| 2014-09-16 19:47:24 |
Stefano Verzegnassi |
bug |
|
|
added bug |
| 2014-09-23 20:34:50 |
Stefano Verzegnassi |
attachment added |
|
logs https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1370218/+attachment/4212813/+files/logs |
|
| 2014-09-26 22:16:20 |
Jamie Strandboge |
description |
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. It would be better if the files were app-specific to better isolation the apps (this is something we are doing elsewhere).
However, this should be fixed once microphone recording is handled via the media-hub trusted helper.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
|
| 2014-09-26 22:17:44 |
Jamie Strandboge |
bug task added |
|
qtmultimedia-opensource-src (Ubuntu) |
|
| 2014-09-26 22:19:34 |
Jamie Strandboge |
tags |
|
application-confinement |
|
| 2014-09-26 22:23:07 |
Jamie Strandboge |
description |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. It would be better if the files were app-specific to better isolation the apps (this is something we are doing elsewhere).
However, this should be fixed once microphone recording is handled via the media-hub trusted helper.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. It would be better if the files were app-specific to better isolation the apps (this is something we are doing elsewhere).
However, this should be fixed once microphone recording is handled via the media-hub trusted helper. I won't be fixing this until trust-store integration is in media-hub and it can be verified safe on devices.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
|
| 2014-09-26 22:24:53 |
Jamie Strandboge |
description |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. It would be better if the files were app-specific to better isolation the apps (this is something we are doing elsewhere).
However, this should be fixed once microphone recording is handled via the media-hub trusted helper. I won't be fixing this until trust-store integration is in media-hub and it can be verified safe on devices.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. Please update qtmultimedia-opensource-src so the files are app-specific to better isolation the apps (this is something we are doing elsewhere).
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
|
| 2014-09-26 22:43:17 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): status |
New |
In Progress |
|
| 2014-09-26 22:43:21 |
Jamie Strandboge |
qtmultimedia-opensource-src (Ubuntu): status |
New |
Triaged |
|
| 2014-09-26 22:43:40 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu) |
|
| 2014-09-26 22:46:03 |
Jamie Strandboge |
apparmor (Ubuntu): status |
New |
Confirmed |
|
| 2014-09-26 22:46:06 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2014-09-26 22:46:14 |
Jamie Strandboge |
qtmultimedia-opensource-src (Ubuntu): importance |
Undecided |
Medium |
|
| 2014-09-26 22:46:19 |
Jamie Strandboge |
apparmor (Ubuntu): importance |
Undecided |
Medium |
|
| 2014-09-26 22:46:25 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Confirmed |
Triaged |
|
| 2014-09-26 22:47:05 |
Jamie Strandboge |
description |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. Please update qtmultimedia-opensource-src so the files are app-specific to better isolation the apps (this is something we are doing elsewhere).
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. Please update qtmultimedia-opensource-src so the files are app-specific to better isolation the apps (this is something we are doing elsewhere).
Longer term we'd like to have shared memory file mediation in AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
|
| 2014-09-29 04:21:44 |
Robin |
bug |
|
|
added subscriber Robin |
| 2014-09-29 15:50:22 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu): status |
In Progress |
Fix Released |
|
| 2014-09-30 14:35:55 |
Jamie Strandboge |
bug task added |
|
qtbase-opensource-src (Ubuntu) |
|
| 2014-09-30 14:36:44 |
Jamie Strandboge |
summary |
QAudioRecorder does not work properly under 'microphone' security policy |
confined applications need access to /run/shm/shmfd* |
|
| 2014-09-30 14:37:09 |
Jamie Strandboge |
qtmultimedia-opensource-src (Ubuntu): status |
Triaged |
New |
|
| 2014-09-30 14:37:15 |
Jamie Strandboge |
qtmultimedia-opensource-src (Ubuntu): importance |
Medium |
Undecided |
|
| 2014-09-30 14:37:20 |
Jamie Strandboge |
qtbase-opensource-src (Ubuntu): importance |
Undecided |
High |
|
| 2014-09-30 14:37:25 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): status |
Fix Released |
In Progress |
|
| 2014-09-30 14:37:45 |
Jamie Strandboge |
tags |
application-confinement |
application-confinement ota-2 |
|
| 2014-09-30 14:38:59 |
Jamie Strandboge |
description |
QAudioRecoder currently needs the following rules:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. Please update qtmultimedia-opensource-src so the files are app-specific to better isolation the apps (this is something we are doing elsewhere).
Longer term we'd like to have shared memory file mediation in AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app specific and is possible for one app to access another app's shared memory file. Please update qtbase-opensource-src so the files are app-specific to better isolation the apps (this is something we are doing elsewhere).
Longer term we'd like to have shared memory file mediation in AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is not listed as available source), I tried to start a record through QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is launched in a unconfined environment, QAudioRecorder works properly as expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this problem with shm happens also on i386 ubuntu-emulator (utopic-devel #206).
Just for reference, this is the link to the original mail, stored in the ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] - http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
} |
|
| 2014-09-30 14:41:00 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): importance |
Undecided |
Critical |
|
| 2014-09-30 14:41:54 |
Jamie Strandboge |
tags |
application-confinement ota-2 |
application-confinement |
|
| 2014-09-30 15:07:45 |
Jamie Strandboge |
tags |
application-confinement |
application-confinement touch-2014-10-09 |
|
| 2014-09-30 15:07:54 |
Jamie Strandboge |
qtbase-opensource-src (Ubuntu): importance |
High |
Undecided |
|
| 2014-09-30 15:13:44 |
Jamie Strandboge |
tags |
application-confinement touch-2014-10-09 |
application-confinement rtm14 touch-2014-10-09 |
|
| 2014-09-30 15:14:41 |
Jamie Strandboge |
bug task added |
|
apparmor-easyprof-ubuntu (Ubuntu RTM) |
|
| 2014-09-30 15:26:07 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu RTM): importance |
Undecided |
Critical |
|
| 2014-09-30 15:26:07 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu RTM): status |
New |
In Progress |
|
| 2014-09-30 15:26:07 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu RTM): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2014-09-30 17:34:55 |
Jamie Strandboge |
apparmor-easyprof-ubuntu (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2014-09-30 22:58:56 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2014-10-01 13:30:28 |
Launchpad Janitor |
apparmor-easyprof-ubuntu (Ubuntu RTM): status |
In Progress |
Fix Released |
|
| 2014-10-01 13:35:17 |
Jamie Strandboge |
tags |
application-confinement rtm14 touch-2014-10-09 |
application-confinement touch-2014-10-09 |
|
| 2014-10-06 14:36:52 |
Jamie Strandboge |
tags |
application-confinement touch-2014-10-09 |
application-confinement |
|
| 2014-10-09 20:44:48 |
Jamie Strandboge |
tags |
application-confinement |
aa-feature application-confinement |
|
| 2014-10-09 21:34:13 |
Jamie Strandboge |
apparmor (Ubuntu): importance |
Medium |
Low |
|
| 2014-10-09 21:35:29 |
Jamie Strandboge |
summary |
confined applications need access to /run/shm/shmfd* |
Fine-grained shm mediation (confined applications need access to /run/shm/shmfd*) |
|
| 2014-10-10 21:11:45 |
Jamie Strandboge |
bug task added |
|
apparmor |
|
| 2014-10-10 21:12:13 |
Jamie Strandboge |
apparmor: importance |
Undecided |
Low |
|
| 2014-10-10 21:12:13 |
Jamie Strandboge |
apparmor: status |
New |
Triaged |
|
| 2014-10-10 21:12:26 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Triaged |
Confirmed |
|
| 2014-10-23 23:50:08 |
Jamie Strandboge |
tags |
aa-feature application-confinement |
aa-feature aa-kernel application-confinement |
|
| 2014-10-23 23:50:17 |
Jamie Strandboge |
bug task added |
|
linux (Ubuntu) |
|
| 2014-10-23 23:50:36 |
Jamie Strandboge |
linux (Ubuntu): status |
New |
Triaged |
|
| 2014-10-23 23:50:39 |
Jamie Strandboge |
linux (Ubuntu): importance |
Undecided |
Low |
|
| 2014-10-30 08:41:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/apparmor-easyprof-ubuntu |
|
| 2018-02-06 19:24:42 |
Jamie Strandboge |
qtbase-opensource-src (Ubuntu): status |
New |
Won't Fix |
|
| 2018-02-06 19:24:44 |
Jamie Strandboge |
qtmultimedia-opensource-src (Ubuntu): status |
New |
Won't Fix |
|
| 2018-02-07 19:21:02 |
Vincas Dargis |
bug |
|
|
added subscriber Vincas Dargis |
