Failed to execute child process "sensible-browser" (Permission denied)

Bug #625041 reported by Pavel Sherman on 2010-08-27
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Low
Jamie Strandboge
Lucid
Low
Jamie Strandboge

Bug Description

SRU Justification

1. impact of the bug is low for stable releases, but the fix is non-intrusive. It is included here as part of the 2.5.1 update for Lucid (LP: #660077)

2. This has been addressed in the maverick development cycle and refined in the development release.

3. Patch adds Pixr access to /usr/bin/sensible-browser abstractions/ubuntu-browsers. We use 'Pi' instead of 'PU' because sensible-browser chooses its browser based on an environment variable. Because we use 'i', sensible-browser will inherit the confined application's profile, which then checks the executable. Eg, since evince uses the ubuntu-browsers abstraction, it is allowed to open firefox, but not gdb.

4. TEST CASE:
* Update System/Preferences/Preferred Applications to use '/usr/bin/sensible-browser %u' as the custom command for the browser
* launch sensible-browser from the command line with 'sensible-browser http://www.ubuntu.com'. It should open firefox
* close firefox
* open the attached PDF in evince and click on the http://www.ubuntu.com link. It will not open firefox before the upgrade, but will after. If the firefox profile is enabled, firefox will be confined (see 'sudo aa-status').

5. The regression potential is very low for this patch as it only adds additional access for sensible-browser

Binary package hint: evince

Did a google search in firefox, a pdf link came up. I clicked the link and selected "Open With "Document Viewer (default)". The document opened in Evince without problems. In the pdf document there was a link -- I clicked that link and got the error message "Unable to open external link: Failed to execute child process "sensible-browser" (Permission denied)" (see screenshot).

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: evince 2.31.90-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-19.25-generic 2.6.35.3
Uname: Linux 2.6.35-19-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Thu Aug 26 21:04:34 2010
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha amd64 (20100803.1)
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: evince

Related branches

Pavel Sherman (pavel-sherman) wrote :
madbiologist (me-again) wrote :

Works here on Maverick alpha 3.

Uname: Linux 2.6.35-14-generic i686
Evince 2.31.90-0ubuntu1

Could be a 64bit issue.

Beowulf (s-highlander) wrote :

Nope, I run 32-bit Ubunu 10.04

Sebastien Bacher (seb128) wrote :

the browsers lists is in apparmor itself, reassigning the bug

Changed in evince (Ubuntu):
importance: Undecided → Low
affects: evince (Ubuntu) → apparmor (Ubuntu)
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → In Progress
Changed in apparmor (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.5.1~pre1393-0ubuntu6

---------------
apparmor (2.5.1~pre1393-0ubuntu6) maverick; urgency=low

  * debian/profiles/chromium-browser: updated to have the proper path to
    local/
  * debian/patches/0011-lp514356+573344+593413.patch: browser abstraction
    updates for /net, kmozillahelper and gnome-appearance-properties
    (LP: #593413, LP: #514356, LP: #573344)
  * debian/patches/0012-lp625041.patch: add sensible-browser (LP: #625041)
  * debian/patches/0013-lp623586.patch: allow access to ghostscript fonts when
    not using defoma (LP: #623586)
 -- Jamie Strandboge <email address hidden> Fri, 03 Sep 2010 07:39:31 -0500

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Juan Simón (simonbcn) wrote :

And what's happen with Lucid users? Lucis is a LTS version!! :-(

Juan Simón (simonbcn) wrote :

Any workaround!?

Changed in apparmor (Ubuntu Lucid):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Low
milestone: none → lucid-updates
status: New → In Progress
description: updated

Accepted apparmor into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in apparmor (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: added: verification-needed
Jamie Strandboge (jdstrand) wrote :

Upgraded to 2.5.1-0ubuntu0.10.04.1 in lucid-proposed and this issue is resolved.

Martin Pitt (pitti) on 2010-12-14
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :
Download full text (10.1 KiB)

This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1

---------------
apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low

  * Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work
    with newer kernels (LP: #660077)
    NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
    to be adjusted when 2 separately confined applications that both use the
    user-tmp abstraction depend on being able to cooperatively share files
    with each other in /tmp or /var/tmp.
  * remove the following patches (features not appropriate for SRU):
    - 0002-add-chromium-browser.patch
    - 0003-local-includes.patch
    - 0004-ubuntu-abstractions-updates.patch
  * debian/rules (this makes it the same as what was shipped in 10.04 LTS
    release):
    - don't ship aa-update-browser and its man page (requires
      0004-ubuntu-abstractions-updates.patch)
    - don't ship apparmor.d/local/ (requires 0003-local-includes.patch)
    - don't use dh_apparmor (not in Ubuntu 10.04 LTS)
    - don't ship chromium profile
  * remove debian/profiles/chromium-browser
  * remove debian/aa-update-browser*
  * debian/apparmor-profiles.postinst: revert to that in lucid release
    (requires dh_apparmor and 0002-add-chromium-browser.patch)
  * remove debian/apparmor-profiles.postrm: doesn't make sense without
    0002-add-chromium-browser.patch
  * debian/control:
    - revert Build-Depends on debhelper (>= 5)
    - revert Standards-Version to 3.8.4
    - revert Vcs-Bzr
    - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS
  * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id
    back into dbus, since profiles on 10.04 LTS expect it there
  * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde
    abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
    be there

apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low

  * New upstream release (LP: #660077)
    - The following patches were refreshed:
      + 0001-fix-release.patch
      + 0003-local-includes.patch
      + 0004-ubuntu-abstractions-updates.patch
      + 0008-lp648900.patch: renamed as 0005-lp648900.patch
    - The following patches were dropped (included upstream):
      + 0005-lp601583.patch
      + 0006-network-interface-enumeration.patch
      + 0007-gnome-updates.patch
  * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head
    of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
  * debian/patches/0007-honor-cflags.patch: have the parser makefile honor
    CFLAGS environment variable. Brings back missing symbols for the retracer
  * debian/patches/0008-lp652674.patch: fix warnings for messages without
    denied or requested masks (LP: #652674)
  * debian/apparmor.init: fix path to aa-status (LP: #654841)
  * debian/apport/source_apparmor.py: apport hook should use
    root_command_hook() for running apparmor_status (LP: #655529)
  * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber
    cmdline details (LP: #657091)
  * debian/{rules,control}: move apache2 abstractions into the base package
    so we can put ...

Changed in apparmor (Ubuntu Lucid):
status: Fix Committed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers