[apparmor] Rule to allow chmod-operations (or reduce dmesg suppression)
Christian Boltz
apparmor at cboltz.de
Tue Mar 30 20:59:34 UTC 2021
Hello,
Am Dienstag, 30. März 2021, 22:28:00 CEST schrieb Jonas Große Sundrup:
> type=1400 audit(1617134745.962:4981): apparmor="DENIED"
> operation="chmod" profile="/usr/lib/signal-desktop/signal-desktop"
> name="/var/cache/fontconfig/" pid=246265 comm="signal-desktop"
> requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
[...]
> /var/cache/fontconfig rw,
> /var/cache/fontconfig/** rw,
>
> in the profile I'm testing with, but that doesn't resolve it. Possibly
> because it's a chmod-operation instead of an
> open-operation?
chmod is part of w permissions, nothing wrong with that. (You
probably don't need r permissions, unless you have another log event
with a denial for them.)
However, you carefully avoided the correct path ;-) - you'll need
/var/cache/fontconfig/ w,
Note the trailing / which marks it as a directory (without trailing
slash, the rule would apply to a file).
Regards,
Christian Boltz
--
[20:01] * mrdocs grabs a snack first
[20:01] <suseROCKs> hmm last time mrdocs said he was going to grab
a snack, we didn't see him again for a week
[from #opensuse-project]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20210330/77a9d311/attachment.sig>
More information about the AppArmor
mailing list