touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #101500
[Bug 1494176] Re: apparmor confined applications with a WebView get a denial for sys_admin capability
*** This bug is a duplicate of bug 1447311 ***
https://bugs.launchpad.net/bugs/1447311
** This bug has been marked a duplicate of bug 1447311
Disable unprivileged namespace sandbox
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1494176
Title:
apparmor confined applications with a WebView get a denial for
sys_admin capability
Status in Oxide:
New
Status in apparmor-easyprof-ubuntu package in Ubuntu:
New
Bug description:
Testing oxide 1.9.1 on arale, I created a simple click package that
simply launches qmlview with the following bit of QML:
import QtQuick 2.4
import com.canonical.Oxide 1.9
WebView {
url: "http://example.org"
}
The manifest for the app has policy groups "networking" and "webview",
and the policy version is 1.3.
When I launch the app, it fails to start, and the app’s log is the
following:
[0910/101904:FATAL:zygote_host_impl_linux.cc(182)] Check failed:
process.IsValid(). Failed to launch zygote process
Looking into /var/log/syslog, I’m seeing the following denial:
Sep 10 10:19:28 ubuntu-phablet kernel: [ 320.255767] type=1400
audit(1441873168.850:197): apparmor="DENIED" operation="capable"
profile="testwebview.osomon_testwebview_0.1" pid=4281 comm="qmlscene"
capability=21 capname="sys_admin"
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1494176/+subscriptions
References