Apparmor deny messages on ~/.local/share/fonts
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
People
(Reporter: david, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0
Steps to reproduce:
- Extract any font in ~/.local/share/fonts
- fc-cache -f -v
Actual results:
Getting apparmor deny messages in syslog such as:
2025-01-28T20:32:47.602694+01:00 GOLIATH kernel: audit: type=1400 audit(1738092767.601:701): apparmor="DENIED" operation="mknod" class="file" profile="snap.firefox.firefox" name="/home/dnegreira/.local/share/fonts/.uuid.TMP-51kFhw" pid=11472 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
I am not sure why is firefox trying to create these files though, I see the apparmor profile only allows read access to this directory, so unsure why firefox is trying to write.
owner @{HOME}/.local/share/fonts/{,**} r,
Expected results:
No deny error message.
Reporter | ||
Comment 1•20 days ago
|
||
This happens on firefox snap latest/stable, not an issue with the latest version, but I just found the erorrs in the logfile since I created the ~/.local/share/fonts folder myself to install custom fonts.
Comment 2•20 days ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 3•20 days ago
|
||
I'm not sure it's a bug on our side nor on Snap packaging side, I found that https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/121 and it looks like libfontconfig
doing the creation.
Comment 4•20 days ago
|
||
(In reply to :gerard-majax from comment #3)
I'm not sure it's a bug on our side nor on Snap packaging side, I found that https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/121 and it looks like
libfontconfig
doing the creation.
That bug mentions debian upload of 2.13 with a missing fix, and ubuntu 22.04 uses 2.13 as well: https://packages.ubuntu.com/jammy/libfontconfig1 when 24.04 is on 2.15 https://packages.ubuntu.com/noble/libfontconfig1, so that would explain why nightly is fixed (it's using core24) while stable still hits it (core22)
Description
•