Ubuntu
apparmor package

apparmor abstractions should support ibus

Bug #649497 reported by Jamie Strandboge
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Wishlist
Jamie Strandboge
apparmor (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Binary package hint: apparmor

Evince and firefox AppArmor profiles have the following denials:
Sep 28 02:14:10 sec-maverick-amd64 kernel: [18081.343415] type=1400 audit(1285640050.649:227): apparmor="DENIED" operation="chmod" parent=20423 profile="/usr/bin/evince-previewer" name="/home/jamie/.config/ibus/bus/" pid=20631 comm="evince-previewe" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

Adding the following does indeed 'fix' the issue:
  @{HOME}/.config/ibus/bus/ w,

but there are problems with this, since I am not an ibus user and clearly more access that a write to a directory is needed to properly support ibus. Looking at http://code.google.com/p/ibus/, it seems that ibus can be used by Gnome and KDE, so perhaps it needs its own abstraction, such as /etc/apparmor.d/abstractions/ibus.

Related branches

lp:ubuntu/natty/apparmor
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Changed in apparmor:
status: New → Confirmed
importance: Undecided → Wishlist
Jamie Strandboge (jdstrand)
Changed in apparmor:
status: Confirmed → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
Changed in apparmor:
status: In Progress → Fix Committed
Changed in apparmor (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.6~devel+bzr1617-0ubuntu1

---------------
apparmor (2.6~devel+bzr1617-0ubuntu1) natty; urgency=low

  * Merge with upstream bzr revision 1617. Closes the following bugs:
    - LP: #692406: temporarily disable the defunct repository until an
      alternative can be used
    - LP: #649497: add ibus abstraction
    - LP: #652562: allow 'rw' to /var/log/samba/cores/
    - LP: #658135: allow access to /usr/lib32 and /usr/lib64 for dri modules
  * 0002-add-chromium-browser.patch: add /dev/shm/.org.chromium.*
    (LP: #692866)
  * rename debian/patches/0010-ubuntu-buildd.patch to 0001-ubuntu-buildd.patch
    and adjust debian/patches/series
  * debian/patches/0003-add-libvirt-support-to-dnsmasq.patch (LP: #697239):
    - allow read and write access to libvirt pid files for dnsmasq
    - allow net_admin capability for DHCP server
    - allow net_raw and network inet raw for ICMP pings when used as a DHCP
      server
  * debian/patches/0004-lp698194 (LP: #698194):
    - abstractions/private-files: don't allow wl to autostart directories
    - abstractions/private-files-strict: don't allow access to chromium,
      kwallet and popular mail clients
 -- Jamie Strandboge <email address hidden> Fri, 07 Jan 2011 12:44:26 -0600

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

This was fixed in AppArmor 2.7.0, closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.