Apparmor profile blocks config file if XDG_CONFIG_HOME is set #708
Comments
|
Just wanted to make a correction that adding: |
|
This is a common pitfall of AppArmor profiles and LSM policy in general. There are standard variables in |
|
I'd recommend to add in /etc/apparmor.d/tunables/alias and to run |
Thanks, I'll give that a try. So far I have just put the files in .config rather than .config.tumbleweed and that has worked well enough. It sounds like this is really a problem with AppArmor itself needing to be updated to handle the XDG standard. |
Describe the bug
With XDG_CONFIG_HOME set to something other than $HOME/.config, the supplied apparmor profile DENIES the file access to the redshift.conf file. Adding the line:
owner @{XDG_CONFIG_HOME}/redshift/redshift.conf r,
to the usr.bin.redshift file fixes this when running redshift from the command line. It does not fix it when running redshift-gtk however.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Parameters specified in $XDG_CONFIG_HOME/redshift/redshift.conf should be used rather than default values (or those in ~/.config/redshift/redshift.conf).
Error output/logs/screenshots
In /var/log/audit/audit.log the error is:
type=AVC msg=audit(1550535771.076:213): apparmor="DENIED" operation="open" profile="/usr/bin/redshift" name="/home/username/.config.tumbleweed/redshift/redshift.conf" pid=5793 comm="redshift" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Software versions (please complete the following information):
The text was updated successfully, but these errors were encountered: