libfontconfig tries to write to non-user owned /usr/* directories
I am using Firefox on Debian Sid with AppArmor profile enabled, and noticed that after some Debian package upgrades Firefox started to produce a lot of AppArmor denies, like these:
type=AVC msg=audit(1538065109.144:473): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/local/share/fonts/.uuid.TMP-iXM9tT" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
type=AVC msg=audit(1538065109.144:474): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/fonts/cMap/.uuid.TMP-ilSIWs" pid=6835 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
type=AVC msg=audit(1538065109.480:492): apparmor="DENIED" operation="mknod" profile="firefox" name="/usr/share/poppler/cMap/Adobe-Korea1/.uuid.TMP-p7FYaS" pid=6896 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
etc...
Since I doubt that any non-root running application should expect to successfully write into /usr
, I created Debian bug report, initially for Firefox package [0]. Though pretty soon I've discovered same issue with other GUI applications like Thunderbrid, and Kate text editor, so I suspected that that's not really the Firefox-only (or Mozilla-brand-only) issue.
I managed to get backtrace for Kate text editor doing one of these accesses, and it seems it's libfontconfig
what is responsible for:
Thread 1 "kate" hit Catchpoint 1 (returned from syscall openat), 0x00007ffff5e42e69 in __libc_open64
(file=0x555555930da0 "/usr/share/fonts/type1/gsfonts/.uuid", oflag=524288) at
../sysdeps/unix/sysv/linux/open64.c:47
47 in ../sysdeps/unix/sysv/linux/open64.c
#0 0x00007ffff5e42e69 in __libc_open64 (file=0x555555930da0 "/usr/share/fonts/type1/gsfonts/.uuid",
oflag=524288) at ../sysdeps/unix/sysv/linux/open64.c:47
#1 0x00007fffef458d8a in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#2 0x00007fffef451fcf in FcDirCacheLoad () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#3 0x00007fffef45b7c4 in FcDirCacheRead () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#4 0x00007fffef4563e1 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#5 0x00007fffef4564ab in FcConfigBuildFonts () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#6 0x00007fffef461766 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#7 0x00007fffef4538e7 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#8 0x00007fffef453919 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
#9 0x00007fffef572b55 in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#10 0x00007ffff68e3cd9 in ?? () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#11 0x00007ffff68e8097 in QFontDatabase::findFont(QFontDef const&, int) () from
/lib/x86_64-linux-gnu/libQt5Gui.so.5
#12 0x00007ffff68e8a16 in QFontDatabase::load(QFontPrivate const*, int) () from
/lib/x86_64-linux-gnu/libQt5Gui.so.5
#13 0x00007ffff68bfa3b in QFontPrivate::engineForScript(int) const () from
/lib/x86_64-linux-gnu/libQt5Gui.so.5
#14 0x00007ffff68ed9bf in ?? () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#15 0x00007ffff690320f in QTextLine::layout_helper(int) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#16 0x00007ffff6905375 in QTextLayout::endLayout() () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#17 0x00007ffff6f21504 in QWidgetLineControl::redoTextLayout() const () from
/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#18 0x00007ffff6f216e8 in QWidgetLineControl::updateDisplayText(bool) () from
/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007ffff6f21c45 in QWidgetLineControl::init(QString const&) () from
/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#20 0x00007ffff6f17a24 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#21 0x00007ffff6f1bb9a in QLineEdit::QLineEdit(QWidget*) () from
/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#22 0x00007ffff767f50e in KLineEdit::KLineEdit(QWidget*) () from
/lib/x86_64-linux-gnu/libKF5Completion.so.5
#23 0x00005555555c8017 in ?? ()
#24 0x0000555555590e0d in ?? ()
#25 0x0000555555596c18 in ?? ()
#26 0x0000555555586471 in ?? ()
#27 0x00005555555b6eb8 in ?? ()
#28 0x00005555555b93b3 in ?? ()
#29 0x00005555555b9a36 in ?? ()
#30 0x00005555555b9ad1 in ?? ()
#31 0x00005555555ba01a in ?? ()
#32 0x0000555555588385 in ?? ()
#33 0x0000555555588b20 in ?? ()
#34 0x0000555555581926 in ?? ()
#35 0x00007ffff5d7cb17 in __libc_start_main (main=0x55555557fac0, argc=1, argv=0x7fffffffe688,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe678) at
../csu/libc-start.c:310
#36 0x00005555555830ba in _start ()
Why would libfontconfig
do that? Maybe package is miss-configured, wrong cache paths or something?
Of course, AppArmor profiles can have silencing (a deny
) rules for these particular paths to avoid log spam, but maybe that is a bug somewhere and can be fixed instead of workarounded.
[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909750.