mcphail | Does anyone know why an .apparmor file containing http://termbin.com/eoc2 won't let me run "find /media/*/*/bg1 -maxdepth 0"? I'm getting Nov 21 13:09:11 ubuntu-phablet kernel: [117357.738918]type=1400 audit(1448111351.811:1191): apparmor="DENIED" operation="open" profile="bg1.njmcphail_bg1_0.10" name="/media/" pid=25663 comm="run.sh" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0 | 13:26 |
---|---|---|
mcphail | The docviewer app uses a similar trick to allow access to the sdcard | 13:28 |
popey | mcphail, do you have the find binary in your click? | 13:43 |
mcphail | popey: need to find the path to the sdcard. It has a unique ID | 14:00 |
popey | mcphail, my point was, is it failing because it can't run the /bin/find binary ? | 14:00 |
popey | (I had to copy mkdir binary into my click package) | 14:00 |
mcphail | popey: using busybox find in the click | 14:00 |
popey | k | 14:01 |
mcphail | Can't seem to get this to work without making it unconfined | 14:01 |
mcphail | I presume the "read_path" stanza isn't just for content-hub? | 14:05 |
popey | no | 14:08 |
popey | its read/write directly | 14:08 |
popey | you copied from docviewer? | 14:08 |
mcphail | yes | 14:08 |
mcphail | http://bazaar.launchpad.net/~ubuntu-docviewer-dev/ubuntu-docviewer-app/lo-viewer/view/head:/docviewer.apparmor | 14:08 |
mcphail | that has xonten_exchange as well, but I think I don't need that | 14:09 |
mcphail | I've tried /media/*/*/bg1/ as well, but that doesn't work either | 14:09 |
* mcphail wonders if simply "/media/" might work... | 14:11 | |
mcphail | OK, that seems to work. But it is a bit *broad*. Would an app pass a manual review with such permissions? | 14:14 |
ok2cqr | Hi, I working on app that runs mysql server in embedded mode and saves the data to user's home directory. By default apparmor won't allow that. I have a scipt in post-install that does the modification but it seems direct changes of user.sbin.mysql is not good idea. Anybody know where I should paste the apparmor configuration changes, please? | 20:24 |
ok2cqr | The script is here: https://github.com/ok2cqr/cqrlog/blob/master/tools/cqrlog-apparmor-fix | 20:25 |
mcphail | popey: I've decided the BG app is probably ready enough to go up on the store. I'm sure it will attract lots of negative reviews due to the myriad of bugs, but I have broad shoulders. Do you know who I could ping for manual review for the sdcard access permissions? | 20:40 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!