[apparmor] [Merge] lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor

Vincas Dargis vindrg at gmail.com
Sat Sep 16 13:24:25 UTC 2017


Vincas Dargis has proposed merging lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor.

Requested reviews:
  AppArmor Developers (apparmor-dev)

For more details, see:
https://code.launchpad.net/~talkless/apparmor/gnome_abstraction_thumbnail_cache/+merge/330883

I have discovered denies on Ubuntu 17.10 while developing skypeforlinux profile. It appears when browsing for files:

type=AVC msg=audit(1505566970.007:347): apparmor="DENIED" operation="open" profile="skypeforlinux" name="/home/vincas/.cache/thumbnails/fail/gnome-thumbnail-factory/82c3c014bd2b90c499491782f4399798.png" pid=3838 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=SYSCALL msg=audit(1505566970.007:347): arch=c000003e syscall=2 per=400000 success=no exit=-13 a0=be2ce1ef80 a1=0 a2=0 a3=1 items=0 ppid=1 pid=3838 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty2 ses=2 comm="pool" exe="/usr/share/skypeforlinux/skypeforlinux" key=(null)
type=PROCTITLE msg=audit(1505566970.007:347): proctitle=2F7573722F73686172652F736B797065666F726C696E75782F736B797065666F726C696E7578202D2D65786563757465642D66726F6D3D2F686F6D652F76696E636173202D2D7069643D33383332

type=AVC msg=audit(1505567240.659:383): apparmor="DENIED" operation="file_mmap" profile="skypeforlinux" name="/home/vincas/.cache/thumbnails/fail/gnome-thumbnail-factory/39e2023d634480a9852aca5e4d7bb600.png" pid=4082 comm="pool" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
type=SYSCALL msg=audit(1505567240.659:383): arch=c000003e syscall=9 per=400000 success=no exit=-13 a0=0 a1=e5 a2=1 a3=2 items=0 ppid=1 pid=4082 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty2 ses=2 comm="pool" exe="/usr/share/skypeforlinux/skypeforlinux" key=(null)
type=PROCTITLE msg=audit(1505567240.659:383): proctitle=2F7573722F73686172652F736B797065666F726C696E75782F736B797065666F726C696E7578202D2D65786563757465642D66726F6D3D2F686F6D652F76696E636173202D2D7069643D34303735

Therefore I am proposing to add appropriate file rule into gnome abstraction.
-- 
Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 505 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170916/ce1d1a69/attachment.diff>


More information about the AppArmor mailing list