As per the discussion in
https://irclogs.ubuntu.com/2024/07/09/%23ubuntu-security.txt
The recommendation from the security team is to not revert to the
"flags=(unconfined)" profile if the profile is already confined. That means
that we should only fix the multiarch issue.
Scarlett, you're right, just adding the variable @{multiarch} directly
does not work in this case, because due to how the parser is currently
implemented, @{multiarch} translates to *-linux-gnu* and the wildcard
makes it conflict with the "/** pux," rule. That's the reason that it's
hard coded in the plasmashell profile as well. We are currently working
on fixing it in the parser but it's not available right now.
So for this case, we would have to add the other arch hard coded too.
Something like the following diff, for every architecture we want to
support.
@@ -18,6 +18,7 @@
ptrace,
/usr/lib/x86_64-linux-gnu/qt5/libexec/QtWebEngineProcess cx ->
&plasmashell//QtWebEngineProcess,
+ /usr/lib/aarch64-linux-gnu/qt5/libexec/QtWebEngineProcess cx ->
&plasmashell//QtWebEngineProcess,
/** pux,
/{,**} mrwlk,
Regarding dbus being denied, could you point those reports my way? I'm more
than happy to help
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2065915
Title:
[SRU] Fix hard coded path in apparmor profiles.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/akregator/+bug/2065915/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
