** Description changed: + SRU Justification: + + [ Impact ] + + The plasmashell profile was missing the new path to QtWebEngineProcess, + causing the entire desktop environment to crash upon attempted usage of + the Web Browser widget. + + [ Test Plan ] + + This test needs to be executed on a freshly provisioned Kubuntu machine with the new AppArmor installed. Testers might want to install `openssh-server` on the Kubuntu machine first in order to make extraction of relevant logs easier in case of test failure. + * Add an empty panel and click on "+ Add Widgets" + * Add the "Web Browser" -> widget is added to panel -> click on "Exit Edit Mode" + * Click on icon "Web Browser" or logout/login + * Without the fix: + - The desktop environment turns black, flickers a few times due to attempted restarts, and doesn't return + - AppArmor generates denial logs such as apparmor="DENIED" operation="exec" class="file" info="no new privs" error=-1 profile="plasmashell" name="/usr/lib/qt6/libexec/QtWebEngineProcess" pid=2069 comm="plasmashell" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="unconfined" + + The important parts to match are 'operation="exec"' and 'info="no new privs"', and the path under 'name'. If such a log appears, report test verification failure + + If a different apparmor log involving QtWebEngineProcess appears, note it in the test report so that we can evaluate if the tester encountered an unrelated plasmashell confinement bug + * With the fix: the above error+logging should not occur + + [ Where problems could occur ] + + The profile change in this SRU loosens confinement on a profile. + However, if a user manually modified the installed profiles, then the + package upgrade would cause conflicts, and rejection of the incoming + changes (either by hand during an interactive upgrade or automatically + during an batch unattended upgrade) would result in end users not + getting the packaged fix. + + [ Other Info ] + + -------- original bug report: + KUBUNTU 25.04 Plucky plasma-desktop 4:6.3.4-0ubuntu1 apparmor 4.1.0~beta5-0ubuntu14 Using KDE Plasma widget "Web Browser" kill Plasma desktop due to QtWebEngine and AppArmor restrictions Add an empty panel and click on "+ Add Widgets" Search with browser -> click on "Web Browser" -> widget is add to panel -> click on "Exit Edit Mode" Click on icon "Web Browser" or logout/login. After few seconds, Plasma desktop restart several time and finaly become a black screen and never comeback !! Logging : plasmashell[6762]: LaunchProcess: failed to execvp: plasmashell[6762]: /usr/lib/qt6/libexec/QtWebEngineProcess kernel: audit: type=1400 audit(1745144377.735:211): apparmor="DENIED" operation="exec" class="file" info="no new privs" error=-1 profile="plasmashell" name="/usr/lib/qt6/libexec/QtWebEngineProcess" pid=6762 comm="plasmashell" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="unconfined"
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107723 Title: Using KDE Plasma widget "Web Browser" kill Plasma desktop due to QtWebEngine and AppArmor restrictions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2107723/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
