touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #21520
[Bug 1357371] Re: denial for RequestName and bind on org.freedesktop.Application
Based on that, I think I will simply deny this since this is not the
method apps should be communicating with each other under confinement.
** Summary changed:
- qtwebkit-based webapps denial for RequestName and bind on org.freedesktop.Application
+ denial for RequestName and bind on org.freedesktop.Application
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1357371
Title:
denial for RequestName and bind on org.freedesktop.Application
Status in “webbrowser-app” package in Ubuntu:
New
Bug description:
This is bug #1342129, but for qtwebkit. This bug doesn't appear to
affect the general functionality of the webapp.
Test case:
1. install r193 (or later) in the emulator
2. install Pixel Runner from the store
3. Open Pixel Runner
The app starts (but with a blank screen, see bug #1357375) and the following apparmor denial can be observed:
Aug 15 13:17:04 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="RequestName" mask="send" name="org.freedesktop.DBus" pid=3292 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1" peer_profile="unconfined"
As it happens, we can add a rule for this that is safe:
dbus (send)
bus=session
interface=org.freedesktop.DBus
path=/org/freedesktop/DBus
member=RequestName,
However, after adding the above rule to /var/lib/apparmor/profiles/*pixel*, running 'sudo apparmor_parser -r /var/lib/apparmor/profiles/*pixel*', and starting the app, we get a new denial:
Aug 15 13:18:47 ubuntu-phablet dbus[1575]: apparmor="DENIED" operation="dbus_bind" bus="session" name="org.freedesktop.Application" mask="bind" pid=3774 profile="com.ubuntu.developer.ogra.pixel-runner_pixel-runner_0.1"
If add add the following rule (which is not safe), there are no more denials:
dbus (bind)
bus=session
name=org.freedesktop.Application,
This denial is the same as in bug #1342129 and we can't safely add
policy for it (see other bug for reasons why).
Not sure if this is in webbrowser-app or qtwebkit, please reassign as
necessary.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1357371/+subscriptions
References