debcrafters-packages team mailing list archive

Thread
Date
[Bug 2125314] Re: Transmission-QT fails to start properly due to AppArmor misconfiguration

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Jason Oliveira <2125314@xxxxxxxxxxxxxxxxxx>
Date: Sat, 25 Oct 2025 04:35:19 -0000
Reply-to: Bug 2125314 <2125314@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Grok and I spent some time adding approximately 60 lines to the apparmor
script (specifically transmission-qt), and now transmission not only
opens correctly, but also can access xdg-open and kde-open properly in
order to open files from within the UI that have already been
downloaded. Care has been taken to only open the things required, but as
this is essentially vibe-coded from Grok parsing journalctl logs, there
is more than likely a more elegant way to solve this.

But if you need transmission-qt working correctly, you could do worse than this config. Place this in /etc/apparmor.d/ and run:
 sudo apparmor_parser -r /etc/apparmor.d/transmission 
and enjoy.

** Attachment added: "updated /etc/apparmor.d/transmission file"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2125314/+attachment/5920294/+files/transmission

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to transmission in Ubuntu.
https://bugs.launchpad.net/bugs/2125314

Title:
  Transmission-QT  fails to start properly due to AppArmor
  misconfiguration

Status in apparmor package in Ubuntu:
  Confirmed
Status in transmission package in Ubuntu:
  Confirmed

Bug description:
  Transmission-QT fails to start properly due to AppArmor
  misconfiguration.

  Switching to AppArmor complain profile (aa-complain transmission-qt) fixes the issue.
  Details below.

  Also, I took a look at other AppArmor profiles and some of them seem
  to lack Qt6 and Plasma6 support.

  It fails to load Plasma6 Theme, Qt session and AppMenu:
  $ transmission-qt
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Tooltip"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Selection"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Selection"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "kcminputrc" "Mouse"
  MESA-LOADER: failed to retrieve device information
  MESA-LOADER: failed to retrieve device information
  MESA-LOADER: failed to retrieve device information
  glx: failed to create dri3 screen
  failed to load driver: i915
  Qt: Session management error: None of the authentication protocols specified are supported
  Failed to register window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="RegisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to unregister window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="UnregisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to register window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="RegisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to unregister window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="UnregisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")


  AppArmor trace in complain profile (sudo aa-complain transmission-qt; journalctl --system -b-0 --output=short | grep -e os-prober -e audit):
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.342:2407): apparmor="ALLOWED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27271 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.342:2408): apparmor="ALLOWED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27271 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2409): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2410): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2411): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2412): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2413): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2414): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2415): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2416): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

  
  AppArmor trace in enforce profile (sudo aa-enforce transmission-qt; journalctl --system -b-0 --output=short | grep -e os-prober -e audit):
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.767:2738): apparmor="DENIED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27750 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2739): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2740): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2741): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2742): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.836:2743): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/usr/share/color-schemes/BreezeLight.colors" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.838:2744): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kcminputrc" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.838:2745): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kcminputrc" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.902:2746): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.902:2747): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/sys/devices/pci0000:00/0000:00:02.0/device" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2125314/+subscriptions
References

[Bug 2125314] [NEW] Transmission-QT fals to start properly due to AppArmor misconfiguration
From: Eugene San, 2025-09-22