[Touch-packages] [Bug 1288777] Re: Qt bearer thread requires otherwise unneeded internet access
** Changed in: qtbase-opensource-src (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1288777 Title: Qt bearer thread requires otherwise unneeded internet access Status in qtbase-opensource-src package in Ubuntu: Fix Released Bug description: When comparing Qt5.0 denials with Qt5.2 denials on test runs that popey did, it looks like Qt5.2 changed its behavior such that the Qt bearer thread requires otherwise unneeded internet access. Eg, 'permy' from the appstore does not (and should not) use the "networking" policy group. On 5.0, launching it causes no apparmor denials. On 5.2, it does: Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor="DENIED" operation="create" parent= profile="com.ubuntu.developer.jdstrand.permy_permy_0.5" pid= comm=517420626561726572207468726561 family="inet" sock_type="dgram" protocol=0 Permy's source is at lp:permy. Note, one other application besides permy had similar denials: Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor="DENIED" operation="create" parent= profile="org.sambull.eo-dict_eo-dict_0.2" pid= comm=517420626561726572207468726561 family="inet" sock_type="dgram" protocol=0 This may seem like it isn't important-- the apparmor policy doesn't say it is allowed to connect to the network and apparmor correctly blocks it. I don't know if the app is adversely affected though (these aren't my logs). It might be, and even if it isn't, the noisy denial will lead to confusion (we can't explicitly deny networking in its policy to silence the denial due to how apparmor policy works). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1288777/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1288777] Re: Qt bearer thread requires otherwise unneeded internet access
Fixes in QtBearer network-manager backend in the OTA 8.5 release should have fixed apparmor denials when using QtNetwork & friends. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1288777 Title: Qt bearer thread requires otherwise unneeded internet access Status in qtbase-opensource-src package in Ubuntu: New Bug description: When comparing Qt5.0 denials with Qt5.2 denials on test runs that popey did, it looks like Qt5.2 changed its behavior such that the Qt bearer thread requires otherwise unneeded internet access. Eg, 'permy' from the appstore does not (and should not) use the "networking" policy group. On 5.0, launching it causes no apparmor denials. On 5.2, it does: Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor="DENIED" operation="create" parent= profile="com.ubuntu.developer.jdstrand.permy_permy_0.5" pid= comm=517420626561726572207468726561 family="inet" sock_type="dgram" protocol=0 Permy's source is at lp:permy. Note, one other application besides permy had similar denials: Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor="DENIED" operation="create" parent= profile="org.sambull.eo-dict_eo-dict_0.2" pid= comm=517420626561726572207468726561 family="inet" sock_type="dgram" protocol=0 This may seem like it isn't important-- the apparmor policy doesn't say it is allowed to connect to the network and apparmor correctly blocks it. I don't know if the app is adversely affected though (these aren't my logs). It might be, and even if it isn't, the noisy denial will lead to confusion (we can't explicitly deny networking in its policy to silence the denial due to how apparmor policy works). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1288777/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1288777] Re: Qt bearer thread requires otherwise unneeded internet access
I get his log when running it with Qt 5.3: type=AVC msg=audit(1414555047.145:83): apparmor=DENIED operation=create profile=com.ubuntu.developer.jdstrand.permy_permy_0.7 pid=3682 comm=qmlscene family=netlink sock_type=raw protocol=0 type=AVC msg=audit(1414555047.155:84): apparmor=DENIED operation=create profile=com.ubuntu.developer.jdstrand.permy_permy_0.7 pid=3727 comm=517420626561726572207468726561 family=netlink sock_type=raw protocol=0 I don't think this comes from QtBearer which certainly does need internet access, but from something to do with something in qmlscene needing a socket. Only QNAM and QtNetworkConfiguration stuff uses QtBearer. Qt's Sockets doesn't use that. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1288777 Title: Qt bearer thread requires otherwise unneeded internet access Status in “qtbase-opensource-src” package in Ubuntu: New Bug description: When comparing Qt5.0 denials with Qt5.2 denials on test runs that popey did, it looks like Qt5.2 changed its behavior such that the Qt bearer thread requires otherwise unneeded internet access. Eg, 'permy' from the appstore does not (and should not) use the networking policy group. On 5.0, launching it causes no apparmor denials. On 5.2, it does: Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor=DENIED operation=create parent= profile=com.ubuntu.developer.jdstrand.permy_permy_0.5 pid= comm=517420626561726572207468726561 family=inet sock_type=dgram protocol=0 Permy's source is at lp:permy. Note, one other application besides permy had similar denials: Feb 25 REDACT ubuntu-phablet kernel [REDACT] type=1400 audit(REDACT) apparmor=DENIED operation=create parent= profile=org.sambull.eo-dict_eo-dict_0.2 pid= comm=517420626561726572207468726561 family=inet sock_type=dgram protocol=0 This may seem like it isn't important-- the apparmor policy doesn't say it is allowed to connect to the network and apparmor correctly blocks it. I don't know if the app is adversely affected though (these aren't my logs). It might be, and even if it isn't, the noisy denial will lead to confusion (we can't explicitly deny networking in its policy to silence the denial due to how apparmor policy works). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1288777/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
