@bkhuugeicp can you send a patch to bitbake-devel?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056555
Title:
Allow bitbake to create user namespace
To manage notifications about this bug go to:
If I understood right, this would be a wrapper script, shipped by
Ubuntu. Bitbake would detect its presence and run it with the name of
the executabable that would be run by the script and get restricted
network access. No?
--
You received this bug notification because you are a member of Ubuntu
I think it would, yes. @ross, can you point RP to this ticket please?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056555
Title:
Allow bitbake to create user namespace
To manage notifications abo
I like the idea of a trusted app. We can add support for that easily.
I agree that asking users with popups is not the right direction. It
won't work in non-graphical sessions (and bitbake in particular is used
that way a lot), and will only condition users to click 'Allow' without
reading the tex
What we're after is disabling the network for any child processes. It
doesn't matter specifically how that gets done.
If this can be done some other way with some other facility that doesn't
clash with efforts to harden the host distributions, I'm all ears.
--
You received this bug notification
We'll probably have to wrap that code in an exception handler that would
instruct the user to install an apparmor profile as root, yes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056555
Title:
A
For reference, the specific implementation in bitbake that disables
networking is here:
https://git.openembedded.org/bitbake/tree/lib/bb/utils.py?h=2.8.2#n1673
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Something doesn't feel right in the overall design here.
Bitbake wants to take away the ability to connect to network from its
child processes (which generally makes things more secure), and is not
allowed to do so by the system. Isn't this... backwards?
--
You received this bug notification bec
I think this is a duplicate of
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056555
(it took a bit to narrow down the issue, but it does have the correct
title and explanations now)
Should we close this and move the discussion there?
--
You received this bug notification because you
