| 2013-09-11 21:28:47 |
Jamie Strandboge |
bug |
|
|
added bug |
| 2013-09-11 21:28:57 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Saucy |
|
| 2013-09-11 21:28:57 |
Jamie Strandboge |
bug task added |
|
u1db-qt (Ubuntu Saucy) |
|
| 2013-09-11 21:29:53 |
Jamie Strandboge |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu) |
|
| 2013-09-11 21:38:05 |
Jamie Strandboge |
summary |
qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for sqlite files |
qtdeclarative5-u1db1.0 should not use ~/.local/share/Qt Project for db files |
|
| 2013-09-11 21:42:02 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu Saucy): status |
New |
Triaged |
|
| 2013-09-11 21:42:07 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu Saucy): importance |
Undecided |
High |
|
| 2013-09-13 13:41:16 |
Pat McGowan |
apparmor-easyprof-ubuntu (Ubuntu Saucy): assignee |
|
Christian Dywan (kalikiana) |
|
| 2013-09-14 18:53:00 |
Robert Schroll |
bug |
|
|
added subscriber Robert Schroll |
| 2013-09-16 15:14:35 |
Jamie Strandboge |
description |
Similar to bug #1197051, qtdeclarative5-u1db1.0 stores its data files in locations like this:
/home/phablet/.local/share/Qt Project/QtQmlViewer/ubuntu-tasks.db
This results in AppArmor rules like the following:
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/"
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/*.db*" rwk,
But these rules are too lenient and these paths need to be made application specific so that different apps using u1db-qt can't tamper with each other's data. Specifically: $XDG_DATA_HOME/<app id> where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').
com.ubuntu.developer.mdspencer.ubuntu-tasks is an app in the app store that is affected by this. It uses the following QML:
U1db.Database {
id: storage
path: "ubuntu-tasks.db"
}
This needs to be fixed for 13.10 otherwise apps are not properly isolation under application confinement. |
Similar to bug #1197051, qtdeclarative5-u1db1.0 stores its data files in locations like this:
/home/phablet/.local/share/Qt Project/QtQmlViewer/ubuntu-tasks.db
This results in AppArmor rules like the following:
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/"
owner "@{HOME}/.local/share/Qt Project/QtQmlViewer/*.db*" rwk,
But these rules are too lenient and these paths need to be made application specific so that different apps using u1db-qt can't tamper with each other's data. Specifically: $XDG_DATA_HOME/<app pkgname> where '<app pkgname>' is the "name" field in the Click manifest (see bug #1197037 for details).
com.ubuntu.developer.mdspencer.ubuntu-tasks is an app in the app store that is affected by this. It uses the following QML:
U1db.Database {
id: storage
path: "ubuntu-tasks.db"
}
This needs to be fixed for 13.10 otherwise apps are not properly isolation under application confinement. |
|
| 2013-09-16 15:58:27 |
Pat McGowan |
bug |
|
|
added subscriber Pat McGowan |
| 2013-09-17 09:20:52 |
Alan Pope 🍺🐧🐱 🦄 |
bug |
|
|
added subscriber Alan Pope ㋛ |
| 2013-09-17 11:03:42 |
Cris Dywan |
branch linked |
|
lp:~kalikiana/ubuntu-ui-toolkit/appname |
|
| 2013-09-17 19:48:53 |
Pat McGowan |
u1db-qt (Ubuntu Saucy): assignee |
|
Christian Dywan (kalikiana) |
|
| 2013-09-24 04:41:53 |
Zoltan Balogh |
bug task added |
|
ubuntu-ui-toolkit |
|
| 2013-09-24 09:34:03 |
Cris Dywan |
ubuntu-ui-toolkit: status |
New |
Fix Committed |
|
| 2013-09-25 10:20:49 |
Launchpad Janitor |
ubuntu-ui-toolkit (Ubuntu Saucy): status |
New |
Fix Released |
|
| 2013-09-26 18:29:11 |
Florian Boucault |
ubuntu-ui-toolkit: status |
Fix Committed |
Fix Released |
|
| 2013-10-08 00:03:34 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/apparmor-easyprof-ubuntu |
|
| 2013-10-08 00:29:47 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu Saucy): status |
Triaged |
Fix Released |
|
| 2013-10-08 15:55:59 |
Pat McGowan |
u1db-qt (Ubuntu Saucy): status |
Confirmed |
Fix Released |
|
