ubuntu-apps-bugs team mailing list archive

Thread
Date

[Bug 1228236] Re: webbrowser-app re-execs itself which breaks webapps under application confinement

To: ubuntu-apps-bugs@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Thu, 12 Dec 2013 18:12:04 -0000
Reply-to: Bug 1228236 <1228236@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This doesn't seem to cause problems. Closing for now. We can reopen if
needed.

** Changed in: upstart-app-launch (Ubuntu)
       Status: New => Won't Fix

** Changed in: upstart-app-launch (Ubuntu Saucy)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Apps bug tracking, which is subscribed to webbrowser-app in Ubuntu.
https://bugs.launchpad.net/bugs/1228236

Title:
  webbrowser-app re-execs itself which breaks webapps under application
  confinement

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  Fix Released
Status in “upstart-app-launch” package in Ubuntu:
  Won't Fix
Status in “webbrowser-app” package in Ubuntu:
  Invalid
Status in “apparmor-easyprof-ubuntu” source package in Saucy:
  Fix Released
Status in “upstart-app-launch” source package in Saucy:
  Won't Fix
Status in “webbrowser-app” source package in Saucy:
  Invalid

Bug description:
  When a webapp is launched via the upstart job, webbrowser-app re-execs
  itself, causing an apparmor denial and failure to launch the browser:

  First, install the facebook app from the appstore.

  Then, from adb shell:
  root@ubuntu-phablet:/# sudo -H -u phablet -i
  phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0

  This results in the following denial in /var/log/syslog:
  Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0

  Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0:
    /usr/bin/webbrowser-app rmix,

  and reloading policy with 'sudo apparmor_parser -r
  /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-
  facebook_webapp-facebook_1.0' works around the issue.

  This is a harmless addition to the ubuntu-webapp template, so I will
  do that. However I'm concerned that HTML5/PhoneGap apps that use a
  webview may also suffer from this, so it is worth investigating. That
  said, we do have an rmix rule for qtchooser in the ubuntu-sdk
  template, so we might be ok there.

  Interestingly, the re-exec only happens when running under upstart-
  app-launch, not when using aa-exec-click.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1228236/+subscriptions