apparmor denial to cache for confined scopes
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical System Image |
Fix Released
|
Undecided
|
Unassigned | ||
| unity-scopes-api (Ubuntu) |
Fix Released
|
High
|
Michi Henning | ||
Bug Description
In a recent test run, the following denial was observed:
Oct 1 18:13:05 ubuntu-phablet kernel: [ 130.968843] (3)[6618:
Yelp is using the wrong directory. It is using:
@{HOME}
but apparmor policy says to use:
@{HOME}
Note: this is a different bug than the one dealing with XDG_RUNTIME_DIR paths, where we do use @{APP_APPNAME}.
Adding rtm14 tag with High priority since this seems to affect scopes in the store. Please readjust as necessary.
Related branches
- Paweł Stołowski (community): Approve
- PS Jenkins bot (community): Approve (continuous-integration)
-
Diff: 236 lines (+81/-47)6 files modifiedCONFIGFILES (+2/-1)
debian/libunity-scopes3.symbols (+5/-1)
include/unity/scopes/internal/DfltConfig.h.in (+0/-1)
include/unity/scopes/internal/RuntimeImpl.h (+5/-1)
scoperegistry/scoperegistry.cpp (+11/-2)
src/scopes/internal/RuntimeImpl.cpp (+58/-41)
- Michi Henning (community): Approve
-
Diff: 531 lines (+149/-84)15 files modifiedCMakeLists.txt (+1/-1)
CONFIGFILES (+2/-1)
RELEASE_NOTES.md (+4/-0)
debian/changelog (+9/-0)
debian/libunity-scopes3.symbols (+7/-2)
include/unity/scopes/internal/DfltConfig.h.in (+0/-1)
include/unity/scopes/internal/RegistryObject.h (+4/-0)
include/unity/scopes/internal/RuntimeImpl.h (+5/-1)
include/unity/scopes/internal/smartscopes/SSRegistryObject.h (+1/-0)
scoperegistry/scoperegistry.cpp (+11/-13)
scoperunner/scoperunner.cpp (+0/-15)
src/scopes/internal/RegistryObject.cpp (+18/-0)
src/scopes/internal/RuntimeImpl.cpp (+58/-41)
src/scopes/internal/smartscopes/SSRegistryObject.cpp (+16/-6)
src/scopes/internal/smartscopes/SmartScope.cpp (+13/-3)
| Changed in unity-scopes-api (Ubuntu): | |
| assignee: | nobody → Pawel Stolowski (stolowski) |
| tags: | added: touch-2014-10-16 |
| Changed in unity-scopes-api (Ubuntu): | |
| assignee: | Pawel Stolowski (stolowski) → Michi Henning (michihenning) |
| Changed in unity-scopes-api (Ubuntu): | |
| assignee: | Michi Henning (michihenning) → nobody |
| Changed in unity-scopes-api (Ubuntu): | |
| assignee: | nobody → Michi Henning (michihenning) |
| Michi Henning (michihenning) wrote | #1 |
| Changed in unity-scopes-api (Ubuntu): | |
| status: | New → Fix Committed |
| Changed in unity-scopes-api (Ubuntu): | |
| status: | Fix Committed → In Progress |
| Changed in unity-scopes-api (Ubuntu): | |
| status: | In Progress → Fix Committed |
| Changed in unity-scopes-api (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| tags: | added: ota-1 |
| Changed in canonical-devices-system-image: | |
| status: | New → In Progress |
| summary: |
- apparmor denial for yelp + apparmor denial to cache for confined scopes |
| Pete Woods (pete-woods) wrote | #2 |
| Changed in canonical-devices-system-image: | |
| status: | In Progress → Fix Released |
This should be fixed now. The location/name for the dir were incorrect. The failure was benign for unconfined scopes, but prevented access to the cache dir for confined scopes.