The explicit /dev/ denial was to fix a noisy denial that was confusing users and so we decided to silence the denial. Due to the way apparmor 'deny' works, you can't undo an explicit deny rule (deny rules are evaluated after allow rules).
There are a few ways forward: 1. fix webbrowser-app's sed to strip out this problematic rule 2. remove the problematic rule from the microphone abstraction. This will cause QAudioRecorder apps to trigger the spurious log entry and reintroduce potential confusion 3. use 'camera' without 'microphone' Due to the way hybris works, '3' might work, but it wouldn't on non- hybris systems. I suggest doing '1'-- this keeps the changes localized to webbrowser-app's packaging. We've not seen other reports for click apps in several years, so this seems safe. FYI, on snappy we have taken the stance that we will almost never use explicit denies because of issues like this bug, so this issue should just go away. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: New Status in webbrowser-app package in Ubuntu: Confirmed Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400 audit(1474557257.020:73): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724018] audit: type=1400 audit(1474557257.020:74): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.724120] audit: type=1400 audit(1474557257.020:75): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724196] audit: type=1400 audit(1474557257.020:76): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:22 blackhorse kernel: [ 2458.724841] audit: type=1400 audit(1474557262.024:77): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:22 blackhorse kernel: [ 2458.724944] audit: type=1400 audit(1474557262.024:78): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:22 blackhorse kernel: [ 2458.725194] audit: type=1400 audit(1474557262.024:79): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:22 blackhorse kernel: [ 2458.725285] audit: type=1400 audit(1474557262.024:80): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:27 blackhorse kernel: [ 2463.725548] audit: type=1400 audit(1474557267.024:81): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:27 blackhorse kernel: [ 2463.725915] audit: type=1400 audit(1474557267.024:82): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:27 blackhorse kernel: [ 2463.726047] audit: type=1400 audit(1474557267.024:83): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:27 blackhorse kernel: [ 2463.726096] audit: type=1400 audit(1474557267.024:84): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:32 blackhorse kernel: [ 2468.726791] audit: type=1400 audit(1474557272.024:85): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:32 blackhorse kernel: [ 2468.726880] audit: type=1400 audit(1474557272.024:86): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:32 blackhorse kernel: [ 2468.726997] audit: type=1400 audit(1474557272.024:87): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:32 blackhorse kernel: [ 2468.727169] audit: type=1400 audit(1474557272.024:88): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:37 blackhorse kernel: [ 2473.727190] audit: type=1400 audit(1474557277.024:89): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:37 blackhorse kernel: [ 2473.727234] audit: type=1400 audit(1474557277.024:90): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:37 blackhorse kernel: [ 2473.727404] audit: type=1400 audit(1474557277.024:91): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:37 blackhorse kernel: [ 2473.727476] audit: type=1400 audit(1474557277.024:92): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:40 blackhorse kernel: [ 2476.772488] audit: type=1400 audit(1474557280.068:93): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/home/bfiller/" pid=4262 comm="FileInfoThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:42 blackhorse kernel: [ 2478.727539] audit: type=1400 audit(1474557282.024:94): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:42 blackhorse kernel: [ 2478.727595] audit: type=1400 audit(1474557282.024:95): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:42 blackhorse kernel: [ 2478.727778] audit: type=1400 audit(1474557282.024:96): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:42 blackhorse kernel: [ 2478.727904] audit: type=1400 audit(1474557282.024:97): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:47 blackhorse kernel: [ 2483.728308] audit: type=1400 audit(1474557287.024:98): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:47 blackhorse kernel: [ 2483.728394] audit: type=1400 audit(1474557287.024:99): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:47 blackhorse kernel: [ 2483.728511] audit: type=1400 audit(1474557287.024:100): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:47 blackhorse kernel: [ 2483.728661] audit: type=1400 audit(1474557287.024:101): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 ^C bfiller@blackhorse:~$ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1626611/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
