[Pkg-privacy-maintainers] Bug#935058: torbrowser-launcher: Fails to start because apparmor prevents acces to mutter/xwayland xauth file
intrigeri
intrigeri at debian.org
Mon Aug 19 07:10:49 BST 2019
Control: reassign -1 apparmor
Control: found -1 2.13.3-4
Control: affects -1 torbrowser-launcher
Control: tag -1 + upstream
Hi Frederik,
Frederik Himpe:
> torbrowser-launcher fails to start with this apparmor message in kernel log:
> [ 135.043787] audit: type=1400 audit(1566153604.771:58): apparmor="DENIED"
> operation="open" profile="torbrowser_firefox" name="/run/user/1000/.mutter-
> Xwaylandauth.B4GI6Z" pid=4793 comm="firefox.real" requested_mask="r"
> denied_mask="r" fsuid=1000 ouid=1000
> This happens when starting torbrowser-launcher in a GNOME Wayland session with
> Mutter 3.33.90-2 from Experimental.
Oh, interesting, good catch! I did not know that this new version of
GNOME changed the path to this Xwayland thing. I'm very glad you
spotted this, thanks! :)
I believe this needs to be fixed in
/etc/apparmor.d/abstractions/wayland, thus reassigning. I'll prepare
a merge request upstream and will fix this in Debian ASAP.
Can you please add the following line to
/etc/apparmor.d/abstractions/wayland
owner /run/user/*/.mutter-Xwaylandauth.* r,
… then reload the affected profile with:
sudo apparmor_parser -r /etc/apparmor.d/torbrowser.Browser.firefox
… and retry?
Thanks in advance!
I assume this will break any app running under Xwayland and confined
by AppArmor, so this bug report will become RC once GNOME 3.34 is
released and uploaded to sid.
Cheers,
--
intrigeri
More information about the Pkg-privacy-maintainers
mailing list