16:49 <jdstrand> #startmeeting
16:49 <meetingology> Meeting started Mon Sep 23 16:49:05 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:49 <meetingology> 
16:49 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:49 <jdstrand> The meeting agenda can be found at:
16:49 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:49 <jdstrand> [TOPIC] Weekly stand-up report
16:49 <jdstrand> I'll go first
16:49 <jdstrand> I'm on community this week
16:50 <jdstrand> over the past couple weeks I've been going through all the policy groups, finding the SDK APIs and writing policy for them. they should all be written now, except sensors
16:50 <jdstrand> sensors is blocked because apps that use the recommended api crash. I filed a bug on that
16:50 <jdstrand> there is also some discussions that need to happen around friends
16:51 <jdstrand> so I'll do that this week
16:51 <jdstrand> I have a couple of smallish work items as well
16:51 <jdstrand> and need to followup on various appstore reivews topics/tests
16:52 <jdstrand> following up on application-confinement bugs and adjusting policy as they are fixed
16:52 <jdstrand> I'm hoping I will get to some pending updates this week
16:52 <jdstrand> mdeslaur: you're up
16:52 <mdeslaur> I'm in the happy place this week
16:52 <mdeslaur> I'm currently testing a couple of updates which I'll release either this afternoon or tomorrow
16:52 <mdeslaur> I have a few more to test this week, and then will continue going down the list
16:53 <mdeslaur> I also have an improvement to do for the upstart apparmor stanza to simplify upstart jobs for confined applications
16:53 <mdeslaur> It's a trivial change, I should be testing it this afternoon and uploading it soon
16:53 <mdeslaur> that's it from me
16:53 <mdeslaur> sbeattie: you're up
16:54 <jdstrand> mdeslaur: please don't upload without discussing in #ubuntu-ci-eng
16:54 <mdeslaur> #ubuntu-ci-eng?
16:54 <jdstrand> yes-- the Landings discussion on ue-leads
16:55 <sbeattie> I'm on apparmor again this week, focused on testing improvements and trying to get things off of jjohansen's plate.
16:55 <jdstrand> everything is supposed to go through the landings team
16:55 * sbeattie pauses
16:55 <mdeslaur> oh, huh
16:56 <jdstrand> mdeslaur: we can discuss outside of the meeting if needed
16:56 <jdstrand> sbeattie: feel free to go ahead (though I will ask what specific things you are hoping to take off of jj's plate this week)
16:57 * sbeattie resumes
16:57 <sbeattie> I'm specifically focusing on ipc tests, and log parsing messages around ipc
16:58 <sbeattie> as well as picking up other random bits that come up.
16:58 <sbeattie> I'm hoping to sync up with tyhicks on the state of the c++-ification patches, so that we can finish landing them this week
16:59 <sbeattie> and that's pretty much it for me.
16:59 <sbeattie> tyhicks: you're up
16:59 <tyhicks> I've been catching up on last week's email that came in while I was at Plumbers/LSS
16:59 <tyhicks> As sbeattie mentioned, I still need to go through the apparmor list and the review/commit the latest C++ patches
16:59 <tyhicks> My focus for the first part of this week will be apparmor/dbus bug squashing (bugs 1226141, 1226356, and 1229280)
16:59 <ubottu> bug 1226356 in apparmor (Ubuntu Saucy) "explicit deny rules do not silence logging denials" [Medium,Triaged] https://launchpad.net/bugs/1226356
17:00 <ubottu> bug 1226141 in evince (Ubuntu) "evince reports apparmor denials" [High,Triaged] https://launchpad.net/bugs/1226141
17:00 <tyhicks> Then I'll either pick up some IPC work or look into kdbus, depending on which is deemed higher priority
17:00 <tyhicks> JJ and I talked to gregkh about kdbus last week
17:00 <tyhicks> I need to look into it very soon to make sure we can continue mediating messages the same way we are doing with dbus-daemon today
17:00 <tyhicks> In the current kdbus patches, it sounds like the kernel may be lacking some context (path, interface, method) that we need
17:00 <tyhicks> Also, we talked with SELinux and Smack folks that have an interest in working together to make sure the appropriate LSM hooks are in place
17:01 <tyhicks> that's it for me
17:01 <tyhicks> chrisccoulson: I think you're up since jj and seth are out
17:01 <chrisccoulson> hi :)
17:02 <chrisccoulson> i'm still working on implementing automated test cases for oxide
17:02 <chrisccoulson> i've been finding quite a few bugs as i add them :)
17:02 <chrisccoulson> particularly because we restart all of the chromium bits inbetween each test, without restarting the test binary
17:02 <jdstrand> tyhicks: re "correct LSM hooks are in place" you were again referring to kdbus?
17:02 <chrisccoulson> i'm currently debugging a crash because of that
17:02 <tyhicks> jdstrand: correct
17:03 <tyhicks> (right now, LSM hooks are not present in kdbus)
17:03 <jdstrand> eek
17:04 <jdstrand> chrisccoulson: nice :)
17:04 <tyhicks> but we're jumping in early enough to handle that
17:04 <jdstrand> chrisccoulson: did I mention that people will hopefully start contacting you to help you soonish?
17:04 <chrisccoulson> jdstrand, no, but that's good :)
17:05 <jdstrand> yes :)
17:05 <chrisccoulson> i'm hoping i'll have got test coverage for all of the current API by then, and then there will be no excuses for people not to write tests :)
17:05 <jdstrand> it came up in the webapps confinement discussion. I think they said the end of this month-- but it might be after release-- few weeks anyway :)
17:06 <chrisccoulson> yeah, it should all be in pretty good shape by then
17:06 <chrisccoulson> has anybody else tried building it yet?
17:06 <chrisccoulson> (i still need to write some instructions actually)
17:07 * jdstrand nods
17:07 <jdstrand> chrisccoulson: did you have anything else to report?
17:07 <chrisccoulson> jdstrand, no, i think that's it from me
17:07 <jdstrand> thanks
17:07 <jdstrand> jj and seth are out today
17:07 <jdstrand> [TOPIC] Highlighted packages
17:07 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:08 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libspring-java.html
17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/socat.html
17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/glusterfs.html
17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gallery2.html
17:08 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pktstat.html
17:08 <jdstrand> [TOPIC] Miscellaneous and Questions
17:08 <jdstrand> Does anyone have any other questions or items to discuss?
17:23 <jdstrand> mdeslaur, sbeattie, tyhicks, chrisccoulson: thanks!
17:23 <jdstrand> #endmeeting