Media Hub

Cannot play sound files due to apparmor permission issue

Bug #1357348 reported by Nekhelesh Ramananthan on 2014-08-15

This bug affects 2 people

	Status	Importance	Assigned to
Media Hub	Fix Released	Undecided	Unassigned
Telegram app	Invalid	Low	Unassigned
mediascanner2	Fix Released	Undecided	Unassigned
media-hub (Ubuntu)	Fix Released	Critical	Unassigned
mediascanner2 (Ubuntu)	Fix Released	Critical	Unassigned

Bug Description

In the clock app we read /usr/share/sounds/ubuntu/ringtones and when trying to use MediaPlayer{} or Audio{}, it works on the desktop but fails on the device. Doing a quick grep DEN /var/log/syslog reveals the following apparmor denials,

Aug 15 11:16:58 ubuntu-phablet kernel: [ 3968.875354] type=1400 audit(1408094218.079:104): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/media-hub-server" name="/tmp/orcexec.CLp5yf" pid=5825 comm="aqueue:src" requested_mask="m" denied_mask="m" fsuid=32011 ouid=32011
Aug 15 11:16:58 ubuntu-phablet kernel: [ 3968.875506] type=1400 audit(1408094218.079:105): apparmor="DENIED" operation="mknod" profile="/usr/bin/media-hub-server" name="/run/user/32011/orcexec.cntnWk" pid=5825 comm="aqueue:src" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

On talking to jdstrand,
2:09 PM <jdstrand> ah
2:10 PM <jdstrand> we have this rule:owner /tmp/orcexec* m,
2:10 PM <jdstrand> but it is overriden by this: audit deny owner /** m,
2:10 PM <jdstrand> nik90: can you file a bug against media-hub?

Original summary: in /usr/share/sound/** folder

See original description

Tags:

Related branches

lp:ubuntu/utopic-proposed/media-hub

lp:~jpakkane/mediascanner2/apparmorfix

Merged into lp:mediascanner2 at revision 263

Jamie Strandboge (community): Approve on 2014-08-19

PS Jenkins bot (community): Approve (continuous-integration) on 2014-08-15

Pete Woods (community): Approve on 2014-08-15

lp:ubuntu/utopic-proposed/mediascanner2

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-08-15:

media-hub-server will likely fail to play all kinds of files, not just those in /usr/share/sounds because we have an explicit deny rule that is overriding our rule to allow mmap of /tmp/orcexec.

summary:	- Cannot play sound files in /usr/share/sound/** folder due to apparmor - permission issue + Cannot play sound files due to apparmor permission issue
description:	updated
Changed in media-hub (Ubuntu):
importance:	Undecided → Critical

Jamie Strandboge (jdstrand) on 2014-08-15

Changed in mediascanner2 (Ubuntu):
importance:	Undecided → Critical
status:	New → Triaged
Changed in media-hub (Ubuntu):
status:	New → Triaged

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-08-15:

media-hub_1.0.0+14.10.20140813-0ubuntu2.debdiff Edit (1.1 KiB, text/plain)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2014-08-15:

mediascanner2_0.102+14.10.20140805-0ubuntu2.debdiff Edit (1.2 KiB, text/plain)

Changed in media-hub (Ubuntu):
status:	Triaged → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-08-15:

This bug was fixed in the package media-hub - 1.0.0+14.10.20140813-0ubuntu2

---------------
media-hub (1.0.0+14.10.20140813-0ubuntu2) utopic; urgency=medium

  * debian/usr.bin.media-hub-server: remove 'audit deny owner /** m,' since it
    is overriding the rule to allow mmap of /tmp/orcexec files (AppArmor will
    still deny other mmap access)
    - LP: #1357348
-- Jamie Strandboge <email address hidden> Fri, 15 Aug 2014 07:22:05 -0500

Changed in media-hub (Ubuntu):
status:	Fix Committed → Fix Released

Michał Karnicki (karni) on 2014-08-15

Changed in libqtelegram:
status:	New → Confirmed
importance:	Undecided → High

Jussi Pakkanen (jpakkane) on 2014-08-15

Changed in mediascanner2 (Ubuntu):
status:	Triaged → In Progress

Jussi Pakkanen (jpakkane) on 2014-08-15

Changed in mediascanner2:
status:	New → In Progress

Ubuntu Foundations Team Bug Bot (crichton) on 2014-08-15

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-08-19:

This bug was fixed in the package mediascanner2 - 0.103+14.10.20140819-0ubuntu1

---------------
mediascanner2 (0.103+14.10.20140819-0ubuntu1) utopic; urgency=low

[ Jussi Pakkanen ]
* Apparmor fix from jdstrand. (LP: #1357348)
-- Ubuntu daily release <email address hidden> Tue, 19 Aug 2014 12:52:52 +0000

Changed in mediascanner2 (Ubuntu):
status:	In Progress → Fix Released

Michał Karnicki (karni) on 2014-08-21

Changed in libqtelegram:
importance:	High → Low

Jim Hodapp (jhodapp) on 2014-08-21

Changed in media-hub:
status:	New → Fix Released

Jussi Pakkanen (jpakkane) on 2014-08-27

Changed in mediascanner2:
status:	In Progress → Fix Released

Michał Karnicki (karni) on 2014-08-28

Changed in libqtelegram:
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.