Catch all for work items
Catch all for work items that do not fit in another blueprint.
Blueprint information
- Status:
- Complete
- Approver:
- Marc Deslauriers
- Priority:
- High
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- Accepted for utopic
- Implementation:
- Implemented
- Milestone target:
- ubuntu-14.10
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Related branches
Related bugs
Sprints
Whiteboard
jdstrand: display manager work carried over from https:/
jdstrand: 14.04 catchall work carried over from https:/
jdstrand: had this, but per scopes team it is no longer relevant: [jdstrand] provide apparmor profile for gettext process for infographic: TODO
jdstrand: investigate hardening sensitive notifications-- same issue as ofono in LP: #1296415 (ie, plausible but lots of work)
Work Items
Work items for ubuntu-14.05:
[tyhicks] investigate sending kdbus patches upstream that expose the needed metadata for fine-grained filtering: DONE
[tyhicks] DBus v3 patchset in Ubuntu: DONE
[tyhicks] fix 2 DBus/AppArmor bugs found during upstream review: DONE
[sbeattie] enable -fstack-
[tyhicks] verify kernel security features in phablet image (besides ufw and apparmor): DONE
[jjohansen] Add Differential State Compression to the DFA (exists, needs testing): DONE
Work items for ubuntu-14.06:
[jdstrand] finish touch install audits: DONE
[seth-arnold] review new maliit/mir implementation (ie, try to break keyboard/mouse sniffing barrier): BLOCKED
[mdeslaur] review mir clipboard implementation (ie, try to break clipboard sniffing barrier): DONE
[seth-arnold] review mir_socket protocol (both root and session sockets): DONE
[seth-arnold] Audit click app download validation on touch images (LP: #1330770): DONE
[jdstrand] Audit network ports and connectivity on touch images: DONE
[jdstrand] investigate hardening sensitive notifications: DONE
[sbeattie] verify GCC test suite failures: DONE
[sbeattie] fix GCC broken -Wformat/
[sbeattie] fix test-kernel-
Work items for ubuntu-14.08:
[jjohansen] Update kernel to unpack and store the attachment location in the profile/namespace: DONE
[jjohansen] Have the path lookup code prepend the attachment location, in the disconnected cases: DONE
Work items for later:
[jdstrand] Audit RTM click hooks: DONE
[seth-arnold] Perform round 2 Mir security review: POSTPONED
[sbeattie] automate running QRT/scripts/
[tyhicks] add AppArmor mediation tests for open_by_handle_at() syscall: POSTPONED
[tyhicks] verify selinux tools work enough to develop policy (also coordinate with debian): POSTPONED
[sbeattie] add QRT check for CONFIG_KEXEC sysctl availability in 14.04 and higher kernels: DONE
fix parser to properly support old names (fix LP: #1058356, et al): POSTPONED
fix 12.04 parser to better handle block_suspend (LP: #1199933): POSTPONED
[tyhicks] implement aa_log libapparmor call: POSTPONED
[tyhicks] adjust dbus patchset to use aa_log: POSTPONED
[jjohansen] query interface (subject object): POSTPONED
provide LSM hook for access() (LP: #1220713): POSTPONED
[tyhicks] investigate use of org.freedesktop
support versioned apparmor policy in Ubuntu packaging: POSTPONED
[tyhicks] add libapparmor APIs to operate (at least iterate, maybe more) on label sets: POSTPONED
[mdeslaur] fix apparmor python rewrite regressions and SRU to 14.04: POSTPONED
[sbeattie] enable PIE on amd64: POSTPONED
[tyhicks] Update apparmor_parser to parse and output an disconnected_path attachment location: POSTPONED
[tyhicks] Perform SRUs for disconnected_path attachment location fix: POSTPONED
[tyhicks] fix dbus reply protection (LP: #1362469): POSTPONED
Dependency tree
* Blueprints in grey have been implemented.