Comment 8 for bug 1468792

Jamie Strandboge (jdstrand) wrote :

Jun 26 12:31:44 ubuntu-phablet kernel: [49381.194192] type=1400 audit(1435311104.982:863): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/dev/tty" pid=1914 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0

This won't be allowed and is probably the result of the plugin trying to write to stderr or stdout

Jun 26 12:31:48 ubuntu-phablet kernel: [49384.603714] type=1400 audit(1435311108.396:864): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/etc/pulse/client.conf" pid=1905 comm="online-accounts" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Jun 26 12:31:48 ubuntu-phablet kernel: [49384.604447] type=1400 audit(1435311108.396:865): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/run/shm/" pid=1905 comm="online-accounts" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Jun 26 12:31:48 ubuntu-phablet kernel: [49384.606461] type=1400 audit(1435311108.396:866): apparmor="DENIED" operation="mknod" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/run/shm/pulse-shm-324557232" pid=1905 comm="online-accounts" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011
Jun 26 12:31:48 ubuntu-phablet kernel: [49384.607102] type=1400 audit(1435311108.396:867): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/run/shm/" pid=1905 comm="online-accounts" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
Jun 26 12:31:48 ubuntu-phablet kernel: [49384.610154] type=1400 audit(1435311108.396:868): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/run/user/32011/pulse/" pid=1905 comm="online-accounts" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
Jun 26 12:31:48 ubuntu-phablet kernel: [49384.610337] type=1400 audit(1435311108.396:869): apparmor="DENIED" operation="rmdir" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/run/user/32011/pulse/" pid=1905 comm="online-accounts" requested_mask="d" denied_mask="d" fsuid=32011 ouid=32011

These are all in the audio policy group. Why is this happening?

Jun 26 12:31:48 ubuntu-phablet kernel: [49384.774201] type=1400 audit(1435311108.566:870): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/proc/1905/mounts" pid=1905 comm="online-accounts" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
Jun 26 12:31:48 ubuntu-phablet kernel: [49384.774323] type=1400 audit(1435311108.566:871): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/dev/disk/by-label/" pid=1905 comm="online-accounts" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0

This will not be allowed by policy. I'll add an explicit deny rule to wily.

Jun 26 12:31:48 ubuntu-phablet kernel: [49384.900616] type=1400 audit(1435311108.686:872): apparmor="DENIED" operation="open" profile="com.ubuntu.developer.rmescandon.asana_account-plugin_1.0.0" name="/sys/devices/platform/kgsl-3d0.0/kgsl/kgsl-3d0/reset_count" pid=1983 comm="Chrome_InProcGp" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0

This looks to be a missing rule in lxc-android-config's rules. Can you file a separate bug on this providing the output of system-image-cli -i?