oxide does not seem to honor TMPDIR-- requires read access to /tmp and /var/tmp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Oxide |
New
|
Low
|
Unassigned | ||
apparmor-easyprof-ubuntu (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
When running oxide, I get the following apparmor denials:
Dec 11 16:16:48 localhost kernel: [234482.172630] type=1400 audit(138680020
Dec 11 16:16:48 localhost kernel: [234482.172659] type=1400 audit(138680020
Dec 11 16:16:49 localhost kernel: [234482.481748]
Oxide seems to work ok otherwise, but these denials are noisy and could cause confusion. Oxide should be honoring TMPDIR first, then fall back to /tmp and /var/tmp if it isn't set. While we could silence the denials like so:
deny /tmp/ r,
deny /var/tmp/ r,
this could break future profiles. Allowing the read allows enumerating files in these directories, which could leak information and should not generally be needed.
description: | updated |
Changed in oxide: | |
importance: | Medium → Low |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
importance: | Undecided → Low |
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | New → Confirmed |