touch-packages team mailing list archive

Thread
Date

[Bug 1426316] Re: Applets won't run with Apparmor profile activated

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: John Johansen <john.johansen@xxxxxxxxxxxxx>
Date: Fri, 27 Feb 2015 18:24:44 -0000
Reply-to: Bug 1426316 <1426316@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The rule is enforced when the firefox profile is in complain mode
because /usr/lib/firefox/firefox{,[^s][^h]}//browser_openjdk  is a
separate profile from /usr/lib/firefox/firefox{,[^s][^h]} and has its
own flags/modes.  The tools have a bug where they are not changing the
subprofiles modes, only the main profile.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1426316

Title:
  Applets won't run with Apparmor profile activated

Status in apparmor package in Ubuntu:
  New

Bug description:
  After activating firefox profile, be it in complain or enforce mode,
  no applet will run.

  The culprit seems to be:
  apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,[^s][^h]}//browser_openjdk" name="/run/user/1000/dconf/user" pid=11973 comm=64636F6E6620776F726B6572 requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000

  The rules that prevent the applets to run belong to Apparmor
  abstractions, specifically /etc/apparmor.d/abstractions/ubuntu-
  browser.d/java

  These rules will be enforced, even when usr.in.firefox is in complain
  mode (I don't know why exactly)

  Adding write access to the line

  owner /run/user/*/icedteaplugin-*/ rw

  in /etc/apparmor.d/abstractions/ubuntu-browser.d/java

  seems to solve the problem.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: apparmor-profiles 2.8.98-0ubuntu2
  ProcVersionSignature: Ubuntu 3.16.0-31.41-lowlatency 3.16.7-ckt5
  Uname: Linux 3.16.0-31-lowlatency x86_64
  ApportVersion: 2.14.7-0ubuntu8.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Feb 27 11:05:20 2015
  InstallationDate: Installed on 2014-12-13 (75 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
  PackageArchitecture: all
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.16.0-31-lowlatency root=/dev/mapper/ubuntu--vg-lv--root ro threadirqs quiet splash vt.handoff=7
  SourcePackage: apparmor
  Syslog: Feb 27 09:42:45 franck-ThinkPad-T430s dbus[3940]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=9748 profile="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk" peer_profile="unconfined"
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.traceroute: [modified]
  mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2015-02-20T14:58:28.130461
  mtime.conffile..etc.apparmor.d.usr.sbin.traceroute: 2015-02-20T15:04:02.437880

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1426316/+subscriptions

References

[Bug 1426316] [NEW] Applets won't run with Apparmor profile activated
From: Franck, 2015-02-27