← Back to team overview

touch-packages team mailing list archive

[Bug 1378805] Re: denial for creating /run/user/32011/scopes/leaf-net/

 

** Branch linked: lp:unity-scopes-api/staging

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity-scopes-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1378805

Title:
  denial for creating /run/user/32011/scopes/leaf-net/

Status in “unity-scopes-api” package in Ubuntu:
  Fix Committed

Bug description:
  I feel like this bug is known and I thought there was a bug for this,
  but I can't seem to find it now so filing a new one....

  Most scopes are seeing:
  apparmor="DENIED" operation="mkdir" profile="com.ubuntu.scopes.youtube_youtube_1.0.13" name="/run/user/32011/scopes/leaf-net/" pid=NNN comm="scoperunner" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

  Scopes aren't allowed to create /run/user/32011/scopes/leaf-net/ (they
  are allowed to create their own scopes directory under it). This was
  mentioned in https://bugs.launchpad.net/unity-scopes-
  api/+bug/1356409/comments/3 and it was mentioned that this branch may
  fix it: https://code.launchpad.net/~michihenning/unity-scopes-api
  /test-before-mkdir/+merge/231110. However, the problem seems to be
  that nothing is creating that directory at all before the scopes try
  to create it for themselves. Pete said in the above comment "I think
  the runtime should probably not be trying to create this while inside
  confinement, as it will always fail." -- that is precisely the
  problem. Something unconfined outside of the scopes themselves needs
  to create it.

  Marking rtm14 and Critical-- it is causing a lot of noise in the logs
  and presumably scopes aren't able to function correctly. Please adjust
  as needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1378805/+subscriptions


References