touch-packages team mailing list archive

Thread
Date

[Bug 1347177] Re: Unconfined aggregating scope can't call confined child scope to get results

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 23 Jul 2014 15:26:17 -0000
Reply-to: Bug 1347177 <1347177@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Ok, I'll preserve the scope-specific names for the -c and -q files in
zmq/priv, but add a glob for zmq/*-r.

** Also affects: apparmor-easyprof-ubuntu (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: unity-scopes-api
       Status: New => Invalid

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: New => In Progress

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Importance: Undecided => Critical

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1347177

Title:
  Unconfined aggregating scope can't call confined child scope to get
  results

Status in The Savilerow project:
  Confirmed
Status in API for Unity scopes integration:
  Invalid
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  In Progress

Bug description:
  An unconfined scope is getting apparmor denials while getting results
  from a confined child scope.  The denials:

  Jul 22 17:06:40 ubuntu-phablet kernel: [30750.996517] type=1400
  audit(1406063200.136:2410): apparmor="DENIED" operation="connect"
  profile="com.canonical.scopes.etsy_etsy_1.0.9"
  name="/run/user/32011/zmq/unity-scope-shopping-r" pid=19097
  comm="com.canonical.s" requested_mask="rw" denied_mask="rw"
  fsuid=32011 ouid=32011

  The child scope has the template: ubuntu-scope-network and can run
  fine on its own

To manage notifications about this bug go to:
https://bugs.launchpad.net/savilerow/+bug/1347177/+subscriptions