Public bug reported: If a confined application has the networking profile it cannot access the donwload manager eventhough there are rules to allow it. The following error happens when trying to create a new download:
Apr 21 15:38:43 ubuntu-phablet dbus[2162]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/" interface="com.canonical.applications.DownloadManager" member="createDownload" mask="send" name="com.canonical.applications.Downloader" pid=25799 profile="com.mikeasoft.deepvision_deepvision_0.1.1" peer_pid=25857 peer_profile="unconfined" After some talk in the security channel we were pointed out the following: 17:11 @ tyhicks : jdstrand: in the networking policy group, some of the dbus rules specify the member by including the full interface 17:11 @ tyhicks : jdstrand: like "... member=com.canonical.applications.Downloader.createDownload," 17:11 @ tyhicks : jdstrand: I think that should just be "... member=createDownload," ** Affects: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1311164 Title: Ubuntu Download Manager cannot be accessed by confined applications even when they have the networking profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1311164/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs