** Description changed: When an application using the sanitized_helper launches another binary also covered by another apparmor profile, the launched binary is running with the sanitized_helper profile instead of transiting. Here is way to reproduce/observe the problem: - # Launch firefox (I'm using a different FF profile, but that's irrelevant here) to open a PDF + Launch firefox (I'm using a different FF profile, but that's irrelevant here) to open a PDF through Evince: 1) firefox -p flash https://help.ubuntu.com/10.04/serverguide/serverguide.pdf - # This will launch Evince to open the PDF - # Observe the Apparmor profiles loaded + Observe the Apparmor profiles loaded: 2) ps Zaux| grep -v ^unconfined /usr/lib/firefox/firefox{,*[^s][^h]} simon 19556 33.1 2.1 773068 168052 pts/5 Sl+ 10:11 0:03 /usr/lib/firefox/firefox -p flash https://help.ubuntu.com/10.04/serverguide/serverguide.pdf /usr/lib/firefox/firefox{,*[^s][^h]}//sanitized_helper simon 19586 19.6 0.4 561964 37176 pts/5 Sl+ 10:11 0:00 evince /tmp/serverguide.pdf I would expect Evince to run with its own profile like it does normally: 3) evince /tmp/serverguide.pdf 4) ps Zaux| grep -v ^unconfined /usr/bin/evince simon 20218 12.7 0.4 560240 35124 pts/5 Sl+ 10:22 0:00 evince /tmp/serverguide.pdf $ lsb_release -rd Description: Ubuntu 12.04.1 LTS Release: 12.04 $ apt-cache policy apparmor firefox evince apparmor: - Installed: 2.7.102-0ubuntu3.1 - Candidate: 2.7.102-0ubuntu3.1 - Version table: - *** 2.7.102-0ubuntu3.1 0 - 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages - 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages - 100 /var/lib/dpkg/status - 2.7.102-0ubuntu3 0 - 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages + Installed: 2.7.102-0ubuntu3.1 + Candidate: 2.7.102-0ubuntu3.1 + Version table: + *** 2.7.102-0ubuntu3.1 0 + 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages + 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages + 100 /var/lib/dpkg/status + 2.7.102-0ubuntu3 0 + 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages firefox: - Installed: 14.0.1+build1-0ubuntu0.12.04.3 - Candidate: 14.0.1+build1-0ubuntu0.12.04.3 - Version table: - *** 14.0.1+build1-0ubuntu0.12.04.3 0 - 500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages - 100 /var/lib/dpkg/status - 14.0.1+build1-0ubuntu0.12.04.1 0 - 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages - 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages - 11.0+build1-0ubuntu4 0 - 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages + Installed: 14.0.1+build1-0ubuntu0.12.04.3 + Candidate: 14.0.1+build1-0ubuntu0.12.04.3 + Version table: + *** 14.0.1+build1-0ubuntu0.12.04.3 0 + 500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages + 100 /var/lib/dpkg/status + 14.0.1+build1-0ubuntu0.12.04.1 0 + 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages + 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages + 11.0+build1-0ubuntu4 0 + 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages evince: - Installed: 3.4.0-0ubuntu1.3 - Candidate: 3.4.0-0ubuntu1.3 - Version table: - *** 3.4.0-0ubuntu1.3 0 - 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages - 100 /var/lib/dpkg/status - 3.4.0-0ubuntu1 0 - 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages + Installed: 3.4.0-0ubuntu1.3 + Candidate: 3.4.0-0ubuntu1.3 + Version table: + *** 3.4.0-0ubuntu1.3 0 + 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages + 100 /var/lib/dpkg/status + 3.4.0-0ubuntu1 0 + 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: apparmor 2.7.102-0ubuntu3.1 ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27 Uname: Linux 3.2.0-30-generic x86_64 ApportVersion: 2.0.1-0ubuntu12 Architecture: amd64 Date: Tue Aug 28 10:12:30 2012 ProcEnviron: - LANGUAGE=en_CA:en - TERM=xterm - PATH=(custom, no user) - LANG=en_CA.UTF-8 - SHELL=/bin/bash + LANGUAGE=en_CA:en + TERM=xterm + PATH=(custom, no user) + LANG=en_CA.UTF-8 + SHELL=/bin/bash ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.2.0-30-generic root=/dev/mapper/crypt-root ro quiet splash i915.i915_enable_fbc=1 i915.lvds_downclock=1 drm.vblankoffdelay=1 vt.handoff=7 SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1042771 Title: sanitized_helper prevents proper transition to other profiles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1042771/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
