Hi, my dmesg shows me the following output:
type=1400 audit(1617134745.962:4981): apparmor="DENIED" operation="chmod" profile="/usr/lib/signal-desktop/signal-desktop" name="/var/cache/fontconfig/" pid=246265 comm="signal-desktop" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 What would be a rule allowing this chmod operation? Right now I actually don't really care if the solution it's reasonable or not, big hammer would also be fine, as I am currently investigating why the entirety of the Electron-universe suddenly decides to die on me with [0]. Hence I'm currently trying to write a very liberal profile to then lock down again. However, I fail to write a rule that relieves me of the warning above. I do have a /var/cache/fontconfig rw, /var/cache/fontconfig/** rw, in the profile I'm testing with, but that doesn't resolve it. Possibly because it's a chmod-operation instead of an open-operation? Which the core reference [1] says is currently not supported/exposed? That message is present 4 times, I doubt it's the root cause, but dmesg is not voicing any other concerns besides "n callbacks suppressed", so I'd like to get rid of it to uncover more messages as I haven't found any other way of removing said suppression (caused/reported by kauditd_printk_skb). If there is one that I haven't found, that would be an alternative as well of course. Can anyone help me out on this one, possibly? Thanks very much, Jonas [0] libGL error: MESA-LOADER: failed to retrieve device information libGL error: Version 4 or later of flush extension not found libGL error: failed to load driver: i915 Failed to generate minidump.zsh: segmentation fault (core dumped) [1] https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
