I also see this on a 20.04 host with a 20.04 container.
$ lxc version
Client version: 5.0.2
Server version: 5.0.2
$ lxc launch ubuntu:20.04 foo
$ lxc stop foo
$ lxc config set foo security.nesting true
$ lxc start foo
$ lxc shell foo
root@foo:~# snap install firefox
error: cannot perform the
** Also affects: snapd
Importance: Undecided
Status: New
** Also affects: lxd
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
Public bug reported:
After upgrading from focal to jammy, I noticed this in my logs:
Apr 10 14:05:40 host ubuntu-appindicat...@ubuntu.com[124051]: unable to update
icon for software-update-available
Apr 10 14:05:40 host gnome-shell[124051]: Unhandled promise rejection. To
suppress this
Olivier, yes, I shouldn't be assigned. Ian, you're right the profile is
suboptimal (it's also old so likely needs updating).
Do note that this is a separate named profile and evince (and if this is
put in an abstraction, anything that uses the abstraction) only has the
** Changed in: evince (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a
Till, it allows quite a few things (from man capabilities):
CAP_SYS_NICE
* Raise process nice value (nice(2), setpriority(2)) and change the
nice value for arbitrary processes;
* set real-time scheduling policies for calling process, and set
scheduling
This was fixed in snapd in 2.44 via
https://github.com/snapcore/snapd/pull/8467
** Changed in: snapd (Ubuntu)
Status: In Progress => Fix Released
** Changed in: snapd (Ubuntu Focal)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member
You are right that there are two places this is defined: in
/etc/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration and in
/etc/apparmor.d/usr.bin.evince.
I'll adjust apparmor to fix ubuntu-integration to use the exo-open
abstraction.
There is an evince task though because we don't
I agree that a new bug should be filed. When doing so, please attach any
relevant policy violations from journalctl to the bug.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ibus in Ubuntu.
https://bugs.launchpad.net/bugs/1580463
*** This bug is a duplicate of bug 1856738 ***
https://bugs.launchpad.net/bugs/1856738
@Reinhard, you are now hitting bug #1856738 which prevents @{HOME} from
being used in the peer_addr for an abstract socket. For now, I suggest
updating /etc/apparmor.d/abstractions/ibus to have:
unix
@Till, the boot_id issue is being tracked here:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1872564
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to system-config-printer in Ubuntu.
https://bugs.launchpad.net/bugs/1721704
I suggest following/participating in the discussion in the forum topic
for snapd/ecosystem updates and use this bug to track chromium-browser's
use of those updates.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in
Rather than superseding 1:13.99.1-1ubuntu4 in groovy-proposed, I instead
based the changes in 1:13.99.1-1ubuntu5 on top of 1:13.99.1-1ubuntu4 to
address the CVE that was fixed in https://usn.ubuntu.com/4355-1/.
** Also affects: pulseaudio (Ubuntu Groovy)
Importance: High
Assignee:
Uploaded
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu5 to
groovy based on 1:13.99.1-1ubuntu4 from groovy-proposed.
** Changed in: pulseaudio (Ubuntu Groovy)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Desktop
I'll apply the focal patch to what is in groovy-proposed.
** Changed in: pulseaudio (Ubuntu Groovy)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: pulseaudio (Ubuntu Groovy)
Status: Triaged => In Progress
--
You received this bug notification becau
FYI, the upload to bionic-proposed was superseded by
https://usn.ubuntu.com/4355-1/. Please rebase your changes on that and
reupload.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
FYI, the upload to focal-proposed was superseded by
https://usn.ubuntu.com/4355-1/. Please rebase your changes on that and
reupload.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
** Changed in: pulseaudio (Ubuntu Groovy)
Importance: High => Medium
** Changed in: pulseaudio (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: pulseaudio (Ubuntu Eoan)
Importance: Undecided => Medium
** Changed in: pulseaudio (Ubuntu Bionic)
Importance: Undecided =>
*** This bug is a duplicate of bug 1872564 ***
https://bugs.launchpad.net/bugs/1872564
This is a dupe of
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1872564 which,
AIUI, the server team will be performing an SRU for.
** This bug has been marked a duplicate of bug 1872564
FYI, there is a pending update that will go out either tomorrow or early
next week. Please base your next upload on this update.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
FYI, in recent PR discussions[1] we've acknowledged that we should make
it easier to allow different URL schemes into snapd and I laid out some
criteria/process ideas on how to make this happen, and I applied that
criteria to the zoommtg PR and it was merged quickly. I discussed with
Samuele that
I confirmed that https://people.canonical.com/~ubuntu-archive/proposed-
migration/xenial/update_excuses.html shows no autopkgtest regression for
xenial.
I also ran through the TEST CASE for this bug and xenial passed. Marking
verification-done-xenial
** Tags removed: verification-failed-xenial
I confirmed that https://people.canonical.com/~ubuntu-archive/proposed-
migration/bionic/update_excuses.html shows no autopkgtest regression for
bionic.
I also ran through the TEST CASE for this bug and bionic passed. Marking
verification-done-bionic.
** Tags removed: verification-failed
** Description changed:
[Impact]
Ubuntu 16.10 added rudimentary snap support to disable audio recording if the
connecting process was a snap. By Ubuntu 18.04, something changed in the build
resulting in 'Enable Snappy support: no' with audio recording no longer being
mediated by pulseaudio
Adding a snapd Ubuntu task, marking as In Progress and assigning to mvo
since he is preparing a 20.04 upload.
** Also affects: snapd (Ubuntu)
Importance: Undecided
Status: New
** Changed in: snapd (Ubuntu Focal)
Assignee: (unassigned) => Michael Vogt (mvo)
** Changed in: snapd
Daniel, this is a different cause but same result:
zfs-load-module.service (2ms)
zfs-import-cache.service (8ms)
zfs-import.target
...
var-lib.mount (69ms)
...
snap-multipass-1869.mount (1.358s)
...
apparmor.service (279ms)
...
In this case, apparmor correctly waited for var.lib.mount, but
Daniel responded on irc and said after several reboots with the new
apparmor, everything was fine on every boot (though his critical-chain
has var.lib.mount listed).
My attached systemd-analyze plot svg shows that apparmor.service is
indeed starting after var.lib.mount on the VM where the
All that said, Daniel and Jean-Baptiste, I installed 20.04 in a vm and
tried to reproduce this and could not. The apparmor change was about
correctness of the unit so I performed the upload, but I also hoped that
it would address the issue you are seeing.
I'm not certain it will. On one boot,
** Changed in: snapd
Status: In Progress => Fix Released
** Changed in: snapd (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
* Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1848919
Title:
[snap] Permi
pparmor (Ubuntu Focal)
Importance: Undecided => Critical
** Changed in: apparmor (Ubuntu Focal)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to zsys in Ubuntu.
https://bu
Seth, I suspect if you stop the snap and restart it, these errors will
go away.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1864127
Title:
apparmor denies
$ aa-decode
2F686F6D652F7361726E6F6C642F736E61702F6368726F6D69756D2F313032362F2E636F6E6669672F6368726F6D69756D2F44656661756C742F53796E6320446174612F53796E63446174612E73716C697465332D6A6F75726E616C
Decoded: /home/sarnold/snap/chromium/1026/.config/chromium/Default/Sync
OTOH, I think it makes sense to allow for the ability to share
~/.pki/nssdb (and yes, a personal-files addition along with a snap
change (perhaps just a symlink from $SNAP_USER_DATA/.pki/nssdb to
~/.pki/nssdb would be enough rather than patching?).
For read access, I have no problem with using
For the next libreoffice upload, the non-/home read-only accesses all
look fine to add to the libreoffice profile.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1849680
Title:
libreoffice ships this profile, so the bug should be tracked there.
** Package changed: apparmor (Ubuntu) => libreoffice (Ubuntu)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
** Changed in: apparmor
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1848919
Title:
[snap] Permission denied on Private encrypted
** Package changed: apparmor (Ubuntu) => firefox (Ubuntu)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1482852
Title:
apparmor profile usr.bin.firefox missing
@Gunnar - I am preparing the focal upload now, though there is a parser
bug (bug 1856738) which means I cannot use @{HOME} in the rule and
instead hardcode /home/*/. This will cover all typical situations (ie,
not the atypical /root/.cache/ibus...) except when the user updates
Note, there is a spread test in snapd that checks for if the mediation
patches are dropped (or added). While it is fine for
https://launchpad.net/bugs/1856054 to be fast tracked, this pulseaudio
bug should not be marked as Fix Released before the end of year break
unless you coordinate with the
** Changed in: snapd
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1851211
Title:
[snap] SoloKeys not supported by u2f-devices
Thank you for using Ubuntu and reporting a bug.
Are you using wayland or Xorg for your desktop session? What password
manager are you using?
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages,
https://github.com/snapcore/snapd/pull/7779
** Also affects: snapd
Importance: Undecided
Status: New
** Changed in: snapd (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
** Changed in: snapd
Importance: Undecided => Low
** Changed in: snapd
As
https://github.com/snapcore/snapd/pull/7779
** Also affects: snapd
Importance: Undecided
Status: New
** Changed in: snapd
Status: New => In Progress
** Changed in: snapd
Importance: Undecided => Medium
** Changed in: snapd
Assignee: (unassigned) => Jamie S
Installing 1:8.0-0ubuntu3.11 from xenial-proposed, the test plan and
James' addition for mediation is preserved across snapd restart all
works as expected. Marking as verification done.
** Description changed:
[Impact]
Ubuntu 16.10 added rudimentary snap support to disable audio recording if
Installing 1:11.1-1ubuntu7.5 from bionic-proposed, the test plan and
James' addition for mediation is preserved across snapd restart all
works as expected. Marking as verification done.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug
** Description changed:
[Impact]
Ubuntu 16.10 added rudimentary snap support to disable audio recording if the
connecting process was a snap. By Ubuntu 18.04, something changed in the build
resulting in 'Enable Snappy support: no' with audio recording no longer being
mediated by pulseaudio
** Changed in: snapd (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1851211
Title:
[snap] SoloKeys not supported by
Clement, your issue is different than Charles'. More information is
required from you to triage your issue.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-system-monitor in Ubuntu.
https://bugs.launchpad.net/bugs/1778332
Title:
Nov 11 09:47:56 kernel: audit: type=1400
audit(1573487276.018:797080): apparmor="DENIED" operation="open"
profile="snap.gnome-system-monitor.gnome-system-monitor"
name="/run/systemd/sessions/c1" pi d=8733 comm="gnome-system-mo"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
I'm able to
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1848919
Title:
[snap] Permission denied on Private encrypted folder
Status
Note, these accesses were added in
22d37f834b6f4605faa3887bae3cf4d0e1673278
** Changed in: gnome-system-monitor (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-system-monitor in
I've added it to my trello card for 2.43 policy updates.
** Changed in: snapd (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1851211
** Changed in: evince (Ubuntu)
Status: Confirmed => Triaged
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
Ok, I'll fix this in the next batch of policy updates for snapd.
** Changed in: snapd (Ubuntu)
Importance: Undecided => Low
** Changed in: snapd (Ubuntu)
Status: New => Triaged
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You
Ok, that is a read on /home/ubuntu/.Private/. Is the encrypted home
mounted at the time of the denial?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1848919
Title:
[snap]
Encrypted home is typically setup as ~/.Private, not ~/Private and the
policy already allows:
owner @{HOME}/.Private/** mrixwlk,
owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
The home interface should already allow ~/Private. What is the denial
you see in the logs?
--
You received
** Changed in: pulseaudio (Ubuntu Xenial)
Status: In Progress => Triaged
** Changed in: pulseaudio (Ubuntu Bionic)
Status: In Progress => Triaged
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
** Description changed:
[Impact]
Ubuntu 16.10 added rudimentary snap support to disable audio recording if the
connecting process was a snap. By Ubuntu 18.04, something changed in the build
resulting in 'Enable Snappy support: no' with audio recording no longer being
mediated by pulseaudio
** Description changed:
[Impact]
Ubuntu 16.10 added rudimentary snap support to disable audio recording if the
connecting process was a snap. By Ubuntu 18.04, something changed in the build
resulting in 'Enable Snappy support: no' with audio recording no longer being
mediated by pulseaudio
Attaching test-snapd-pulseaudio and test-snapd-audio-record snaps.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1781428
Title:
please enable snap mediation support
Status in
** Description changed:
+ [Impact]
+ Ubuntu 16.10 added rudimentary snap support to disable audio recording if the
connecting process was a snap. By Ubuntu 18.04, something changed in the build
resulting in 'Enable Snappy support: no' with audio recording no longer being
mediated by pulseaudio
** Attachment added: "test-snapd-audio-record_1_amd64.snap"
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1781428/+attachment/5292539/+files/test-snapd-audio-record_1_amd64.snap
--
You received this bug notification because you are a member of Desktop
Packages, which is
** Description changed:
+
+ # Original summary: pulseaudio built with --enable-snappy but 'Enable
+ Snappy support: no'
+
+ # Original description
+
From https://launchpadlibrarian.net/377100864/buildlog_ubuntu-cosmic-
amd64.pulseaudio_1%3A12.0-1ubuntu1_BUILDING.txt.gz:
...
(nemo:31811): CinnamonDesktop-WARNING **: 01:08:30.200: Error creating
thumbnail for smb://akem-
hp.local/comics_bds_mangas/Scrooge/Uncle%20Scrooge%20(001-100)%20GetComics.INFO/029%20Uncle%20Scrooge.cbr:
Unrecognized image file format
This suggests that the problem is not due to the apparmor
You can 'sudo snap connect chromium:mount-observe' for /etc/fstab.
/run/mount/utab is more complicated and you can read about it here:
https://forum.snapcraft.io/t/namespace-awareness-of-run-mount-utab-and-
libmount/5987
For the /run/udev/data accesses, can you paste the output of:
$ cat
** Tags removed: apparmor
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1826415
Title:
Videos do not play in presentation mode
Status in Evince:
New
Status in evince package in
Ubuntu 14.04 LTS is now out of standard support and evince is not
included in ESM.
** Changed in: evince (Ubuntu Trusty)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
@Christina - I suggest filing a new bug with more specifics. That said,
I suspect you have a .dpkg-dist file in /etc/apparmor.d or
/etc/apparmor.d/abstractions that has changes that need to be merged
into your evince profile.
--
You received this bug notification because you are a member of
** Package changed: ufw (Ubuntu) => language-selector (Ubuntu)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to language-selector in Ubuntu.
https://bugs.launchpad.net/bugs/1724793
Title:
Error localization
Status in language-selector
The ufw bug is being tracking in bug 1775043. Removing that task.
** No longer affects: ufw (Ubuntu)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to jackd2 in Ubuntu.
https://bugs.launchpad.net/bugs/1792835
Title:
Bash completion for
Marked the xenial and bionic tasks as incomplete. Seth gave some
guidance but the desktop team needs to respond on how to handle it
before anything is done with the seeding.
** Changed in: xdg-desktop-portal-gtk (Ubuntu Xenial)
Status: New => Incomplete
** Changed in:
Actually, there is https://bugs.launchpad.net/bamf/+bug/1747802 which is
fixed. I checked the code and this should be resolved. Marking as fixed.
** Changed in: bamf (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Is there any more progress on this?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to bamf in Ubuntu.
https://bugs.launchpad.net/bugs/1643910
Title:
BAMF_DESKTOP_FILE_HINT not set in correct place for unity7
Status in Snappy:
Triaged
Thank you for reporting this bug. The access via DBus when the keyring
is unlocked is a well-known issue and the design of the feature as
explained when reading the entirety of
https://wiki.ubuntu.com/SecurityTeam/FAQ#gnome-keyring. Users who prefer
to be prompted can choose to use a separate
FYI, '@{PROC}/version r,' is in the default apparmor template.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1802911
Title:
[snap] LibreOffice 6.1.3.2 (90) doesn't launch
** Also affects: evince (Ubuntu Disco)
Importance: High
Assignee: Sebastien Bacher (seb128)
Status: Fix Released
** Changed in: evince (Ubuntu Disco)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Desktop
Packages, which
Uploaded 3.30.1-1ubuntu1.2 to cosmic-proposed.
** Changed in: evince (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1798091
Title:
I'll be updating a new version on top of Seb's changes. Marking back to
In Progress for now.
** Changed in: evince (Ubuntu)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
What is the output of:
$ snap version
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-system-monitor in Ubuntu.
https://bugs.launchpad.net/bugs/1798996
Title:
cannot perform readlinkat() on the mount namespace file descriptor
** Bug watch added: Debian Bug tracker #911161
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911161
** Also affects: evince (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911161
Importance: Unknown
Status: Unknown
--
You received this bug notification because
** Changed in: evince (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1798091
Title:
thumbnailer cannot create tempfiles (with
Sorry, I said "at the end of the thumbnailer profile". I mean to say:
Ralf, you can workaround this by adjusting
/etc/apparmor.d/local/usr.bin.evince to have this:
owner /tmp/{,.}gnome_desktop_thumbnail.* w,
then running: sudo apparmor_parser -r /etc/apparmor.d/usr.bin.evince
--
You received
Ralf, you can workaround this by adjust
/etc/apparmor.d/local/usr.bin.evince to have this at the end of the
evince-thumbnailer profile:
owner /tmp/{,.}gnome_desktop_thumbnail.* w,
then running: sudo apparmor_parser -r /etc/apparmor.d/usr.bin.evince
--
You received this bug notification because
It looks like the path changed. We have a rule for this already:
owner /tmp/.gnome_desktop_thumbnail.* w,
I'll adjust.
** Changed in: evince (Ubuntu)
Status: New => In Progress
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You re
This is fixed in
https://launchpad.net/ubuntu/+source/evince/3.30.0-3ubuntu1
** Changed in: evince (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
I referenced the wrong bug in the evince upload so it didn't auto-close,
but 3.30.0-3ubuntu1 should address this.
** Changed in: evince (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** Changed in: evince (Ubuntu Trusty)
Status: Triaged => In Progress
** Changed in: evince
** Changed in: evince (Ubuntu Cosmic)
Status: Triaged => Fix Committed
** Summary changed:
- Debian/Ubuntu AppArmor policy for evince is useless
+ Debian/Ubuntu AppArmor policy gaps in evince
** Information type changed from Private Security to Public Security
--
You received this bug
Since this has an ACK from both MIR and security, marking Fix Committed.
** Changed in: woff2 (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to webkit2gtk in Ubuntu.
I went through this the other day with a personal profile. We probably
can do something along the lines of:
/{,snap/core/[0-9]*/}usr/bin/snap mrCx -> snap_browser,
profile snap_browser {
#include
/etc/passwd r,
/etc/group r,
/etc/nsswitch.conf r,
/dev/tty rw,
# noisy
The actual rules would be:
# for U2F yubikey
/run/udev/data/c238:[0-9]* r,
/run/udev/data/c239:[0-9]* r,
/run/udev/data/c240:[0-9]* r,
but using the redundant rules from the previous comment is fine too.
--
You received this bug notification because you are a member of Desktop
Packages, which
We can add this to browser-support:
# for U2F yubikey
/run/udev/data/c238:[0-9]* r,
/run/udev/data/c239:[0-9]* r,
/run/udev/data/c240:[0-9]* r,
/run/udev/data/c240:[0-9]* r,
/run/udev/data/c240:[0-9]* r,
Can someone experiencing this issue adjust
** Changed in: bubblewrap (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => Alex Murray (alexmurray)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to bubblewrap in Ubuntu.
https://bugs.launchpad.net/bugs/1709164
Title:
[MIR]
FYI, while this is currently assigned to Seth, I do want to note that
bubblewrap is setuid so it is going to require extra scrutiny
(incidentally this was not called out in this bug's description).
Regardless of the outcome of the bubblewrap review, the sandboxing
feature is highly desirable so
I'm coming up to speed on this issue now and have discussed this with
Jamie Bennett, the security team and various stakeholders to unblock
this MIR. The security team will prioritize this MIR for 18.10. Assuming
it passing review, I would encourage the Ubuntu Desktop team to SRU this
back to at
** Changed in: firefox (Ubuntu)
Assignee: Canonical Security Team (canonical-security) => Ubuntu Security
Team (ubuntu-security)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
** Package changed: ufw (Ubuntu) => hplip (Ubuntu)
** Changed in: hplip (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to hplip in Ubuntu.
https://bugs.launchpad.net/bugs/1781986
Title:
We can't just enable the patches any more because it will change how
snaps that plugs 'pulseaudio' will work. Put concretely, the patches are
meant to detect if the connecting process is a snap and if it is,
unconditionally deny recording. Some snaps that 'plugs: [ pulseaudio ]'
have legitimate
Public bug reported:
>From https://launchpadlibrarian.net/377100864/buildlog_ubuntu-cosmic-
amd64.pulseaudio_1%3A12.0-1ubuntu1_BUILDING.txt.gz:
...
dh_auto_configure -- --enable-x11 --disable-hal-compat
--libdir=\${prefix}/lib/x86_64-linux-gnu
So, the pauses I am experiencing is likely due to simply the fact that
the keyboards and mice are being removed then added back, which is a
different issue than the crashes (which appear nvidia related). I will
likely create a PR to only trigger the input subsystem on an as-needed
base to reduce
1 - 100 of 1264 matches
Mail list logo
