touch-packages team mailing list archive

Thread
Date

[Bug 1367264] [NEW] scoperunner tries to access /proc/*/attr/current, denied by apparmor

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1367264@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Sep 2014 02:38:42 -0000
Reply-to: Bug 1367264 <1367264@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

While testing an aggregator scope I encountered some "leaf" scopes which
were not returning results. Checking syslog I found some strange
apparmor denials where the scope runner was trying to access
/proc/*/attr/current/.

Sep  8 11:22:10 ubuntu-phablet kernel: [ 1172.643613] type=1400 audit(1410189730.887:130): apparmor="D
ENIED" operation="open" profile="com.canonical.REDACTED_0.5" name="/proc/4637/attr/current" pid=4
637 comm="scoperunner" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
...
Sep  8 11:22:11 ubuntu-phablet kernel: [ 1172.792552] type=1400 audit(1410189731.037:134): apparmor="D
ENIED" operation="open" profile="com.canonical.scopes.REDACTED_1.02" name="/proc/4675/attr/current" pid
=4675 comm="scoperunner" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011

I can find nothing in the code for the leaf scopes that tries to make
these accesses.

** Affects: unity-scopes-api (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: application-confinement
-- 
scoperunner tries to access /proc/*/attr/current, denied by apparmor
https://bugs.launchpad.net/bugs/1367264
You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scopes-api in Ubuntu.