edubuntu-bugs team mailing list archive

[Georgia Garcia <2065915@xxxxxxxxxxxxxxxxxx>]

As per the discussion in https://irclogs.ubuntu.com/2024/07/09/%23ubuntu-security.txt
The recommendation from the security team is to not revert to the "flags=(unconfined)" profile if the profile is already confined. That means that we should only fix the multiarch issue.

Scarlett, you're right, just adding the variable @{multiarch} directly
does not work in this case, because due to how the parser is currently
implemented, @{multiarch} translates to *-linux-gnu* and the wildcard
makes it conflict with the "/** pux," rule. That's the reason that it's
hard coded in the plasmashell profile as well. We are currently working
on fixing it in the parser but it's not available right now.

So for this case, we would have to add the other arch hard coded too.
Something like the following diff, for every architecture we want to
support.

@@ -18,6 +18,7 @@
   ptrace,
 
   /usr/lib/x86_64-linux-gnu/qt5/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
+  /usr/lib/aarch64-linux-gnu/qt5/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
   /** pux,
   /{,**} mrwlk,


Regarding dbus being denied, could you point those reports my way? I'm more than happy to help

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to marble in Ubuntu.
https://bugs.launchpad.net/bugs/2065915

Title:
  [SRU] Fix hard coded path in apparmor profiles.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/akregator/+bug/2065915/+subscriptions