debcrafters-packages team mailing list archive

Thread
Date
[Bug 2125314] Re: Transmission-QT fails to start properly due to AppArmor misconfiguration

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Jason Oliveira <2125314@xxxxxxxxxxxxxxxxxx>
Date: Sat, 25 Oct 2025 06:24:43 -0000
Reply-to: Bug 2125314 <2125314@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
I discovered that file access wasn't working (File -> Open...), so this
is now a 227-line config in order to deal with all the nooks and
crannies required for transmission-qt to work correctly, including tasks
like opening torrents, and moving a torrent to a new location. it added
another 2.2KB to the file.

Again, this is essentially vibe-coded with Grok being fed errors in
output/journalctl, with a directive to keep this as secure as possible
without introducing problems. That is to say an effort was made to
ensure no new attack surface was created by these additions. However,
your mileage may vary, and you should definitely review any AppArmor
config a rando like me uploads to launchpad before using it on your
system.

** Attachment added: "even-more-updated /etc/apparmor.d/transmission file"
   https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2125314/+attachment/5920295/+files/transmission

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to transmission in Ubuntu.
https://bugs.launchpad.net/bugs/2125314

Title:
  Transmission-QT  fails to start properly due to AppArmor
  misconfiguration

Status in apparmor package in Ubuntu:
  Confirmed
Status in transmission package in Ubuntu:
  Confirmed

Bug description:
  Transmission-QT fails to start properly due to AppArmor
  misconfiguration.

  Switching to AppArmor complain profile (aa-complain transmission-qt) fixes the issue.
  Details below.

  Also, I took a look at other AppArmor profiles and some of them seem
  to lack Qt6 and Plasma6 support.

  It fails to load Plasma6 Theme, Qt session and AppMenu:
  $ transmission-qt
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Tooltip"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Selection"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Selection"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "kcminputrc" "Mouse"
  MESA-LOADER: failed to retrieve device information
  MESA-LOADER: failed to retrieve device information
  MESA-LOADER: failed to retrieve device information
  glx: failed to create dri3 screen
  failed to load driver: i915
  Qt: Session management error: None of the authentication protocols specified are supported
  Failed to register window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="RegisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to unregister window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="UnregisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to register window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="RegisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to unregister window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="UnregisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")


  AppArmor trace in complain profile (sudo aa-complain transmission-qt; journalctl --system -b-0 --output=short | grep -e os-prober -e audit):
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.342:2407): apparmor="ALLOWED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27271 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.342:2408): apparmor="ALLOWED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27271 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2409): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2410): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2411): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2412): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2413): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2414): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2415): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2416): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

  
  AppArmor trace in enforce profile (sudo aa-enforce transmission-qt; journalctl --system -b-0 --output=short | grep -e os-prober -e audit):
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.767:2738): apparmor="DENIED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27750 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2739): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2740): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2741): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2742): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.836:2743): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/usr/share/color-schemes/BreezeLight.colors" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.838:2744): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kcminputrc" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.838:2745): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kcminputrc" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.902:2746): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.902:2747): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/sys/devices/pci0000:00/0000:00:02.0/device" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2125314/+subscriptions
References

[Bug 2125314] [NEW] Transmission-QT fals to start properly due to AppArmor misconfiguration
From: Eugene San, 2025-09-22