Snap policy module denies recording access to classic snaps

Bug #1787324 reported by James Henstridge on 2018-08-16
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pulseaudio (Ubuntu)
High
James Henstridge

Bug Description

With the recent updates to the snap policy module, recording access is denied to clients with a snap AppArmor label when that snap doesn't have a connected plug for "pulseaudio" or "audio-record".

This is not appropriate for classic confinement snaps, which will have an AppArmor label but should still have access to recording even when there is no plug, as described by @jdstrand:

https://forum.snapcraft.io/t/pulseaudio-recording/6361/14?u=jamesh

This is broken with the 1:12.2-0ubuntu2 release, as can be seen with e.g.:

    $ aa-exec -p snap.skype.skype /usr/bin/parecord foo.wav
    Stream error: Access denied

[note that the Skype app itself still functions because it bypasses PulseAudio all together]

The above command should result in audio being recorded from the microphone.

Related branches

James Henstridge (jamesh) wrote :

Here is a debdiff based on the attached branch.

tags: added: patch

The attachment "pulseaudio_12.2-0ubuntu2_12.2-0ubuntu3.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pulseaudio - 1:12.2-0ubuntu3

---------------
pulseaudio (1:12.2-0ubuntu3) cosmic; urgency=medium

  [ Ken VanDine ]
  * Update patch tags with more detailed descriptions and a note about
    not forwarding upstream:
    - 0700-modules-add-snappy-policy-module.patch
    - 0701-enable-snap-policy-module.patch

  [ James Henstridge ]
  * 0700-modules-add-snappy-policy-module.patch: grant recording access
    to snaps with classic confinement. (LP: #1787324)

 -- Ken VanDine <email address hidden> Wed, 29 Aug 2018 09:18:41 -0400

Changed in pulseaudio (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers