touch-packages team mailing list archive

Thread
Date

[Bug 1357371] Re: qtwebkit-based webapps denial for RequestName and bind on org.freedesktop.Application

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Olivier Tilloy <olivier.tilloy@xxxxxxxxxxxxx>
Date: Mon, 18 Aug 2014 08:23:56 -0000
Reply-to: Bug 1357371 <1357371@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

… but QtWebKit-based webapps use an old version of the policy that
doesn’t have the fix.

Those apps will need to upgrade the version of the policy in their
manifest (and by doing so they will automatically switch to using Oxide
as a rendering backend).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1357371

Title:
  qtwebkit-based webapps denial for RequestName and bind on
  org.freedesktop.Application

Status in “webbrowser-app” package in Ubuntu:
  New

Bug description:
  This is bug #1342129, but for qtwebkit. This bug doesn't appear to
  affect the general functionality of the webapp.

  Test case:
  1. install r193 (or later) in the emulator
  2. install Pixel Runner from the store
  3. Open Pixel Runner

  The app starts (but with a blank screen, see bug #1357375) and the following apparmor denial can be observed:
  Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"

  As it happens, we can add a rule for this that is safe:
  dbus (send)
       bus=session
       interface=org.freedesktop.DBus
       path=/org/freedesktop/DBus
       member=RequestName,

  However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
  Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind"  bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"

  If add add the following rule (which is not safe), there are no more denials:
  dbus (bind)
       bus=session
       name=org.freedesktop.Application,

  This denial is the same as in bug #1342129 and we can't safely add
  policy for it (see other bug for reasons why).

  Not sure if this is in webbrowser-app or qtwebkit, please reassign as
  necessary.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1357371/+subscriptions

References

[Bug 1357371] [NEW] qtwebkit-based webapps no longer working
From: Jamie Strandboge, 2014-08-15