I just upgraded my laptop to zesty and tested webbrowser-app in the unity8 session.
Santosh’s comment (#47) is incorrect. The first denial that I’m getting is /dev/dri/, and I’ve had to add it to the webbrowser-app profile to proceed to get further denials for PCI devices config:
I just upgraded my laptop to zesty and tested webbrowser-app in the unity8 session.
Santosh’s comment (#47) is incorrect. The first denial that I’m getting is /dev/dri/, and I’ve had to add it to the webbrowser-app profile to proceed to get further denials for PCI devices config:
type=AVC msg=audit( 1488885677. 369:1080) : apparmor="DENIED" operation="open" profile= "webbrowser- app" name="/dev/dri/" pid=8151 comm="webbrowse r-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
After authorizing read access to /dev/dri/, I’m getting the following denials:
type=AVC msg=audit( 1488885802. 466:1091) : apparmor="DENIED" operation="open" profile= "webbrowser- app" name="/ sys/devices/ pci0000: 00/0000: 00:02.0/ revision" pid=8237 comm="webbrowse r-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit( 1488885802. 466:1092) : apparmor="DENIED" operation="open" profile= "webbrowser- app" name="/ sys/devices/ pci0000: 00/0000: 00:02.0/ config" pid=8237 comm="webbrowse r-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit( 1488885802. 466:1093) : apparmor="DENIED" operation="open" profile= "webbrowser- app" name="/ sys/devices/ pci0000: 00/0000: 00:02.0/ revision" pid=8237 comm="webbrowse r-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit( 1488885802. 466:1094) : apparmor="DENIED" operation="open" profile= "webbrowser- app" name="/ sys/devices/ pci0000: 00/0000: 00:02.0/ config" pid=8237 comm="webbrowse r-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Which go away when allowing read access to the config files. And thus the application executes fine.
To summarize, here are the rules I’ve had to add to the webbrowser-app profile for the app to run under unity8:
/dev/dri/ r, devices/ pci[0-9] */**/config r,
/sys/