Package: apparmor-profiles-extra Version: 1.12 Severity: important This is what I get with `sudo tail /var/log/audit/audit.log -f | grep DENIED` when I open any video:
type=AVC msg=audit(1499516756.417:5744): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/home/elia/.cache/mesa/index" pid=4881 comm="totem" requested_mask="rwc" denied_mask="rwc" fsuid=1000 ouid=1000 type=AVC msg=audit(1499516756.529:5745): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/index.theme" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.529:5746): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.529:5747): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.533:5748): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.533:5749): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.533:5750): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.533:5751): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.533:5752): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.537:5753): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.537:5754): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.537:5755): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1499516756.677:5756): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name=2F646174692F566964656F2F54686520496D69746174696F6E2047616D652E6D6B76 pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 type=AVC msg=audit(1499516756.677:5757): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name=2F646174692F566964656F2F54686520496D69746174696F6E2047616D652E6D6B76 pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 type=AVC msg=audit(1499516756.677:5758): apparmor="DENIED" operation="open" profile="/usr/bin/totem" name=2F646174692F566964656F2F54686520496D69746174696F6E2047616D652E6D6B76 pid=4881 comm="totem" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 It seems to block mesa cache too. Maybe that should be added to an abstraction. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (800, 'testing'), (600, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apparmor-profiles-extra depends on: ii apparmor 2.11.0-6 apparmor-profiles-extra recommends no packages. apparmor-profiles-extra suggests no packages. -- no debconf information
