Thanks for updating the apparmor profiles. These are really coming along
nicely. I took another look at these two today:
https://github.com/lenovo/lenovo-wwan-unlock/blob/ubuntu-
oem/debian/opt.fcc_lenovo.DPR_Fcc_unlock_service
I'm surprised by this line:
include
Does this tool actually use
I have rechecked the package set in the ubuntu-oem branch. This version
fixes most of my recommended and required TODOs, Thanks!
* There are new lintian warnings on the binary package now that libraries have
been moved to /opt, I suggest you use lintian overrides there too to cleanup
the package
Hello @Didier
Just to confirm again - Canonical will be using below branch for preload , so
please review this branch:
https://github.com/lenovo/lenovo-wwan-unlock/tree/ubuntu-oem
Also , i can see data already update regarding lintian overrides
https://github.com/lenovo/lenovo-wwan-unlock/tree/
@Didier - Thanks you for your comments ..
Canonical will be using package from below branch for preload:
Can you please review below:
https://github.com/lenovo/lenovo-wwan-unlock/tree/ubuntu-oem
>> It doesn’t seem so? The version in the archive doesn’t fix any required
>> TODOs I have seen, and
>>> I see comment #5 had required and recommended todos.
>Changes required from Lenovo side has been addressed and i think other concern
>from Canonical side has been fixed by AppArmor fix . Anything else needed ?
It doesn’t seem so? The version in the archive doesn’t fix any required
TODOs I hav
This service file https://git.launchpad.net/ubuntu/+source/lenovo-wwan-
unlock/tree/debian/lenovo-fccunlock.service also needs some seccomp
system call filtering via the SystemCallFilter directive. See
systemd.exec(5) for details on this.
Thanks
--
You received this bug notification because you
The ps Uxr rules are way too open, I filed
https://github.com/lenovo/lenovo-wwan-unlock/issues/31 to ask for those
to be moved to cx or Cx rules and a new child profile created for ps.
Thanks
** Bug watch added: github.com/lenovo/lenovo-wwan-unlock/issues #31
https://github.com/lenovo/lenovo-w
Hello Seth ,
Please find my update based on your comment:
>> I see comment #5 had required and recommended todos.
Changes required from Lenovo side has been addressed and i think other concern
from Canonical side has been fixed by AppArmor fix . Anything else needed ?
>> Comment #7 said that s
At today's MIR team meeting, we weren't entirely sure what the next
steps for this package should be, and we ran out of time to try to find
a resolution.
So I'll ask here -- what is the next step?
I see comment #5 had required and recommended todos. Comment #7 said
that some issues had been fixed
I updated the rules, and the issue in #16 is fixed.
debian/opt.fcc_lenovo.DPR_Fcc_unlock_service
Original file line number Diff line numberDiff line change
@@ -18,6 +18,7 @@ include
/usr/bin/ps Uxr,
/usr/sbin/dmidecode Cx,
/usr/libexec/mbim-proxy mrix,
/opt/fcc_lenovo/lib/*.
The latest v2.1.2 depends libmbimtools.so, FCC unlock failed because the
the apparmor block this library.
Sep 27 06:52:24 Thames-1 audit[2498]: AVC apparmor="DENIED"
operation="open" class="file"
profile="/opt/fcc_lenovo/DPR_Fcc_unlock_service"
name="/opt/fcc_lenovo/lib/libmbimtools.so" pid=2498
c
Hi @binli!
Thanks for your input, we're still a bit undecided what's the best move
here. If you feel this can be supported in the primary archive by your
team, you'd need to commit the engineering time to keep it in proper
shape.
Some remarks were made in comment #5 during the MIR review. Did you
Hi @Bin Li,
Thank you for this update !
>> e prefer to have the package in the Ubuntu archive so that more users can
>> access this solution.
This is OK for me but my only worry is that , if there are any driver, MM or
any other issue which has fix
in OEM image but not in Ubuntu image then agai
hi Seth, Mark
Thanks for your review, I'm a member of OEM team, we could place the
package in the OEM archive directly, but this would create a gap between
Ubuntu and OEM. We prefer to have the package in the Ubuntu archive so
that more users can access this solution.
BTW, currently this packag
Thanks Mark, Nitin, and Seth.
Since this is going to OEM, a Main Inclusion Review and Security's review seem
to no longer be needed.
Nonetheless, the packaging around the binaries looks alright. (The binaries
could contain anything of course.) A root privileged systemd service runs FCC
unlock. I
Marking this incomplete so that it'll show up in next week's MIR team
meeting. In the meantime, let's try to find out who would know more
about the OEM archive and OEM process to see if this an appropriate
outcome for this package.
Thanks
** Changed in: lenovo-wwan-unlock (Ubuntu)
Status:
Hello @eslerm , No concern from me too. Thank you !
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about this bug go to:
https://bugs.
No objections from me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+b
The Ubuntu Security Team is leaning towards this needing to be part of
the OEM Archives instead of restricted.
Does that seem appropriate to others?
https://github.com/canonical/ubuntu-mir/blob/main/exceptions/OEM.md
https://wiki.ubuntu.com/OEMArchive
--
You received this bug notification becau
** Changed in: oem-priority
Assignee: Dirk Su (dirksu) => Bin Li (binli)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about thi
library issues are already resolved in
https://github.com/lenovo/lenovo-wwan-unlock/releases/tag/v2.1.2 and already
informed to Dirk.
Please let us know, by when review will be completed and its ok to take this
package for next GM image.
Thank you !
--
You received this bug notification becau
** Tags added: sec-4736
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+
Please use Ubuntu Security Team (~ubuntu-security) for MIR tasks.
Security Engineering is not part of (and does not monitor) the Canonical
Security Team (~canonical-security).
** Changed in: lenovo-wwan-unlock (Ubuntu)
Assignee: Canonical Security Team (canonical-security) => Ubuntu Security
Review for Source Package: lenovo-wwan-unlock
[Summary]
I’m not ready yet to give a MIR team ACK: there are some opened question on the
required TODOs that should be answered or resolved. Alongside this, there are
also some recommended TODOs.
To not delay this further, I’m requesting a security
** Changed in: oem-priority
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To manage notifications about this bug go to:
** Changed in: lenovo-wwan-unlock (Ubuntu)
Assignee: (unassigned) => Didier Roche-Tolomelli (didrocks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058192
Title:
[MIR] lenovo-wwan-unlock
To
26 matches
Mail list logo
