-
Bug
-
Resolution: Won't Fix
-
Major
-
None
-
None
-
None
The demos apps are requesting write access to sub-directories of /usr/lib/qt5/qml.
It can be shown in the journal:
Dec 13 21:03:48 qemux86-64 audit[1308]: SYSCALL arch=c000003e syscall=21 success=no exit=-13 a0=7f7edc0d15a8 a1=2 a2=2 a3=0 items=0 ppid=1306 pid=1308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="QQmlThread" exe="/var/local/lib/afm/applications/mediaplayer/0.1/bin/mediaplayer" subj=User::App::mediaplayer key=(null) Dec 13 21:03:48 qemux86-64 audit: PROCTITLE proctitle=2F7661722F6C6F63616C2F6C69622F61666D2F6170706C69636174696F6E732F6D65646961706C617965722F302E312F62696E2F6D65646961706C617965720033313033330048454C4C4F Dec 13 21:03:48 qemux86-64 audit[1308]: AVC lsm=SMACK fn=smack_inode_permission action=denied subject="User::App::mediaplayer" object="_" requested=w pid=1308 comm="QQmlThread" name="QtGraphicalEffects" dev="hda2" ino=15116
The inodes can be viewed and matches the errors (15116 on the example):
# ls -ldiZ /usr/lib/qt5/qml/* 15100 drwxr-xr-x 3 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/AGL 14457 drwxr-xr-x 4 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/Qt 15161 drwxr-xr-x 2 root root _ 4096 Dec 13 20:46 /usr/lib/qt5/qml/QtCharts 15116 drwxr-xr-x 3 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/QtGraphicalEffects 15165 drwxr-xr-x 2 root root _ 4096 Dec 13 20:46 /usr/lib/qt5/qml/QtMultimedia 15179 drwxr-xr-x 4 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/QtQml 14490 drwxr-xr-x 14 root root _ 4096 Dec 13 20:46 /usr/lib/qt5/qml/QtQuick 15157 drwxr-xr-x 2 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/QtQuick.2 14483 drwxr-xr-x 2 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/QtTest 15174 drwxr-xr-x 3 root root _ 4096 Dec 13 20:46 /usr/lib/qt5/qml/QtWayland 15170 drwxr-xr-x 2 root root _ 4096 Dec 13 20:45 /usr/lib/qt5/qml/QtWebSockets 15156 -rw-r--r-- 1 root root _ 56367 Dec 13 17:03 /usr/lib/qt5/qml/builtins.qmltypes
Is there any reason that tis access occurs? I would prefer that such access don't occur as /usr/lib could be mounted read only.