search

roddhjav / apparmor.d

Full set of AppArmor profiles (~ 1500 profiles)
https://apparmor.pujol.io
GNU General Public License v2.0
465 stars 46 forks source link

signal-desktop errors #605

Open curiosityseeker opened 1 week ago

curiosityseeker commented 1 week ago

After starting signal-desktop I get the following errors:

profile signal-desktop {
  /bin/xdg-mime ix -> xdg-mime, # no new privs no new privs
}

profile xdg-settings {
  @{bin}/xdg-mime r,

  /bin/xdg-mime ix -> xdg-mime, # no new privs no new privs
}

And after opening a link in the browser I get:

profile child-open-any flags=(mediate_deleted) {
  /usr/share/drirc.d/ r,

  owner @{user_cache_dirs}/mesa_shader_cache_db/index rw,
  owner @{user_cache_dirs}/mesa_shader_cache_db/part0/mesa_cache.db k,

  owner @{user_config_dirs}/menus/applications-merged/ r,

  /dev/dri/ r,
  /dev/dri/renderD128 rw,

  owner link @{user_share_dirs}/#@{int6}3 ,                 # Failed name lookup - deleted entry
  owner link @{user_share_dirs}/recently-used.xbel.AyAVOY -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.bSfGQm -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.DBLABb -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.dmmEew -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.fIAoKV -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.gofqlH -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.gQmhUF -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.hSZTCk -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.lLvOnq -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.qTPrmd -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.rCSgSs -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.SMHFSF -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.tOVeTh -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.wgcSOu -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.Yeeztg -> @{user_share_dirs}/#@{int6}3,
  owner link @{user_share_dirs}/recently-used.xbel.ZBHpCH -> @{user_share_dirs}/#@{int6}3,
}

which is a bit strange, IMO, as the profile contains

@{open_path} rpx -> child-open-strict,

and not child-open-any

roddhjav commented 2 days ago

That is a nnp issue. I recently figured out that more and more electron based app set it. Therefore xdg-settings need to be run stacked (it is already). The issue is that in some DE xdg-settings start xdg-mine that also need to be recursively stacked...

I need to include recursive stacking in the aa:stack directive to fully fix this. This is related to #505 that was closed a bit quickly,

Regarding child-open-any

What is your DE? I am pretty sure, the link was opened through the xdg-open profile (it is the only one that use child-open-any). That could be a consequence of the nnp flag.

curiosityseeker commented 1 day ago

I'm using KDE on Arch.