desktop-packages team mailing list archive

[Sebastien Bacher <seb128@xxxxxxxxxx>]

unity:

localhost kernel: [10406.802878] type=1400 audit(1319108063.706:34):
apparmor="DENIED" operation="open" parent=31170
profile="/usr/lib/lightdm/lightdm-guest-session-wrapper"
name="/etc/compizconfig/upgrades/com.canonical.unity.unity.01.upgrade"
pid=31248 comm="compiz" requested_mask="c" denied_mask="c" fsuid=122
ouid=0

gwibber

Oct 20 12:58:18 localhost kernel: [10640.783685] type=1400 audit(1319108298.090:227): apparmor="DENIED" operation="mknod" parent=31640 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/usr/share/gwibber/plugins/twitter/__init__.pyc" pid=31641 comm="gwibber-service" requested_mask="c" denied_mask="c" fsuid=122 ouid=122
Oct 20 12:58:18 localhost kernel: [10640.786408] type=1400 audit(1319108298.094:228): apparmor="DENIED" operation="mknod" parent=31640 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/usr/share/gwibber/plugins/facebook/__init__.pyc" pid=31641 comm="gwibber-service" requested_mask="c" denied_mask="c" fsuid=122 ouid=122
Oct 20 12:58:18 localhost kernel: [10640.789667] type=1400 audit(1319108298.094:229): apparmor="DENIED" operation="mknod" parent=31640 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/usr/share/gwibber/plugins/identica/__init__.pyc" pid=31641 comm="gwibber-service" requested_mask="c" denied_mask="c" fsuid=122 ouid=122
Oct 20 12:58:18 localhost kernel: [10640.900676] type=1400 audit(1319108298.206:230): apparmor="DENIED" operation="link" parent=1 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/run/shm/sem.mp31641-0" pid=31641 comm="gwibber-service" requested_mask="l" denied_mask="l" fsuid=122 ouid=122 target="/run/shm/sem.57QZNy"
Oct 20 12:58:19 localhost kernel: [10641.731778] type=1400 audit(1319108299.038:231): apparmor="DENIED" operation="mknod" parent=31679 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/usr/share/gwibber/plugins/twitter/__init__.pyc" pid=31680 comm="gwibber-service" requested_mask="c" denied_mask="c" fsuid=122 ouid=122
Oct 20 12:58:19 localhost kernel: [10641.734487] type=1400 audit(1319108299.042:232): apparmor="DENIED" operation="mknod" parent=31679 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/usr/share/gwibber/plugins/facebook/__init__.pyc" pid=31680 comm="gwibber-service" requested_mask="c" denied_mask="c" fsuid=122 ouid=122
Oct 20 12:58:19 localhost kernel: [10641.738532] type=1400 audit(1319108299.046:233): apparmor="DENIED" operation="mknod" parent=31679 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/usr/share/gwibber/plugins/identica/__init__.pyc" pid=31680 comm="gwibber-service" requested_mask="c" denied_mask="c" fsuid=122 ouid=122
Oct 20 12:58:19 localhost kernel: [10641.815768] type=1400 audit(1319108299.122:234): apparmor="DENIED" operation="link" parent=1 profile="/usr/lib/lightdm/lightdm-guest-session-wrapper" name="/run/shm/sem.mp31680-0" pid=31680 comm="gwibber-service" requested_mask="l" denied_mask="l" fsuid=122 ouid=122 target="/run/shm/sem.hmfP3s"

it's a guest session where I just clicked on the nautilus launcher icon

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/877736

Title:
  the guest account apparmor profile blocks things that seem useful

Status in “lightdm” package in Ubuntu:
  Triaged

Bug description:
  The Oneiric apparmor profile generates quite some syslog noise including warning about:
  gwibber
  unity upgrade scripts
  fusermount (gvfs?)
  gnome-keyring
  system-config-printer debug

  Is that wanted or is the profile too restrictive and should allow at
  least some of those uses?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/877736/+subscriptions