ubuntu-core-security 15.10.13 source package in Ubuntu
Changelog
ubuntu-core-security (15.10.13) wily; urgency=medium
* update autopkgtests for new policy groups
ubuntu-core-security (15.10.12) wily; urgency=medium
* add restricted network-admin policy group
* ubuntu-core/default:
- allow reading unversioned package dirs in $HOME
- suppress noisy write denials to .pyc files in the install dir
(LP: #1496892). This might be able to be removed when LP: 1496895 is
fixed.
* ubuntu-core/default: handle miscellaneous java accesses (LP: #1496895)
- read to @PROC/@{pid}/ and @PROC/@{pid}/fd/
- owner read to owner @PROC/@{pid}/auxv
- reads to @PROC/@{pid}/version_signature, @PROC/@{pid}/version,
/etc/lsb-release
- read to @PROC/sys/vm/zone_reclaim_mode
- read to /sys/devices/**/read_ahead_kb and /sys/devices/system/cpu/**
- read to /sys/kernel/mm/transparent_hugepage/enabled and
/sys/kernel/mm/transparent_hugepage/defrag
- explicit deny to @{PROC}/@{pid}/cmdline. This seems to be ok for now,
but if it breaks things, allow with owner match (an info leak) until we
have kernel side pid variable in AppArmor
- allow reads on /etc/{,writable/}localtime and /etc/{,writable/}timezone
* add restricted snapd policy group
* add restricted network-firewall policy group
* add restricted network-status policy group
* bin/snappy-security: use 'Caps' instead of 'Policy groups' in output
* ubuntu/network-service: reluctantly allow access to /proc/*/net/if_inet6
and /proc/*/net/ipv6_route until we can find a better way (LP: #1496906)
* add test-format.sh to make sure we have properly formatted policy
* debian/rules: use test-format.sh
* ubuntu/unconfined: use 'Usage: reserved' not 'restricted' since
'restricted' is not a valid 'Usage' value
ubuntu-core-security (15.10.11) wily; urgency=medium
* ubuntu-core/default: allow reads on directories in /sys/devices and
/sys/class to ease using hw-assign
-- Jamie Strandboge <email address hidden> Mon, 21 Sep 2015 17:23:42 -0500
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Wily
- Original maintainer:
- Ubuntu Security Team
- Architectures:
- all i386 amd64 armhf arm64
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ubuntu-core-security_15.10.13.tar.xz | 22.6 KiB | a676d13da7ffbaf7407a0957a41daf28da7c07b1e3cd2c3d2b807bf553ee090e |
| ubuntu-core-security_15.10.13.dsc | 1.9 KiB | 9c5d2ec9b21ac7f76422bc525894537a67365e38bb439d67e8a76b6a08bc9144 |
Available diffs
- diff from 15.10.10 to 15.10.13 (5.3 KiB)
- diff from 15.10.12 to 15.10.13 (495 bytes)
Binary packages built by this source
- ubuntu-core-security-apparmor: No summary available for ubuntu-core-security-apparmor in ubuntu wily.
No description available for ubuntu-
core-security- apparmor in ubuntu wily.
- ubuntu-core-security-seccomp: No summary available for ubuntu-core-security-seccomp in ubuntu wily.
No description available for ubuntu-
core-security- seccomp in ubuntu wily.
- ubuntu-core-security-utils: No summary available for ubuntu-core-security-utils in ubuntu wily.
No description available for ubuntu-
core-security- utils in ubuntu wily.
