java when using icedtea-7-plugin

Steve Langasek Wed, 13 Oct 2021 22:20:25 -0700

The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release


** Changed in: apparmor (Ubuntu Precise)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1003856

Title:
  apparmor denies access to /usr/lib/jvm/java-7-openjdk-amd64/bin/java
  when using icedtea-7-plugin

Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Precise:
  Won't Fix
Status in apparmor source package in Quantal:
  Fix Released

Bug description:
  1.
  Description:  Ubuntu 12.04 LTS
  Release:      12.04

  2.
  apparmor:
    Installed: 2.7.102-0ubuntu3
    Candidate: 2.7.102-0ubuntu3
    Version table:
   *** 2.7.102-0ubuntu3 0
          500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
          100 /var/lib/dpkg/status

  3. Expected result: working icedtea-7-plugin with apparmor and firefox.
  4. When using apparmor with firefox and icedtea-7-plugin access to 
/usr/lib/jvm/java-7-openjdk-amd64/bin/java is denied. Problem is in 
/etc/apparmor.d/abstractions/ubuntu-browsers.d/java:
  ...
    /usr/lib/jvm/java-6-openjdk*/jre/lib/*/IcedTeaPlugin.so mr,
    /usr/lib/jvm/java-6-openjdk/jre/bin/java cx -> browser_openjdk,
    /usr/lib/jvm/java-6-openjdk-{amd64,armel,armhf,i386,powerpc}/jre/bin/java 
cx -> browser_openjdk,
  ...
      /usr/lib/jvm/java-6-openjdk*/jre/bin/java ix,
      /usr/lib/jvm/java-6-openjdk*/jre/lib/i386/client/classes.jsa m,
  ...
  There are hardcoded jvm versions. When changing them to java-7-openjdk* 
problem is fixed.

  Logs:
  May 24 12:27:21 ad2 kernel: [2321420.007034] type=1400 
audit(1337851641.949:5055): apparmor="DENIED" operation="exec" parent=1 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
name="/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java" pid=29785 comm="firefox" 
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: apparmor 2.7.102-0ubuntu3
  ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
  Uname: Linux 3.2.0-24-generic x86_64
  ApportVersion: 2.0.1-0ubuntu7
  Architecture: amd64
  Date: Thu May 24 12:28:17 2012
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=C
   SHELL=/bin/bash
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.2.0-24-generic 
root=UUID=bd96e5bc-9915-40e7-b5bf-5e63590d3ea5 ro
  SourcePackage: apparmor
  UpgradeStatus: Upgraded to precise on 2012-04-26 (27 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1003856/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1003856] Re: apparmor denies access to /usr/lib/jvm/java-7-openjdk-amd64/bin/java when using icedtea-7-plugin

Reply via email to