Ubuntu
apparmor-easyprof-ubuntu package

SDK applications require access to /dev/log_*

Bug #1197124 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
Fix Released
Undecided
Unassigned
Saucy
Fix Released
Undecided
Unassigned
lxc-android-config (Ubuntu)
Won't Fix
Medium
Unassigned
Saucy
Won't Fix
Low
Unassigned
qtbase-opensource-src (Ubuntu)
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned

Bug Description

Not sure where this bug should be, but Ubuntu SDK applications need write access to various /dev/log_* files. It seems rather odd that, for example, the ubuntu-calculator-app needs the following policy:

  /dev/log_main w,
  /dev/log_radio w,
  /dev/log_events w,
  /dev/log_system w,

These rules are too lenient and presumably any app could spam/attack the system via these device files.

Jamie Strandboge (jdstrand)
tags: added: application-confinement
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.2

---------------
apparmor-easyprof-ubuntu (1.0.2) saucy; urgency=low

  * add sdk-base policy group (based on apparmor's ubuntu-sdk-base)
    - use 'owner' with @{PROC}/cmdline
    - move gst-plugin-scanner to qmlscene-webview
    - deny accesses to /dev/log_* (LP: #1197124)
    - add bug reference for /dev/binder
    - deny access to /dev/cpuctl/apps/tasks and
      /dev/cpuctl/apps/bg_non_interactive/tasks
  * adjust qmlscene to have 'owner "@{HOME}/.local/share/Qt Project/" w,'
 -- Jamie Strandboge <email address hidden> Wed, 03 Jul 2013 17:21:09 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → Fix Released
Juhapekka Piiroinen (juhapekka-piiroinen)
Changed in ubuntu-qtcreator-plugins:
assignee: nobody → Timo Jyrinki (timo-jyrinki)
Juhapekka Piiroinen (juhapekka-piiroinen)
affects: ubuntu-qtcreator-plugins → ubuntu-ui-toolkit
Revision history for this message
Timo Jyrinki (timo-jyrinki) wrote :

Possibly qtbase, but I don't know how to debug the /dev usage. It could be also something beneath Qt in our Android interaction layer.

Changed in ubuntu-ui-toolkit:
assignee: Timo Jyrinki (timo-jyrinki) → nobody
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Adding lxc-android-config task since it provides the udev rules for these devices. This may need to be reassigned. Giving priority of 'Medium', but this could perhaps be lower because apparmor-easyprof-ubuntu is currently denying the access and applications appear to be running fine.

Changed in lxc-android-config (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

These accesses have been denied for months without any consequence. I think for now marking the non-apparmor-easyprof-ubuntu tasks as "Won't Fix" is fine. We can re-open if these denials cause problems.

no longer affects: ubuntu-ui-toolkit
no longer affects: touch-preview-images
Changed in lxc-android-config (Ubuntu Saucy):
status: New → Won't Fix
Changed in qtbase-opensource-src (Ubuntu Saucy):
status: New → Won't Fix
Changed in lxc-android-config (Ubuntu Saucy):
importance: Medium → Low
Jamie Strandboge (jdstrand)
Changed in lxc-android-config (Ubuntu):
status: New → Won't Fix
Changed in qtbase-opensource-src (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.