Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#988068: redshift: apparmor profile refers to wrong conf file
83 views
Skip to first unread message
Çağlar Girit
May 4, 2021, 2:30:04 PM5/4/21
to
Package: redshift
Version: 1.12-4.1
Severity: important
Dear Maintainer,
* What led up to the situation?
The configuration file may be in .config/redshift/ instead of
.config/ and the apparmor profile usr.bin.redshift only allows reading
.config/redshift.conf
* What exactly did you do (or not do) that was effective (or
ineffective)?
Add the following line to /etc/apparmor:
owner @{HOME}/.config/redshift/redshift.conf r,
* What was the outcome of this action?
it works
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-6-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages redshift depends on:
ii libc6 2.31-12
ii libdrm2 2.4.104-1
ii libglib2.0-0 2.66.8-1
ii libwayland-client0 1.19.0-2
ii libx11-6 2:1.7.0-2
ii libxcb-randr0 1.14-3
ii libxcb1 1.14-3
ii libxxf86vm1 1:1.1.4-1+b2
Versions of packages redshift recommends:
ii geoclue-2.0 2.5.7-3
redshift suggests no packages.
-- no debconf information
Version: 1.12-4.1
Severity: important
Dear Maintainer,
* What led up to the situation?
The configuration file may be in .config/redshift/ instead of
.config/ and the apparmor profile usr.bin.redshift only allows reading
.config/redshift.conf
* What exactly did you do (or not do) that was effective (or
ineffective)?
Add the following line to /etc/apparmor:
owner @{HOME}/.config/redshift/redshift.conf r,
* What was the outcome of this action?
it works
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-6-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages redshift depends on:
ii libc6 2.31-12
ii libdrm2 2.4.104-1
ii libglib2.0-0 2.66.8-1
ii libwayland-client0 1.19.0-2
ii libx11-6 2:1.7.0-2
ii libxcb-randr0 1.14-3
ii libxcb1 1.14-3
ii libxxf86vm1 1:1.1.4-1+b2
Versions of packages redshift recommends:
ii geoclue-2.0 2.5.7-3
redshift suggests no packages.
-- no debconf information
Mikkel
Jun 27, 2021, 5:50:03 AM6/27/21
to
Just wanted to chime in with this upstream issue: https://github.com/jonls/redshift/issues/672
It seems to me, like something along this fix, would be enough:
https://salsa.debian.org/debian/redshift/-/merge_requests/4/diffs
+owner @{HOME}/.config/redshift/redshift.conf r,
Just discovered this while migrating to bullseye, this does essentially break redshift on bullseye, if you use a config-file at the default location.
--
Davralin
It seems to me, like something along this fix, would be enough:
https://salsa.debian.org/debian/redshift/-/merge_requests/4/diffs
+owner @{HOME}/.config/redshift/redshift.conf r,
Just discovered this while migrating to bullseye, this does essentially break redshift on bullseye, if you use a config-file at the default location.
--
Davralin
Henrik Christian Grove
Apr 25, 2022, 9:30:03 AM4/25/22
to
Instead of wasting time configuring and running a location service, I
just had a number of slightly different configuration files for redshift
(with different manual locations specified) and would just let
`.config/redshift.conf` be a symlink to the one corresponding to my
current location. (And do some extra work in new locations)
That didn't work with the discussed restriction (but I could easily put
all the different configs in `.config/redshift/`.
For now my workaround was simply to replace the symlink with a copy.
Henrik Christian Grove
Apr 26, 2022, 4:10:03 AM4/26/22
to
I just read (and understood) Mikkel's suggestion. That won't help in my
case, I basically need read permissions to *all* files in
`.config/redshift`.
Unfortunately I don't know apparmor well enough to suggest an addition
to the policy that will accomplish that.
case, I basically need read permissions to *all* files in
`.config/redshift`.
Unfortunately I don't know apparmor well enough to suggest an addition
to the policy that will accomplish that.
Gonzalo Arreche
Mar 4, 2023, 1:10:04 PM3/4/23
to
Edit the file /etc/apparmor.d/usr.bin.redshift and change the line
owner @{HOME}/.config/redshift.conf r,
To
owner @{HOME}/.config/redshift/* r,
Then restart apparmor: sudo systemctl restart apparmor
Nathan Collins
Apr 8, 2023, 3:10:04 AM4/8/23
to
I'm having a similar problem, because my redshift config file is in version control, and ~/.config/redshift.conf is a symlink to the version controlled file. I changed it to a hardlink, which allows redshift to read the config file, but this is not a robust solution.
I don't know anything about apparmor, but is there some hope that the config could be changed to follow symlinks? Or perhaps that "defeats the purpose" of apparmor?
0 new messages