Ubuntu
webbrowser-app package

Bug #1228236
Activity log

Activity log for bug #1228236

Date	Who	What changed	Old value	New value	Message
2013-09-20 16:03:17	Jamie Strandboge	bug			added bug
2013-09-20 16:03:25	Jamie Strandboge	nominated for series		Ubuntu Saucy
2013-09-20 16:03:25	Jamie Strandboge	bug task added		webbrowser-app (Ubuntu Saucy)
2013-09-20 16:03:40	Jamie Strandboge	bug task added		apparmor-easyprof-ubuntu (Ubuntu)
2013-09-20 16:03:48	Jamie Strandboge	apparmor-easyprof-ubuntu (Ubuntu Saucy): status	New	In Progress
2013-09-20 16:03:52	Jamie Strandboge	apparmor-easyprof-ubuntu (Ubuntu Saucy): importance	Undecided	Critical
2013-09-20 16:03:57	Jamie Strandboge	apparmor-easyprof-ubuntu (Ubuntu Saucy): assignee		Jamie Strandboge (jdstrand)
2013-09-20 16:07:42	Jamie Strandboge	description	When a webapp is launched via the upstart job, it re-execs itself, causing an apparmor denial and failure to launch the browser: First, install the facebook app from the appstore. Then, from adb shell: root@ubuntu-phablet:/# sudo -H -u phablet -i phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0 This results in the following denial in /var/log/syslog: Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0 Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0: /usr/bin/webbrowser-app rmix, and reloading policy with 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0' works around the issue. This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating.	When a webapp is launched via the upstart job, it re-execs itself, causing an apparmor denial and failure to launch the browser: First, install the facebook app from the appstore. Then, from adb shell: root@ubuntu-phablet:/# sudo -H -u phablet -i phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0 This results in the following denial in /var/log/syslog: Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0 Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0: /usr/bin/webbrowser-app rmix, and reloading policy with 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0' works around the issue. This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating. Interestingly, the re-exec only happens when running under upstart-app-launch, not when using aa-exec-click.
2013-09-20 16:07:53	Jamie Strandboge	bug task added		upstart-app-launch (Ubuntu)
2013-09-20 16:10:52	Jamie Strandboge	description	When a webapp is launched via the upstart job, it re-execs itself, causing an apparmor denial and failure to launch the browser: First, install the facebook app from the appstore. Then, from adb shell: root@ubuntu-phablet:/# sudo -H -u phablet -i phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0 This results in the following denial in /var/log/syslog: Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0 Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0: /usr/bin/webbrowser-app rmix, and reloading policy with 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0' works around the issue. This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating. Interestingly, the re-exec only happens when running under upstart-app-launch, not when using aa-exec-click.	When a webapp is launched via the upstart job, it re-execs itself, causing an apparmor denial and failure to launch the browser: First, install the facebook app from the appstore. Then, from adb shell: root@ubuntu-phablet:/# sudo -H -u phablet -i phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0 This results in the following denial in /var/log/syslog: Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0 Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0: /usr/bin/webbrowser-app rmix, and reloading policy with 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0' works around the issue. This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating. That said, we do have an rmix rule for qtchooser in the ubuntu-sdk template, so we might be ok there. Interestingly, the re-exec only happens when running under upstart-app-launch, not when using aa-exec-click.
2013-09-20 16:13:57	Alexandre Abreu	bug			added subscriber Alexandre Abreu
2013-09-20 16:15:55	Jamie Strandboge	description	When a webapp is launched via the upstart job, it re-execs itself, causing an apparmor denial and failure to launch the browser: First, install the facebook app from the appstore. Then, from adb shell: root@ubuntu-phablet:/# sudo -H -u phablet -i phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0 This results in the following denial in /var/log/syslog: Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0 Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0: /usr/bin/webbrowser-app rmix, and reloading policy with 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0' works around the issue. This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating. That said, we do have an rmix rule for qtchooser in the ubuntu-sdk template, so we might be ok there. Interestingly, the re-exec only happens when running under upstart-app-launch, not when using aa-exec-click.	When a webapp is launched via the upstart job, webbrowser-app re-execs itself, causing an apparmor denial and failure to launch the browser: First, install the facebook app from the appstore. Then, from adb shell: root@ubuntu-phablet:/# sudo -H -u phablet -i phablet@ubuntu-phablet:~$ start application APP_ID=com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0 This results in the following denial in /var/log/syslog: Sep 20 15:58:17 ubuntu-phablet kernel: [ 6505.474410] type=1400 audit(1379692697.211:80): apparmor="DENIED" operation="exec" parent=1479 profile="com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0" name="/usr/bin/webbrowser-app" pid=6248 comm="sh" requested_mask="x" denied_mask="x" fsuid=32011 ouid=0 Adding the following rule to /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0: /usr/bin/webbrowser-app rmix, and reloading policy with 'sudo apparmor_parser -r /var/lib/apparmor/profiles/click_com.ubuntu.developer.webapps.webapp-facebook_webapp-facebook_1.0' works around the issue. This is a harmless addition to the ubuntu-webapp template, so I will do that. However I'm concerned that HTML5/PhoneGap apps that use a webview may also suffer from this, so it is worth investigating. That said, we do have an rmix rule for qtchooser in the ubuntu-sdk template, so we might be ok there. Interestingly, the re-exec only happens when running under upstart-app-launch, not when using aa-exec-click.
2013-09-20 16:49:28	Jamie Strandboge	webbrowser-app (Ubuntu Saucy): status	New	Invalid
2013-09-20 17:22:11	Launchpad Janitor	branch linked		lp:ubuntu/saucy-proposed/apparmor-easyprof-ubuntu
2013-09-20 17:33:35	Launchpad Janitor	apparmor-easyprof-ubuntu (Ubuntu Saucy): status	In Progress	Fix Released
2013-12-12 18:12:12	Jamie Strandboge	upstart-app-launch (Ubuntu): status	New	Won't Fix
2013-12-12 18:12:15	Jamie Strandboge	upstart-app-launch (Ubuntu Saucy): status	New	Won't Fix

Ubuntuwebbrowser-app package

Activity log for bug #1228236

Ubuntu
webbrowser-app package