Add Fontmatrix to abstractions/fonts (!657) · Merge requests · AppArmor / apparmor

Kevin Locke requested to merge kevinoid/apparmor:fontmatrix into master Oct 15, 2020

Fontmatrix adds ~/.Fontmatrix/Activated to fonts.conf. This causes programs which use Fontconfig (directly or indirectly through libraries such as Pango) to include that directory in their font search path, which causes errors such as:

audit: type=1400 audit(1602678958.525:53): apparmor="DENIED" operation="open" profile="fr.emersion.Mako" name="/home/username/.Fontmatrix/Activated/.uuid" pid=48553 comm="mako" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1602678958.525:54): apparmor="DENIED" operation="open" profile="fr.emersion.Mako" name="/home/username/.Fontmatrix/Activated/" pid=48553 comm="mako" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

if the program does not explicitly include this directory in its AppArmor profile. As with other common font locations, add ~/.Fontmatrix/Activated to the fonts abstraction for read-only access.

Thanks for considering, Kevin

Admin message

Add Fontmatrix to abstractions/fonts

Merge request reports