SDK applications create /tmp/*.sci files
Bug #1197047 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu UI Toolkit |
Invalid
|
High
|
Unassigned | ||
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned | ||
click (Ubuntu) |
Fix Released
|
Medium
|
Colin Watson | ||
Saucy |
Fix Released
|
Medium
|
Colin Watson | ||
upstart-app-launch (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
Saucy |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
Launching an Ubuntu SDK (QML) application under application confinement results in the following denial:
apparmor="DENIED" operation="mknod" parent=8803 profile=
We currently have the following AppArmor rule to deal with this:
owner /tmp/*.sci rwk,
But this rule is too lenient and this path needs to be made application specific. Specifically: $XDG_RUNTIME_
Related branches
lp:click
- Colin Watson: Approve
- Ubuntu CI managed package branches: Pending requested
-
Diff: 485 lines (+269/-70)11 files modifiedREADME (+1/-0)
click/build.py (+10/-22)
click/framework.py (+138/-0)
click/install.py (+8/-28)
click/paths.py.in (+1/-0)
click/tests/helpers.py (+29/-0)
click/tests/test_build.py (+39/-5)
click/tests/test_install.py (+2/-4)
debian/changelog (+8/-0)
doc/file-format.rst (+1/-2)
doc/index.rst (+32/-9)
lp:~jdstrand/ubuntu-app-launch/upstart-app-launch-lp1197047
- Ted Gould (community): Approve
- PS Jenkins bot (community): Approve (continuous-integration)
-
Diff: 37 lines (+3/-2)3 files modifiedapplication-legacy.conf.in (+1/-1)
debian/control (+1/-0)
desktop-hook.c (+1/-1)
description: | updated |
tags: | added: application-confinement |
no longer affects: | ubuntu-qtcreator-plugins |
Changed in ubuntu-ui-toolkit: | |
assignee: | nobody → Florian Boucault (fboucault) |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in click (Ubuntu Saucy): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Colin Watson (cjwatson) |
status: | Triaged → Fix Committed |
Changed in upstart-app-launch (Ubuntu Saucy): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
status: | Triaged → In Progress |
To post a comment you must log in.
We can fix this by setting TMPDIR appropriately so nothing has to be done in the SDK.