I just upgraded my laptop to zesty and tested webbrowser-app in the unity8 session. Santosh’s comment (#47) is incorrect. The first denial that I’m getting is /dev/dri/, and I’ve had to add it to the webbrowser-app profile to proceed to get further denials for PCI devices config:
type=AVC msg=audit(1488885677.369:1080): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/dev/dri/" pid=8151 comm ="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 After authorizing read access to /dev/dri/, I’m getting the following denials: type=AVC msg=audit(1488885802.466:1091): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=8237 comm ="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1488885802.466:1092): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=8237 comm ="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1488885802.466:1093): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/devices/pci0000:00/0000:00:02.0/revision" pid=8237 comm ="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1488885802.466:1094): apparmor="DENIED" operation="open" profile="webbrowser-app" name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=8237 comm ="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Which go away when allowing read access to the config files. And thus the application executes fine. To summarize, here are the rules I’ve had to add to the webbrowser-app profile for the app to run under unity8: /dev/dri/ r, /sys/devices/pci[0-9]*/**/config r, -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590561 Title: webbrowser-app crashes on startup on fresh zesty Unity8: No suitable EGL configs found To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1590561/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
