Ubuntu
apparmor-easyprof-ubuntu package

oxide does not seem to honor TMPDIR-- requires read access to /tmp and /var/tmp

Bug #1260098 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
New
Low
Unassigned
apparmor-easyprof-ubuntu (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

When running oxide, I get the following apparmor denials:
Dec 11 16:16:48 localhost kernel: [234482.172630] type=1400 audit(1386800208.786:2180): apparmor="DENIED" operation="open" parent=22731 profile="com.ubuntu.developer.jdstrand.test-oxide_test-oxide_0.1" name="/tmp/" pid=9220 comm="Chrome_IOThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dec 11 16:16:48 localhost kernel: [234482.172659] type=1400 audit(1386800208.786:2181): apparmor="DENIED" operation="open" parent=22731 profile="com.ubuntu.developer.jdstrand.test-oxide_test-oxide_0.1" name="/var/tmp/" pid=9220 comm="Chrome_IOThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Dec 11 16:16:49 localhost kernel: [234482.481748]

Oxide seems to work ok otherwise, but these denials are noisy and could cause confusion. Oxide should be honoring TMPDIR first, then fall back to /tmp and /var/tmp if it isn't set. While we could silence the denials like so:
  deny /tmp/ r,
  deny /var/tmp/ r,

this could break future profiles. Allowing the read allows enumerating files in these directories, which could leak information and should not generally be needed.

See original description
Jamie Strandboge (jdstrand)
description: updated
Changed in oxide:
importance: Medium → Low
Changed in apparmor-easyprof-ubuntu (Ubuntu):
importance: Undecided → Low
Jamie Strandboge (jdstrand)
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.