Package: surf
Version: 2.0-5
Severity: normal
Running surf triggers the following apparmor alerts:
audit: type=1400 audit(1523602672.524:7): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="/usr/bin/surf" pid=865
comm="apparmor_parser"
audit: type=1400 audit(1523606448.089:48): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4505 comm="surf"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606448.257:49): apparmor="DENIED"
operation="file_mmap" profile="/usr/bin/surf"
name="/usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-xim.so" pid=4505
comm="surf" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
audit: type=1400 audit(1523606448.257:50): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache" pid=4505
comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606448.257:51): apparmor="DENIED"
operation="mknod" profile="/usr/bin/surf"
name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache.1A3JHZ" pid=4505
comm="pool" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606448.297:52): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/usr/share/fontconfig/conf.avail/" pid=4505 comm="surf"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit: type=1400 audit(1523606448.493:53): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4522
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606448.537:54): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/usr/share/fontconfig/conf.avail/" pid=4522 comm="WebKitWebProces"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit: type=1400 audit(1523606448.561:55): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user"
pid=4524 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000
ouid=1000
audit: type=1400 audit(1523606448.561:56): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user"
pid=4524 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000
ouid=1000
audit: type=1400 audit(1523606448.561:57): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user"
pid=4524 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000
ouid=1000
audit: type=1400 audit(1523606456.793:65): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4557 comm="surf"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606456.853:66): apparmor="DENIED"
operation="file_mmap" profile="/usr/bin/surf"
name="/usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-xim.so" pid=4557
comm="surf" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
audit: type=1400 audit(1523606456.857:67): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache" pid=4557
comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606456.857:68): apparmor="DENIED"
operation="mknod" profile="/usr/bin/surf"
name="/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache.9UJWHZ" pid=4557
comm="pool" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606456.865:69): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/usr/share/fontconfig/conf.avail/" pid=4557 comm="surf"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit: type=1400 audit(1523606456.901:70): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/home/USERNAME/.config/gtk-3.0/settings.ini" pid=4564
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606456.933:71): apparmor="DENIED"
operation="open" profile="/usr/bin/surf"
name="/usr/share/fontconfig/conf.avail/" pid=4564 comm="WebKitWebProces"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit: type=1400 audit(1523606456.949:72): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user"
pid=4566 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000
ouid=1000
audit: type=1400 audit(1523606456.949:73): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user"
pid=4566 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000
ouid=1000
audit: type=1400 audit(1523606456.949:74): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/run/user/1000/dconf/user"
pid=4566 comm="WebKitNetworkPr" requested_mask="wc" denied_mask="wc" fsuid=1000
ouid=1000
audit: type=1400 audit(1523606486.893:88): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606516.897:90): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606546.898:91): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606576.898:92): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
audit: type=1400 audit(1523606606.902:93): apparmor="DENIED"
operation="open" profile="/usr/bin/surf" name="/proc/4564/smaps" pid=4564
comm="WebKitWebProces" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
The console surf is started from is accordingly flooded by a number of related
messages, such as:
(surf:4897): Gtk-WARNING **: 10:09:42.048: Failed to parse
/home/USERNAME/.config/gtk-3.0/settings.ini: Permission denied
(surf:4897): Gtk-WARNING **: 10:09:42.109:
/usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-xim.so: failed to map
segment from shared object
(surf:4897): Gtk-WARNING **: 10:09:42.109: Loading IM context type 'xim'
failed
(surf:4897): Gtk-WARNING **: 10:09:42.109: Failed to get cache content
/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache: Failed to open file
“/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache”: Permission denied
(surf:4897): Gtk-WARNING **: 10:09:42.109: Failed to save compose table
/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache: Failed to create file
“/home/USERNAME/.cache/gtk-3.0/compose/93817a95.cache.8YEGHZ”: Permission denied
Fontconfig error: failed reading config file
Fontconfig error: failed reading config file
Fontconfig error: failed reading config file
(WebKitWebProcess:4905): Gtk-WARNING **: 10:09:42.156: Failed to parse
/home/USERNAME/.config/gtk-3.0/settings.ini: Permission denied
Fontconfig error: failed reading config file
Fontconfig error: failed reading config file
Fontconfig error: failed reading config file
(process:4907): dconf-CRITICAL **: 10:09:42.204: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.204: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.204: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): dconf-CRITICAL **: 10:09:42.205: unable to create file
'/run/user/1000/dconf/user': Permission denied. dconf will not work properly.
(process:4907): GVFS-WARNING **: 10:09:43.454: can't init metadata tree
/home/USERNAME/.local/share/gvfs-metadata/home: open: Permission denied
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages surf depends on:
ii libc6 2.27-3
ii libglib2.0-0 2.56.1-2
ii libgtk-3-0 3.22.29-3
ii libwebkit2gtk-4.0-37 2.20.1-dmo1
ii libx11-6 2:1.6.5-1
Versions of packages surf recommends:
ii curl 7.58.0-2
ii konsole [x-terminal-emulator] 4:17.12.3-1
ii rxvt-unicode [x-terminal-emulator] 9.22-3
ii stterm [x-terminal-emulator] 0.6-1
ii suckless-tools 43-1
ii x11-utils 7.7+4
ii xterm [x-terminal-emulator] 331-1
Versions of packages surf suggests:
ii apparmor 2.12-4
ii apparmor-profiles-extra 1.19
-- no debconf information
