touch-packages team mailing list archive
  
  - 
     touch-packages team touch-packages team
- 
    Mailing list archive
  
- 
    Message #22280
  
 [Bug 1370218] Re: QAudioRecorder does not work properly under 'microphone' security policy
  
I will be adding working around policy to apparmor-easyprof-ubuntu, but
we want to remove this.
** Also affects: qtbase-opensource-src (Ubuntu)
   Importance: Undecided
       Status: New
** Summary changed:
- QAudioRecorder does not work properly under 'microphone' security policy
+ confined applications need access to /run/shm/shmfd*
** Changed in: qtmultimedia-opensource-src (Ubuntu)
       Status: Triaged => New
** Changed in: qtmultimedia-opensource-src (Ubuntu)
   Importance: Medium => Undecided
** Changed in: qtbase-opensource-src (Ubuntu)
   Importance: Undecided => High
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: Fix Released => In Progress
** Description changed:
- QAudioRecoder currently needs the following rules:
+ QAudioRecoder needed the following rules:
   owner /{run,dev}/shm/shmfd* rwk,
+ 
+ but then it was discovered that confined apps on utopic also need:
+  owner /{run,dev}/shm/shmfd* rwk,
  
  The rules are this way because the shared memory files are not app
  specific and is possible for one app to access another app's shared
- memory file. Please update qtmultimedia-opensource-src so the files are
- app-specific to better isolation the apps (this is something we are
- doing elsewhere).
+ memory file. Please update qtbase-opensource-src so the files are app-
+ specific to better isolation the apps (this is something we are doing
+ elsewhere).
  
  Longer term we'd like to have shared memory file mediation in AppArmor.
  
  Original report:
  I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
  
  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"
  
  I've checked for some denials from apparmor (using 'dmesg | grep DEN'),
  but none was found.
  
  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.
  
  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).
  
  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html
  
  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
      "policy_version": 1.2,
      "template": "unconfined",
      "policy_groups": []
  }
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Importance: Undecided => Critical
-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
  confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
  Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  In Progress
Status in “qtbase-opensource-src” package in Ubuntu:
  New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
  New
Bug description:
  QAudioRecoder needed the following rules:
   owner /{run,dev}/shm/shmfd* rwk,
  but then it was discovered that confined apps on utopic also need:
   owner /{run,dev}/shm/shmfd* rwk,
  The rules are this way because the shared memory files are not app
  specific and is possible for one app to access another app's shared
  memory file. Please update qtbase-opensource-src so the files are app-
  specific to better isolation the apps (this is something we are doing
  elsewhere).
  Longer term we'd like to have shared memory file mediation in
  AppArmor.
  Original report:
  I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
  After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
  "shm_open() failed: Permission denied"
  I've checked for some denials from apparmor (using 'dmesg | grep
  DEN'), but none was found.
  If I change the apparmor profile[2], so that my test application is
  launched in a unconfined environment, QAudioRecorder works properly as
  expected.
  I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
  problem with shm happens also on i386 ubuntu-emulator (utopic-devel
  #206).
  Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
  http://lists.launchpad.net/ubuntu-phone/msg09842.html
  [1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
  [2]
  {
      "policy_version": 1.2,
      "template": "unconfined",
      "policy_groups": []
  }
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
References