apparmor abstractions should support ibus

Bug #649497 reported by Jamie Strandboge
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Jamie Strandboge
apparmor (Ubuntu)

Bug Description

Binary package hint: apparmor

Evince and firefox AppArmor profiles have the following denials:
Sep 28 02:14:10 sec-maverick-amd64 kernel: [18081.343415] type=1400 audit(1285640050.649:227): apparmor="DENIED" operation="chmod" parent=20423 profile="/usr/bin/evince-previewer" name="/home/jamie/.config/ibus/bus/" pid=20631 comm="evince-previewe" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

Adding the following does indeed 'fix' the issue:
  @{HOME}/.config/ibus/bus/ w,

but there are problems with this, since I am not an ibus user and clearly more access that a write to a directory is needed to properly support ibus. Looking at, it seems that ibus can be used by Gnome and KDE, so perhaps it needs its own abstraction, such as /etc/apparmor.d/abstractions/ibus.

Related branches

Changed in apparmor (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Changed in apparmor:
status: New → Confirmed
importance: Undecided → Wishlist
Changed in apparmor:
status: Confirmed → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor:
status: In Progress → Fix Committed
Changed in apparmor (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.6~devel+bzr1617-0ubuntu1

apparmor (2.6~devel+bzr1617-0ubuntu1) natty; urgency=low

  * Merge with upstream bzr revision 1617. Closes the following bugs:
    - LP: #692406: temporarily disable the defunct repository until an
      alternative can be used
    - LP: #649497: add ibus abstraction
    - LP: #652562: allow 'rw' to /var/log/samba/cores/
    - LP: #658135: allow access to /usr/lib32 and /usr/lib64 for dri modules
  * 0002-add-chromium-browser.patch: add /dev/shm/.org.chromium.*
    (LP: #692866)
  * rename debian/patches/0010-ubuntu-buildd.patch to 0001-ubuntu-buildd.patch
    and adjust debian/patches/series
  * debian/patches/0003-add-libvirt-support-to-dnsmasq.patch (LP: #697239):
    - allow read and write access to libvirt pid files for dnsmasq
    - allow net_admin capability for DHCP server
    - allow net_raw and network inet raw for ICMP pings when used as a DHCP
  * debian/patches/0004-lp698194 (LP: #698194):
    - abstractions/private-files: don't allow wl to autostart directories
    - abstractions/private-files-strict: don't allow access to chromium,
      kwallet and popular mail clients
 -- Jamie Strandboge <email address hidden> Fri, 07 Jan 2011 12:44:26 -0600

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

This was fixed in AppArmor 2.7.0, closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers