[desktop] Crashes on startup

This looks similar to https://bugzilla.redhat.com/show_bug.cgi?id=753882. I wonder what got you into that state. Do other apps that use dconf work?

And can you please check what the permissions of /run/user/1001/dconf/ are?

Status changed to 'Confirmed' because the bug affects multiple users.

$ ls -ld /run/user/1001/dconf/
drwx------ 2 mike mike 60 Oct 20 10:43 /run/user/1001/dconf/

$ ls -l /run/user/1001/dconf/
-rw------- 1 mike mike 2 Oct 20 10:46 user

Which is all correct. Everything else on my desktop (including other things that use dconf) work correctly.

The timing of this problem with webbrowser-app getting AppArmor support is suspicious to me.

Allan (alesage) is reporting the same issue on vivid desktop.

I’m seeing that on my vivid desktop too.

The browser’s profile has the following rule:

    deny /run/user/[0-9]*/dconf/user rw,

It seems this was added as part of bug #1260101. At the time Jamie commented that oxide appeared to work ok even with dconf access being denied. This is still the case on touch devices, but apparently not on desktops.

Actually, I just realized that the dconf error is most probably a red herring, what makes oxide unhappy is the following denials:

    Creating shared memory in /dev/shm/.org.chromium.Chromium.* failed

I suppose oxide should be allowed to write to /dev/shm/.org.chromium.Chromium.*, any reason for not allowing that?

That is fine to add and is almost certainly the cause of the issue.

It needs to be able to map those files too

09:09 < jdstrand> oSoMoN: we can't fix that in apparmor easyprof
09:10 < jdstrand> oSoMoN: not in a stable update. it will regenerate all
                  apparmor policy for webapps
09:10 < jdstrand> oSoMoN: which is a time consuming operation
09:10 < jdstrand> oSoMoN: it can be fixed in the 16.04 policy
09:10 < oSoMoN> jdstrand, how can we proceed then? other apps embedding a
                webview are going to hit the same issue, I’d think
09:10 < jdstrand> oSoMoN: it can be fixed in the 16.04 policy
09:11 < jdstrand> oSoMoN: the phone is fine
09:11 < oSoMoN> yes, the issue is desktop-specific
09:11 < jdstrand> oSoMoN: what other apps are you talking about?
09:11 < jdstrand> oSoMoN: personal will use the 16.04 policy, which can be fixed
09:12 < oSoMoN> jdstrand, I don’t have any specific example, I guess any app
                with a webview that runs confined, on desktop, will get the
                denials
09:12 < jdstrand> so, I think the path forward is fix webbrowser-app today (use
                  write_path) and then have the 16.04 policy fix this
09:12 < jdstrand> oSoMoN: yes, but those things don't run on the desktop today
09:12 < jdstrand> they will in personal
09:13 < jdstrand> but personal isn't until 16.04 or later

This bug was fixed in the package webbrowser-app - 0.23+15.10.20151022.1-0ubuntu1

---------------
webbrowser-app (0.23+15.10.20151022.1-0ubuntu1) wily; urgency=medium

  [ CI Train Bot ]
  * New rebuild forced.
  * Resync trunk.

  [ Olivier Tilloy ]
  * Add an exception to the generated apparmor profile to allow reading
    HERE’s TOS in the browser. (LP: #1507667)
  * Modify the generated apparmor profile to allow rw access to
    /dev/shm/.org.chromium.Chromium.* too. (LP: #1508054)
  * Update translation template.

  [ Ugo Riboni ]
  * Fix inability to drag the map to pan in Google maps, on desktop.
    (LP: #1503506)
  * Implement support for allowing or denying access to media input
    devices and for setting default media input devices. (LP: #1410996)
  * Refactor the BookmarksModel to be a singleton.

 -- Olivier Tilloy <email address hidden> Thu, 22 Oct 2015 15:07:49 +0000

This bug was fixed in the package apparmor-easyprof-ubuntu - 16.04.1

---------------
apparmor-easyprof-ubuntu (16.04.1) xenial; urgency=medium

  * create policy version 16.04 for xenial
  * adjust autopkgtests for policy version 15.10
  * ubuntu/ubuntu-sdk, ubuntu/webview: allow /dev/shm in addition to /run/shm
    (LP: #1508054)

 -- Jamie Strandboge <email address hidden> Mon, 26 Oct 2015 15:52:48 -0500