AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| apparmor (Ubuntu) |
Undecided
|
Unassigned |
Bug Description
The evince AppArmor profile seems to miss an entry for /var/lib/
If evince is launched, the following gets logged to syslog:
kernel: [81577.596186] audit: type=1400 audit(150330609
I don't know if this should be allowed or denied. If you could add the correct behaviour to the profile, that would be nice; otherwise, every time evince is launched, a notification pops up (apparmor-notify installed).
(Workaround:
Add to original profile (/etc/apparmor.
#include <local/
Insert into local profile (/etc/apparmor.
/var/
)
Release: Ubuntu 16.04.3 LTS
Package Version: evince-common 3.18.2-1ubuntu4.1
The file itself may be not specific to evince, but the behaviour that evince tries to read it (and AppArmor denies that) is specific to the AppArmor profile file that gets delivered with evince-common (/etc/apparmor.
That is why i think it affects the package evince or evince-common, to be precise.
Launchpad Janitor (janitor) wrote : | #3 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in apparmor (Ubuntu): | |
status: | New → Confirmed |
Changed in apparmor (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in apparmor (Ubuntu): | |
status: | In Progress → Fix Committed |
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package apparmor - 2.12-4ubuntu5
---------------
apparmor (2.12-4ubuntu5) bionic; urgency=medium
[ Didier Roche ]
* debian/
- support communitheme snap (LP: #1762983)
[ Jamie Strandboge ]
* debian/
chromium (LP: #1101298, LP: #1594589, LP: #1647142)
- add attach_disconnected
- allow reading /proc/vmstat
- don't require owner match for /proc/pid/
counterparts
- adjust pci[0-9] to be pci[0-9a-f]
- allow reading all uevents and /sys/devices/
- allow ptracing xdgsettings and lsb-release
- xdgsettings uses head and tr and looks at /usr/share/
- lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
distro-info
- use 'm' on on sandbox
* debian/
/var/
(LP: #1712039)
-- Jamie Strandboge <email address hidden> Tue, 17 Apr 2018 20:15:16 +0000
Changed in apparmor (Ubuntu): | |
status: | Fix Committed → Fix Released |
The file is not specific to evince, that's probably better placed in a common file from appamor itself right?