Bug#909750: firefox tries to write to /usr/* directories
Running `sudo fc-cache -f` didn't helped.
Bug#909750: firefox tries to write to /usr/* directories
Yep, same issue with Kate text editor, and yes, it's fontconfig: ``` Thread 1 "kate" hit Catchpoint 1 (returned from syscall openat), 0x75e42e69 in __libc_open64 (file=0x55930da0 "/usr/share/fonts/type1/gsfonts/.uuid", oflag=524288) at ../sysdeps/unix/sysv/linux/open64.c:47 47 in ../sysdeps/unix/sysv/linux/open64.c #0 0x75e42e69 in __libc_open64 (file=0x55930da0 "/usr/share/fonts/type1/gsfonts/.uuid", oflag=524288) at ../sysdeps/unix/sysv/linux/open64.c:47 #1 0x7fffef458d8a in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #2 0x7fffef451fcf in FcDirCacheLoad () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #3 0x7fffef45b7c4 in FcDirCacheRead () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #4 0x7fffef4563e1 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #5 0x7fffef4564ab in FcConfigBuildFonts () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #6 0x7fffef461766 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #7 0x7fffef4538e7 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #8 0x7fffef453919 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1 #9 0x7fffef572b55 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5 #10 0x768e3cd9 in ?? () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #11 0x768e8097 in QFontDatabase::findFont(QFontDef const&, int) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #12 0x768e8a16 in QFontDatabase::load(QFontPrivate const*, int) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #13 0x768bfa3b in QFontPrivate::engineForScript(int) const () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #14 0x768ed9bf in ?? () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #15 0x7690320f in QTextLine::layout_helper(int) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #16 0x76905375 in QTextLayout::endLayout() () from /lib/x86_64-linux-gnu/libQt5Gui.so.5 #17 0x76f21504 in QWidgetLineControl::redoTextLayout() const () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #18 0x76f216e8 in QWidgetLineControl::updateDisplayText(bool) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #19 0x76f21c45 in QWidgetLineControl::init(QString const&) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #20 0x76f17a24 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #21 0x76f1bb9a in QLineEdit::QLineEdit(QWidget*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5 #22 0x7767f50e in KLineEdit::KLineEdit(QWidget*) () from /lib/x86_64-linux-gnu/libKF5Completion.so.5 #23 0x555c8017 in ?? () #24 0x55590e0d in ?? () #25 0x55596c18 in ?? () #26 0x55586471 in ?? () #27 0x555b6eb8 in ?? () #28 0x555b93b3 in ?? () #29 0x555b9a36 in ?? () #30 0x555b9ad1 in ?? () #31 0x555ba01a in ?? () #32 0x55588385 in ?? () #33 0x55588b20 in ?? () #34 0x55581926 in ?? () #35 0x75d7cb17 in __libc_start_main (main=0x5557fac0, argc=1, argv=0x7fffe688, init=, fini=, rtld_fini=, stack_end=0x7fffe678) at ../csu/libc-start.c:310 #36 0x555830ba in _start () ```
Bug#909750: firefox tries to write to /usr/* directories
Looks like Thunderbird behaves the same: ``` type=AVC msg=audit(1538066122.223:896): apparmor="DENIED" operation="mknod" profile="thunderbird" name="/usr/share/fonts/X11/encodings/large/.uuid.TMP-7ayDB6 " pid=9152 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 ``` Maybe this bug belongs to libfontconfig instead? Firefox and Thunderbird are multi-process applications, it's hard to catch syscal via GDB with all these child-process-iness.
Bug#909750: firefox tries to write to /usr/* directories
Package: firefox Version: 62.0.2-1 Severity: normal Tags: upstream Dear Maintainer, I am using Firefox confined with "unofficial" AppArmor profile, and noticed that this produces a lot of strange denials, as Firefox for unknown reason tries to write to the /usr/* directories, something to do with fonts: ``` type=AVC msg=audit(1538065109.144:473): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/local/share/fonts/.uuid.TMP-iXM9tT" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:474): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/cMap/.uuid.TMP-ilSIWs" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:475): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/X11/util/.uuid.TMP-WTbop2" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:476): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-CNS1/.uuid.TMP-Sab4RB" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:477): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-GB1/.uuid.TMP-CxBKkb" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:478): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Japan1/.uuid.TMP-udurNK" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:479): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Japan2/.uuid.TMP-E6K8fk" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:480): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Korea1/.uuid.TMP-oMrQIT" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:481): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/eot/font-awesome/.uuid.TMP-O2xybt" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:482): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/svg/font-awesome/.uuid.TMP-vOWiE2" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:483): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/truetype/wine/.uuid.TMP-zKha7B" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.144:484): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/X11/encodings/large/.uuid.TMP-mxX2zb" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.476:485): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/local/share/fonts/.uuid.TMP-O01YyL" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.476:486): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/cMap/.uuid.TMP-SNXVVl" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.480:487): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/X11/util/.uuid.TMP-qg04iW" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.480:488): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-CNS1/.uuid.TMP-yTTeGw" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.480:489): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-GB1/.uuid.TMP-5Rqp36" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.480:490): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Japan1/.uuid.TMP-reBAqH" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.480:491): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Japan2/.uuid.TMP-uVjMNh" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 type=AVC msg=audit(1538065109.480:492): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Korea1/.uuid.TMP-p7FYaS" pid=6896
