Note that this is rather tricky. If the user disabled the evince profile, using Px means that the exec will fail with 'profile not found'. There is no way to specify 'use P if it exists, otherwise C'.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1042771 Title: sanitized_helper prevents proper transition to other profiles Status in apparmor package in Ubuntu: Confirmed Bug description: When an application using the sanitized_helper launches another binary also covered by another apparmor profile, the launched binary is running with the sanitized_helper profile instead of transiting. Here is way to reproduce/observe the problem: Launch firefox to open a PDF through Evince: 1) firefox https://help.ubuntu.com/10.04/serverguide/serverguide.pdf Observe the Apparmor profiles loaded: 2) ps Zaux| grep -v ^unconfined /usr/lib/firefox/firefox{,*[^s][^h]} simon 19556 33.1 2.1 773068 168052 pts/5 Sl+ 10:11 0:03 /usr/lib/firefox/firefox https://help.ubuntu.com/10.04/serverguide/serverguide.pdf /usr/lib/firefox/firefox{,*[^s][^h]}//sanitized_helper simon 19586 19.6 0.4 561964 37176 pts/5 Sl+ 10:11 0:00 evince /tmp/serverguide.pdf I would expect Evince to run with its own profile like it does normally: 3) evince /tmp/serverguide.pdf 4) ps Zaux| grep -v ^unconfined /usr/bin/evince simon 20218 12.7 0.4 560240 35124 pts/5 Sl+ 10:22 0:00 evince /tmp/serverguide.pdf $ lsb_release -rd Description: Ubuntu 12.04.1 LTS Release: 12.04 $ apt-cache policy apparmor firefox evince apparmor: Installed: 2.7.102-0ubuntu3.1 Candidate: 2.7.102-0ubuntu3.1 Version table: *** 2.7.102-0ubuntu3.1 0 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 100 /var/lib/dpkg/status 2.7.102-0ubuntu3 0 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages firefox: Installed: 14.0.1+build1-0ubuntu0.12.04.3 Candidate: 14.0.1+build1-0ubuntu0.12.04.3 Version table: *** 14.0.1+build1-0ubuntu0.12.04.3 0 500 http://archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages 100 /var/lib/dpkg/status 14.0.1+build1-0ubuntu0.12.04.1 0 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 11.0+build1-0ubuntu4 0 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages evince: Installed: 3.4.0-0ubuntu1.3 Candidate: 3.4.0-0ubuntu1.3 Version table: *** 3.4.0-0ubuntu1.3 0 500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 100 /var/lib/dpkg/status 3.4.0-0ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: apparmor 2.7.102-0ubuntu3.1 ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27 Uname: Linux 3.2.0-30-generic x86_64 ApportVersion: 2.0.1-0ubuntu12 Architecture: amd64 Date: Tue Aug 28 10:12:30 2012 ProcEnviron: LANGUAGE=en_CA:en TERM=xterm PATH=(custom, no user) LANG=en_CA.UTF-8 SHELL=/bin/bash ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.2.0-30-generic root=/dev/mapper/crypt-root ro quiet splash i915.i915_enable_fbc=1 i915.lvds_downclock=1 drm.vblankoffdelay=1 vt.handoff=7 SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1042771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
