Ubuntu
empathy package

empathy wont connect to network from root login on ubuntu 12.04 fresh, without any update

Bug #1025852 reported by Nilesh Malode
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
empathy (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

i installed ubuntu 12.04 5 times, 3 times on my laptop, 1 time on my pc, and 1 time on my 8gb pendrive to boot from my companies machines.

but the problem is empathy wont connect to network from root account,
i installed ubuntu 12.04 freshly, without any single update, empathy accounts wont connect to network.

i also tested on mobile internet, broadband internet, wireless network, but from only root login empathy got internet connectivity error.
---
ApportVersion: 2.0.1-0ubuntu5
Architecture: i386
DistroRelease: Ubuntu 12.04
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423)
NonfreeKernelModules: wl
Package: empathy 3.4.1-0ubuntu1
PackageArchitecture: i386
ProcEnviron:
 LANGUAGE=en_IN:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_IN
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic-pae 3.2.14
Tags: precise
Uname: Linux 3.2.0-23-generic-pae i686
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
---
ApportVersion: 2.0.1-0ubuntu5
Architecture: i386
DistroRelease: Ubuntu 12.04
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423)
Package: empathy 3.4.1-0ubuntu1
PackageArchitecture: i386
ProcEnviron:
 LANGUAGE=en_IN:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_IN
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic-pae 3.2.14
Tags: precise
Uname: Linux 3.2.0-23-generic-pae i686
UnreportableReason: This is not an official Ubuntu package. Please remove any third party package and try again.
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

See original description
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and reporting a bug. In order to help diagnose the problem, can you perform the following after seeing the problem:

$ apport-collect 1025852

security vulnerability: yes → no
visibility: private → public
affects: ubuntu → empathy (Ubuntu)
Changed in empathy (Ubuntu):
status: New → Incomplete
Revision history for this message
Nilesh Malode (nileshmalode) wrote : Dependencies.txt

apport information

tags: added: apport-collected precise
description: updated
Revision history for this message
Nilesh Malode (nileshmalode) wrote :

Hi Jamie Strandboge (jdstrand), i perform the following command after receving your message and also i submited report.

$ apport-collect 1025852

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

any solution...???

Nilesh Malode (nileshmalode)
Changed in empathy (Ubuntu):
status: Incomplete → New
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for the extra information, unfortunately apport-collect did not provide enough information. Can you attach the output of the following command after empathy exhibits the problem:

$ egrep -i '(audit|apparmor|security)' /var/log/kern.log

Thanks

Changed in empathy (Ubuntu):
status: New → Incomplete
Revision history for this message
Nilesh Malode (nileshmalode) wrote :

Sorry for late reply,
My laptop now updated, because my lots of work is now pending, so i install update in my laptop.

Please give me sometime to install New fresh os on another machine.

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

some time

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

apport information

description: updated
Revision history for this message
Nilesh Malode (nileshmalode) wrote :
Download full text (11.6 KiB)

root@nilesh-desktop:~# apport-collect 1025852
The authorization page:
 (https://launchpad.net/+authorize-token?oauth_token=f5PfS9h89x0jpMpJ8jmp&allow_permission=DESKTOP_INTEGRATION)
should be opening in your browser. Use your browser to authorize
this program to access Launchpad on your behalf.
Press any key to continue or wait (5) seconds...
Waiting to hear from Launchpad about your decision...
root@nilesh-desktop:~# egrep -i '(audit|apparmor|security)' /var/log/kern.log
Jul 23 05:17:40 nilesh-desktop kernel: [ 0.004026] Security Framework initialized
Jul 23 05:17:40 nilesh-desktop kernel: [ 0.004043] AppArmor: AppArmor initialized
Jul 23 05:17:40 nilesh-desktop kernel: [ 0.149499] EVM: security.selinux
Jul 23 05:17:40 nilesh-desktop kernel: [ 0.149499] EVM: security.SMACK64
Jul 23 05:17:40 nilesh-desktop kernel: [ 0.149499] EVM: security.capability
Jul 23 05:17:40 nilesh-desktop kernel: [ 0.200297] AppArmor: AppArmor Filesystem Enabled
Jul 23 05:17:40 nilesh-desktop kernel: [ 1.836592] audit: initializing netlink socket (disabled)
Jul 23 05:17:40 nilesh-desktop kernel: [ 1.836605] type=2000 audit(1343020646.832:1): initialized
Jul 23 05:17:40 nilesh-desktop kernel: [ 10.139384] type=1400 audit(1343000856.281:2): apparmor="STATUS" operation="profile_load" name="/sbin/dhclient" pid=461 comm="apparmor_parser"
Jul 23 05:17:40 nilesh-desktop kernel: [ 10.139393] type=1400 audit(1343000856.281:3): apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient" pid=451 comm="apparmor_parser"
Jul 23 05:17:40 nilesh-desktop kernel: [ 10.139764] type=1400 audit(1343000856.281:4): apparmor="STATUS" operation="profile_load" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=461 comm="apparmor_parser"
Jul 23 05:17:40 nilesh-desktop kernel: [ 10.139772] type=1400 audit(1343000856.281:5): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=451 comm="apparmor_parser"
Jul 23 05:17:40 nilesh-desktop kernel: [ 10.139972] type=1400 audit(1343000856.281:6): apparmor="STATUS" operation="profile_load" name="/usr/lib/connman/scripts/dhclient-script" pid=461 comm="apparmor_parser"
Jul 23 05:17:40 nilesh-desktop kernel: [ 10.139983] type=1400 audit(1343000856.281:7): apparmor="STATUS" operation="profile_replace" name="/usr/lib/connman/scripts/dhclient-script" pid=451 comm="apparmor_parser"
Jul 23 05:17:43 nilesh-desktop kernel: [ 17.206828] type=1400 audit(1343000863.345:8): apparmor="STATUS" operation="profile_load" name="/usr/lib/cups/backend/cups-pdf" pid=699 comm="apparmor_parser"
Jul 23 05:17:43 nilesh-desktop kernel: [ 17.207267] type=1400 audit(1343000863.345:9): apparmor="STATUS" operation="profile_load" name="/usr/sbin/cupsd" pid=699 comm="apparmor_parser"
Jul 23 05:17:46 nilesh-desktop kernel: [ 20.144716] type=1400 audit(1343000866.285:10): apparmor="STATUS" operation="profile_replace" name="/sbin/dhclient" pid=746 comm="apparmor_parser"
Jul 23 05:17:46 nilesh-desktop kernel: [ 20.145102] type=1400 audit(1343000866.285:11): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=746 comm="apparmor_parser"
...

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

still no reply from launchpad.... its bad right.

Revision history for this message
Bilal Shahid (s9iper1) wrote :

what do you mean by root login here ?

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

root login means, login from root account (ubuntu - root account).

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Nilesh, also, you used '...'-- please attach (not paste into the comment field) the full output from the "egrep -i '(audit|apparmor|security)' /var/log/kern.log" immediately after you see the problem.

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

kern.log file

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

please download this log also :
egrep -i '(audit|apparmor|security)' /var/log/kern.log

https://bugs.launchpad.net/ubuntu/+source/empathy/+bug/1025852/comments/9/+download

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

There are two denials:
Jul 31 12:36:21 nilesh-desktop kernel: [ 61.180928] type=1400 audit(1343718381.319:24): apparmor="DENIED" operation="capable" parent=1705 profile="/usr/lib/telepathy/mission-control-5" pid=1706 comm="mission-control" capability=23 capname="sys_nice"
Jul 31 12:36:21 nilesh-desktop kernel: [ 61.210983] type=1400 audit(1343718381.347:25): apparmor="DENIED" operation="open" parent=1705 profile="/usr/lib/telepathy/mission-control-5" name="/usr/share/gvfs/remote-volume-monitors/" pid=1706 comm="mission-control" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

The second one should already be present in the AppArmor profile on 12.04, but feel free to add to /etc/apparmor.d/local/usr.lib.telepathy:
  /usr/share/gvfs/remote-volume-monitors/ r,
  capability sys_nice,

Then do:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.lib.telepathy

Please report back if this fixes the problem. If it does not, please attach any apparmor denials from /var/log/kern.log that occur after reloading the policy with the above changes.

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

check again this new log file...

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

actually from 22-07-2012, still my system is not updated, its just clean ubuntu installation.

i install this system for you, to help you find the problem, and i power on this system when i receive your message to run command.

Revision history for this message
Nilesh Malode (nileshmalode) wrote :

please try this from your side,
just install ubuntu, enable root account, and login from root,

add the facebook or gmail account to empathy.... thats it.

Nilesh Malode (nileshmalode)
description: updated
Changed in empathy (Ubuntu):
status: Incomplete → New
Jamie Strandboge (jdstrand)
tags: added: apparmor
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I can confirm this. When running as root, the following denial is seen on 12.10:
Sep 25 11:13:12 sec-quantal-amd64 kernel: [ 3266.683520] type=1400 audit(1348589592.491:27): apparmor="DENIED" operation="file_mmap" parent=3456 profile="/usr/lib/telepathy/telepathy-*" name="/usr/lib/telepathy/gabble-0/lib/libgabble-plugins-0.16.1.so" pid=3457 comm="telepathy-gabbl" requested_mask="m" denied_mask="m" fsuid=0 ouid=0

This is because of the following rule in the /usr/lib/telepathy/telepathy-* profile:
audit deny owner /** m,

Root owns /usr/lib/telepathy/gabble-0/lib/libgabble-plugins-0.16.1.so so AppArmor denies the access. Due to current limitations in AppArmor, this rule must be present to guard against arbitrary code execution via environment variables and unfortunately we cannot remove this rule in Ubuntu. This only affects users who enable the root account (it is disabled by default) and run the desktop as root (generally a bad idea).

Marking "Won't Fix".

WORKAROUND: Because the profile is not designed to confine the root user, you should either use empathy as non-root (highly recommended) or disable the profile with 'sudo apt-get install apparmor-utils ; sudo aa-disable /etc/apparmor.d/usr.lib.telepathy'

Changed in empathy (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.