[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Changed in: apparmor (Ubuntu)
Importance: Medium => Low
** Summary changed:
- confined applications need access to /run/shm/shmfd*
+ Fine-grained shm mediation (confined applications need access to
/run/shm/shmfd*)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
Fine-grained shm mediation (confined applications need access to
/run/shm/shmfd*)
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
Fix Released
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Tags added: aa-feature
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
Fix Released
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Tags removed: touch-2014-10-09
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
Fix Released
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Tags removed: rtm14
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
Fix Released
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.30
---
apparmor-easyprof-ubuntu (1.2.30) utopic; urgency=medium
* ubuntu/ubuntu-*: add owner /{run,dev}/shm/shmfd-* rwk (LP: #1370218)
* ubuntu/microphone: remove shmfd access since it is in the templates now
-- Jamie StrandbogeTue, 30 Sep 2014 09:33:57 -0500
** Changed in: apparmor-easyprof-ubuntu (Ubuntu RTM)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
Fix Released
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
This bug was fixed in the package apparmor-easyprof-ubuntu - 1.2.30
---
apparmor-easyprof-ubuntu (1.2.30) utopic; urgency=medium
* ubuntu/ubuntu-*: add owner /{run,dev}/shm/shmfd-* rwk (LP: #1370218)
* ubuntu/microphone: remove shmfd access since it is in the templates now
-- Jamie StrandbogeTue, 30 Sep 2014 09:33:57 -0500
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Released
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
In Progress
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
Fix Committed
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
In Progress
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Changed in: apparmor-easyprof-ubuntu (Ubuntu RTM)
Importance: Undecided => Critical
** Changed in: apparmor-easyprof-ubuntu (Ubuntu RTM)
Status: New => In Progress
** Changed in: apparmor-easyprof-ubuntu (Ubuntu RTM)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
In Progress
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
In Progress
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
Adding tags for the apparmor-easyprof-ubuntu task. Will adjust when it
is pushed.
** Tags added: rtm14
** Also affects: apparmor-easyprof-ubuntu (Ubuntu RTM)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
In Progress
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
New
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370218] Re: confined applications need access to /run/shm/shmfd*
** Tags added: touch-2014-10-09
** Changed in: qtbase-opensource-src (Ubuntu)
Importance: High => Undecided
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1370218
Title:
confined applications need access to /run/shm/shmfd*
Status in “apparmor” package in Ubuntu:
Triaged
Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
In Progress
Status in “qtbase-opensource-src” package in Ubuntu:
New
Status in “qtmultimedia-opensource-src” package in Ubuntu:
New
Status in “apparmor-easyprof-ubuntu” package in Ubuntu RTM:
New
Bug description:
QAudioRecoder needed the following rules:
owner /{run,dev}/shm/shmfd* rwk,
but then it was discovered that confined apps on utopic also need:
owner /{run,dev}/shm/shmfd* rwk,
The rules are this way because the shared memory files are not app
specific and is possible for one app to access another app's shared
memory file. Please update qtbase-opensource-src so the files are app-
specific to better isolation the apps (this is something we are doing
elsewhere).
Longer term we'd like to have shared memory file mediation in
AppArmor.
Original report:
I recently wrote a small application[1] to spot an ancient issue I had using
QAudioRecorder on Ubuntu devices.
After I have installer gstreamer0.10-pulseaudio (otherwise "pulseaudio:" is
not listed as available source), I tried to start a record through
QAudioRecorder but it failed, giving me this output:
"shm_open() failed: Permission denied"
I've checked for some denials from apparmor (using 'dmesg | grep
DEN'), but none was found.
If I change the apparmor profile[2], so that my test application is
launched in a unconfined environment, QAudioRecorder works properly as
expected.
I run this test on my Nexus 5 (utopic-devel-proposed #185), but this
problem with shm happens also on i386 ubuntu-emulator (utopic-devel
#206).
Just for reference, this is the link to the original mail, stored in the
ubuntu-phone team mailing list archive:
http://lists.launchpad.net/ubuntu-phone/msg09842.html
[1] -
http://bazaar.launchpad.net/~verzegnassi-stefano/+junk/recorder-test/files
[2]
{
"policy_version": 1.2,
"template": "unconfined",
"policy_groups": []
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1370218/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
