touch-packages team mailing list archive

Thread
Date

[Bug 1384349] Re: apparmor denies app-specific download directory

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 22 Oct 2014 18:17:29 -0000
Reply-to: Bug 1384349 <1384349@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

  Oct 22 13:32:41 ubuntu-phablet kernel: [ 9393.918517] type=1400
  audit(1413999161.373:361): apparmor="DENIED" operation="open"
  profile="com.ubuntu.developer.rschroll.beru_beru_0.9.8"
  name="/home/phablet/.local/share/ubuntu-download-
  manager/com.ubuntu.developer.rschroll.beru/Downloads/History%20of%20King%20Charles%20the%20Second%20of%20England%20-%20Abbot_%20Jacob.epub"
  pid=19786 comm="qmlscene" requested_mask="r" denied_mask="r" fsuid=32011
  ouid=32011
+ 
+ On the one hand, this is not a super critical bug because the ubuntu-
+ download-manager API is not widely used by apps. However, this API is
+ part of the supported frameworks and adding to the policy now rather
+ than as OTA means we can avoid a policy recompile in OTA. The change is
+ simple and the risk is negligible (it would fail to build if there was
+ an error).

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: Triaged => In Progress

** Changed in: apparmor-easyprof-ubuntu (Ubuntu RTM)
       Status: Triaged => New

** Tags removed: rtm
** Tags added: application-confinement rtm14

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1384349

Title:
  apparmor denies app-specific download directory

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  In Progress
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
  New

Bug description:
  Oct 22 13:32:41 ubuntu-phablet kernel: [ 9393.918517] type=1400
  audit(1413999161.373:361): apparmor="DENIED" operation="open"
  profile="com.ubuntu.developer.rschroll.beru_beru_0.9.8"
  name="/home/phablet/.local/share/ubuntu-download-
  manager/com.ubuntu.developer.rschroll.beru/Downloads/History%20of%20King%20Charles%20the%20Second%20of%20England%20-%20Abbot_%20Jacob.epub"
  pid=19786 comm="qmlscene" requested_mask="r" denied_mask="r"
  fsuid=32011 ouid=32011

  On the one hand, this is not a super critical bug because the ubuntu-
  download-manager API is not widely used by apps. However, this API is
  part of the supported frameworks and adding to the policy now rather
  than as OTA means we can avoid a policy recompile in OTA. The change
  is simple and the risk is negligible (it would fail to build if there
  was an error).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1384349/+subscriptions

References

[Bug 1384349] [NEW] apparmor denies app-specific download dorectpry
From: Robert Schroll, 2014-10-22