[Pkg-kde-extras] Bug#946931: quassel-core: apparmor denials
Seth Arnold
seth.arnold at canonical.com
Wed Dec 18 01:44:05 GMT 2019
Package: quassel-core
Severity: important
Hello, I'm reporting this bug on behalf of a friend, so I've trimmed
unrelated context from the bug report.
My friend's paste is at https://paste.debian.net/1120576/
There's some AppArmor DENIED lines that caused him to disable the apparmor
profile for this service:
audit: type=1400 audit(1576016744.839:6): apparmor="DENIED" operation="open" profile="/usr/bin/quasselcore" name="/proc/sys/kernel/random/boot_id" pid=874 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
audit: type=1400 audit(1576016744.851:7): apparmor="DENIED" operation="open" profile="/usr/bin/quasselcore" name="/var/lib/dbus/machine-id" pid=874 comm="quasselcore" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
audit: type=1400 audit(1576016744.867:8): apparmor="DENIED" operation="link" profile="/usr/bin/quasselcore" name="/var/lib/quassel/quasselcore.conf" pid=874 comm="quasselcore" requested_mask="l" denied_mask="l" fsuid=108 ouid=108 target="/var/lib/quassel/#131283"
Adding lines:
/proc/sys/kernel/random/boot_id r,
/var/lib/dbus/machine_id r,
/var/lib/quassel/quasselcore.conf l,
to the quasselcore profile should address these issues, though there's a
chance that once these are allowed, something else would fail.
Thanks
More information about the pkg-kde-extras
mailing list