[pkg-apparmor] Bug#919775: apparmor: AppArmor denies new mesa-related paths

Vincas Dargis vindrg at gmail.com
Sat Jan 19 14:06:55 GMT 2019 

Package: apparmor
Version: 2.13.2-3
Severity: normal
Tags: upstream patch

Dear Maintainer,

After recent Mesa updates on Sid, new denies are produced by some
applicaitons:

```
type=AVC msg=audit(1547905564.212:523): apparmor="DENIED"
operation="open" profile="supertuxkart" name="/usr/share/drirc.d/"
pid=15740 comm="supertuxkart" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0
```

```
type=AVC msg=audit(1547905896.307:548): apparmor="DENIED"
operation="open" profile="supertuxkart"
name="/usr/share/drirc.d/00-mesa-defaults.conf" pid=15963 c
omm="supertuxkart" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

```

MR is prepared:
https://gitlab.com/apparmor/apparmor/merge_requests/308

I hope this gets into Buster. I guess these kind of fixes are allowd until
final freeze, or even later?



-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.70
ii  libc6                  2.28-5
ii  lsb-base               10.2018112800
ii  python3                3.7.2-1

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-profiles-extra  1.24
ii  apparmor-utils           2.13.2-3

-- Configuration Files:
/etc/apparmor.d/abstractions/audio changed [not included]
/etc/apparmor.d/abstractions/fonts changed [not included]
/etc/apparmor.d/abstractions/kde changed [not included]
/etc/apparmor.d/abstractions/mesa changed [not included]
/etc/apparmor.d/abstractions/ubuntu-email changed [not included]
/etc/apparmor.d/tunables/kernelvars changed [not included]
/etc/apparmor.d/tunables/securityfs changed [not included]
/etc/apparmor.d/tunables/sys changed [not included]

-- debconf information excluded

More information about the pkg-apparmor-team mailing list