Ubuntu
apparmor-easyprof-ubuntu package

please explicitly deny access to /run/shm/lttng-ust-*

Bug #1260491 reported by Jamie Strandboge on 2013-12-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor-easyprof-ubuntu (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

Here is what I see on 62 when launching apps:
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.536491] type=1400 audit(1386882298.525:77): apparmor="DENIED" operation="open" parent=1376 profile="com.ubuntu.developer.daker.rad-io_rad.io_0.7" name="/run/shm/lttng-ust-wait-5-32011" pid=2092 comm="exec-line-exec" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.536724] type=1400 audit(1386882298.525:78): apparmor="DENIED" operation="open" parent=1376 profile="com.ubuntu.developer.daker.rad-io_rad.io_0.7" name="/run/shm/lttng-ust-wait-5-32011" pid=2092 comm="exec-line-exec" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.537013] type=1400 audit(1386882298.525:79): apparmor="DENIED" operation="open" parent=1376 profile="com.ubuntu.developer.daker.rad-io_rad.io_0.7" name="/run/shm/lttng-ust-wait-5" pid=2091 comm="exec-line-exec" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
Dec 12 21:04:58 ubuntu-phablet kernel: [ 101.537190] type=1400 audit(1386882298.525:80): apparmor="DENIED" operation="open" parent=1376 profile="com.ubuntu.developer.daker.rad-io_rad.io_0.7" name="/run/shm/lttng-ust-wait-5" pid=2091 comm="exec-line-exec" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011

Talking with tedg, these shouldn't be available to confined apps and we can safely explicitly deny the access to silence the errors.

Related branches

lp:ubuntu/trusty-proposed/apparmor-easyprof-ubuntu

Jamie Strandboge (jdstrand) on 2013-12-12

Changed in apparmor-easyprof-ubuntu (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	New → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-12-20:

This bug was fixed in the package apparmor-easyprof-ubuntu - 1.0.44

---------------
apparmor-easyprof-ubuntu (1.0.44) trusty; urgency=low

  * add ubuntu/1.1 policy, symlinking to 1.0 for things with no changes
  * adjust tests/test-data.py for 1.1 policy
  * add webview policy group for oxide
  * 1.*/ubuntu-* templates:
    - remove old comment about Click packages being installed in /opt
    - explicitly deny /run/shm/lttng-ust-* (LP: #1260491)
    - also allow /custom/xdg/data/themes (LP: #1261875)
  * 1.1/ubuntu-* templates: remove access to /tmp/mir_socket (LP: #1236912)
  * add hardware/graphics.d/apparmor-easyprof-ubuntu_goldfish
-- Jamie Strandboge <email address hidden> Fri, 20 Dec 2013 08:13:36 -0600

Changed in apparmor-easyprof-ubuntu (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor-easyprof-ubuntu package