apparmor confined applications with a WebView get a denial for sys_admin capability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Oxide |
New
|
Undecided
|
Unassigned | ||
apparmor-easyprof-ubuntu (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Testing oxide 1.9.1 on arale, I created a simple click package that simply launches qmlview with the following bit of QML:
import QtQuick 2.4
import com.canonical.Oxide 1.9
WebView {
url: "http://
}
The manifest for the app has policy groups "networking" and "webview", and the policy version is 1.3.
When I launch the app, it fails to start, and the app’s log is the following:
[0910/
Looking into /var/log/syslog, I’m seeing the following denial:
Sep 10 10:19:28 ubuntu-phablet kernel: [ 320.255767] type=1400 audit(144187316
Note that the same happens for any webapp, the webapp container fails to start because of the above denial.