group.of.nepali.translators team mailing list archive

[Launchpad Bug Tracker <1580463@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package im-config - 0.29-1ubuntu13

---------------
im-config (0.29-1ubuntu13) yakkety; urgency=medium

  * debian/patches/use-distinguishable-abstract-address.patch: adjust
    ibus-daemon args to include "--address 'unix:tmpdir=/tmp/ibus'" so it has
    a mediatable abstract socket path (LP: #1580463)

 -- Jamie Strandboge <jamie@xxxxxxxxxx>  Thu, 26 May 2016 12:53:53 -0500

** Changed in: im-config (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1580463

Title:
  Snap blocks access to system input methods (ibus, fctix, ...)

Status in im-config package in Ubuntu:
  Fix Released
Status in snapd package in Ubuntu:
  Incomplete
Status in im-config source package in Xenial:
  Triaged
Status in snapd source package in Xenial:
  New
Status in im-config source package in Yakkety:
  Fix Released
Status in snapd source package in Yakkety:
  Incomplete

Bug description:
  = SRU im-config =
  [Impact]
  ibus-daemon by default uses a unix socket name of /tmp/dbus-... that is indistinguishable from dbus-daemon abstract sockets. While dbus-daemon has AppArmor mediation, ibus-daemon does not so it is important that its abstract socket not be confused with dbus-daemon's. By modifying ibus-daemon's start arguments to use "--address 'unix:tmpdir=/tmp/ibus'" AppArmor can continue mediating DBus abstract sockets like normal and also mediate access to the ibus-daemon-specific abstract socket via unix rules. This also tidies up the abstract socket paths so that it is clear which are for ibus-daemon, which for dbus-daemon, etc.

  The upload simply adjusts 21_ibus.rc to start ibus-daemon with "--
  address 'unix:tmpdir=/tmp/ibus'" and adds a comment. No compiled code
  changes are required.

  [Test Case]
  1. start a unity session

  2. $ grep IBUS_ADDRESS ~/.config/ibus/bus/*-unix-0
  IBUS_ADDRESS=unix:abstract=/tmp/ibus/dbus-
  SpxOl8Fc,guid=06d4bbeb07614c6dffbf221c57473f4e

  A system without this update will instead show something like:
  IBUS_ADDRESS=unix:abstract=/tmp/dbus-Vyx8fGFA,guid=28e8e7e89f902c8d4e9d77c5557add76

  3. $ lsof -p $(pidof ibus-daemon) | grep '/dbus'
  ibus-daem 3471 jamie    8u     unix 0x0000000000000000      0t0  26107 @/tmp/ibus/dbus-SpxOl8Fc type=STREAM
  ...

  A system without this update will instead show something like:
  ibus-daem 2973 jamie    8u     unix 0x0000000000000000      0t0   29606 @/tmp/dbus-oxKYpN30 type=STREAM

  In addition to the above, you can test for regressions by opening
  'System Settings' under the 'gear' icon in the panel and selecting
  'Text Entry'. From there, add an input source on the right, make sure
  'Show current input source in the menu bar' is checked, then use the
  input source panel indicator to change input sources.

  [Regression Potential]

  The regression potential is considered low because there are no
  compiled code changes and because the changes only occur after ibus-
  daemon is restarted, which is upon session start, not package upgrade.
  When it is restarted, the files in ~/.config/ibus/bus/*-unix-0 are
  updated accordingly for other applications to pick up.

  This change intentionally requires a change to the unity7 snapd
  interface, which is in progress. Currently the change should not
  regress snapdsbehavior due to other issues surrounding using ibus
  unrelated to security policy.

  = Original description =
  Currently snaps can't access ibus/fcitx from the system, do we need a interface for input methods there?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/im-config/+bug/1580463/+subscriptions