Apply debian/patches/07_apparmor-chrome.patch debian/patches/08_apparmor-updates...

author Robert Ancell <robert.ancell@canonical.com>

Tue, 30 Sep 2014 19:28:43 +0000 (08:28 +1300)

committer Robert Ancell <robert.ancell@canonical.com>

Tue, 30 Sep 2014 19:28:43 +0000 (08:28 +1300)
author Robert Ancell <robert.ancell@canonical.com>
Tue, 30 Sep 2014 19:28:43 +0000 (08:28 +1300)
committer Robert Ancell <robert.ancell@canonical.com>
Tue, 30 Sep 2014 19:28:43 +0000 (08:28 +1300)
diff --git a/data/apparmor/abstractions/lightdm b/data/apparmor/abstractions/lightdm

index 0052569e21131ef3b1ecd6776f14cfcb173c3912..42341e0a3e0c072381293c92f1347d93db6c8b48 100644 (file)
--- a/data/apparmor/abstractions/lightdm
+++ b/data/apparmor/abstractions/lightdm
@@ -14,7 +14,10 @@
    #include <abstractions/dbus-accessibility>
    #include <abstractions/nameservice>
    #include <abstractions/wutmp>
-  /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
+
+  # bug in compiz https://launchpad.net/bugs/697678
+  /etc/compizconfig/config rw,
+  /etc/compizconfig/unity.ini rw,
  
    / r,
    /bin/ rmix,
@@ -44,6 +47,7 @@
    @{PROC}/asound/** rm,
    @{PROC}/ati rm,
    @{PROC}/ati/** rm,
+  @{PROC}/sys/vm/overcommit_memory r,
    owner @{PROC}/** rm,
    # needed for gnome-keyring-daemon
    @{PROC}/*/status r,
@@ -68,6 +72,7 @@
    # necessary for writing to sockets, etc.
    /{,var/}run/** rmkix,
    /{,var/}run/shm/** wl,
+  /{,var/}run/uuidd/request w,
    # libpam-xdg-support/logind
    owner /{,var/}run/user/*/** rw,
  
diff --git a/data/apparmor/abstractions/lightdm_chromium-browser b/data/apparmor/abstractions/lightdm_chromium-browser

index fd9c94d3978394cb2892b695eeedad580f0057cd..9f3671bd4ab4310c567e74c7c8e21361c80d464b 100644 (file)
--- a/data/apparmor/abstractions/lightdm_chromium-browser
+++ b/data/apparmor/abstractions/lightdm_chromium-browser
@@ -15,6 +15,7 @@
    /opt/google/chrome-stable/google-chrome-stable Cx -> chromium,
    /opt/google/chrome-beta/google-chrome-beta Cx -> chromium,
    /opt/google/chrome-unstable/google-chrome-unstable Cx -> chromium,
+  /opt/google/chrome/google-chrome Cx -> chromium,
  
    # Allow ptracing processes in the chromium child profile
    ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium,
@@ -49,6 +50,7 @@
  
      @{PROC}/[0-9]*/ r,                 # sandbox wants these
      @{PROC}/[0-9]*/fd/ r,              # sandbox wants these
+    @{PROC}/[0-9]*/statm r,            # sandbox wants these
      @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
  
      /selinux/ r,
diff --git a/debian/patches/07_apparmor-chrome.patch b/debian/patches/07_apparmor-chrome.patch

deleted file mode 100644 (file)

index a88a8ee..0000000
--- a/debian/patches/07_apparmor-chrome.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Author: Jamie Strandboge <jamie@canonical.com>
-Description: allow Google Chrome and add access to @{PROC}/[0-9]*/statm
-Bug-Ubuntu: https://launchpad.net/bugs/1361372
-
-Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
-===================================================================
---- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm_chromium-browser
-+++ lightdm-1.11.9/data/apparmor/abstractions/lightdm_chromium-browser
-@@ -15,6 +15,7 @@
-   /opt/google/chrome-stable/google-chrome-stable Cx -> chromium,
-   /opt/google/chrome-beta/google-chrome-beta Cx -> chromium,
-   /opt/google/chrome-unstable/google-chrome-unstable Cx -> chromium,
-+  /opt/google/chrome/google-chrome Cx -> chromium,
- 
-   # Allow ptracing processes in the chromium child profile
-   ptrace peer=/usr/lib/lightdm/lightdm-guest-session//chromium,
-@@ -56,6 +57,7 @@
- 
-     @{PROC}/[0-9]*/ r,                 # sandbox wants these
-     @{PROC}/[0-9]*/fd/ r,              # sandbox wants these
-+    @{PROC}/[0-9]*/statm r,            # sandbox wants these
-     @{PROC}/[0-9]*/task/[0-9]*/stat r, # sandbox wants these
- 
-     /selinux/ r,
diff --git a/debian/patches/08_apparmor-updates.patch b/debian/patches/08_apparmor-updates.patch

deleted file mode 100644 (file)

index 414cd90..0000000
--- a/debian/patches/08_apparmor-updates.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Author: Jamie Strandboge <jamie@canonical.com>
-Description: allow 'rw' on /etc/compizconfig/unity.ini (continue workaround for
- LP: 697678). Allow read of @{PROC}/sys/vm/overcommit_memory. Allow write to
- /run/uuidd/request.
-
-Index: lightdm-1.11.9/data/apparmor/abstractions/lightdm
-===================================================================
---- lightdm-1.11.9.orig/data/apparmor/abstractions/lightdm
-+++ lightdm-1.11.9/data/apparmor/abstractions/lightdm
-@@ -14,7 +14,10 @@
-   #include <abstractions/dbus-accessibility>
-   #include <abstractions/nameservice>
-   #include <abstractions/wutmp>
--  /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678
-+
-+  # bug in compiz https://launchpad.net/bugs/697678
-+  /etc/compizconfig/config rw,
-+  /etc/compizconfig/unity.ini rw,
- 
-   / r,
-   /bin/ rmix,
-@@ -44,6 +47,7 @@
-   @{PROC}/asound/** rm,
-   @{PROC}/ati rm,
-   @{PROC}/ati/** rm,
-+  @{PROC}/sys/vm/overcommit_memory r,
-   owner @{PROC}/** rm,
-   # needed for gnome-keyring-daemon
-   @{PROC}/*/status r,
-@@ -68,6 +72,7 @@
-   # necessary for writing to sockets, etc.
-   /{,var/}run/** rmkix,
-   /{,var/}run/shm/** wl,
-+  /{,var/}run/uuidd/request w,
-   # libpam-xdg-support/logind
-   owner /{,var/}run/user/*/** rw,
- 
diff --git a/debian/patches/series b/debian/patches/series

index c37237ed460465e19697755c953ae3e85666c629..53010f357ce40ad5ba2a48ec9ac3a79cd6c1beab 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,3 @@
  04_language_handling.patch
  05_translate_debian_files.patch
  06_apparmor-unix.patch
-07_apparmor-chrome.patch
-08_apparmor-updates.patch
author	Robert Ancell <robert.ancell@canonical.com>
	Tue, 30 Sep 2014 19:28:43 +0000 (08:28 +1300)
committer	Robert Ancell <robert.ancell@canonical.com>
	Tue, 30 Sep 2014 19:28:43 +0000 (08:28 +1300)
data/apparmor/abstractions/lightdm		patch \| blob \| history
data/apparmor/abstractions/lightdm_chromium-browser		patch \| blob \| history
debian/patches/07_apparmor-chrome.patch	[deleted file]	patch \| blob \| history
debian/patches/08_apparmor-updates.patch	[deleted file]	patch \| blob \| history
debian/patches/series		patch \| blob \| history