Package: surf Version: 2.0-5 Severity: normal Running surf triggers the following apparmor alerts:
audit: type=1400 audit(1523602672.524:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/surf" pid=865 comm="apparmor_parser" audit: type=1400 audit(1523606448.089:48): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4505 comm="surf" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606448.257:49): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/surf" name="/usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-xim.so" pid=4505 comm="surf" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 audit: type=1400 audit(1523606448.257:50): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache" pid=4505 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606448.257:51): apparmor="DENIED" operation="mknod" profile="/usr/bin/surf" name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache.1A3JHZ" pid=4505 comm="pool" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606448.297:52): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/usr/share/fontconfig/conf.avail/" pid=4505 comm="surf" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 audit: type=1400 audit(1523606448.493:53): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4522 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606448.537:54): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/usr/share/fontconfig/conf.avail/" pid=4522 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 audit: type=1400 audit(1523606448.561:55): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user" pid=4524 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606448.561:56): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user" pid=4524 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606448.561:57): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user" pid=4524 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.793:65): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4557 comm="surf" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.853:66): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/surf" name="/usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-xim.so" pid=4557 comm="surf" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 audit: type=1400 audit(1523606456.857:67): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache" pid=4557 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.857:68): apparmor="DENIED" operation="mknod" profile="/usr/bin/surf" name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache.9UJWHZ" pid=4557 comm="pool" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.865:69): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/usr/share/fontconfig/conf.avail/" pid=4557 comm="surf" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 audit: type=1400 audit(1523606456.901:70): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.933:71): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/usr/share/fontconfig/conf.avail/" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 audit: type=1400 audit(1523606456.949:72): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user" pid=4566 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.949:73): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user" pid=4566 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606456.949:74): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user" pid=4566 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606486.893:88): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606516.897:90): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606546.898:91): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606576.898:92): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 audit: type=1400 audit(1523606606.902:93): apparmor="DENIED" operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564 comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 The console surf is started from is accordingly flooded by a number of related messages, such as: (surf:4897): Gtk-WARNING **: 10:09:42.048: Failed to parse /home/USERNAME/.config/gtk-3.0/settings.ini: Permission denied (surf:4897): Gtk-WARNING **: 10:09:42.109: /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-xim.so: failed to map segment from shared object (surf:4897): Gtk-WARNING **: 10:09:42.109: Loading IM context type 'xim' failed (surf:4897): Gtk-WARNING **: 10:09:42.109: Failed to get cache content /home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache: Failed to open file “/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache”: Permission denied (surf:4897): Gtk-WARNING **: 10:09:42.109: Failed to save compose table /home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache: Failed to create file “/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache.8YEGHZ”: Permission denied Fontconfig error: failed reading config file Fontconfig error: failed reading config file Fontconfig error: failed reading config file (WebKitWebProcess:4905): Gtk-WARNING **: 10:09:42.156: Failed to parse /home/USERNAME/.config/gtk-3.0/settings.ini: Permission denied Fontconfig error: failed reading config file Fontconfig error: failed reading config file Fontconfig error: failed reading config file (process:4907): dconf-CRITICAL **: 10:09:42.204: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.204: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.204: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file '/run/user/1000/dconf/user': Permission denied. dconf will not work properly. (process:4907): GVFS-WARNING **: 10:09:43.454: can't init metadata tree /home/USERNAME/.local/share/gvfs-metadata/home: open: Permission denied -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages surf depends on: ii libc6 2.27-3 ii libglib2.0-0 2.56.1-2 ii libgtk-3-0 3.22.29-3 ii libwebkit2gtk-4.0-37 2.20.1-dmo1 ii libx11-6 2:1.6.5-1 Versions of packages surf recommends: ii curl 7.58.0-2 ii konsole [x-terminal-emulator] 4:17.12.3-1 ii rxvt-unicode [x-terminal-emulator] 9.22-3 ii stterm [x-terminal-emulator] 0.6-1 ii suckless-tools 43-1 ii x11-utils 7.7+4 ii xterm [x-terminal-emulator] 331-1 Versions of packages surf suggests: ii apparmor 2.12-4 ii apparmor-profiles-extra 1.19 -- no debconf information