touch-packages team mailing list archive

Thread
Date

[Bug 1260101] Re: oxide accesses gsettings, but shouldn't

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1260101@xxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Oct 2014 19:38:14 -0000
Reply-to: Bug 1260101 <1260101@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.33

---------------
apparmor-easyprof-ubuntu (1.2.33) utopic; urgency=medium

  * ubuntu/accounts: allow access to GetAll on org.freedesktop.DBus.Properties
    for /com/google/code/AccountsSSO/SingleSignOn (LP: #1377205)
  * ubuntu/webview: also deny access to /custom/etc/dconf_profile. This is
    fallout from Oxide trying to use gsettings, but we've been silently
    denying that access since the webview policy group was added, so just
    silence this denial too (LP: #1260101)
  * ubuntu/ubuntu-{sdk,webapp}: also allow talking to clipboard on freedesktop
    interface (LP: #1377221)
  * tests/test-data.py: update hardware dir handling and also adjust policy
    groups to use tmpdir
  * debian/control: Build-Depends on apparmor so we can check syntax during
    builds
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Fri, 03 Oct 2014 10:21:33 -0500

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1260101

Title:
  oxide accesses gsettings, but shouldn't

Status in Oxide Webview:
  Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Fix Released

Bug description:
  Without the following dconf rules, there are apparmor denials when using Oxide:
    owner /run/user/[0-9]*/dconf/user rw,
    owner @{HOME}/.config/dconf/user r,

  gsettings is not supported in the SDK at this team and access to dconf
  is not allowed. Oxide appear to work ok without these rules, but the
  logs are noisy and will almost certainly lead to confusion.

  It is conjectured that this is for proxy settings. Indeed, stderr shows this:
  [1211/162140:WARNING:proxy_service.cc(890)] PAC support disabled because there is no system implementation

  We could silence the apparmor denials, but it is possible that we will
  support gsettings some day and more importantly, silencing these
  denials will make it difficult for people writing apps to diagnose
  that they shouldn't be using gsettings.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1260101/+subscriptions