why ubuntu touch terminal cannot execute app

command-line ubuntu-touch

Solution 1:

I figured something out. The reason you can't run binaries from your home directory is that the apparmor profile of the terminal prevents it. If you look at the dmesg output after trying to run a binary you should see something like this:

[140792.471956] type=1400 audit(1431182253.050:175): apparmor="DENIED" operation="exec" profile="com.ubuntu.terminal_terminal_0.7.70" name="/home/phablet/apps/git/usr/bin/git" pid=28134 comm="bash" requested_mask="x" denied_mask="x" fsuid=32011 ouid=32011

Which just tells you that apparmor denied the terminal to run your program, and among other things it tells you the apparmor profile name (com.ubuntu.terminal_terminal_0.7.70) of the terminal. To allow running arbitrary binaries we need to change that profile.

Now normally you'd find apparmor profiles under /etc/apparmor.d but this is not always the case on ubuntu phone. It seems especially click packages (which the terminal is one of) do their own thing and put files in different places. I found multiple locations for the terminal apparmor profile and the right one to edit seems to be:

sudo vi /var/lib/apparmor/profiles/click_com.ubuntu.terminal_terminal_0.7.70

There should be a section like this:

# autopilot runs things in out of ~/autopilot/fakeenv, so lets allow running
# things pretty much everywhere but avoid exec conflicts with the autopilot
# include file which has this rule:
# owner @{HOMEDIRS}/autopilot/fakeenv/*/.local/share/@{APP_PKGNAME}/** mrwklix,
/[^h]** pix,
/[^h][^o][^m][^e]** pix,
@{HOMEDIRS}/*/autopilot/[^f][^a][^k][^e]*/** pix,

Which should already allow pretty much everything to be executed under /home if I understand it correclty. The comment seems to imply the same. Still, for reasons that escape me, it does not work. So to make it work, you can just remove (or comment out) this whole section and replace it with:

/** pix,

That should allow the terminal app to always run everything, from everywhere. Afterwards restart apparmor:

sudo service apparmor restart

and you should be good to go.

Related

Ubuntu + kde-standard + dual monitor
.bashrc edit messes up terminal command arrow-up history print
Using the RandR-enabled nvidia 302.xx beta driver in 12.04 with a realtime kernel
NVIDIA-SMI couldn't find libnvidia-ml.so library
MaaS Enlistment through 12.04 installation CD fails
How to recover from a partial system upgrade?
custom icon in "Places" menu
Restore Missing "Settings" (gnome-control-center) Icon in Ubuntu 18.04
Ubuntu 18.04 stuck in login loop with missing .Xauthority file
How do I move the workspace switcher/selector in Activities overview to the left in GNOME?
Facebook pictures not showing up
How do you remove old kernels from the terminal