[apparmor] evince need access to /dev/.udev/data/b
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
evince (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Natty |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Oneiric |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
Binary package hint: evince
I get warning in dmesg about denied access:
[ 567.296832] type=1400 audit(130328076
[ 567.298080] type=1400 audit(130328076
Looks like apparmor rule should be corrected to allow it:
/dev/.udev/db/* r,
+ /dev/.udev/
/etc/
/sys/
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: evince 2.32.0-0ubuntu12
ProcVersionSign
Uname: Linux 2.6.39-
Architecture: amd64
Date: Wed Apr 20 08:48:32 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha amd64 (20100803.1)
ProcEnviron:
LANGUAGE=
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: evince
UpgradeStatus: Upgraded to natty on 2011-03-17 (33 days ago)
Changed in evince (Ubuntu): | |
status: | New → Triaged |
Changed in evince (Ubuntu): | |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
milestone: | none → natty-updates |
tags: | added: apparmor |
1. When people use evince, apparmor spams the syslog.
2. This has not been fixed in Oneirc (which isn't open yet)
3. Patch is very small: {data,db} /* r,
- /dev/.udev/db/* r,
+ /dev/.udev/
4. TEST CASE doc/shared- mime-info/ shared- mime-info- spec.pdf 9.238:24) : apparmor="DENIED" operation="open" parent=1342 profile= "/usr/bin/ evince" name="/ dev/.udev/ data/b252: 1" pid=1469 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
$ evince /usr/share/
$ tail /var/log/kern.log
...
Apr 22 13:38:09 sec-natty-amd64 kernel: [ 72.743938] type=1400 audit(130349748
5. Regression potential is very low, we are only adding access, not taking away.