[13:26] <mcphail> Does anyone know why an .apparmor file containing http://termbin.com/eoc2 won't let me run "find /media/*/*/bg1 -maxdepth 0"? I'm getting Nov 21 13:09:11 ubuntu-phablet kernel: [117357.738918]type=1400 audit(1448111351.811:1191): apparmor="DENIED" operation="open" profile="bg1.njmcphail_bg1_0.10" name="/media/" pid=25663 comm="run.sh" requested_mask="r" denied_mask="r" fsuid=32011 ouid=0
[13:28] <mcphail> The docviewer app uses a similar trick to allow access to the sdcard
[13:43] <popey> mcphail, do you have the find binary in your click?
[14:00] <mcphail> popey: need to find the path to the sdcard. It has a unique ID
[14:00] <popey> mcphail, my point was, is it failing because it can't run the /bin/find binary ?
[14:00] <popey> (I had to copy mkdir binary into my click package)
[14:00] <mcphail> popey: using busybox find in the click
[14:01] <popey> k
[14:01] <mcphail> Can't seem to get this to work without making it unconfined
[14:05] <mcphail> I presume the "read_path" stanza isn't just for content-hub?
[14:08] <popey> no
[14:08] <popey> its read/write directly
[14:08] <popey> you copied from docviewer?
[14:08] <mcphail> yes
[14:08] <mcphail> http://bazaar.launchpad.net/~ubuntu-docviewer-dev/ubuntu-docviewer-app/lo-viewer/view/head:/docviewer.apparmor
[14:09] <mcphail> that has xonten_exchange as well, but I think I don't need that
[14:09] <mcphail> I've tried /media/*/*/bg1/ as well, but that doesn't work either
[14:11]  * mcphail wonders if simply "/media/" might work...
[14:14] <mcphail> OK, that seems to work. But it is a bit *broad*. Would an app pass a manual review with such permissions?
[20:24] <ok2cqr> Hi, I working on app that runs mysql server in embedded mode and saves the data to user's home directory. By default apparmor won't allow that. I have a scipt in post-install that does the modification but it seems direct changes of user.sbin.mysql is not good idea. Anybody know where I should paste the apparmor configuration changes, please?
[20:25] <ok2cqr> The script is here: https://github.com/ok2cqr/cqrlog/blob/master/tools/cqrlog-apparmor-fix
[20:40] <mcphail> popey: I've decided the BG app is probably ready enough to go up on the store. I'm sure it will attract lots of negative reviews due to the myriad of bugs, but I have broad shoulders. Do you know who I could ping for manual review for the sdcard access permissions?