software-center crashed with GError in run (): Failed to execute child process «/usr/share /software-center/piston_generic_helper.py» (Access Denied)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge | ||
Precise |
Won't Fix
|
Low
|
Steve Beattie | ||
Quantal |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
SRU Justification:
Impact: apturl is currently broken when the firefox (or chromium-browser) AppArmor profile is enabled since software-center is prevented from launching.
Development fix: the fix will be applied to Quantal via pocket copy of this SRU.
Stable fix: this was fixed in r2038 by adding the following to /etc/apparmor.
# Allow exec of software-center scripts. We may need to allow wider
# permissions for /usr/share, but for now just do this. (LP: #972367)
/usr/
TEST CASE:
1. Download a small deb and put it in /tmp. Eg:
$ sudo apt-get install -d hello
$ cp /var/cache/
2. Enable the firefox profile:
$ sudo apt-get install apparmor-utils
$ sudo aa-enforce /etc/apparmor.
3. Restart all instances of firefox
4. Navigate to file://
At this point, software center should open and you can install the deb. Without the patch, software center does not open and there are AppArmor denials in /var/log/kern.log.
Regression potential: the regression potential is considered low. Launching software-center is currently broken, so there is no regression potential there, however ubuntu-helpers is included by the evince profile so a mistake in the added policy could prevent evince policy from loading.
tags: | removed: need-duplicate-check |
tags: | added: apparmor |
summary: |
- software-center crashed with GError in run(): Не удалось выполнить - процесс-потомок «/usr/share/software-center/piston_generic_helper.py» - (Отказано в доступе) + software-center crashed with GError in run (): Failed to execute child + process «/usr/share /software-center/piston_generic_helper.py» (Access + Denied) |
visibility: | private → public |
Changed in apparmor (Ubuntu Quantal): | |
status: | Triaged → In Progress |
assignee: | nobody → Jamie Strandboge (jdstrand) |
description: | updated |
description: | updated |
Changed in apparmor (Ubuntu Precise): | |
milestone: | none → precise-updates |
Changed in apparmor (Ubuntu Quantal): | |
assignee: | Steve Beattie (sbeattie) → Jamie Strandboge (jdstrand) |
dmesg
[ 4082.667148] type=1400 audit(133361285 1.137:409) : apparmor="DENIED" operation="exec" parent=5265 profile= "/usr/lib/ chromium- browser/ chromium- browser/ /sanitized_ helper" name="/ usr/share/ software- center/ piston_ generic_ helper. py" pid=5276 comm="software- center" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
kern.log
Apr 5 16:00:51 taaroa kernel: [ 4082.667148] type=1400 audit(133361285 1.137:409) : apparmor="DENIED" operation="exec" parent=5265 profile= "/usr/lib/ chromium- browser/ chromium- browser/ /sanitized_ helper" name="/ usr/share/ software- center/ piston_ generic_ helper. py" pid=5276 comm="software- center" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0