debcrafters-packages team mailing list archive

Thread
Date
[Bug 2125314] Re: Transmission-QT fails to start properly due to AppArmor misconfiguration

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Christian Boltz <2125314@xxxxxxxxxxxxxxxxxx>
Date: Sun, 26 Oct 2025 10:06:11 -0000
Reply-to: Bug 2125314 <2125314@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
May I recommend that you run aa-logprof instead of using Grok next time?
It's more likely that it produces sane results ;-) and is probably even
faster than pasting your DENIED lines into Grok.

Note: aa-logprof will often propose to use abstractions/something.
Sometimes this makes sense, but sometimes (especially if you want to
submit a bugreport with the additions) it's a better idea to "only" add
individual rules.

The even better way is to attach your /var/log/audit/audit.log (or the
ALLOWED/DENIED lines from journalctl, as you did) so that we can see
what the program actually needs, and choose the best-matching rules (or
even abstraction) for that.

Speaking about that - are the ALLOWED and DENIED lines you pasted in the
original report all you got, or did you see more denials? Assuming that
there were additional log lines (likely if you had to add 60+ lines) -
can you please attach them?

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to transmission in Ubuntu.
https://bugs.launchpad.net/bugs/2125314

Title:
  Transmission-QT  fails to start properly due to AppArmor
  misconfiguration

Status in apparmor package in Ubuntu:
  Confirmed
Status in transmission package in Ubuntu:
  Confirmed

Bug description:
  Transmission-QT fails to start properly due to AppArmor
  misconfiguration.

  Switching to AppArmor complain profile (aa-complain transmission-qt) fixes the issue.
  Details below.

  Also, I took a look at other AppArmor profiles and some of them seem
  to lack Qt6 and Plasma6 support.

  It fails to load Plasma6 Theme, Qt session and AppMenu:
  $ transmission-qt
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Tooltip"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Selection"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Selection"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:View"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Button"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Inactive"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "Colors:Window"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "KDE"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "/usr/share/color-schemes/BreezeLight.colors" "ColorEffects:Disabled"
  kf.config.core: Created a KConfigGroup on an inaccessible config location "kcminputrc" "Mouse"
  MESA-LOADER: failed to retrieve device information
  MESA-LOADER: failed to retrieve device information
  MESA-LOADER: failed to retrieve device information
  glx: failed to create dri3 screen
  failed to load driver: i915
  Qt: Session management error: None of the authentication protocols specified are supported
  Failed to register window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="RegisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to unregister window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="UnregisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to register window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="RegisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")
  Failed to unregister window menu, reason: org.freedesktop.DBus.Error.AccessDenied ("An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.84" (uid=1000 pid=3346 comm="transmission-qt" label="transmission-qt (enforce)") interface="com.canonical.AppMenu.Registrar" member="UnregisterWindow" error name="(unset)" requested_reply="0" destination="com.canonical.AppMenu.Registrar" (uid=1000 pid=2285 comm="/usr/bin/kded6" label="unconfined")")


  AppArmor trace in complain profile (sudo aa-complain transmission-qt; journalctl --system -b-0 --output=short | grep -e os-prober -e audit):
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.342:2407): apparmor="ALLOWED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27271 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.342:2408): apparmor="ALLOWED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27271 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2409): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2410): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2411): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.423:2412): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2413): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2414): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2415): apparmor="ALLOWED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:39:10 mypc kernel: audit: type=1400 audit(1758519550.424:2416): apparmor="ALLOWED" operation="file_perm" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27271 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

  
  AppArmor trace in enforce profile (sudo aa-enforce transmission-qt; journalctl --system -b-0 --output=short | grep -e os-prober -e audit):
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.767:2738): apparmor="DENIED" operation="ptrace" class="ptrace" profile="transmission-qt" pid=27750 comm="transmission-qt" requested_mask="read" denied_mask="read" peer="unconfined"
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2739): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/proc/sys/kernel/core_pattern" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2740): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2741): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.816:2742): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdeglobals" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.836:2743): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/usr/share/color-schemes/BreezeLight.colors" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.838:2744): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kdedefaults/kcminputrc" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.838:2745): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/home/user/.config/kcminputrc" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.902:2746): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
  Sep 21 22:44:17 mypc kernel: audit: type=1400 audit(1758519857.902:2747): apparmor="DENIED" operation="open" class="file" profile="transmission-qt" name="/sys/devices/pci0000:00/0000:00:02.0/device" pid=27750 comm="transmission-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2125314/+subscriptions
References

[Bug 2125314] [NEW] Transmission-QT fals to start properly due to AppArmor misconfiguration
From: Eugene San, 2025-09-22