Open Bug 1944396 Opened 20 days ago Updated 20 days ago

Apparmor deny messages on ~/.local/share/fonts

Categories

(Core :: Widget: Gtk, defect)

Firefox 134
defect

Tracking

()

UNCONFIRMED

People

(Reporter: david, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0

Steps to reproduce:

  • Extract any font in ~/.local/share/fonts
  • fc-cache -f -v

Actual results:

Getting apparmor deny messages in syslog such as:

2025-01-28T20:32:47.602694+01:00 GOLIATH kernel: audit: type=1400 audit(1738092767.601:701): apparmor="DENIED" operation="mknod" class="file" profile="snap.firefox.firefox" name="/home/dnegreira/.local/share/fonts/.uuid.TMP-51kFhw" pid=11472 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

I am not sure why is firefox trying to create these files though, I see the apparmor profile only allows read access to this directory, so unsure why firefox is trying to write.

owner @{HOME}/.local/share/fonts/{,**} r,

Expected results:

No deny error message.

This happens on firefox snap latest/stable, not an issue with the latest version, but I just found the erorrs in the logfile since I created the ~/.local/share/fonts folder myself to install custom fonts.

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core

I'm not sure it's a bug on our side nor on Snap packaging side, I found that https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/121 and it looks like libfontconfig doing the creation.

(In reply to :gerard-majax from comment #3)

I'm not sure it's a bug on our side nor on Snap packaging side, I found that https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/121 and it looks like libfontconfig doing the creation.

That bug mentions debian upload of 2.13 with a missing fix, and ubuntu 22.04 uses 2.13 as well: https://packages.ubuntu.com/jammy/libfontconfig1 when 24.04 is on 2.15 https://packages.ubuntu.com/noble/libfontconfig1, so that would explain why nightly is fixed (it's using core24) while stable still hits it (core22)

You need to log in before you can comment on or make changes to this bug.