[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
This bug was fixed in the package webbrowser-app - 0.23+16.10.20160928-0ubuntu1 --- webbrowser-app (0.23+16.10.20160928-0ubuntu1) yakkety; urgency=medium [ Andrew Hayzen ] * Change use of ActionList.actions to ActionList.children and use modelData in Repeaters (LP: #1624470) * Clip the Loader containing NewTabView so that it doesn't overlap the bottom edge hint (LP: #1568740) * Modify calendar ua-override to allow anything before google.com (allowing calendar.google.com) [ Olivier Tilloy ] * Add "Ctrl+=" and "Ctrl+_" as shortcuts for zoom in and zoom out actions, (LP: #1624381) * Strip out problematic apparmor rule that prevents camera detection on desktop (LP: #1626611) [ Andrew Hayzen, Olivier Tilloy ] * Multiple window support in webbrowser-app. -- Olivier TilloyWed, 28 Sep 2016 08:25:12 + ** Changed in: webbrowser-app (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: Invalid Status in webbrowser-app package in Ubuntu: Fix Released Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [
[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: New => Invalid ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: Invalid Status in webbrowser-app package in Ubuntu: In Progress Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400 audit(1474557257.020:73): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724018] audit: type=1400 audit(1474557257.020:74): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.724120] audit: type=1400 audit(1474557257.020:75): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22
[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
The explicit /dev/ denial was to fix a noisy denial that was confusing users and so we decided to silence the denial. Due to the way apparmor 'deny' works, you can't undo an explicit deny rule (deny rules are evaluated after allow rules). There are a few ways forward: 1. fix webbrowser-app's sed to strip out this problematic rule 2. remove the problematic rule from the microphone abstraction. This will cause QAudioRecorder apps to trigger the spurious log entry and reintroduce potential confusion 3. use 'camera' without 'microphone' Due to the way hybris works, '3' might work, but it wouldn't on non- hybris systems. I suggest doing '1'-- this keeps the changes localized to webbrowser-app's packaging. We've not seen other reports for click apps in several years, so this seems safe. FYI, on snappy we have taken the stance that we will almost never use explicit denies because of issues like this bug, so this issue should just go away. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: New Status in webbrowser-app package in Ubuntu: Confirmed Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400
[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: New Status in webbrowser-app package in Ubuntu: Confirmed Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400 audit(1474557257.020:73): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724018] audit: type=1400 audit(1474557257.020:74): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.724120] audit: type=1400 audit(1474557257.020:75): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22
[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
Tentatively added an apparmor-easyprof-ubuntu task to clarify whether it’s acceptable to have the "microphone" and "camera" policy groups conflict on /dev/. ** Also affects: apparmor-easyprof-ubuntu (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: New Status in webbrowser-app package in Ubuntu: Confirmed Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400 audit(1474557257.020:73): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724018] audit: type=1400 audit(1474557257.020:74): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.724120] audit: type=1400 audit(1474557257.020:75): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread"
[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
I’ve tested Jamie’s suggestion, but that didn’t improve things. After some tinkering, I found that commenting out the following explicit denial in the browser profile allows access to my USB webcam: # QAudioRecorder needs this. We might have to allow this later, but for now # just silence the denial deny /dev/ r, This denial is pulled in by the "microphone" policy group, and it conflicts with the camera policy group (which explicitly allows read access to /dev/). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in apparmor-easyprof-ubuntu package in Ubuntu: New Status in webbrowser-app package in Ubuntu: Confirmed Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400 audit(1474557257.020:73): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724018] audit: type=1400 audit(1474557257.020:74): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep
[Touch-packages] [Bug 1626611] Re: camera not detected when running confined on desktop
** Summary changed: - camera not detected when running on desktop + camera not detected when running confined on desktop -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1626611 Title: camera not detected when running confined on desktop Status in webbrowser-app package in Ubuntu: Confirmed Bug description: Running on xenial + xenial overlay. The camera cannot be accessed. Seeing the following apparmor denials: bfiller@blackhorse:~$ tail -f /var/log/syslog | grep DEN Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.215755] audit: type=1400 audit(1474557251.512:59): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/usr/share/gvfs/remote-volume-monitors/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.224997] audit: type=1400 audit(1474557251.524:60): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.225064] audit: type=1400 audit(1474557251.524:61): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse dbus[1811]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.7" pid=4207 label="webbrowser-app" peer_pid=1919 peer_label="unconfined" Sep 22 11:14:11 blackhorse kernel: [ 2448.663730] audit: type=1400 audit(1474557251.960:62): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.670941] audit: type=1400 audit(1474557251.968:63): apparmor="DENIED" operation="open" profile="webbrowser-app//oxide_helper" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4220 comm="oxide-renderer" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675938] audit: type=1400 audit(1474557251.972:64): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/bus/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.675983] audit: type=1400 audit(1474557251.972:65): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/class/drm/" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:11 blackhorse kernel: [ 2448.680663] audit: type=1400 audit(1474557251.976:66): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/opt/google/chrome/PepperFlash/manifest.json" pid=4207 comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Sep 22 11:14:12 blackhorse kernel: [ 2448.723161] audit: type=1400 audit(1474557252.020:67): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:12 blackhorse kernel: [ 2448.723181] audit: type=1400 audit(1474557252.020:68): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.723913] audit: type=1400 audit(1474557257.020:73): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724018] audit: type=1400 audit(1474557257.020:74): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6" pid=4242 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=108 Sep 22 11:14:17 blackhorse kernel: [ 2453.724120] audit: type=1400 audit(1474557257.020:75): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/shm/lttng-ust-wait-6-1000" pid=4243 comm="QQmlThread" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Sep 22 11:14:17 blackhorse kernel: [ 2453.724196] audit: type=1400 audit(1474557257.020:76): apparmor="DENIED" operation="open"