Alberto Garcia wrote on Fri, Oct 20, 2023 at 04:19:55PM +0200: > On Wed, Oct 18, 2023 at 05:06:16PM +0900, Dominique Martinet wrote: > > After upgrading my system to the latest security updates surf no > > longer displays anything. > > I had a look at this, the problem is caused by Surf's AppArmor > configuration.
d'oh ! I need to remember debian now ships this on by default... > I can make it run on my computer with something like this added to > /etc/apparmor.d/usr.bin.surf, but your mileage may vary: > > /sys/devices/virtual/dmi/id/chassis_type r, > /etc/glvnd/egl_vendor.d/ r, > /etc/glvnd/egl_vendor.d/** r, > /usr/share/glvnd/egl_vendor.d/ r, > /usr/share/glvnd/egl_vendor.d/** r, > /usr/share/libdrm/* r, Thanks, I can confirm this works for me as well on various systems (bullseye VM and bookworm with intel GPU) (I'm especially annoyed because I saw these in strace output, but the previous version of webkit also used to try to look at chassis_type and egl_vendor.d directories so I dismissed that too fast... It's possible previous versions of webkit were also disabling compositing mode due to the apparmor rules, but the new one fails to disable it properly when it didn't find what it wanted there? If so I guess one could argue that's a bug on its own) > I think that Surf's AppArmor profile is just too restrictive for a > program that has so many dependencies. Right, I guess it's a tight line between trying to sandbox a web browser and allowing all sort of things a web browser might need to do... I'll leave follow-ups to Reiner (surf's maintainer), and definitely remember about apparmor next time. Thank you again for looking Alberto ! -- Dominique
