Package: apparmor
Version: 2.13.3-7
Severity: normal
In short, the ibus socket path in <abstractions/ibus> needs to be changed
for the recent ibus versions like this:
unix (connect, receive, send)
type=stream
peer=(addr="@{HOME}/.cache/ibus/dbus-*"),
Details:
This is follow-up to debian/patches/debian/allow-access-to-ibus-socket.patch.
In IBus upstream 1.5.21, the upstream has changed the default socket path
to"/tmp/ibus" to make it distinguishable. But it is not secure as a malicious
user can create "/tmp/ibus" with restrictive permission. In IBus upstream git
after 1.5.21, the upstream has changed the socket path to
"$XDG_CACHE_HOME/ibus" for Linux and "/tmp" for non-Linux. (See
https://github.com/ibus/ibus/issues/2095 and
https://github.com/ibus/ibus/issues/2116 for more information.) AppArmor is
Linux specific so allowing Unix socket "${HOME}.cache/ibus/dbus-*" is enough.
Debian ibus 1.5.21-5 has these changes (to fix non-linux FTBFS).
You can also remove the old socket path and then "ibus (<< 1.5.21-5)" should be
added to Breaks.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ko_KR.UTF-8, LC_CTYPE=ko_KR.UTF-8 (charmap=UTF-8),
LANGUAGE=ko_KR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.73
ii libc6 2.29-7
ii lsb-base 11.1.0
ii python3 3.7.5-3
apparmor recommends no packages.
Versions of packages apparmor suggests:
pn apparmor-profiles-extra <none>
pn apparmor-utils <none>
-- debconf information:
apparmor/homedirs:
