nvidactl (misspelled) in /etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia all Ubuntu versions

Bug #1228882 reported by danmb
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Jamie Strandboge

Bug Description

/etc/apparmor.d/abstractions/ubuntu-browsers.d/multimedia mis-spells an nvidia device:

  # If we allow the above, nvidia based systems will also need these
  /dev/nvidactl rw,
  /dev/nvidia0 rw,

(should of course be nvidiactl). This seems to be the case in all apparmor versions.

I don't know if this affects anything. I can't watch Youtube videos in Firefox, and my fix doesn't improve the situation (there are probably other bugs)

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: apparmor 2.7.102-0ubuntu3.9
ProcVersionSignature: Ubuntu 3.8.0-31.23-lowlatency 3.8.13.8
Uname: Linux 3.8.0-31-lowlatency i686
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: i386
Date: Sun Sep 22 18:37:58 2013
EcryptfsInUse: Yes
MarkForUpload: True
ProcEnviron:
 TERM=rxvt
 LC_COLLATE=C
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.8.0-31-lowlatency root=UUID=a7047dd8-61aa-4cbe-b36d-697a5e7ee64b ro
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.apparmor.d.abstractions.ubuntu.browsers.d.multimedia: 2013-09-22T18:16:06.208483

Revision history for this message
danmb (danmbox) wrote :
Revision history for this message
dino99 (9d9) wrote :

Same issue on Saucy i386

tags: added: saucy
Revision history for this message
danmb (danmbox) wrote :

@dino99, do you also have problems with flash or firefox?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
dino99 (9d9) wrote :

@Dan
Flash is always a pain: sometimes it works only; mostly i need to reinstall it with the new kernels. I have no problem with Chromium+pepflashplugin, with firefox its 50/50 (often switch to html5), with midori its also a russian roulette experience.

Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.0-0ubuntu30

---------------
apparmor (2.8.0-0ubuntu30) saucy; urgency=low

  [ Tyler Hicks ]
  * debian/patches/0059-dbus-rules-for-dbus-abstractions.patch: Add an
    abstraction for the accessibility bus. It is currently very permissive,
    like the dbus and dbus-session abstractions, and grants all permissions on
    the accessibility bus. (LP: #1226141)
  * debian/patches/0071-lp1226356.patch: Fix issues in parsing D-Bus and mount
    rules. Both rule classes suffered from unexpected auditing behavior when
    using the 'deny' and 'audit deny' rule modifiers. The 'deny' modifier
    resulting in accesses being audited and the 'audit deny' modifier
    resulting in accesses not being audited. (LP: #1226356)
  * debian/patches/0072-lp1229393.patch: Fix cache location for .features
    file, which was not being written to the proper location if the parameter
    --cache-loc= is passed to apparmor_parser. This bug resulted in using the
    .features file from /etc/apparmor.d/cache or always recompiling policy.
    Patch thanks to John Johansen. (LP: #1229393)
  * debian/patches/0073-lp1208988.patch: Update AppArmor file rules of UNIX
    domain sockets to include read and write permissions. Both permissions are
    required when a process connects to a UNIX domain socket. Also include new
    tests for mediation of UNIX domain sockets. Thanks to Jamie Strandboge for
    helping with the policy updates and testing. (LP: #1208988)
  * debian/patches/0075-lp1211380.patch: Adjust the audio abstraction to only
    grant access to specific pulseaudio files in the pulse runtime directory
    to remove access to potentially dangerous files (LP: #1211380)

  [ Jamie Strandboge ]
  * debian/patches/0074-lp1228882.patch: typo in ubuntu-browsers.d/multimedia
    (LP: #1228882)
  * 0076_sanitized_helper_dbus_access.patch: allow applications run under
    sanitized_helper to connect to DBus
 -- Tyler Hicks <email address hidden> Fri, 04 Oct 2013 17:29:52 -0700

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers