[Bug 851977] Re: apparmor denies access to /usr/bin/exo-open

Fri, 16 Sep 2011 09:00:57 -0700 

** Description changed:

+ TEST CASE:
+ 1. sudo aa-enforce /usr/bin/firefox on a derivative that uses exo
+ 2. download a file
+ 3. in the downloads window, right click on the download and click open
+ 
  Note: this is important for xubuntu, mythubuntu, and ubuntustudio which
  all use exo-utils in their default install
  
  With enforce on:
  Sep 16 10:16:58 defiant kernel: [53172.876586] type=1400 
audit(1316186218.365:44): apparmor="DENIED" operation="exec" parent=9476 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}" 
name="/usr/bin/exo-open" pid=9477 comm="firefox-trunk" requested_mask="x" 
denied_mask="x" fsuid=1000 ouid=0
  
  with complain on:
  Sep 16 10:19:58 defiant kernel: [53352.603163] type=1400 
audit(1316186398.096:48): apparmor="ALLOWED" operation="exec" parent=9696 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}" 
name="/usr/bin/exo-open" pid=9697 comm="firefox-trunk" requested_mask="x" 
denied_mask="x" fsuid=1000 ouid=0 
target="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b"
  Sep 16 10:19:58 defiant kernel: [53352.692550] type=1400 
audit(1316186398.186:49): apparmor="ALLOWED" operation="open" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/etc/ld.so.cache" pid=9697 comm="exo-open" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.692564] type=1400 
audit(1316186398.186:50): apparmor="ALLOWED" operation="getattr" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/etc/ld.so.cache" pid=9697 comm="exo-open" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.692623] type=1400 
audit(1316186398.186:51): apparmor="ALLOWED" operation="open" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/libexo-1.so.0.0.0" pid=9697 comm="exo-open" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.692645] type=1400 
audit(1316186398.186:52): apparmor="ALLOWED" operation="getattr" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/libexo-1.so.0.0.0" pid=9697 comm="exo-open" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.692660] type=1400 
audit(1316186398.186:53): apparmor="ALLOWED" operation="file_mmap" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/libexo-1.so.0.0.0" pid=9697 comm="exo-open" requested_mask="mr" 
denied_mask="mr" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.705596] type=1400 
audit(1316186398.196:54): apparmor="ALLOWED" operation="open" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.6" pid=9697 
comm="exo-open" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.705617] type=1400 
audit(1316186398.196:55): apparmor="ALLOWED" operation="getattr" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.6" pid=9697 
comm="exo-open" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.705631] type=1400 
audit(1316186398.196:56): apparmor="ALLOWED" operation="file_mmap" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0.2400.6" pid=9697 
comm="exo-open" requested_mask="mr" denied_mask="mr" fsuid=1000 ouid=0
  Sep 16 10:19:58 defiant kernel: [53352.705693] type=1400 
audit(1316186398.196:57): apparmor="ALLOWED" operation="open" parent=1 
profile="/usr/lib/firefox-trunk-9.0a1/firefox{,*[^s][^h]}//null-1b" 
name="/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.2990.0" pid=9697 
comm="exo-open" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

** Tags added: testcase

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/851977

Title:
  apparmor denies access to /usr/bin/exo-open

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/851977/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to