mesa_shader_cache_db accesses

Laurent Bonnaud Mon, 23 Sep 2024 00:55:58 -0700

Public bug reported:

Hi,


I am running Plasma on X11, and Xorg is running in AppArmor complain
mode:

# aa-status 
[...]
1 processes are in complain mode.
   /usr/lib/xorg/Xorg (5903) Xorg


The kernel logs are spammed with the following AppArmor messages:

# dmesg | grep mesa_shader_cache_db
[   30.513476] audit: type=1400 audit(1727008543.347:433): apparmor="ALLOWED" 
operation="mknod" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.db" pid=5903 
comm="Xorg" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[   30.513562] audit: type=1400 audit(1727008543.347:434): apparmor="ALLOWED" 
operation="open" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.db" pid=5903 
comm="Xorg" requested_mask="rc" denied_mask="rc" fsuid=1000 ouid=1000
[   30.513584] audit: type=1400 audit(1727008543.347:435): apparmor="ALLOWED" 
operation="open" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.db" pid=5903 
comm="Xorg" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
[   30.513592] audit: type=1400 audit(1727008543.347:436): apparmor="ALLOWED" 
operation="mknod" class="file" profile="Xorg" 
name="/home/bonnaudl/.cache/mesa_shader_cache_db/part0/mesa_cache.idx" pid=5903 
comm="Xorg" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

I think that the Xorg AppArmor profile should be updated to allow those
accesses.

ProblemType: Bug
DistroRelease: Ubuntu 24.10
Package: xserver-xorg-core 2:21.1.13-2ubuntu1
ProcVersionSignature: Ubuntu 6.11.0-7.7-generic 6.11.0-rc7
Uname: Linux 6.11.0-7-generic x86_64
ApportVersion: 2.30.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CompositorRunning: None
CurrentDesktop: KDE
Date: Mon Sep 23 09:36:08 2024
DistUpgraded: Fresh install
DistroCodename: oracular
DistroVariant: ubuntu
ExtraDebuggingInterest: Yes
GraphicsCard:
 Advanced Micro Devices, Inc. [AMD/ATI] Phoenix1 [1002:15bf] (rev d7) (prog-if 
00 [VGA controller])
   Subsystem: Hewlett-Packard Company Device [103c:8b6e]
MachineType: HP HP EliteBook 865 16 inch G10 Notebook PC
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.11.0-7-generic 
root=/dev/mapper/MonVolume-Racine ro vsyscall=none security=apparmor 
preempt=full split_lock_detect=warn quiet splash 
crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M 
vt.handoff=7
SourcePackage: xorg-server
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 06/18/2024
dmi.bios.release: 5.11
dmi.bios.vendor: HP
dmi.bios.version: V82 Ver. 01.05.11
dmi.board.name: 8B6E
dmi.board.vendor: HP
dmi.board.version: KBC Version 60.2E.60
dmi.chassis.type: 10
dmi.chassis.vendor: HP
dmi.ec.firmware.release: 96.46
dmi.modalias: 
dmi:bvnHP:bvrV82Ver.01.05.11:bd06/18/2024:br5.11:efr96.46:svnHP:pnHPEliteBook86516inchG10NotebookPC:pvrSBKPF:rvnHP:rn8B6E:rvrKBCVersion60.2E.60:cvnHP:ct10:cvr:sku70A94AV:
dmi.product.family: 103C_5336AN HP EliteBook
dmi.product.name: HP EliteBook 865 16 inch G10 Notebook PC
dmi.product.sku: 70A94AV
dmi.product.version: SBKPF
dmi.sys.vendor: HP
version.compiz: compiz 1:0.9.14.2+22.10.20220822-0ubuntu12
version.libdrm2: libdrm2 2.4.122-1
version.libgl1-mesa-dri: libgl1-mesa-dri 24.2.2-1ubuntu1
version.libgl1-mesa-glx: libgl1-mesa-glx N/A
version.xserver-xorg-core: xserver-xorg-core 2:21.1.13-2ubuntu1
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.6-2build3
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:22.0.0-1build1
version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-3ubuntu1

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: xorg-server (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug oracular ubuntu

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/2081692

Title:
  apparmor profile too restrictive : kernel logs spammed with
  ~/.cache/mesa_shader_cache_db accesses

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2081692/+subscriptions


_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-x-swat
Post to     : ubuntu-x-swat@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-x-swat
More help   : https://help.launchpad.net/ListHelp

[Ubuntu-x-swat] [Bug 2081692] [NEW] apparmor profile too restrictive : kernel logs spammed with ~/.cache/mesa_shader_cache_db accesses

Reply via email to