Comments (7)
Hi, thanks for you issue & for the log.
Here, you simply need to personalize the list of directory where Git is expected to find git repositories.
This can easily be personallised for your needs using the XDG_PROJECTS_DIR
variable: Add a file (the name does not matter) in /etc/apparmor.d/tunables/xdg-user-dirs.d/
with the following content:
@{XDG_PROJECTS_DIR}+="tmp" "go"
Then restart the apparmor service and you should not have issues anymore.
from apparmor.d.
Then add this too:
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/task r,
owner @{PROC}/@{pid}/task/@{tid}/stat r,
from apparmor.d.
if it matters I triggered it with bare git command and lazygit tui as well.
from apparmor.d.
Thanks for the hint! It's ok now.
from apparmor.d.
I use git-delta as git config --global core.pager
. Can you please advise what is the proper way to integrate it into the git profile?
aa-log
ALLOWED git exec /usr/bin/delta comm=sh requested_mask=x denied_mask=x
ALLOWED git//null-/usr/bin/delta file_mmap /usr/bin/delta comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/ld-linux-x86-64.so.2 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /etc/ld.so.cache comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /usr/lib/libgit2.so.1.5.1 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libgit2.so.1.5.1 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libgcc_s.so.1 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libgcc_s.so.1 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libm.so.6 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libm.so.6 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libc.so.6 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libc.so.6 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libssl.so.3 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libssl.so.3 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libcrypto.so.3 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libcrypto.so.3 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libhttp_parser.so.2.9.4 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libhttp_parser.so.2.9.4 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libpcre2-8.so.0.11.1 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libpcre2-8.so.0.11.1 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libssh2.so.1.0.1 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libssh2.so.1.0.1 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /usr/lib/libz.so.1.2.13 comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta file_mmap /usr/lib/libz.so.1.2.13 comm=delta requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta open /proc/155276/maps comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/uptime comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155276/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155276/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155276/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155276/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155276/task/155304/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155276/task/155305/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155275/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta capable comm=find_calling_pr capname=sys_ptrace capability=19
ALLOWED git//null-/usr/bin/delta open /proc/155275/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155275/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/155275/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /etc/ssl/openssl.cnf comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /etc/ca-certificates/extracted/tls-ca-bundle.pem comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /home/vbauer/.local/share/kak/cork/plugins/kak-lsp/repo/.git/config comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /home/vbauer/.config/git/config comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /dev/null comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta exec /usr/bin/less comm=delta requested_mask=x denied_mask=x
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less file_inherit /dev/null comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less file_mmap /usr/bin/less comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less file_mmap /usr/lib/ld-linux-x86-64.so.2 comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /etc/ld.so.cache comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /usr/lib/libncursesw.so.6.4 comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less file_mmap /usr/lib/libncursesw.so.6.4 comm=less requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /usr/lib/libpcre2-8.so.0.11.1 comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less file_mmap /usr/lib/libpcre2-8.so.0.11.1 comm=less requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /usr/lib/libc.so.6 comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less file_mmap /usr/lib/libc.so.6 comm=less requested_mask=rm denied_mask=rm
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /home/vbauer/.terminfo/74/tmux-256color comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /usr/lib/locale/locale-archive comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /home/vbauer/.local/state/ comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /home/vbauer/.lesshst comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /dev/pts/3 comm=less requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less mknod /home/vbauer/.lesshsQ comm=less requested_mask=c denied_mask=c
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /home/vbauer/.lesshsQ comm=less requested_mask=wc denied_mask=wc
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less chmod /home/vbauer/.lesshsQ comm=less requested_mask=w denied_mask=w
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less rename_src /home/vbauer/.lesshsQ comm=less requested_mask=wrd denied_mask=wrd
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less rename_dest /home/vbauer/.lesshst comm=less requested_mask=wc denied_mask=wc
ALLOWED git//null-/usr/bin/delta open /proc/178155/maps comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178155/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178155/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178155/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178155/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178155/task/178169/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178155/task/178171/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178154/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178154/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178154/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/178154/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/maps comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/task/180001/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179992/task/180003/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179991/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179991/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179991/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /proc/179991/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta open /home/vbauer/go/src/github.com/vbauerster/kampliment/.git/config comm=delta requested_mask=r denied_mask=r
ALLOWED git//null-/usr/bin/delta//null-/usr/bin/less open /dev/pts/5 comm=less requested_mask=r denied_mask=r
from apparmor.d.
Simply do add this line and you should be good:
/{usr/,}bin/delta rix,
from apparmor.d.
I actually did exactly that, but then got another git related log:
ALLOWED git open /proc/378635/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378635/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378635/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378635/task/ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378635/task/378645/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378635/task/378650/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378633/stat comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378633/cmdline comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378633/environ comm=find_calling_pr requested_mask=r denied_mask=r
ALLOWED git open /proc/378633/task/ comm=find_calling_pr requested_mask=r denied_mask=r
from apparmor.d.
Related Issues (20)
- Apparmor option to specify $PWD in profile rules HOT 4
- Flatpak / bubblewrap no longer working HOT 5
- aalog -r and -R do not honor the owner qualifier HOT 2
- EndeavourOS does not boot after installing apparmor.d-git HOT 5
- Firefox profile capabilities HOT 3
- Question: No New Privs HOT 1
- Flatpak aa-log HOT 2
- build process should not require a network connection HOT 2
- build security of dependencies? HOT 2
- Found reference to variable gdm_local_dirs, but is never declared (gnome-keyring-daemon) HOT 1
- aa-log reports from EndeavourOS (Arch, KDE) HOT 2
- Mutt child-pager HOT 1
- Visual Studio Code C# intellisense/debugger does not work with AppArmor enabled HOT 11
- torbrowser-start regex parser error HOT 8
- Pacman prints 'error: could not get current working directory' HOT 1
- Flatpak stops working normally when apparmor.d is installed HOT 14
- Problems with libpam-tmpdir and GDM HOT 1
- PAM auth doesn't work for systemd-homed users HOT 1
- Unable to build on Ubuntu 24.04 HOT 3
- Cannot build on debian bookworm: missing slices package HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apparmor.d.