Playing with it, I came up with the attached minimal set of rules to get the test case working. There's a whole majority of Network Manager dbus calls still being denied, and three allowed. Despite that I assume this minimal set reveals the discussed "too much", but it might be useful reference.
Using the patch as is results in log noise due to default being apparently "audit deny", and I didn't know how to "deny everything without audit like before, but allow these three exceptions to pass". ** Patch added: "apparmor_allow_qnetworksession_isopen.patch" https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1404188/+attachment/4480910/+files/apparmor_allow_qnetworksession_isopen.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1404188 Title: QNetworkSession::isOpen() always returns false Status in Canonical System Image: Confirmed Status in apparmor-easyprof-ubuntu package in Ubuntu: Confirmed Status in qtbase-opensource-src package in Ubuntu: Confirmed Bug description: Using QNetworkSession::isOpen() in confined apps on a phone running vivid always returns false. This might be an apparmor thing, however, I couldn't find any REJECTED entries in log files. The test app in lp:~mzanetti/+junk/nmsessiontest can reproduce the issue. Open this project in ubuntu-sdk's qtcreator and run it on a vivid device. Press the button and watch the debug prints. On a vivid-desktop or a RTM based phone it will print "all is well". On a vivid phone however, it'll print "network session not open..." This used to work fine at least back in utopic images. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1404188/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
