redshift icon indicating copy to clipboard operation
redshift copied to clipboard
verified publisher icon jonls

Apparmor denies access to amdgpu binaries in default profile under Linux Mint 21.3

Open digitalextremist opened this issue 1 year ago • 2 comments

On Linux Mint 21.3 with a fresh install, this was spamming my dmesg output:

[44447.432146] audit: type=1400 audit(1720107505.023:8854): apparmor="DENIED" operation="file_mmap" class="file" profile="/usr/bin/redshift" name="/opt/amdgpu/lib/x86_64-linux-gnu/libdrm.so.2.4.0" pid=70637 comm="redshift" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

Saw thousands of this line, with seemingly several a second sometimes.

Needed to add this to the profile for usr.bin.redshift beyond the defaults:

  /opt/amdgpu/lib/x86_64-linux-gnu/* rm,

Not entirely sure this is the best idea, but seemed natural for an application affecting video output to have access to that.

Will be monitoring the effects. All ears if anyone has comments as to why/why-not, or if log suppression is better than permission.

digitalextremist avatar Jul 04 '24 15:07 digitalextremist

Hi, i seem to have the same problem on Mint with Reshift not starting, can you explain where you changed this parameter ? I'm not used to doing such things, or if i should even do them 👀

Cwpute avatar Nov 08 '24 12:11 Cwpute

Apparently it's a problem with Apparmor denied access to the config file, but there being no config file to begin with. Solutions are proposed there: https://github.com/jonls/redshift/issues/820

Cwpute avatar Nov 08 '24 12:11 Cwpute