← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #87996

[Bug 1471890] Re: cacheSizeHint computation for webapps is incorrect due to apparmor denials

  Thread PreviousDate PreviousThread Next 
I agree with Seth's suggestion, but for other reasons. We can't allow
access to /proc/[0-9]*/mounts because it may contain sensitive
information. Reading the directory contents of /dev/disk/by-label/ is
likely ok (though there is also 'by-uuid' and 'by-id'). Can the
calculation skip using /proc/[0-9]*/mounts and just use /dev/disk/by-
label/? Ideally, the policy should not have to change at all and the app
would talk to an out of process storage api (that is reasonable! :) to
get this information.

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1471890

Title:
  cacheSizeHint computation for webapps is incorrect due to apparmor
  denials

Status in apparmor-easyprof-ubuntu package in Ubuntu:
  Incomplete
Status in webbrowser-app package in Ubuntu:
  Confirmed

Bug description:
  Since http://bazaar.launchpad.net/~phablet-team/webbrowser-
  app/trunk/revision/1019, the webapp container (and all other embedders
  using an Ubuntu WebView) dynamically computes the cache size hint
  based on the available disk space.

  This doesn’t work in the general case, when the app is confined by
  apparmor, because the computation relies on
  QStorageInfo::bytesAvailable()
  (http://doc.qt.io/qt-5/qstorageinfo.html#bytesAvailable), which
  triggers apparmor denials:

  Jul  6 18:34:07 ubuntu-phablet kernel: [17458.604265]type=1400 audit(1436200447.375:184): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.webapps.webapp-amazon-int_webapp-amazon_1.0.10" name="/proc/7424/mounts" pid=7424 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
  Jul  6 18:34:07 ubuntu-phablet kernel: [17458.604407]type=1400 audit(1436200447.375:185): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.webapps.webapp-amazon-int_webapp-amazon_1.0.10" name="/dev/disk/by-label/" pid=7424 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0

  This essentially means that the computation of the cache size hint is
  broken. It has also been reported that this breaks other apps’
  functionality: https://lists.launchpad.net/ubuntu-phone/msg13622.html.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1471890/+subscriptions

References

  Thread PreviousDate PreviousThread Next