[pkg-apparmor] Bug#865206: apparmor: Should apparmor abstractions allow flatpak directories?
Diane Trout
diane at ghic.org
Mon Jun 19 18:20:19 UTC 2017
Package: apparmor
Version: 2.11.0-3
Severity: wishlist
Dear Maintainer,
I was updating my browser profiles and saw firefox was trying to load some
flatpak mime exports.
Should the apparmor profiles allow those?
Diane
[113716.169929] audit: type=1400 audit(1497894513.471:785): apparmor="DENIED"
operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-
browser_*/Browser/firefox"
name="/var/lib/flatpak/exports/share/mime/mime.cache" pid=933 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[113716.169957] audit: type=1400 audit(1497894513.471:786): apparmor="DENIED"
operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-
browser_*/Browser/firefox" name="/var/lib/flatpak/exports/share/mime/globs2"
pid=933 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[113716.169964] audit: type=1400 audit(1497894513.471:787): apparmor="DENIED"
operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-
browser_*/Browser/firefox" name="/var/lib/flatpak/exports/share/mime/magic"
pid=933 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[113716.169974] audit: type=1400 audit(1497894513.471:788): apparmor="DENIED"
operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-
browser_*/Browser/firefox" name="/var/lib/flatpak/exports/share/mime/aliases"
pid=933 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[113716.169979] audit: type=1400 audit(1497894513.471:789): apparmor="DENIED"
operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-
browser_*/Browser/firefox"
name="/var/lib/flatpak/exports/share/mime/subclasses" pid=933 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable'), (110, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.61
ii init-system-helpers 1.48
ii libapparmor-perl 2.11.0-3
ii libc6 2.24-11+deb9u1
ii lsb-base 9.20161125
ii python3 3.5.3-1
apparmor recommends no packages.
Versions of packages apparmor suggests:
ii apparmor-profiles 2.11.0-3
ii apparmor-profiles-extra 1.11
ii apparmor-utils 2.11.0-3
-- debconf information:
apparmor/homedirs:
More information about the pkg-apparmor-team
mailing list