| Summary: | Apparmor disallows opening of multimedia files on LAN (i.e. opening of temporary file in ~/.cache/kioexec/krun/*/ is disallowed) | ||
|---|---|---|---|
| Product: | [Frameworks and Libraries] kio-extras | Reporter: | Terry <terence.v.silk> |
| Component: | Samba | Assignee: | Plasma Bugs List <plasma-bugs-null> |
| Status: | RESOLVED DOWNSTREAM | ||
| Severity: | normal | CC: | alex.bikadorov, krusader-bugs-null, nate |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Ubuntu | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
| Attachments: |
Error message suggests that that the kio-extras managed temporary file can't be read
A copy of Apparmor profile /var/lib/snapd/apparmor/profiles/snap.vlc.vlc |
||
Please note that "AVC" was a slip of the "pen" (brain fade). I should have written VLC. This is not related to Krusader. It may be something related to KIO but more likely to Apparmor. From the error message I would simply say you need to allow read access for VLC for the ~/.cache/kioexec/krun/ path by Apparmor. What is the file path of the original file you have on "LAN" here in Krusader? Is this the "file://" protocol or something else? (In reply to Alex Bikadorov from comment #2) > This is not related to Krusader. It may be something related to KIO but more > likely to Apparmor. > > From the error message I would simply say you need to allow read access for > VLC for the ~/.cache/kioexec/krun/ path by Apparmor. > > What is the file path of the original file you have on "LAN" here in > Krusader? Is this the "file://" protocol or something else? 1. Your reply seems to suggest that the problem is simply a result of the KDE migration towards the use of KIO slaves and therefore I was incorrect when I interpreted BUG FAQ#1 on the Krusader website ( https://krusader.org/report-bugs/index.html ) as meaning that abdication of the handling of SMB etc to KIO was driven by a Krusader decision. 2. The file path of the original file started with smb:// 3. Since I have apparently raised this issue in the wrong forum: a) Feel free to close the issue as you see fit b) I thank you for the information you have supplied c) I will investigate whether the problem can be fixed adequately by configuring Apparmor along the lines that you have suggested and if appropriate, report the default behaviour elsewhere. For documentation reasons I move this to KIO. Created attachment 121423 [details]
A copy of Apparmor profile /var/lib/snapd/apparmor/profiles/snap.vlc.vlc
I strongly suspect that this issue is related to a unresolved bug report in a different forum, i.e. https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1766628 however I have carefully examined the apparmor profile on my machine, i.e. var/lib/snapd/apparmor/profiles/snap.vlv.vlc but at the moment it is still unclear to me how apparmor allows vlc to open an identical copy of the same video file in ~/Videos but disallows it in ~/.cache/kioexec/krun/*/. At this point in my current confused state, my queries are: 1) Are ordinary users really expected to solve (and compensate for) apparmor's complex and strange decisions? 2) Which is the most appropriate forum for reporting this bug? It seems like there ought to be collective responsibilty for this type of thing: perhaps the kde development team needs to exchange information with the apparmor development team a bit more? This is an AppArmor configuration issue, probably with the configuration provided by your distro. I would bring it up to the Ubuntu folks. Thanks! |
Created attachment 121254 [details] Error message suggests that that the kio-extras managed temporary file can't be read SUMMARY In Krusader when a multimedia file on the LAN was double-clicked then after a delay an error message window such as that shown in attachment "Krusader_error_window_01.png" appeared. The associated system log error message extract revealed why: --------------------------------------------------------------------- kernel: audit: type=1400 audit(1561976785.431:61): apparmor="DENIED" operation="open" profile="snap.vlc.vlc" name="/home/bloggs_j/.cache/kioexec/krun/18428_0/A_United_Kingdom.mp4" pid=18769 comm="vlc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 --------------------------------------------------------------------- By contrast when the very same file on the LAN was double-clicked using the Files app, it opened and played within AVC no problem. When the very same file on the LAN was subsequently copied to the ~/Downloads directory and then double-clicked in Krusader it opened in VLC and played no problem. STEPS TO REPRODUCE 1. Double-click on ANY other multimedia file on the LAN using Krusader. 2. Inspect the system log. 3. Double-click the same file on the LAN using the Files app or download it and then double-click the downloaded copy using Krusader. OBSERVED RESULT Krusader will not allow multimedia files on the LAN to be played whereas the Files app will. EXPECTED RESULT Krusader should allow multimedia files on the LAN to be played since it did just that until recently (unfortunately I don't know whether this is as a result of one or more updates of the following packages: Krusader; kio-extras; Apparmor) AND the Files app IS allowed to play multimedia files on the LAN without it being necessary to download a copy. SOFTWARE/OS VERSIONS Linux/Desktop: OS: Ubuntu 18.04.2 LTS (64-bit) Desktop: Gnome 3.28.2 KDE Frameworks 5.44.0 Qt 5.9.5 (built against 5.9.5) ADDITIONAL INFORMATION Main desktop= Gnome but several KDE elements were added when KDE apps were installed.