[apparmor] [profile] Audacious: abstractions/ubuntu-media-players and /var/log/syslog file issues.
Seth Arnold
seth.arnold at canonical.com
Fri Jul 21 19:58:51 UTC 2017
On Fri, Jul 21, 2017 at 01:35:29PM +0200, daniel curtis wrote:
> Honestly, I don't understand what should I do with rules from
> '/etc/apparmor.d/abstractions/ubuntu-media-players' file. There is a rule
> for Audacious: '/usr/bin/audacious2 Cxr -> sanitized_helper,*' *but
> '/usr/bin/audacious2' does not exist in my system. There is:
> '/usr/bin/audacious'.
>
> Once again: I should remove '2' from this rule and leave only
> '/usr/bin/audacious Cxr -> sanitized_helper,' (without '2') or add a rule
> suggested by You: '/usr/bin/audacious Pxr,'? If this is a solution then
> what about '-> sanitized helper'? Use or not?
Hi Daniel,
Feel free to ignore the audacious2 line -- after all the executable
doesn't exist on your system.
Add a line:
/usr/bin/audacious Px,
to the /etc/apparmor.d/abstractions/ubuntu-media-players file. (This will
sadly complicate upgrades in the future.)
> Or maybe '/usr/bin/audacious Pxr,' rule should be used but in Audacious
> profile? ('/etc/apparmor.d/usr.bin.audacious' file.) There is a "similar"
> rule added by aa-genprof(8) utility:
>
> /usr/bin/audacious mr,
>
> I'm sorry for such naive questions, but I'm confused. Could You write, step
> by step, what really should I do?
This rule is added to the audacious profile because the executable must be
mapped executably into its address space. A Pxr rule on its own wouldn't
be sufficient for the mmap. Normally a program that executes itself in
its own domain would be given an 'ix' rule too, since it's already in
the domain.
> >> There are no plans to update to newer versions of Audacious
> >> If there's a compelling reason to do an update you can look
> >> into performing a Stable Release Update.
>
> I was asking about update, because of Audacious v3.8.2 with fix for
> vulnerability discovered in Game_Music_Emu. Nothing more, nothing less.
> There was about six Audacious releases since v3.6.2 used in 16.04 LTS
> Release.
Could you double-check if audacious uses the system libaries or if it
bundles in the unsafe code itself? We addressed the scarybeasts finding:
https://bugs.launchpad.net/ubuntu/+source/game-music-emu/+bug/1650523/comments/2
but if audacious bundles rather than links, that ought to be addressed.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170721/f6f62512/attachment.pgp>
More information about the AppArmor
mailing list