** Changed in: qtbase-opensource-src (Ubuntu)
Assignee: Lorn Potter (lorn-potter) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
** Changed in: canonical-devices-system-image
Milestone: 13 => backlog
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
** Changed in: canonical-devices-system-image
Milestone: 12 => 13
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
** Changed in: canonical-devices-system-image
Milestone: 11 => 12
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
I've just tested this. It is *NOT* fixed.
** Changed in: canonical-devices-system-image
Status: Fix Released => Confirmed
** Changed in: qtbase-opensource-src (Ubuntu)
Status: Fix Released => Confirmed
** Changed in: qtbase-opensource-src (Ubuntu RTM)
Status: Fix Released
** Changed in: canonical-devices-system-image
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
So the solution to this is using connectivity-api in a new bearer
plugin.
The connectivity-api based bearer plugin is blocked by the bandwidthLimitations
property not working correctly
https://bugs.launchpad.net/ubuntu/+source/indicator-network/+bug/1362592
--
You received this bug
** Changed in: canonical-devices-system-image
Milestone: ww08-2016 => 11
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
** Also affects: qtbase-opensource-src (Ubuntu RTM)
Importance: Undecided
Status: New
** Changed in: qtbase-opensource-src (Ubuntu RTM)
Status: New => Fix Committed
** Changed in: qtbase-opensource-src (Ubuntu)
Status: Fix Committed => Fix Released
** Changed in:
** Changed in: qtbase-opensource-src (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: Confirmed => Invalid
** Changed in: canonical-devices-system-image
Status: Confirmed => Fix Committed
--
You received this bug
This bug seems to affect dekko (See Dan's comment on bug 1501912 ), but
this is probably not critical.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
If this is still an issue Silo 032 currently has a fix for this. Using
this set of patches I do not recall having any issues with isOpen
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
I tried a working connectivity-api bearer plugin (verified with
unconfined test app) with the attached example app, and I still got app
armor errors:
Syslog> Jan 21 06:55:34 ubuntu-phablet dbus[1809]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
Note, there is already a 'connectivity' policy group that should allow
this, but it is not included by default. Please adjust your security
manifest to use both "networking" and "connectivity".
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
After adding 'connectivity' to the manifest, it is working with
connectivity-api plugin
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
We need only a subset of the NM bearer features so it would be ok to
replace or patch to limit its behavior.
What we need is existing QNAM instances to not fall dead if user is on
3G + wifi and then disables wifi, or alternatively if on 3G and wifi
gets enabled the connections should migrate to
Might try using bearer plugin based on connectivity-api
https://codereview.qt-project.org/#/c/140752/
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
A couple of comments.
I've actually been chasing down a DBus performance issue on touch since
mid-Summer, related to NetworkManager and WiFi scanning.
The high-level summary is that we have a number of system processes
listening for NM AccessPoint DBus signals on specific AccessPoint DBus
Thanks Lorn, and just so I'm clear-- I don't think that QtNetwork/etc
should be modified if it doesn't make sense for it in the general case.
All I'm getting at is untrusted apps shouldn't be able to control
interfaces and start a connection as you mentioned, let alone get
privileged info out of
QtBearer just runs on top of the system networking, so if the platform
specifies it doesn't allow start/stop of interfaces, like the generic
bearer plugin, it is allowed to return an error of 'not allowed' or
somesuch.
It's the current network-manager bearer plugin that does not take into
account
This is likely too specific (ActiveConnection/0):
+ dbus (send)
+ bus=system
+ interface="org.freedesktop.DBus.Properties"
+ path=/org/freedesktop/NetworkManager/ActiveConnection/0
+ member=GetAll
+ peer=(name=org.freedesktop.NetworkManager),
This is too lenient:
+
Not sure that QtBearer is being understood.
http://doc.qt.io/qt-5/bearer-management.html
QNetworkAccessManager and friends (QNetworkRequest, etc) use bearer
management for starting and stopping connections when needed and if
allowed by the system.
QtNetwork / Bearer Management cannot be made to
** Changed in: canonical-devices-system-image
Milestone: ww40-2015 => backlog
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
Playing with it, I came up with the attached minimal set of rules to get
the test case working. There's a whole majority of Network Manager dbus
calls still being denied, and three allowed. Despite that I assume this
minimal set reveals the discussed "too much", but it might be useful
reference.
The still denied ones.
** Attachment added: "apparmor_denied.txt"
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1404188/+attachment/4480911/+files/apparmor_denied.txt
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
QNetworkSession::isOpen() always returns false
Status in Canonical
The connectivity-api option was discussed in comment #6 and unlikely to
solve the issue in a way to make developers like the bug filer happy.
Other proper/robust solutions would include writing a proxy service to
filter sensitive data out, or adding "a single nm api call that doesn't
make the app
The dummier generic plugin works since it returns a result without
actually checking anything. It does not seem to be realistic option to
switch to it.
Currently there's no other offered solution than the apparmor way, and
this bug would still need to get fixed. Would it be possible to push the
There's now a PPA with a Qt build for vivid+overlay that allows you to
experiment with the option of not using the NM bearer backend but the
generic backend (with very limited functionality compared). With that
you can get all is fine even with a click installed / confined
nmsessiontest app. But
** Also affects: canonical-devices-system-image
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
** Changed in: qtbase-opensource-src (Ubuntu)
Status: Fix Released = Confirmed
** Changed in: canonical-devices-system-image
Status: New = Confirmed
** Changed in: canonical-devices-system-image
Importance: Undecided = High
** Changed in: canonical-devices-system-image
Note, if someone presented a list of rules that need to be added to the
policy that would fix this bug since 5.3.2+dfsg-4ubuntu9 was added, I'd
be happy to review them. However, before you do, please see
https://lists.launchpad.net/ubuntu-phone/msg04455.html: It will talk to
network-manager, but
You do realize this means QNetworkAccessManager most likely will not
work as well.
Any network request, GET, etc... done with Qt runs though
QNetworkConfiguration, which uses the same backend plugin for accessing
network-manager. In which case Qt should probably be configured with the
re-added apparmor-easyprof-ubuntu
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
QNetworkSession::isOpen() always returns false
Status in
This is still not working
** Also affects: apparmor-easyprof-ubuntu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
Sorry, this will not be fixed in apparmor-easyprof-ubuntu (which is why
the task was removed previously) because NetworkManager is not designed
to have arbitrary apps talking to it (this has been discussed at length
elsewhere, which is why connectivity-api was written). This used to work
fine for
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
** Project changed: apparmor-easyprof-ubuntu = apparmor-easyprof-ubuntu
(Ubuntu)
** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
Status: New = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
** No longer affects: apparmor-easyprof-ubuntu (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
QNetworkSession::isOpen() always
Is https://codereview.qt-project.org/102665 something we want to have in
our Qt 5.3.2 packages? Should I include it in my next vivid upload?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
This bug was fixed in the package qtbase-opensource-src - 5.3.2+dfsg-
4ubuntu9
---
qtbase-opensource-src (5.3.2+dfsg-4ubuntu9) vivid; urgency=medium
[ Dmitry Shachnev ]
* Add a patch to prefer QPA implementation for systemtrayicon, when it
is available. This makes tray icons
@Dimitry, this upstream patch doesn't seem to completely get around this
issue, however, it should for sure improve the situation and if we
decide to punch a hole into apparmors policy, this patch would require
less punching. So IMO, yes, let's add it.
--
You received this bug notification
** Branch linked: lp:~kubuntu-packagers/kubuntu-packaging/qtbase-
opensource-src_532
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1404188
Title:
This upstream patch removes the use of Introspect: https://codereview
.qt-project.org/#/c/102665/
However, apparmor still prevents the required Get calls on properties so
it still doesn't work and prints the error pasted in comment #3.
** Also affects: apparmor-easyprof-ubuntu
Importance:
There are explicit deny rules for talking to NetworkManager that silence
the denials. Apps are supposed to use connectivity-api instead.
(QNetworkSession::isOpen() could be adjusted to use the connectivity-api
instead of NetworkManager).
--
You received this bug notification because you are a
QNetworkSession is part of Qt. Making isOpen use connectivity-api will
not work, because the QNetworkSession state isn't necessarily a one to
one relationship to the connectivity state.
QNetworkAccessManager and friends use QtBearer and the network manager
backends it provides for network
Added some error reporting:
QNetworkManagerInterface::QNetworkManagerInterface(QObject*) propsReply
An AppArmor policy prevents this sender from sending this message to
this recipient, 0 matched rules; type=method_call, sender=:1.136
(uid=32011 pid=5705
[05:34:57] lpotter QDBusConnection: error: could not send message to service
org.freedesktop.NetworkManager path interface
org.freedesktop.DBus.Introspectable member Introspect:
[05:35:01] lpotter hmm
[05:35:24] mzanetti oh, you're still working. I hope it's not just for this
[05:35:34]
Looks like an app armour thing.
Debug-helper Executing /usr/bin/qmlscene['/usr/bin/qmlscene', '$@',
'share/qml/nmsessiontest/nmsessiontest.qml']
process 7885: arguments to dbus_message_new_method_call() were incorrect,
assertion _dbus_check_is_valid_path (path) failed in file
49 matches
Mail list logo