2023-01-29 22:18:22 +01:00
|
|
|
---
|
|
|
|
title: Known issues
|
|
|
|
---
|
|
|
|
|
|
|
|
# Known issues
|
|
|
|
|
2023-04-16 22:35:15 +02:00
|
|
|
Known bugs are tracked on the meta issue **[#75](https://github.com/roddhjav/apparmor.d/issues/74)**.
|
|
|
|
|
2023-01-29 22:18:22 +01:00
|
|
|
!!! info
|
|
|
|
|
2023-04-16 22:35:15 +02:00
|
|
|
Usually, a profile in complain mode cannot break the program it confines.
|
|
|
|
However, there are some **major exceptions**:
|
2023-01-29 22:18:22 +01:00
|
|
|
|
2023-04-16 22:35:15 +02:00
|
|
|
* `deny` rules are enforced even in complain mode,
|
2023-08-19 15:32:08 +02:00
|
|
|
* `attach_disconnected` (and `mediate_deleted`) will break the program if they are required and missing in the profile,
|
2023-04-16 22:35:15 +02:00
|
|
|
* If apparmor does not find the profile to transition `rPx`.
|
2023-01-29 22:18:22 +01:00
|
|
|
|
|
|
|
### Pacman "could not get current working directory"
|
|
|
|
|
|
|
|
```sh
|
|
|
|
$ sudo pacman -Syu
|
|
|
|
...
|
|
|
|
error: could not get current working directory
|
|
|
|
:: Processing package changes...
|
|
|
|
...
|
|
|
|
```
|
|
|
|
|
|
|
|
This is **a feature, not a bug!** It can safely be ignored. Pacman tries to get
|
|
|
|
your current directory. You will only get this error when you run pacman in your
|
|
|
|
home directory.
|
|
|
|
|
|
|
|
According the Archlinux guideline, on Archlinux, packages cannot install files
|
|
|
|
under `/home/`. Therefore the [`pacman`][pacman] profile purposely does not
|
2023-01-31 22:13:35 +01:00
|
|
|
allow access of your home directory.
|
2023-01-29 22:18:22 +01:00
|
|
|
|
2023-01-31 22:13:35 +01:00
|
|
|
This provides a basic protection against some packages (on the AUR) that may have
|
2023-01-29 22:18:22 +01:00
|
|
|
rogue install script.
|
|
|
|
|
2023-02-11 20:00:14 +01:00
|
|
|
[pacman]: https://github.com/roddhjav/apparmor.d/blob/main/apparmor.d/groups/pacman/pacman
|
2023-01-29 22:18:22 +01:00
|
|
|
|
|
|
|
|
|
|
|
### Gnome can be very slow to start.
|
|
|
|
|
|
|
|
[Gnome](https://github.com/roddhjav/apparmor.d/issues/80) can be slow to start.
|
2023-01-31 22:13:35 +01:00
|
|
|
This is a known bug, help is very welcome.
|
2023-01-29 22:18:22 +01:00
|
|
|
|
|
|
|
The complexity is that:
|
|
|
|
|
|
|
|
- It works fine without AppArmor
|
|
|
|
- It works fine on most system (including test VM)
|
|
|
|
- It seems to be dbus related
|
|
|
|
- On archlinux, the dbus mediation is not enabled. So, there is nothing special to allow.
|