search

roddhjav / apparmor.d

Full set of AppArmor profiles (~ 1500 profiles)
https://apparmor.pujol.io
GNU General Public License v2.0
395 stars 34 forks source link

Enforcing the profiles managing a keyboard backlight is broken on certain hardwares #402

Closed FiestaLake closed 1 week ago

FiestaLake commented 1 week ago

The audit log: apparmor="DENIED" operation="open" class="file" profile="upowerd" name="/sys/devices/pci0000:00/0000:00:14.3/PNP0C09:00/VPC2004:00/leds/platform::kbd_backlight/max_brightness" pid=79507 comm="upowerd" requested_mask="r" denied_mask="r"

In /etc/apparmor.d/upowerd, the existing lines below

  @{sys}/devices/platform/**/leds/**/brightness rw,
  @{sys}/devices/platform/**/leds/**/brightness_hw_changed r,
  @{sys}/devices/platform/**/leds/**/max_brightness r,

should be corrected into

  @{sys}/devices/**/leds/**/brightness rw,
  @{sys}/devices/**/leds/**/brightness_hw_changed r,
  @{sys}/devices/**/leds/**/max_brightness r,
FiestaLake commented 1 week ago

This should also be done in /etc/apparmor.d/systemd-backlight.

roddhjav commented 1 week ago

Thanks, fixed