We're in the process of trying to land these changes for thumbnailer,
and have been noticing problems with the music-app: we are getting
denials from aa_query_label for files under ~/Music. For example:
$ ./query_file com.ubuntu.music_music_2.1.867
/home/phablet/Music/10-amarillo.mp3
read '/home/phablet/Music/10-amarillo.mp3' denied
However, the profile seems to be able to read files in that location
anyway:
$ aa-exec -p com.ubuntu.music_music_2.1.867 cat
/home/phablet/Music/10-amarillo.mp3 >/dev/null
It seems the aa_query_label checks are working for
~/.local/share/$PACKAGE directories though, so it is working at some
level:
$ ./query_file com.ubuntu.music_music_2.1.867
/home/phablet/.local/share/com.ubuntu.music/foo
read '/home/phablet/.local/share/com.ubuntu.music/foo' allowed
$ ./query_file com.ubuntu.music_music_2.1.867
/home/phablet/.local/share/com.ubuntu.gallery/foo
read '/home/phablet/.local/share/com.ubuntu.gallery/foo' denied
Is there something special about the way ~/Music access is enabled in
the policy? I've been trying this out with devel-proposed (wily) image
233 on a Nexus 4 if that matters.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1381713
Title:
Support policy query interface for file
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1381713/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
