[Bug 489278] [NEW] Apparmor should notify the user when it blocks access
AllesMeins
spam at startrekarchiv.de
Fri Nov 27 16:49:18 UTC 2009
Public bug reported:
Binary package hint: apparmor
Well I'm not entirely convinced that this is a bug, but the folks at
ubuntu-brainstorm rejected it as an idea, claiming it is a bug [1]. So
here I am...
AppArmor is a great tool. But the normal user is not aware of it. This leads to problems when Apparmor blocks access to certain resources.
For example: My Firefox recently stopped launching external applications. Directly opening torrent-files with transmission did not work, the option "Open containing folder" for downloaded files did no longer work, directly launching my mp3-player failed etc. - and everything without a single message. It just did not do anything...
The reason for this was - as you might have guessed - apparmor blocking access to those applications. At the time i didn't know that (=didn't thought of that). For all i knew a part of firefox just stopped working. So I started examine my firefox - disabled addons, launched it from a terminal to see if it gives error messages, searched if it was a known issue, even thought about reporting it as a bug to the firefox-developers.
It was mere coincidence that I saw a headline containing "AppArmor" at the ubuntu-forum where I was going to ask for help. At that moment I realized what might be the problem, so i checked the system logs. Bottom line: It was just luck, that I'd read what AppArmor is a few month ago, already had an (slightly different) "Apparmor incident" with mysql when trying to move its data-directory this summer, saw that headline and made the right connection.
There should be a warning, visible to the normal user (a window popping up, an icon,...) when apparmor blocks access (preferredly with options like "do not show warnings for this program again","allow access his time","disable profile completly"), making users more aware of apparmor and giving hints, when it blocks legit requests.
Just putting it in the system log is not sufficient, because you have to know what your looking for to find it (and even for more experienced users dmesg is not the first place to look, when a single application acts strangely).
[1]: http://brainstorm.ubuntu.com/idea/22605/
ProblemType: Bug
ApparmorStatusOutput:
Error: command /usr/sbin/apparmor_status failed with exit code 4: You do not have enough privilege to read the profile set.
apparmor module is loaded.
Architecture: amd64
Date: Fri Nov 27 17:41:45 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: nvidia
Package: apparmor 2.3.1+1403-0ubuntu27.2
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: apparmor
Uname: Linux 2.6.31-14-generic x86_64
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug
--
Apparmor should notify the user when it blocks access
https://bugs.launchpad.net/bugs/489278
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list