D29030: AppArmor DBus rules for AkonadiServer
Lukáš Karas
noreply at phabricator.kde.org
Thu Apr 23 06:49:40 BST 2020
lukaskaras added a comment.
> And I strongly recommend to get rid of this script too.
I may try to do it later. But not in scope of this review ;-)
INLINE COMMENTS
> knauss wrote in usr.bin.akonadiserver:44
> Ah wait, this is completly wrong here. Mysql stuff is only inside apparmor/mysqld_akonadi.
I don't wrote it explicitly, but this read access is not required by mysqld server, but mysql client (library?).
Dmesg without this line:
audit: type=1400 audit(1587620441.071:186): apparmor="DENIED" operation="open" profile="/usr/bin/akonadiserver" name="/usr/share/mysql/charsets/Index.xml" pid=23027 comm="akonadiserver" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
from akonadi strace:
[pid 23027] execve("/usr/bin/akonadiserver", ["/usr/bin/akonadiserver"], 0x7ffda6565e98 /* 71 vars */ <unfinished ...>
[pid 23027] <... execve resumed> ) = 0
...
[pid 23027] stat("/usr/share/mysql/charsets/Index.xml", {st_mode=S_IFREG|0644, st_size=19495, ...}) = 0
[pid 23027] openat(AT_FDCWD, "/usr/share/mysql/charsets/Index.xml", O_RDONLY) = -1 EACCES
But it is true, that rule should not be here when akonadi is build with postgresql support. Should I add move it to mysqld profile?
REVISION DETAIL
https://phabricator.kde.org/D29030
To: lukaskaras
Cc: dvratil, knauss, kde-pim, fbampaloukas, dcaliste, dvasin, rodsevich, winterz, vkrause, mlaurent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20200423/8fb8ee8d/attachment.html>
More information about the kde-pim
mailing list