← Back to team overview

ubuntu-sdk-bugs team mailing list archive

  1. ubuntu-sdk-bugs team
  2. Mailing list archive
  3. Message #00578

[Bug 1289540] [NEW] apparmor denials during calendar-app tests execution

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

During calendar-app tests I see following denials in the syslog:

Mar  7 18:57:32 ubuntu-phablet kernel: [ 2958.360323] type=1400 audit(1394218652.047:79): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.J13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
Mar  7 18:57:32 ubuntu-phablet kernel: [ 2958.360689] type=1400 audit(1394218652.047:80): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.T13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
Mar  7 18:57:35 ubuntu-phablet kernel: [ 2961.714725] type=1400 audit(1394218655.411:81): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.M13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
Mar  7 18:57:35 ubuntu-phablet kernel: [ 2961.715122] type=1400 audit(1394218655.411:82): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.X13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

And following errors from QOrganizerEDSFactory:

(process:22298): dconf-CRITICAL **: unable to create file
'/run/user/32011/dconf/user': Permission denied. dconf will not work
properly.

(process:22298): dconf-CRITICAL **: unable to create file
'/run/user/32011/dconf/user': Permission denied. dconf will not work
properly.

(process:22298): dconf-CRITICAL **: unable to create file
'/run/user/32011/dconf/user': Permission denied. dconf will not work
properly.


Ideally, our core apps should have correct apparmor profiles applied, and thus the app should not generate denials for things that are not allowed.

** Affects: ubuntu-calendar-app
     Importance: Undecided
         Status: New

** Affects: qtorganizer5-eds (Ubuntu)
     Importance: Undecided
     Assignee: Timo Jyrinki (timo-jyrinki)
         Status: New

** Also affects: qtorganizer5-eds (Ubuntu)
   Importance: Undecided
       Status: New

** Information type changed from Public to Public Security

** Changed in: qtorganizer5-eds (Ubuntu)
     Assignee: (unassigned) => Timo Jyrinki (timo-jyrinki)

-- 
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtorganizer5-eds in Ubuntu.
https://bugs.launchpad.net/bugs/1289540

Title:
  apparmor denials during calendar-app tests execution

Status in Calendar application for Ubuntu devices:
  New
Status in “qtorganizer5-eds” package in Ubuntu:
  New

Bug description:
  During calendar-app tests I see following denials in the syslog:

  Mar  7 18:57:32 ubuntu-phablet kernel: [ 2958.360323] type=1400 audit(1394218652.047:79): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.J13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
  Mar  7 18:57:32 ubuntu-phablet kernel: [ 2958.360689] type=1400 audit(1394218652.047:80): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.T13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
  Mar  7 18:57:35 ubuntu-phablet kernel: [ 2961.714725] type=1400 audit(1394218655.411:81): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.M13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
  Mar  7 18:57:35 ubuntu-phablet kernel: [ 2961.715122] type=1400 audit(1394218655.411:82): apparmor="DENIED" operation="mknod" parent=1988 profile="com.ubuntu.clock_clock_1.0.349" name="/home/phablet/.config/com.ubuntu.clock_clock_1.0.349.conf.X13547" pid=13547 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

  And following errors from QOrganizerEDSFactory:

  (process:22298): dconf-CRITICAL **: unable to create file
  '/run/user/32011/dconf/user': Permission denied. dconf will not work
  properly.

  (process:22298): dconf-CRITICAL **: unable to create file
  '/run/user/32011/dconf/user': Permission denied. dconf will not work
  properly.

  (process:22298): dconf-CRITICAL **: unable to create file
  '/run/user/32011/dconf/user': Permission denied. dconf will not work
  properly.

  
  Ideally, our core apps should have correct apparmor profiles applied, and thus the app should not generate denials for things that are not allowed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-calendar-app/+bug/1289540/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next