Ubuntu
apparmor package

denial for /usr/lib/x86_64-linux-gnu/egl/egl_gallium.so

Bug #1320014 reported by Jamie Strandboge on 2014-05-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

When running a webapp under oxide on 14.04, I see the following denial:
May 15 16:52:06 localhost kernel: [318977.280956] type=1400 audit(1400190726.317:409): apparmor="DENIED" operation="file_mmap" profile="com.ubuntu.developer.jdstrand.rottentomatoes_rottentomatoes_0.10" name="/usr/lib/x86_64-linux-gnu/egl/egl_gallium.so" pid=3920 comm="webapp-containe" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

The base abstraction almost caught this with this rule:
/usr/lib/@{multiarch}/**/lib*.so* mr,

but missed it because egl_gallium.so doesn't begin with 'lib'. The following rule should be added to the X abstraction:
/usr/lib/@{multiarch}/egl/*.so* mr,

Jamie Strandboge (jdstrand) on 2014-05-15

Changed in apparmor (Ubuntu):
status:	New → In Progress
assignee:	nobody → Jamie Strandboge (jdstrand)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-05-16:

Committed to upstream trunk. This should be in Ubuntu in the next sync with upstream.

Changed in apparmor (Ubuntu):
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) on 2014-10-09

Changed in apparmor (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package

denial for /usr/lib/x86_64-linux-gnu/egl/egl_gallium.so

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
apparmor package