Control: reassign -1 apparmor Control: found -1 2.13.3-4 Control: affects -1 torbrowser-launcher Control: tag -1 + upstream
Hi Frederik, Frederik Himpe: > torbrowser-launcher fails to start with this apparmor message in kernel log: > [ 135.043787] audit: type=1400 audit(1566153604.771:58): apparmor="DENIED" > operation="open" profile="torbrowser_firefox" name="/run/user/1000/.mutter- > Xwaylandauth.B4GI6Z" pid=4793 comm="firefox.real" requested_mask="r" > denied_mask="r" fsuid=1000 ouid=1000 > This happens when starting torbrowser-launcher in a GNOME Wayland session with > Mutter 3.33.90-2 from Experimental. Oh, interesting, good catch! I did not know that this new version of GNOME changed the path to this Xwayland thing. I'm very glad you spotted this, thanks! :) I believe this needs to be fixed in /etc/apparmor.d/abstractions/wayland, thus reassigning. I'll prepare a merge request upstream and will fix this in Debian ASAP. Can you please add the following line to /etc/apparmor.d/abstractions/wayland owner /run/user/*/.mutter-Xwaylandauth.* r, … then reload the affected profile with: sudo apparmor_parser -r /etc/apparmor.d/torbrowser.Browser.firefox … and retry? Thanks in advance! I assume this will break any app running under Xwayland and confined by AppArmor, so this bug report will become RC once GNOME 3.34 is released and uploaded to sid. Cheers, -- intrigeri
