2012-03-25 12:20:58 |
Jaromir Obr |
bug |
|
|
added bug |
2012-03-25 16:27:23 |
Jamie Strandboge |
tags |
amd64 apport-bug precise |
amd64 apparmor apport-bug precise |
|
2012-03-25 16:29:44 |
Jamie Strandboge |
apparmor (Ubuntu): status |
New |
Triaged |
|
2012-03-25 16:35:34 |
Jamie Strandboge |
apparmor (Ubuntu): importance |
Undecided |
Low |
|
2012-04-09 05:52:27 |
varangamaiky |
bug |
|
|
added subscriber varangamaiky |
2012-05-01 19:44:29 |
tnhh |
bug |
|
|
added subscriber tnhh |
2012-05-02 13:05:32 |
Jamie Strandboge |
description |
1) Set Google Chrome as a default web browser
2) Evince: Open a PDF file containing an URL (HTTP)
3) Evince: Click on the link
Expected result:
URL is opened in Google Chrome
Actual result:
URL isn't opened in Google Chrome:
/opt/google/chrome/google-chrome: line 42: /opt/google/chrome/chrome: Permission denied
/opt/google/chrome/google-chrome: line 42: /opt/google/chrome/chrome: Success
syslog:
Mar 25 13:26:44 turion kernel: [ 675.919249] type=1400 audit(1332674804.672:24): apparmor="DENIED" operation="exec" parent=1 profile="/usr/bin/evince//sanitized_helper" name="/opt/google/chrome/chrome" pid=3820 comm="google-chrome" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Workaround: Add "/opt/google/chrome/google-chrome Ux," into /etc/apparmor.d/abstractions/ubuntu-browsers and restart apparmor service
Used SW:
Ubuntu 12.04 LTS (beta 1)
kernel 3.2.0-20-generic x86_64
Google Chrome 17.0.963.83
evince 3.3.92-0ubuntu2
apparmor 2.7.102-0ubuntu1
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: apparmor 2.7.102-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-20.32-generic 3.2.12
Uname: Linux 3.2.0-20-generic x86_64
ApportVersion: 1.95-0ubuntu1
Architecture: amd64
Date: Sun Mar 25 14:11:23 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64+mac (20111011)
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.2.0-20-generic root=/dev/mapper/Data-Root ro splash quiet vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to precise on 2012-03-03 (21 days ago) |
SRU Justification:
Impact: when chromium-browser or Google Chrome are set as the default browser, the user is unable to open links via PDF files
Development fix: the fix will be applied to Quantal via pocket copy of this SRU.
Stable fix: this was fixed in r2039 by adding the following to /etc/apparmor.d/abstractions/ubuntu-helpers:
# While the chromium and chrome sandboxes are setuid root, they only link
# in limited libraries so glibc's secure execution should be enough to not
# require the santized_helper (ie, LD_PRELOAD will only use standard system
# paths (man ld.so)).
/usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
/opt/google/chrome/chrome-sandbox PUxr,
/opt/google/chrome/google-chrome Pixr,
/opt/google/chrome/chrome Pixr,
/opt/google/chrome/lib*.so{,.*} m,
TEST CASE:
1. Install chromium-browser and/or Google Chrome
2. Launch chromium-browser (or Chrome) and set it as the default web browser
3. Open a PDF with a link in it (attached) in evince and click on the link.
At this point, chromium-browser (or Chrome) should open to the link specified. Without the patch, it does not open and there are AppArmor denials in /var/log/kern.log.
Regression potential: the regression potential is considered low. Launching chromium-browser and Chrome via evince is currently broken, so there is no regression potential there, however ubuntu-helpers is included by the (disable by default) firefox profile so a mistake in the added policy could prevent firefox policy from loading. |
|
2012-05-02 13:05:40 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Precise |
|
2012-05-02 13:05:40 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu Precise) |
|
2012-05-02 13:05:40 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Quantal |
|
2012-05-02 13:05:40 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu Quantal) |
|
2012-05-02 13:05:48 |
Jamie Strandboge |
apparmor (Ubuntu Precise): status |
New |
Triaged |
|
2012-05-02 13:05:51 |
Jamie Strandboge |
apparmor (Ubuntu Precise): importance |
Undecided |
Low |
|
2012-05-02 13:06:05 |
Jamie Strandboge |
summary |
Evince cannot open HTTP link in Google Chrome |
Evince cannot open HTTP link in Google Chrome or chromium-browser |
|
2012-05-02 13:06:14 |
Jamie Strandboge |
apparmor (Ubuntu Precise): milestone |
|
precise-updates |
|
2012-05-02 13:08:23 |
Jamie Strandboge |
attachment added |
|
test_hyperlink.pdf https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/964510/+attachment/3125040/+files/test_hyperlink.pdf |
|
2012-06-13 15:20:31 |
scottku |
bug |
|
|
added subscriber scottku |
2012-06-22 13:17:27 |
Jamie Strandboge |
attachment added |
|
apparmor_2.7.102-0ubuntu6.debdiff https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/964510/+attachment/3200281/+files/apparmor_2.7.102-0ubuntu6.debdiff |
|
2012-06-22 13:17:43 |
Jamie Strandboge |
apparmor (Ubuntu Quantal): assignee |
|
Steve Beattie (sbeattie) |
|
2012-06-22 13:17:49 |
Jamie Strandboge |
apparmor (Ubuntu Quantal): milestone |
|
quantal-alpha-3 |
|
2012-06-22 16:20:33 |
Ubuntu Foundations Team Bug Bot |
tags |
amd64 apparmor apport-bug precise |
amd64 apparmor apport-bug patch precise |
|
2012-07-05 15:33:54 |
Jamie Strandboge |
apparmor (Ubuntu Quantal): status |
Triaged |
In Progress |
|
2012-07-05 15:33:58 |
Jamie Strandboge |
apparmor (Ubuntu Quantal): assignee |
Steve Beattie (sbeattie) |
Jamie Strandboge (jdstrand) |
|
2012-07-05 18:00:12 |
Launchpad Janitor |
apparmor (Ubuntu Quantal): status |
In Progress |
Fix Released |
|
2012-07-05 18:16:02 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/apparmor |
|
2012-09-05 21:30:29 |
Yevgen Antimirov |
bug |
|
|
added subscriber Eugene Antimirov |
2012-10-25 01:56:01 |
Neal McBurnett |
bug |
|
|
added subscriber Neal McBurnett |
2012-12-25 14:26:19 |
mazurkin |
bug |
|
|
added subscriber mazurkin |
2012-12-28 02:53:06 |
Kip Warner |
bug |
|
|
added subscriber Kip Warner |
2013-07-08 18:32:45 |
Launchpad Janitor |
branch linked |
|
lp:~kees/apparmor/debian |
|
2013-12-30 04:36:19 |
Alad Wenter |
bug |
|
|
added subscriber Previous1 |
2017-05-05 21:42:54 |
scottku |
removed subscriber scottku |
|
|
|
2021-10-14 01:31:58 |
Steve Langasek |
apparmor (Ubuntu Precise): status |
Triaged |
Won't Fix |
|