Package: surf
Version: 2.0+git20181009-2.1
Severity: normal
Tags: patch
Dear Maintainer,
surf is not able to access the following two files due to its apparmor
profile:
[ 5565.325749] audit: type=1400 audit(1547681461.606:127): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/usr/share/publicsuffix/public_suffix_list.dafsa" pid=29897
comm="WebKitNetworkPr" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 5565.328420] audit: type=1400 audit(1547681461.610:128): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/usr/share/publicsuffix/public_suffix_list.dat" pid=29897
comm="WebKitNetworkPr" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
I have included a patch.
Regards,
Leo
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: armhf (armv7l)
Kernel: Linux 4.19.0-1-armmp (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages surf depends on:
ii libc6 2.28-5
ii libgcr-base-3-1 3.28.0-4
ii libgcr-ui-3-1 3.28.0-4
ii libglib2.0-0 2.58.2-3
ii libgtk-3-03.24.2-3
ii libwebkit2gtk-4.0-37 2.22.5-1
ii libx11-6 2:1.6.7-1
Versions of packages surf recommends:
ii curl 7.62.0-1
ii suckless-tools 44-1
ii x11-utils7.7+4
ii xterm [x-terminal-emulator] 342-1
Versions of packages surf suggests:
ii apparmor 2.13.2-3
-- Configuration Files:
/etc/apparmor.d/usr.bin.surf changed [not included]
-- no debconf information
>From 092793cac1b5dd01a62f910497c95b51d28dc674 Mon Sep 17 00:00:00 2001
From: Leo Singer
Date: Wed, 16 Jan 2019 23:40:11 +
Subject: [PATCH] Tell apparmor to allow access to publicsuffix data
---
debian/changelog| 7 +++
debian/usr.bin.surf | 1 +
2 files changed, 8 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 7e6f003..c002849 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+surf (2.0+git20181009-3.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Tell apparmor to allow read access to publicsuffix data.
+
+ -- Leo Singer Wed, 16 Jan 2019 23:39:11 +
+
surf (2.0+git20181009-3) unstable; urgency=medium
* Fix path pattern for usrmerged paths in AppArmor profile.
diff --git a/debian/usr.bin.surf b/debian/usr.bin.surf
index f204a83..3a9b2d6 100644
--- a/debian/usr.bin.surf
+++ b/debian/usr.bin.surf
@@ -31,6 +31,7 @@
/usr/lib/@{multiarch}/webkit2gtk-4.0/WebKit*Process ix,
/{dev,run}/shm/WK2SharedMemory.* rw,
/var/tmp/WebKit-Media-* rw,
+ /usr/share/publicsuffix/public_suffix_list.{dat,dafsa} r,
owner @{HOME}/.local/share/webkitgtk/ w,
owner @{HOME}/.local/share/webkitgtk/** rw,
owner @{HOME}/.cache/webkitgtk/ w,
--
2.20.1
