[apparmor] Kernel-regression?

[Jonas Große Sundrup]

Hi,


On 2020-08-30, Christian Boltz wrote:
> - did you reload the profile after changing it?

Yes, via aa-teardown && systemctl restart apparmor.service and
restarting element-{desktop,launcher} afterwards for the profiles to
take effect. I have made sure that no processes of
element-{desktop,launcher} remain before doing so to avoid it still
being unconfined due to the teardown.


> - did you load the new profiles?

Yes, via aa-teardown && systemctl restart apparmor.service, see above


> - do you see any errors when (re)loading the profiles with
>      apparmor_parser -r /etc/apparmor.d/

No.


> - are the processes confined under the expected profile? Check with
>      ps Zaux | grep element

every outputted line (except the grep above) is listed with
"(enforce)" (which means that all processes are confined, right? or is
there something else to watch out for?)


> If the above doesn't help, seeing the profile and the output of
> aa-status   would probably be helpful.

aa-status looks unsuspicious: https://p.nnev.de/9547

Profile (after resolving all includes): https://p.nnev.de/9548
This is the profile for /usr/bin/element-desktop, the profile itself
starts at line 99.
My profile for /usr/local/bin/element-launcher is identical, except for
line 99.

element-desktop throws the aforementioned error with libreadline,
element-launcher works absolutely fine.

Checksums for both element-desktop and element-launcher are identical,
as both executables are identical (yes, I have just sha1summed both of
them to avoid me screwing something up...).


> [1] I'm sorry if some of them look like "silly questions", but please
>     check them nevertheless ;-)

No worries, certainly see what you are checking there and why. :)


If you have any ideas what still to try, I'm happy to try them...


  ~ Jonas