mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
24855edd11
[Fontmatrix](https://github.com/fontmatrix/fontmatrix) [adds \~/.Fontmatrix/Activated to fonts.conf](https://github.com/fontmatrix/fontmatrix/blob/75552e2/src/typotek.cpp#L1081-L1088). This causes programs which use [Fontconfig](https://gitlab.freedesktop.org/fontconfig/fontconfig) (directly or indirectly through libraries such as [Pango](https://pango.gnome.org/)) to include that directory in their font search path, which causes errors such as: ``` audit: type=1400 audit(1602678958.525:53): apparmor="DENIED" operation="open" profile="fr.emersion.Mako" name="/home/username/.Fontmatrix/Activated/.uuid" pid=48553 comm="mako" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1602678958.525:54): apparmor="DENIED" operation="open" profile="fr.emersion.Mako" name="/home/username/.Fontmatrix/Activated/" pid=48553 comm="mako" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 ``` if the program does not explicitly include this directory in its AppArmor profile. As with other common font locations, add `~/.Fontmatrix/Activated` to the fonts abstraction for read-only access. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/657 Acked-by: John Johansen <john.johansen@canonical.com> |
||
|---|---|---|
| .. | ||
| abi | ||
| abstractions | ||
| apache2.d | ||
| local | ||
| tunables | ||
| bin.ping | ||
| lsb_release | ||
| nvidia_modprobe | ||
| php-fpm | ||
| sbin.klogd | ||
| sbin.syslog-ng | ||
| sbin.syslogd | ||
| usr.lib.apache2.mpm-prefork.apache2 | ||
| usr.lib.dovecot.anvil | ||
| usr.lib.dovecot.auth | ||
| usr.lib.dovecot.config | ||
| usr.lib.dovecot.deliver | ||
| usr.lib.dovecot.dict | ||
| usr.lib.dovecot.director | ||
| usr.lib.dovecot.doveadm-server | ||
| usr.lib.dovecot.dovecot-auth | ||
| usr.lib.dovecot.dovecot-lda | ||
| usr.lib.dovecot.imap | ||
| usr.lib.dovecot.imap-login | ||
| usr.lib.dovecot.lmtp | ||
| usr.lib.dovecot.log | ||
| usr.lib.dovecot.managesieve | ||
| usr.lib.dovecot.managesieve-login | ||
| usr.lib.dovecot.pop3 | ||
| usr.lib.dovecot.pop3-login | ||
| usr.lib.dovecot.replicator | ||
| usr.lib.dovecot.script-login | ||
| usr.lib.dovecot.ssl-params | ||
| usr.lib.dovecot.stats | ||
| usr.sbin.apache2 | ||
| usr.sbin.avahi-daemon | ||
| usr.sbin.dnsmasq | ||
| usr.sbin.dovecot | ||
| usr.sbin.identd | ||
| usr.sbin.mdnsd | ||
| usr.sbin.nmbd | ||
| usr.sbin.nscd | ||
| usr.sbin.ntpd | ||
| usr.sbin.smbd | ||
| usr.sbin.smbldap-useradd | ||
| usr.sbin.traceroute | ||
| usr.sbin.winbindd | ||