group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #04268
[Bug 1580463] Re: Snap blocks access to system input methods (ibus, fctix, ...)
This bug was fixed in the package im-config - 0.29-1ubuntu13
---------------
im-config (0.29-1ubuntu13) yakkety; urgency=medium
* debian/patches/use-distinguishable-abstract-address.patch: adjust
ibus-daemon args to include "--address 'unix:tmpdir=/tmp/ibus'" so it has
a mediatable abstract socket path (LP: #1580463)
-- Jamie Strandboge <jamie@xxxxxxxxxx> Thu, 26 May 2016 12:53:53 -0500
** Changed in: im-config (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1580463
Title:
Snap blocks access to system input methods (ibus, fctix, ...)
Status in im-config package in Ubuntu:
Fix Released
Status in snapd package in Ubuntu:
Incomplete
Status in im-config source package in Xenial:
Triaged
Status in snapd source package in Xenial:
New
Status in im-config source package in Yakkety:
Fix Released
Status in snapd source package in Yakkety:
Incomplete
Bug description:
= SRU im-config =
[Impact]
ibus-daemon by default uses a unix socket name of /tmp/dbus-... that is indistinguishable from dbus-daemon abstract sockets. While dbus-daemon has AppArmor mediation, ibus-daemon does not so it is important that its abstract socket not be confused with dbus-daemon's. By modifying ibus-daemon's start arguments to use "--address 'unix:tmpdir=/tmp/ibus'" AppArmor can continue mediating DBus abstract sockets like normal and also mediate access to the ibus-daemon-specific abstract socket via unix rules. This also tidies up the abstract socket paths so that it is clear which are for ibus-daemon, which for dbus-daemon, etc.
The upload simply adjusts 21_ibus.rc to start ibus-daemon with "--
address 'unix:tmpdir=/tmp/ibus'" and adds a comment. No compiled code
changes are required.
[Test Case]
1. start a unity session
2. $ grep IBUS_ADDRESS ~/.config/ibus/bus/*-unix-0
IBUS_ADDRESS=unix:abstract=/tmp/ibus/dbus-
SpxOl8Fc,guid=06d4bbeb07614c6dffbf221c57473f4e
A system without this update will instead show something like:
IBUS_ADDRESS=unix:abstract=/tmp/dbus-Vyx8fGFA,guid=28e8e7e89f902c8d4e9d77c5557add76
3. $ lsof -p $(pidof ibus-daemon) | grep '/dbus'
ibus-daem 3471 jamie 8u unix 0x0000000000000000 0t0 26107 @/tmp/ibus/dbus-SpxOl8Fc type=STREAM
...
A system without this update will instead show something like:
ibus-daem 2973 jamie 8u unix 0x0000000000000000 0t0 29606 @/tmp/dbus-oxKYpN30 type=STREAM
In addition to the above, you can test for regressions by opening
'System Settings' under the 'gear' icon in the panel and selecting
'Text Entry'. From there, add an input source on the right, make sure
'Show current input source in the menu bar' is checked, then use the
input source panel indicator to change input sources.
[Regression Potential]
The regression potential is considered low because there are no
compiled code changes and because the changes only occur after ibus-
daemon is restarted, which is upon session start, not package upgrade.
When it is restarted, the files in ~/.config/ibus/bus/*-unix-0 are
updated accordingly for other applications to pick up.
This change intentionally requires a change to the unity7 snapd
interface, which is in progress. Currently the change should not
regress snapdsbehavior due to other issues surrounding using ibus
unrelated to security policy.
= Original description =
Currently snaps can't access ibus/fcitx from the system, do we need a interface for input methods there?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/im-config/+bug/1580463/+subscriptions