Oxide

oxide tries to create /usr/lib/x86_64-linux-gnu/qt5/bin/locales/

Bug #1260044 reported by Jamie Strandboge on 2013-12-11

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Oxide	Triaged	Low	Unassigned

Bug Description

I started playing with oxide and noticed this apparmor denial:
Dec 11 12:43:22 localhost kernel: [221681.497116] type=1400 audit(1386787402.526:1075): apparmor="DENIED" operation="mkdir" parent=3635 profile="com.ubuntu.developer.jdstrand.test-oxide_test-oxide_0.1" name="/usr/lib/x86_64-linux-gnu/qt5/bin/locales/" pid=18850 comm="qmlscene" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

For some reason it is looking for locales in a weird place. QtWebKit does not do this. Example qml:
import QtQuick 2.0
import Ubuntu.Components 0.1
import "components"

import com.canonical.Oxide 0.1

MainView {
    objectName: "mainView"
    applicationName: "com.ubuntu.developer.jdstrand.test-oxide"
    width: units.gu(100)
    height: units.gu(75)

    Page {
        id: page
        anchors.fill: parent

        WebView {
            id: webView
            width: parent.width
            height: parent.height
            url: "http://www.ubuntu.com"
        }
    }
}

Related branches

lp:ubuntu/trusty-proposed/apparmor-easyprof-ubuntu

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-12-11:

#1

I just noticed the sandbox is also looking in /usr/lib/@{multiarch}/oxide-qt/locales/. Perhaps if this existed the denial would go away.

Olivier Tilloy (osomon) on 2013-12-12

Changed in oxide:
importance:	Undecided → Low

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2013-12-12:

#2

This happens inside ui::PathProvider() in Chromium. We can probably avoid this by registering an override for the ui::DIR_LOCALES key in the path service from Oxide, rather than patching Chromium. This would prevent the provider in Chromium from being called

Changed in oxide:
status:	New → Triaged

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-03-28:

#3

FYI, more recent builds have a denail of /usr/bin/locales.

Revision history for this message

Alexandre Abreu (abreu-alexandre) wrote on 2014-03-28:

#4

All webapps are falling bc of this, using 1.1 apparmor policy & 14.04-dev1 fw,

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-03-28:

#5

Actually, it was a missing 'webview' policy group. This bug should be fixed, but webapps aren't broken.

Revision history for this message

Alexandre Abreu (abreu-alexandre) wrote on 2014-03-31:

#6

Jamie: yes, thank you for clarifying

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-03-31:

#7

FYI, added workaround rule in apparmor-easyprof-ubuntu:

apparmor-easyprof-ubuntu (1.1.12) trusty; urgency=medium

  * 1.1/webview: suppress denial for write to /usr/bin/locales/ like we do for
    /usr/lib/@{multiarch}/oxide-qt/locales/ already since it is confusing for
    people who are diagnosing oxide issues (LP: #1260044)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.