Dekko can't open webviews on a Xenial (+Unity8) laptop

Bug #1538475 reported by Andrea Bernabei on 2016-01-27
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
Jamie Strandboge
apparmor-easyprof-ubuntu (Ubuntu RTM)

Bug Description

This is happening on a Xenial laptop with apparmor-easyprof 2.10-0ubuntu11

I cloned Dekko's repo, built it with
cmake -DCLICK_MODE=on .
make -j4
make DESTDIR=./click_dir install
click build ./click_dir

and installed the package with
sudo click install --user=<username> --allow-unauthenticated

When Dekko tried to load a WebView
(source: )

I get the following denials:
in Dekko's log ->
in Journal ->

Dekko's apparmor profile:

Andrea Bernabei (faenil) on 2016-01-27
Changed in apparmor-easyprof-ubuntu (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand) wrote :

The problem is that shm moved from /run to /dev. I'll fix the profile.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :

This should be fixed in 16.04.3, which I just uploaded.

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

@Andrea: yes but the fix wasn't applied to policy version 1.3, which is what you specified in your security manifest.

Andrea Bernabei (faenil) wrote :

right. Thanks!

Andrea Bernabei (faenil) wrote :

so this means laptops running vivid+ppa will not get the fix, is that right?

Jamie Strandboge (jdstrand) wrote :

You said that xenial was affected, so I fixed xenial. :) I don't know what ppa you are referring to, but I did check if vivid desktop uses /dev/shm (it does), so it would need the fix. Perhaps ask the owner of the ppa to add the fix to it? Do note, vivid is EOL next week.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 16.04.3

apparmor-easyprof-ubuntu (16.04.3) xenial; urgency=medium

  [ Tiago Salem Herrmann ]
  * ubuntu/history: add owner read access to

  [ Jamie Strandboge ]
  * ubuntu/webview: apply shm changes in last upload to previous policy and
    adjust symlinks (LP: #1538475)

 -- Jamie Strandboge <email address hidden> Wed, 27 Jan 2016 08:16:28 -0600

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: Fix Committed → Fix Released
Andrea Bernabei (faenil) wrote :

yeah, I'm just looking for other places that need fixing, that's all...

I don't know if we support running Unity8 on top of Vivid, but if we do, then I guess that needs fixing as well :)

Łukasz Zemczak (sil2100) wrote :

If this also happens for our stable/rc/rc-proposed phones, I suppose we need to get this siloed up and queued for release in the CI Train.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers