16:49 <jdstrand> #startmeeting 16:49 <meetingology> Meeting started Mon Sep 23 16:49:05 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:49 <meetingology> 16:49 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:49 <jdstrand> The meeting agenda can be found at: 16:49 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:49 <jdstrand> [TOPIC] Weekly stand-up report 16:49 <jdstrand> I'll go first 16:49 <jdstrand> I'm on community this week 16:50 <jdstrand> over the past couple weeks I've been going through all the policy groups, finding the SDK APIs and writing policy for them. they should all be written now, except sensors 16:50 <jdstrand> sensors is blocked because apps that use the recommended api crash. I filed a bug on that 16:50 <jdstrand> there is also some discussions that need to happen around friends 16:51 <jdstrand> so I'll do that this week 16:51 <jdstrand> I have a couple of smallish work items as well 16:51 <jdstrand> and need to followup on various appstore reivews topics/tests 16:52 <jdstrand> following up on application-confinement bugs and adjusting policy as they are fixed 16:52 <jdstrand> I'm hoping I will get to some pending updates this week 16:52 <jdstrand> mdeslaur: you're up 16:52 <mdeslaur> I'm in the happy place this week 16:52 <mdeslaur> I'm currently testing a couple of updates which I'll release either this afternoon or tomorrow 16:52 <mdeslaur> I have a few more to test this week, and then will continue going down the list 16:53 <mdeslaur> I also have an improvement to do for the upstart apparmor stanza to simplify upstart jobs for confined applications 16:53 <mdeslaur> It's a trivial change, I should be testing it this afternoon and uploading it soon 16:53 <mdeslaur> that's it from me 16:53 <mdeslaur> sbeattie: you're up 16:54 <jdstrand> mdeslaur: please don't upload without discussing in #ubuntu-ci-eng 16:54 <mdeslaur> #ubuntu-ci-eng? 16:54 <jdstrand> yes-- the Landings discussion on ue-leads 16:55 <sbeattie> I'm on apparmor again this week, focused on testing improvements and trying to get things off of jjohansen's plate. 16:55 <jdstrand> everything is supposed to go through the landings team 16:55 * sbeattie pauses 16:55 <mdeslaur> oh, huh 16:56 <jdstrand> mdeslaur: we can discuss outside of the meeting if needed 16:56 <jdstrand> sbeattie: feel free to go ahead (though I will ask what specific things you are hoping to take off of jj's plate this week) 16:57 * sbeattie resumes 16:57 <sbeattie> I'm specifically focusing on ipc tests, and log parsing messages around ipc 16:58 <sbeattie> as well as picking up other random bits that come up. 16:58 <sbeattie> I'm hoping to sync up with tyhicks on the state of the c++-ification patches, so that we can finish landing them this week 16:59 <sbeattie> and that's pretty much it for me. 16:59 <sbeattie> tyhicks: you're up 16:59 <tyhicks> I've been catching up on last week's email that came in while I was at Plumbers/LSS 16:59 <tyhicks> As sbeattie mentioned, I still need to go through the apparmor list and the review/commit the latest C++ patches 16:59 <tyhicks> My focus for the first part of this week will be apparmor/dbus bug squashing (bugs 1226141, 1226356, and 1229280) 16:59 <ubottu> bug 1226356 in apparmor (Ubuntu Saucy) "explicit deny rules do not silence logging denials" [Medium,Triaged] https://launchpad.net/bugs/1226356 17:00 <ubottu> bug 1226141 in evince (Ubuntu) "evince reports apparmor denials" [High,Triaged] https://launchpad.net/bugs/1226141 17:00 <tyhicks> Then I'll either pick up some IPC work or look into kdbus, depending on which is deemed higher priority 17:00 <tyhicks> JJ and I talked to gregkh about kdbus last week 17:00 <tyhicks> I need to look into it very soon to make sure we can continue mediating messages the same way we are doing with dbus-daemon today 17:00 <tyhicks> In the current kdbus patches, it sounds like the kernel may be lacking some context (path, interface, method) that we need 17:00 <tyhicks> Also, we talked with SELinux and Smack folks that have an interest in working together to make sure the appropriate LSM hooks are in place 17:01 <tyhicks> that's it for me 17:01 <tyhicks> chrisccoulson: I think you're up since jj and seth are out 17:01 <chrisccoulson> hi :) 17:02 <chrisccoulson> i'm still working on implementing automated test cases for oxide 17:02 <chrisccoulson> i've been finding quite a few bugs as i add them :) 17:02 <chrisccoulson> particularly because we restart all of the chromium bits inbetween each test, without restarting the test binary 17:02 <jdstrand> tyhicks: re "correct LSM hooks are in place" you were again referring to kdbus? 17:02 <chrisccoulson> i'm currently debugging a crash because of that 17:02 <tyhicks> jdstrand: correct 17:03 <tyhicks> (right now, LSM hooks are not present in kdbus) 17:03 <jdstrand> eek 17:04 <jdstrand> chrisccoulson: nice :) 17:04 <tyhicks> but we're jumping in early enough to handle that 17:04 <jdstrand> chrisccoulson: did I mention that people will hopefully start contacting you to help you soonish? 17:04 <chrisccoulson> jdstrand, no, but that's good :) 17:05 <jdstrand> yes :) 17:05 <chrisccoulson> i'm hoping i'll have got test coverage for all of the current API by then, and then there will be no excuses for people not to write tests :) 17:05 <jdstrand> it came up in the webapps confinement discussion. I think they said the end of this month-- but it might be after release-- few weeks anyway :) 17:06 <chrisccoulson> yeah, it should all be in pretty good shape by then 17:06 <chrisccoulson> has anybody else tried building it yet? 17:06 <chrisccoulson> (i still need to write some instructions actually) 17:07 * jdstrand nods 17:07 <jdstrand> chrisccoulson: did you have anything else to report? 17:07 <chrisccoulson> jdstrand, no, i think that's it from me 17:07 <jdstrand> thanks 17:07 <jdstrand> jj and seth are out today 17:07 <jdstrand> [TOPIC] Highlighted packages 17:07 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:08 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libspring-java.html 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/socat.html 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/glusterfs.html 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gallery2.html 17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pktstat.html 17:08 <jdstrand> [TOPIC] Miscellaneous and Questions 17:08 <jdstrand> Does anyone have any other questions or items to discuss? 17:23 <jdstrand> mdeslaur, sbeattie, tyhicks, chrisccoulson: thanks! 17:23 <jdstrand> #endmeeting