberto Mardegan (community): Approve
Diff: 1057 lines (+539/-202)
24 files modified
debian/changelog (+17/-0)
debian/control (+1/-0)
debian/rules (+1/-0)
lib/plugins/SignOn/uisessiondata_priv.h (+2/-0)
src/signond/accesscontrolmanagerhelper.cpp (+1/-1)
src/signond/default-secrets-storage.cpp (+7/-4)
src/signond/default-secrets-storage.h (+1/-0)
src/signond/pluginproxy.cpp (+4/-0)
src/signond/signondaemon.cpp (+2/-0)
src/signond/signondaemonadaptor.cpp (+1/-1)
src/signond/signonidentity.cpp (+8/-30)
src/signond/signonidentityinfo.cpp (+12/-0)
src/signond/signonidentityinfo.h (+2/-0)
src/signond/signonsessioncore.cpp (+6/-2)
tests/libsignon-qt-tests/ssotestclient.cpp (+127/-161)
tests/libsignon-qt-tests/ssotestclient.h (+1/-1)
tests/libsignon-qt-tests/testauthsession.cpp (+1/-0)
tests/run-with-signond.sh (+5/-2)
tests/signond-tests/.gitignore (+1/-0)
tests/signond-tests/signond-tests.pri (+2/-0)
tests/signond-tests/signond-tests.pro (+2/-0)
tests/signond-tests/timeouts.cpp (+2/-0)
tests/signond-tests/tst_access_control_manager_helper.cpp (+320/-0)
tests/signond-tests/tst_access_control_manager_helper.pro (+13/-0)
Jamie Strandboge (jdstrand)
description: updated
tags: added: application-confinement
Alberto Mardegan (mardy)
Changed in signon-apparmor-extension (Ubuntu):
assignee: nobody → Alberto Mardegan (mardy)
Changed in signon (Ubuntu):
assignee: nobody → Alberto Mardegan (mardy)
status: New → In Progress
Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → Fix Committed
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package signon-apparmor-extension - 0.1+15.04.20150203-0ubuntu1

---------------
signon-apparmor-extension (0.1+15.04.20150203-0ubuntu1) vivid; urgency=medium

  [ CI bot ]
  * Resync trunk

  [ Alberto Mardegan ]
  * Treat p2p clients as unconfined (LP: #1415492)

  [ Ubuntu daily release ]
  * New rebuild forced
 -- Ubuntu daily release <email address hidden> Tue, 03 Feb 2015 13:10:00 +0000

Changed in signon-apparmor-extension (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package signon - 8.57+15.04.20150204.1-0ubuntu1

---------------
signon (8.57+15.04.20150204.1-0ubuntu1) vivid; urgency=medium

  [ Alberto Mardegan ]
  * Enable P2P D-Bus connections (LP: #1415492)
  * Add missing build dependency on libdbus-1-dev
 -- Ubuntu daily release <email address hidden> Wed, 04 Feb 2015 10:39:42 +0000

Changed in signon (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.3.4

---------------
apparmor-easyprof-ubuntu (1.3.4) vivid; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/accounts: explictly deny access to the p2p socket. This will now be
    available only to unconfined apps to support a trusted socket for
    privileged processes (LP: #1415492)

  [ Jamie Strandboge ]
  * add ubuntu/1.2/ubuntu-account-plugin template and add to 1.3 policy
    (LP: #1219644)
  * adjust expected_templates_12 in autopkgtests to have ubuntu-account-plugin
  * ubuntu/webview: allow /sys/devices/system/cpu/*/cpufreq/cpuinfo_max_freq
    readonly access
 -- Jamie Strandboge <email address hidden> Tue, 03 Feb 2015 16:24:15 -0600

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

apparmor-easyprof-ubuntu 1.2.41 is in rtm silo 000 (with the others). David said he would test it and coordinate the landing.

Changed in apparmor-easyprof-ubuntu (Ubuntu RTM):
status: New → Fix Committed
assignee: nobody → Jamie Strandboge (jdstrand)
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
importance: Undecided → High
milestone: none → ww07-2015
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.41

---------------
apparmor-easyprof-ubuntu (1.2.41) 14.09; urgency=medium

  [ Alberto Mardegan ]
  * ubuntu/accounts: explictly deny access to the p2p socket. This will now be
    available only to unconfined apps to support a trusted socket for
    privileged processes (LP: #1415492)
 -- Jamie Strandboge <email address hidden> Thu, 05 Feb 2015 12:33:59 -0600

Changed in apparmor-easyprof-ubuntu (Ubuntu RTM):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package signon-apparmor-extension - 0.1+15.04.20150205~rtm-0ubuntu1

---------------
signon-apparmor-extension (0.1+15.04.20150205~rtm-0ubuntu1) 14.09; urgency=medium

  [ Alberto Mardegan ]
  * Treat p2p clients as unconfined (LP: #1415492)
 -- Ubuntu daily release <email address hidden> Thu, 05 Feb 2015 14:42:53 +0000

Changed in signon-apparmor-extension (Ubuntu RTM):
status: New → Fix Released
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.