[Touch-packages] [Bug 2081692] Re: apparmor profile too restrictive : kernel logs spammed with ~/.cache/mesa_shader_cache_db accesses

Tue, 24 Sep 2024 04:25:50 -0700 

** Changed in: xorg-server (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2081692

Title:
  apparmor profile too restrictive : kernel logs spammed with
  ~/.cache/mesa_shader_cache_db accesses

Status in apparmor package in Ubuntu:
  New
Status in xorg-server package in Ubuntu:
  Invalid

Bug description:
  Hi,

  I am running Plasma on X11, and Xorg is running in AppArmor complain
  mode:

  # aa-status 
  [...]
  1 processes are in complain mode.
     /usr/lib/xorg/Xorg (5903) Xorg

  
  The kernel logs are spammed with the following AppArmor messages:

  # dmesg | grep mesa_shader_cache_db
  [   30.513476] audit: type=1400 audit(1727008543.347:433): apparmor="ALLOWED" 
operation="mknod" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.db" pid=5903 
comm="Xorg" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
  [   30.513562] audit: type=1400 audit(1727008543.347:434): apparmor="ALLOWED" 
operation="open" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.db" pid=5903 
comm="Xorg" requested_mask="rc" denied_mask="rc" fsuid=1000 ouid=1000
  [   30.513584] audit: type=1400 audit(1727008543.347:435): apparmor="ALLOWED" 
operation="open" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.db" pid=5903 
comm="Xorg" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
  [   30.513592] audit: type=1400 audit(1727008543.347:436): apparmor="ALLOWED" 
operation="mknod" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.idx" pid=5903 
comm="Xorg" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

  I think that the Xorg AppArmor profile should be updated to allow
  those accesses.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.10
  Package: xserver-xorg-core 2:21.1.13-2ubuntu1
  ProcVersionSignature: Ubuntu 6.11.0-7.7-generic 6.11.0-rc7
  Uname: Linux 6.11.0-7-generic x86_64
  ApportVersion: 2.30.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CompositorRunning: None
  CurrentDesktop: KDE
  Date: Mon Sep 23 09:36:08 2024
  DistUpgraded: Fresh install
  DistroCodename: oracular
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Phoenix1 [1002:15bf] (rev d7) 
(prog-if 00 [VGA controller])
     Subsystem: Hewlett-Packard Company Device [103c:8b6e]
  MachineType: HP HP EliteBook 865 16 inch G10 Notebook PC
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.11.0-7-generic 
root=/dev/mapper/MonVolume-Racine ro vsyscall=none security=apparmor 
preempt=full split_lock_detect=warn quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
  SourcePackage: xorg-server
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 06/18/2024
  dmi.bios.release: 5.11
  dmi.bios.vendor: HP
  dmi.bios.version: V82 Ver. 01.05.11
  dmi.board.name: 8B6E
  dmi.board.vendor: HP
  dmi.board.version: KBC Version 60.2E.60
  dmi.chassis.type: 10
  dmi.chassis.vendor: HP
  dmi.ec.firmware.release: 96.46
  dmi.modalias: 
dmi:bvnHP:bvrV82Ver.01.05.11:bd06/18/2024:br5.11:efr96.46:svnHP:pnHPEliteBook86516inchG10NotebookPC:pvrSBKPF:rvnHP:rn8B6E:rvrKBCVersion60.2E.60:cvnHP:ct10:cvr:sku70A94AV:
  dmi.product.family: 103C_5336AN HP EliteBook
  dmi.product.name: HP EliteBook 865 16 inch G10 Notebook PC
  dmi.product.sku: 70A94AV
  dmi.product.version: SBKPF
  dmi.sys.vendor: HP
  version.compiz: compiz 1:0.9.14.2+22.10.20220822-0ubuntu12
  version.libdrm2: libdrm2 2.4.122-1
  version.libgl1-mesa-dri: libgl1-mesa-dri 24.2.2-1ubuntu1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:21.1.13-2ubuntu1
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.6-2build3
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:22.0.0-1build1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 
1:1.0.17-3ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2081692/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to