oxide tries to create /usr/lib/x86_64-linux-gnu/qt5/bin/locales/

Bug #1260044 reported by Jamie Strandboge on 2013-12-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Low
Unassigned

Bug Description

I started playing with oxide and noticed this apparmor denial:
Dec 11 12:43:22 localhost kernel: [221681.497116] type=1400 audit(1386787402.526:1075): apparmor="DENIED" operation="mkdir" parent=3635 profile="com.ubuntu.developer.jdstrand.test-oxide_test-oxide_0.1" name="/usr/lib/x86_64-linux-gnu/qt5/bin/locales/" pid=18850 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

For some reason it is looking for locales in a weird place. QtWebKit does not do this. Example qml:
import QtQuick 2.0
import Ubuntu.Components 0.1
import "components"

import com.canonical.Oxide 0.1

MainView {
    objectName: "mainView"
    applicationName: "com.ubuntu.developer.jdstrand.test-oxide"
    width: units.gu(100)
    height: units.gu(75)

    Page {
        id: page
        anchors.fill: parent

        WebView {
            id: webView
            width: parent.width
            height: parent.height
            url: "http://www.ubuntu.com"
        }
    }
}

Jamie Strandboge (jdstrand) wrote :

I just noticed the sandbox is also looking in /usr/lib/@{multiarch}/oxide-qt/locales/. Perhaps if this existed the denial would go away.

Olivier Tilloy (osomon) on 2013-12-12
Changed in oxide:
importance: Undecided → Low
Chris Coulson (chrisccoulson) wrote :

This happens inside ui::PathProvider() in Chromium. We can probably avoid this by registering an override for the ui::DIR_LOCALES key in the path service from Oxide, rather than patching Chromium. This would prevent the provider in Chromium from being called

Changed in oxide:
status: New → Triaged
Jamie Strandboge (jdstrand) wrote :

FYI, more recent builds have a denail of /usr/bin/locales.

All webapps are falling bc of this, using 1.1 apparmor policy & 14.04-dev1 fw,

Jamie Strandboge (jdstrand) wrote :

Actually, it was a missing 'webview' policy group. This bug should be fixed, but webapps aren't broken.

Jamie: yes, thank you for clarifying

Jamie Strandboge (jdstrand) wrote :

FYI, added workaround rule in apparmor-easyprof-ubuntu:

apparmor-easyprof-ubuntu (1.1.12) trusty; urgency=medium

  * 1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for
    /usr/lib/@{multiarch}/oxide-qt/locales/ already since it is confusing for
    people who are diagnosing oxide issues (LP: #1260044)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers