touch-packages team mailing list archive

Thread
Date

[Bug 1320014] Re: denial for /usr/lib/x86_64-linux-gnu/egl/egl_gallium.so

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Thu, 09 Oct 2014 20:22:00 -0000
Reply-to: Bug 1320014 <1320014@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: apparmor (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1320014

Title:
  denial for /usr/lib/x86_64-linux-gnu/egl/egl_gallium.so

Status in “apparmor” package in Ubuntu:
  Fix Released

Bug description:
  When running a webapp under oxide on 14.04, I see the following denial:
  May 15 16:52:06 localhost kernel: [318977.280956] type=1400 audit(1400190726.317:409): apparmor="DENIED" operation="file_mmap" profile="com.ubuntu.developer.jdstrand.rottentomatoes_rottentomatoes_0.10" name="/usr/lib/x86_64-linux-gnu/egl/egl_gallium.so" pid=3920 comm="webapp-containe" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

  The base abstraction almost caught this with this rule:
  /usr/lib/@{multiarch}/**/lib*.so* mr,

  but missed it because egl_gallium.so doesn't begin with 'lib'. The following rule should be added to the X abstraction:
  /usr/lib/@{multiarch}/egl/*.so* mr,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1320014/+subscriptions