Ubuntu Download Manager cannot be accessed by confined applications even when they have the networking profile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
If a confined application has the networking profile it cannot access the donwload manager eventhough there are rules to allow it. The following error happens when trying to create a new download:
Apr 21 15:38:43 ubuntu-phablet dbus[2162]: apparmor="DENIED" operation=
After some talk in the security channel we were pointed out the following:
17:11 @ tyhicks : jdstrand: in the networking policy group, some of the dbus rules specify the member by including the full interface
17:11 @ tyhicks : jdstrand: like "... member=
17:11 @ tyhicks : jdstrand: I think that should just be "... member=
Related branches
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
milestone: | none → ubuntu-14.05 |
Removing the "com.canonical. applications. Downloader. " section from all member statements fixed the problem when testing locally.