webbrowser-app re-execs itself which breaks webapps under application confinement
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Critical
|
Jamie Strandboge | ||
Saucy |
Fix Released
|
Critical
|
Jamie Strandboge | ||
upstart-app-launch (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Saucy |
Won't Fix
|
Undecided
|
Unassigned | ||
webbrowser-app (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When a webapp is launched via the upstart job, webbrowser-app re-execs itself, causing an apparmor denial and failure to launch the browser:
First, install the facebook app from the appstore.
Then, from adb shell:
root@ubuntu-
phablet@
This results in the following denial in /var/log/syslog:
Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(137969269
Adding the following rule to /var/lib/
/usr/
and reloading policy with 'sudo apparmor_parser -r /var/lib/
This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating. That said, we do have an rmix rule for qtchooser in the ubuntu-sdk template, so we might be ok there.
Interestingly, the re-exec only happens when running under upstart-app-launch, not when using aa-exec-click.
Marking bug as Critical because without the workaround rule, webapps will break when Mir is the default.