Ubuntu
apparmor-easyprof-ubuntu package

debug policy group

Bug #1323233 reported by Seth Arnold
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

We should provide a "debug" policy group that could allow developers to use gdbserver and similar debugging tools; the SDK team has a wrapper script http://pastebin.ubuntu.com/7519903/ that runs gdbserver. We'd like to debug application startup while retaining the "usual confinement" rules.

Of course, the addition of a new policy group will add new privileges, but hopefully it would still be an improvement over running unconfined in order to use debuggers.

We'd like both gdbserver and qmljs available.

See original description
Seth Arnold (seth-arnold)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in click-apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Benjamin Zeller (zeller-benjamin) wrote :

This is a pressing issue, since we currently have to use very ugly hacks to debug on the system.

Note that it will be required to debug scopes as well probably. Also the store has to reject that
policy if its used in the manifest file.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The attached script takes a json file. Can you provide typical examples of json files?

Changed in click-apparmor (Ubuntu):
status: Confirmed → Incomplete
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Benjamin Zeller (zeller-benjamin) wrote :

The typical json file would look like this:

{
  "qmlDebug": "port:1234,block",
  "env": {
    "key1": "value1",
    "key2": "value2"
  },
  "gdbPort": "1234"
}

It defines which debug modes are needed and
the ports to be used for that. Also it is possible
to set environment variables.
This file is created by the SDK launcher:
http://bazaar.launchpad.net/~zeller-benjamin/qtcreator-plugin-ubuntu/cmakeclick/view/head:/share/qtcreator/ubuntu/scripts/qtc_device_applaunch.py

Jamie Strandboge (jdstrand)
affects: click-apparmor (Ubuntu) → apparmor-easyprof-ubuntu (Ubuntu)
Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Incomplete → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.4

---------------
apparmor-easyprof-ubuntu (1.2.4) utopic; urgency=medium

  * ubuntu/1.2: refinements to scopes policy
    - use private-files-strict abstraction
    - finetune client endpoint policy
    - explicitly deny access to the zmq directory for the ubuntu-sdk and
      ubuntu-webapp templates
    - explicitly deny direct interaction with URL dispatcher to prevent data
      leaks
    - move ubuntu-scope-local-content template to 'pending' since there are
      unresolved issues surrounding its interaction with URL dispatcher.
      Adjust autopkgtests accordingly
  * ubuntu/calendar: update for upcoming calendar management landing
  * ubuntu/*/audio,video: add mediascanner2 DBus access (LP: #1303962)
  * ubuntu/1.[12]/music_files_read: remove temporary access to
    @{HOME}/.cache/mediascanner/ now that we have policy for mediascanner2
    DBus access. Note: normally this would require the change in only the
    latest policy, but this policy group has only been used by the music-app
    and it is still unconfined
  * ubuntu/1.1: also ship debug policy group for 1.1 policy and update
    autopkgtests for this (LP: #1323233)
 -- Jamie Strandboge <email address hidden> Fri, 06 Jun 2014 07:37:54 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.