Open Bug 1944396 Opened 8 months ago Updated 6 months ago

Apparmor deny messages on ~/.local/share/fonts

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
Firefox 134
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: david, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0

Steps to reproduce:

  • Extract any font in ~/.local/share/fonts
  • fc-cache -f -v

Actual results:

Getting apparmor deny messages in syslog such as:

2025-01-28T20:32:47.602694+01:00 GOLIATH kernel: audit: type=1400 audit(1738092767.601:701): apparmor="DENIED" operation="mknod" class="file" profile="snap.firefox.firefox" name="/home/dnegreira/.local/share/fonts/.uuid.TMP-51kFhw" pid=11472 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

I am not sure why is firefox trying to create these files though, I see the apparmor profile only allows read access to this directory, so unsure why firefox is trying to write.

owner @{HOME}/.local/share/fonts/{,**} r,

Expected results:

No deny error message.

This happens on firefox snap latest/stable, not an issue with the latest version, but I just found the erorrs in the logfile since I created the ~/.local/share/fonts folder myself to install custom fonts.

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core

I'm not sure it's a bug on our side nor on Snap packaging side, I found that https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/121 and it looks like libfontconfig doing the creation.

(In reply to :gerard-majax from comment #3)

I'm not sure it's a bug on our side nor on Snap packaging side, I found that https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/121 and it looks like libfontconfig doing the creation.

That bug mentions debian upload of 2.13 with a missing fix, and ubuntu 22.04 uses 2.13 as well: https://packages.ubuntu.com/jammy/libfontconfig1 when 24.04 is on 2.15 https://packages.ubuntu.com/noble/libfontconfig1, so that would explain why nightly is fixed (it's using core24) while stable still hits it (core22)

Can you verify by switching to core24 base? Assuming it's really the fontconfig issue, it should be fixed there.

$ sudo snap refresh firefox --channel=latest/candidate

Flags: needinfo?(david)

Redirect a needinfo that is pending on an inactive user to the triage owner.
:stransky, since the bug has recent activity, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(david) → needinfo?(stransky)
Flags: needinfo?(stransky)
You need to log in before you can comment on or make changes to this bug.