Some context: <jdstrand> oSoMoN: perhaps there is an unconditional chmod in the ibus libs. I would argue that should be fixed to only chmod if it isn't what it expects. that would be something for SRU and then anything using the desktop launcher won't be affected by it
<jdstrand> oSoMoN: as it stands, it sounds like if the lib is doing that, *every* snap that uses the part will trigger this denial, which will lead to confused users <oSoMoN> jdstrand, that denial is harmless though, isn't it? <jdstrand> oSoMoN: it doesn't seem to affect the snap no. however, there will be bug reports where people think it is causing trouble and people will have to constantly refute that it isn't an issue -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ibus in Ubuntu. https://bugs.launchpad.net/bugs/1761585 Title: ibus_bus_init does an unconditional call to chmod on $HOME/.config/ibus/bus Status in ibus package in Ubuntu: New Bug description: This was spotted by jdstrand when running the chromium snap, which recently enabled ibus support (https://forum.snapcraft.io/t/cant-use- input-method-in-snap-apps/4712/12): audit[16919]: AVC apparmor="DENIED" operation="chmod" profile="snap.chromium.chromium" name="/home/osomon/.config/ibus/bus/" pid=16919 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 The code that calls chmod is in ibus_bus_init: static void ibus_bus_init (IBusBus *bus) { gchar *path; […] path = g_path_get_dirname (ibus_get_socket_path ()); g_mkdir_with_parents (path, 0700); g_chmod (path, 0700); […] } This could be avoided by checking first the file mode bits on that directory, and do the g_chmod call only if ≠ 0700. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: ibus 1.5.17-3ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-13.14-generic 4.15.10 Uname: Linux 4.15.0-13-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu2 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Thu Apr 5 21:55:30 2018 EcryptfsInUse: Yes InstallationDate: Installed on 2016-07-02 (642 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) SourcePackage: ibus UpgradeStatus: Upgraded to bionic on 2018-01-29 (66 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1761585/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp