← Back to team overview

touch-packages team mailing list archive

[Bug 1378805] [NEW] denial for creating /run/user/32011/scopes/leaf-net/

 

Public bug reported:

I feel like this bug is known and I thought there was a bug for this,
but I can't seem to find it now so filing a new one....

Most scopes are seeing:
apparmor="DENIED" operation="mkdir" profile="com.ubuntu.scopes.youtube_youtube_1.0.13" name="/run/user/32011/scopes/leaf-net/" pid=NNN comm="scoperunner" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

Scopes aren't allowed to create /run/user/32011/scopes/leaf-net/ (they
are allowed to create their own scopes directory under it). This was
mentioned in https://bugs.launchpad.net/unity-scopes-
api/+bug/1356409/comments/3 and it was mentioned that this branch may
fix it: https://code.launchpad.net/~michihenning/unity-scopes-api/test-
before-mkdir/+merge/231110. However, the problem seems to be that
nothing is creating that directory at all before the scopes try to
create it for themselves. Pete said in the above comment "I think the
runtime should probably not be trying to create this while inside
confinement, as it will always fail." -- that is precisely the problem.
Something unconfined outside of the scopes themselves needs to create
it.

Marking rtm14 and Critical-- it is causing a lot of noise in the logs
and presumably scopes aren't able to function correctly. Please adjust
as needed.

** Affects: unity-scopes-api (Ubuntu)
     Importance: Critical
         Status: New


** Tags: application-confinement rtm14

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity-scopes-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1378805

Title:
  denial for creating /run/user/32011/scopes/leaf-net/

Status in “unity-scopes-api” package in Ubuntu:
  New

Bug description:
  I feel like this bug is known and I thought there was a bug for this,
  but I can't seem to find it now so filing a new one....

  Most scopes are seeing:
  apparmor="DENIED" operation="mkdir" profile="com.ubuntu.scopes.youtube_youtube_1.0.13" name="/run/user/32011/scopes/leaf-net/" pid=NNN comm="scoperunner" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

  Scopes aren't allowed to create /run/user/32011/scopes/leaf-net/ (they
  are allowed to create their own scopes directory under it). This was
  mentioned in https://bugs.launchpad.net/unity-scopes-
  api/+bug/1356409/comments/3 and it was mentioned that this branch may
  fix it: https://code.launchpad.net/~michihenning/unity-scopes-api
  /test-before-mkdir/+merge/231110. However, the problem seems to be
  that nothing is creating that directory at all before the scopes try
  to create it for themselves. Pete said in the above comment "I think
  the runtime should probably not be trying to create this while inside
  confinement, as it will always fail." -- that is precisely the
  problem. Something unconfined outside of the scopes themselves needs
  to create it.

  Marking rtm14 and Critical-- it is causing a lot of noise in the logs
  and presumably scopes aren't able to function correctly. Please adjust
  as needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1378805/+subscriptions


Follow ups

References