[apparmor] [PATCH] allow access to egl libraries in X abstraction
Seth Arnold
seth.arnold at canonical.com
Fri May 16 00:57:42 UTC 2014
On Thu, May 15, 2014 at 05:25:59PM -0500, Jamie Strandboge wrote:
>
> I noticed the following denial when using Oxide under X:
> May 15 16:52:06 localhost kernel: [318977.280956] type=1400
> audit(1400190726.317:409): apparmor="DENIED" operation="file_mmap"
> profile="com.ubuntu.developer.jdstrand.rottentomatoes_rottentomatoes_0.10"
> name="/usr/lib/x86_64-linux-gnu/egl/egl_gallium.so" pid=3920
> comm="webapp-containe" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
>
> Attached is a patch to the X abstraction to fix this issue. This is fine for 2.8
> as well if people want it there.
>
> --
> Jamie Strandboge http://www.ubuntu.com/
> Author: Jamie Strandboge <jamie at canonical.com>
> Description: allow access to egl libraries in X abstraction
> Bug: https://launchpad.net/bugs/1320014
>
> Acked-By: Jamie Strandboge <jamie at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
>
> === modified file 'profiles/apparmor.d/abstractions/X'
> --- profiles/apparmor.d/abstractions/X 2014-02-14 01:23:56 +0000
> +++ profiles/apparmor.d/abstractions/X 2014-05-15 22:03:29 +0000
> @@ -32,6 +32,9 @@
> /usr/share/X11/** r,
> /usr/X11R6/**.so* mr,
>
> + # EGL
> + /usr/lib/@{multiarch}/egl/*.so* mr,
> +
> # DRI
> /usr/lib{,32,64}/dri/** mr,
> /usr/lib/@{multiarch}/dri/** mr,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140515/2b71c306/attachment.pgp>
More information about the AppArmor
mailing list