apparmor denials for gsettings (dconf)

Bug #1378115 reported by Jamie Strandboge on 2014-10-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor-easyprof-ubuntu (Ubuntu)
High
Jamie Strandboge
qtbase-opensource-src (Ubuntu)
High
Unassigned

Bug Description

Apps are now gettings apparmor denials for gsettings, though I'm not sure why and it doesn't seem to affect apps:

Oct 6 22:01:57 ubuntu-phablet kernel: [ 265.345968] type=1400 audit(1412632917.973:81): apparmor="DENIED" operation="open" profile="com.ubuntu.weather_weather_1.1.374" name="/run/user/32011/dconf/user" pid=4222 comm="qmlscene" requested_mask="wrc" denied_mask="wrc" fsuid=32011 ouid=32011
Oct 6 22:01:58 ubuntu-phablet kernel: [ 265.366561] type=1400 audit(1412632918.003:82): apparmor="DENIED" operation="open" profile="com.ubuntu.weather_weather_1.1.374" name="/home/phablet/.config/dconf/user" pid=4222 comm="qmlscene" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011

Since we are all well aware that apps should not be using gsettings, and it is so late in the cycle and these denials will confuse people, I will add an apparmor-easyprof-ubuntu task to silence these. However, this should be fixed since something is clearly not right....

Changed in qtbase-opensource-src (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: In Progress → New
Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.35

---------------
apparmor-easyprof-ubuntu (1.2.35) utopic; urgency=medium

  * ubuntu/1.2/push-notification-client: don't deny access to the clipboard
    since sdk apps are supposed to be able to specify this policy group
  * ubuntu/1.2: add ubuntu-push-helper for push-helpers to use which (among
    other things) explicitly disables access to the clipboard (LP: #1371170)
  * adjust autopackagetest for ubuntu-push-helper
  * ubuntu/accounts: allow all on org.freedesktop.DBus.Properties for
    /com/google/code/AccountsSSO/SingleSignOn
  * ubuntu/1.2/ubuntu-scope-network, pending/ubuntu-scope-local-content: also
    add remaining libhybris paths (/{,var/}run/shm/hybris_shm_data and
    /system/build.prop)
  * ubuntu/ubuntu-sdk: explicitly disallow gsettings (dconf) access
    (LP: #1378115)
 -- Jamie Strandboge <email address hidden> Mon, 06 Oct 2014 10:41:18 -0500

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers