Ubuntu
pulseaudio package

Snap policy module denies recording access to classic snaps

Bug #1787324 reported by James Henstridge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pulseaudio (Ubuntu)
Fix Released
High
James Henstridge

Bug Description

With the recent updates to the snap policy module, recording access is denied to clients with a snap AppArmor label when that snap doesn't have a connected plug for "pulseaudio" or "audio-record".

This is not appropriate for classic confinement snaps, which will have an AppArmor label but should still have access to recording even when there is no plug, as described by @jdstrand:

https://forum.snapcraft.io/t/pulseaudio-recording/6361/14?u=jamesh

This is broken with the 1:12.2-0ubuntu2 release, as can be seen with e.g.:

    $ aa-exec -p snap.skype.skype /usr/bin/parecord foo.wav
    Stream error: Access denied

[note that the Skype app itself still functions because it bypasses PulseAudio all together]

The above command should result in audio being recorded from the microphone.

Tags: patch

Related branches

~ubuntu-audio-dev/pulseaudio:classic-snap-support
Ubuntu Audio Development Team: Pending requested
Diff: 163 lines (+62/-19)
2 files modified
debian/changelog (+6/-1)
debian/patches/0700-modules-add-snappy-policy-module.patch (+56/-18)
Revision history for this message
James Henstridge (jamesh) wrote :

Here is a debdiff based on the attached branch.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "pulseaudio_12.2-0ubuntu2_12.2-0ubuntu3.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pulseaudio - 1:12.2-0ubuntu3

---------------
pulseaudio (1:12.2-0ubuntu3) cosmic; urgency=medium

  [ Ken VanDine ]
  * Update patch tags with more detailed descriptions and a note about
    not forwarding upstream:
    - 0700-modules-add-snappy-policy-module.patch
    - 0701-enable-snap-policy-module.patch

  [ James Henstridge ]
  * 0700-modules-add-snappy-policy-module.patch: grant recording access
    to snaps with classic confinement. (LP: #1787324)

 -- Ken VanDine <email address hidden> Wed, 29 Aug 2018 09:18:41 -0400

Changed in pulseaudio (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.