Still not working. Please help.
the audit logs when launching gajim are:
####################################
type=SYSCALL msg=audit(1521623303.636:86): arch=c000003e syscall=2
success=no exit=-13 a0=659281e35d38 a1=90800 a2=6592816e73f0
a3=659281e49000 items=1 ppid=1053 pid=1119 auid=1000 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="gajim"
exe="/usr/bin/python3.6" key=(null)
type=CWD msg=audit(1521623303.636:86): cwd="/home/user"
type=PATH msg=audit(1521623303.636:86): item=0 name="/usr/lib/python3.6"
inode=19437 dev=00:17 mode=040755 ouid=0 ogid=0 rdev=00:00
nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0
cap_fver=0
type=PROCTITLE msg=audit(1521623303.636:86):
proctitle=2F7573722F62696E2F707974686F6E002F7573722F62696E2F67616A696D
type=AVC msg=audit(1521623303.637:87): apparmor="ALLOWED"
operation="open" info="Failed name lookup - disconnected path" error=-13
profile="/usr/bin/gajim" name="usr/lib/python3.6/lib-dynload" pid=1119
comm="gajim" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=SYSCALL msg=audit(1521623303.637:87): arch=c000003e syscall=2
success=no exit=-13 a0=659281e424d0 a1=90800 a2=6592816e73f0
a3=659281e09000 items=1 ppid=1053 pid=1119 auid=1000 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="gajim"
exe="/usr/bin/python3.6" key=(null)
type=CWD msg=audit(1521623303.637:87): cwd="/home/user"
type=PATH msg=audit(1521623303.637:87): item=0
name="/usr/lib/python3.6/lib-dynload" inode=17086 dev=00:17 mode=040755
ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000
cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1521623303.637:87):
proctitle=2F7573722F62696E2F707974686F6E002F7573722F62696E2F67616A696D
type=ANOM_ABEND msg=audit(1521623303.637:88): auid=1000 uid=0 gid=0
ses=2 pid=1119 comm="gajim" exe="/usr/bin/python3.6" sig=6 res=1
####################################
The profile I used:
# Last Modified: Wed Mar 21 00:06:33 2018
#include <tunables/global>
/usr/bin/gajim flags=(complain) {
#include <abstractions/base>
#include <abstractions/lightdm>
#include <abstractions/python>
/** rwk,
/home/user/** r,
/home/user/.local/share/gajim/** rwk,
/home/user/.cache/gajim/** rwk,
/usr/lib/python3.6/** rk,
/home/user/.local/lib/** rk,
/proc/*/net/arp rk,
owner "/home/*/.mozilla/firefox/Crash Reports/**" rk,
owner /home/*/ rk,
owner /home/*/.ICEauthority rk,
owner /home/*/.Xauthority rk,
owner /home/*/.cache/fontconfig/** rwk,
owner /home/*/.cache/gajim/** rwk,
owner /home/*/.config/** rwk,
owner /home/*/.local/lib/python2.7/site-packages/ rk,
owner /home/*/.local/lib/python3.6/site-packages/ rk,
owner /home/*/.local/share/applications/ rk,
owner /home/*/.local/share/gajim/* rwk,
owner /home/*/.local/share/* rwk,
owner /home/*/.mozilla/firefox/* rk,
owner /proc/*/fd/ rk,
owner /proc/*/mounts rk,
On 03/21/2018 02:40 AM, Seth Arnold wrote:
> Hello,
>
> open("/home/user", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES
> (Permission denied)
> ...
> open("/usr/lib/python3.6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1
> EACCES (Permission denied)
> etc
>
> Probably these all generated DENIED lines in your logs.
>
> And probably running aa-logprof would prompt you about them. Allow them
> as appropriate and probably you'll be good to go.
>
> Thanks
>
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1757256
Title:
Apparmor profile gajim
Status in apparmor package in Ubuntu:
New
Bug description:
Followed this guide: https://gitlab.com/apparmor/apparmor/wi … with_tools and
saved usr.bin.gajim after scanning.
After I restart machine and run Gajim from terminal I get:
Fatal Python error: Py_Initialize: Unable to get the locale encoding
ModuleNotFoundError: No module named 'encodings'
Current thread 0x00006a383a1d5540 (most recent call first):
Aborted (core dumped)
If I delete the profile and restart machine it runs (to confirm it is
profile causing).
This is my current profile
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
# Copyright (C) 2015-2018 Mikhail Morfikov
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
#include <tunables/global>
/usr/bin/gajim {
#include <abstractions/base>
#include <abstractions/X>
#include <abstractions/fonts>
#include <abstractions/freedesktop.org>
#include <abstractions/python>
#include <abstractions/user-tmp>
#include <abstractions/nameservice>
#include <abstractions/openssl>
#include <abstractions/dconf>
/usr/bin/gajim mr,
/usr/bin/ r,
/usr/local/bin/ r,
# Gajim plugins
/usr/share/gajim/plugins/ r,
/usr/share/gajim/plugins/** r,
# Gajim home files
owner @{HOME}/.config/gajim/ rw,
owner @{HOME}/.config/gajim/** rw,
owner @{HOME}/.local/share/gajim/ rw,
owner @{HOME}/.local/share/gajim/** rwk,
# User downloads
owner @{HOME}/[dD]ownload{,s}/ r,
owner @{HOME}/[dD]ownload{,s}/** rwl,
owner @{HOME}/[dD]esktop/ r,
owner @{HOME}/[dD]esktop/** rwl,
# Cache
owner /tmp/morfik_cache/.cache/gajim/ rwk,
owner /tmp/morfik_cache/.cache/gajim/** rwk,
owner @{HOME}/.cache/gajim/ rwk,
owner @{HOME}/.cache/gajim/** rwk,
# Deny access to webcam and mic
deny /dev/video0 rw,
deny /dev/v4l/by-path/ r,
deny /dev/snd/pcmC0D0c rw,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
# External apps
/usr/lib/firefox/firefox rPUx,
/usr/bin/gpg rPUx,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner /{,var/}run/user/[0-9]*/dconf/user rw,
# Silencer
deny /usr/lib/python3/dist-packages/** w,
deny /usr/share/gajim/plugins/** w,
deny @{HOME}/ r,
# Sounds
/usr/bin/aplay Cx -> audio,
/usr/bin/pacat Cx -> audio,
profile audio {
#include <abstractions/base>
#include <abstractions/audio>
/usr/bin/aplay mr,
/usr/bin/pacat mr,
owner @{HOME}/.Xauthority r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
}
/sbin/ldconfig Cx -> ldconfig,
profile ldconfig {
#include <abstractions/base>
/sbin/ldconfig mr,
}
/bin/dash Cx -> dash,
profile dash {
#include <abstractions/base>
/bin/dash mr,
/bin/uname rix,
/usr/bin/gpg rPUx,
}
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1757256/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
