java when using icedtea-7-plugin

Max Krasilnikov Thu, 24 May 2012 03:06:02 -0700

Public bug reported:

1.
Description:    Ubuntu 12.04 LTS
Release:        12.04


2.
apparmor:
  Installed: 2.7.102-0ubuntu3
  Candidate: 2.7.102-0ubuntu3
  Version table:
 *** 2.7.102-0ubuntu3 0
        500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

3. Expected result: working icedtea-7-plugin with apparmor and firefox.
4. When using apparmor with firefox and icedtea-7-plugin access to 
/usr/lib/jvm/java-7-openjdk-amd64/bin/java is denied. Problem is in 
/etc/apparmor.d/abstractions/ubuntu-browsers.d/java:
...
  /usr/lib/jvm/java-6-openjdk*/jre/lib/*/IcedTeaPlugin.so mr,
  /usr/lib/jvm/java-6-openjdk/jre/bin/java cx -> browser_openjdk,
  /usr/lib/jvm/java-6-openjdk-{amd64,armel,armhf,i386,powerpc}/jre/bin/java cx 
-> browser_openjdk,
...
    /usr/lib/jvm/java-6-openjdk*/jre/bin/java ix,
    /usr/lib/jvm/java-6-openjdk*/jre/lib/i386/client/classes.jsa m,
...
There are hardcoded jvm versions. When changing them to java-7-openjdk* problem 
is fixed.

Logs:
May 24 12:27:21 ad2 kernel: [2321420.007034] type=1400 
audit(1337851641.949:5055): apparmor="DENIED" operation="exec" parent=1 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
name="/usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java" pid=29785 comm="firefox" 
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: apparmor 2.7.102-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Thu May 24 12:28:17 2012
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=C
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.2.0-24-generic 
root=UUID=bd96e5bc-9915-40e7-b5bf-5e63590d3ea5 ro
SourcePackage: apparmor
UpgradeStatus: Upgraded to precise on 2012-04-26 (27 days ago)

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1003856

Title:
  apparmor denies access to /usr/lib/jvm/java-7-openjdk-amd64/bin/java
  when using icedtea-7-plugin

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1003856/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1003856] [NEW] apparmor denies access to /usr/lib/jvm/java-7-openjdk-amd64/bin/java when using icedtea-7-plugin

Reply via email to