touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** Changed in: webbrowser-app (Ubuntu)
   Importance: Critical => Undecided

** Description changed:

- This is bug #1342129, but for qtwebkit. This bug seems to completely
- break webapps specifying the 13.10 framework (ie, 1.0 apparmor policy).
+ This is bug #1342129, but for qtwebkit.
  
  Test case:
  1. install r193 (or later) in the emulator
  2. install Pixel Runner from the store
  3. Open Pixel Runner
  
  The app starts but with a blank screen. The following apparmor denial can be observed:
  Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"
  
  As it happens, we can add a rule for this that is safe:
  dbus (send)
       bus=session
       interface=org.freedesktop.DBus
       path=/org/freedesktop/DBus
       member=RequestName,
  
  However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
  Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind"  bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"
  
  This denial is the same as in bug #1342129 and we can't safely add
  policy for it (see other bug for reasons why).
  
  Not sure if this is in webbrowser-app or qtwebkit, please reassign as
  necessary.

** Summary changed:

- qtwebkit-based webapps no longer working
+ qtwebkit-based webapps denial for RequestName and bind on org.freedesktop.Application

** Description changed:

  This is bug #1342129, but for qtwebkit.
  
  Test case:
  1. install r193 (or later) in the emulator
  2. install Pixel Runner from the store
  3. Open Pixel Runner
  
  The app starts but with a blank screen. The following apparmor denial can be observed:
  Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"
  
  As it happens, we can add a rule for this that is safe:
  dbus (send)
       bus=session
       interface=org.freedesktop.DBus
       path=/org/freedesktop/DBus
       member=RequestName,
  
  However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
  Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind"  bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"
  
+ If add add the following rule (which is not safe), there are no more denials:
+ dbus (bind)
+      bus=session
+      name=org.freedesktop.Application,
+ 
  This denial is the same as in bug #1342129 and we can't safely add
  policy for it (see other bug for reasons why).
  
  Not sure if this is in webbrowser-app or qtwebkit, please reassign as
  necessary.

** Description changed:

- This is bug #1342129, but for qtwebkit.
+ This is bug #1342129, but for qtwebkit. This bug doesn't appear to
+ affect the general functionality of the webapp.
  
  Test case:
  1. install r193 (or later) in the emulator
  2. install Pixel Runner from the store
  3. Open Pixel Runner
  
  The app starts but with a blank screen. The following apparmor denial can be observed:
  Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"
  
  As it happens, we can add a rule for this that is safe:
  dbus (send)
       bus=session
       interface=org.freedesktop.DBus
       path=/org/freedesktop/DBus
       member=RequestName,
  
  However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
  Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind"  bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"
  
  If add add the following rule (which is not safe), there are no more denials:
  dbus (bind)
-      bus=session
-      name=org.freedesktop.Application,
+      bus=session
+      name=org.freedesktop.Application,
  
  This denial is the same as in bug #1342129 and we can't safely add
  policy for it (see other bug for reasons why).
  
  Not sure if this is in webbrowser-app or qtwebkit, please reassign as
  necessary.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1357371

Title:
  qtwebkit-based webapps denial for RequestName and bind on
  org.freedesktop.Application

Status in “webbrowser-app” package in Ubuntu:
  New

Bug description:
  This is bug #1342129, but for qtwebkit. This bug doesn't appear to
  affect the general functionality of the webapp.

  Test case:
  1. install r193 (or later) in the emulator
  2. install Pixel Runner from the store
  3. Open Pixel Runner

  The app starts (but with a blank screen, see bug #1357375) and the following apparmor denial can be observed:
  Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"

  As it happens, we can add a rule for this that is safe:
  dbus (send)
       bus=session
       interface=org.freedesktop.DBus
       path=/org/freedesktop/DBus
       member=RequestName,

  However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
  Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind"  bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"

  If add add the following rule (which is not safe), there are no more denials:
  dbus (bind)
       bus=session
       name=org.freedesktop.Application,

  This denial is the same as in bug #1342129 and we can't safely add
  policy for it (see other bug for reasons why).

  Not sure if this is in webbrowser-app or qtwebkit, please reassign as
  necessary.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1357371/+subscriptions