Dear Maintainer,
* What led up to the situation?
The configuration file may be in .config/redshift/ instead of
.config/ and the apparmor profile usr.bin.redshift only allows reading
.config/redshift.conf
* What exactly did you do (or not do) that was effective (or
ineffective)?
Add the following line to /etc/apparmor:
owner @{HOME}/.config/redshift/redshift.conf r,
* What was the outcome of this action?
it works
It seems to me, like something along this fix, would be enough: https://salsa.debian.org/debian/redshift/-/merge_requests/4/diffs +owner @{HOME}/.config/redshift/redshift.conf r, Just discovered this while migrating to bullseye, this does essentially break redshift on bullseye, if you use a config-file at the default location.
Instead of wasting time configuring and running a location service, I just had a number of slightly different configuration files for redshift (with different manual locations specified) and would just let `.config/redshift.conf` be a symlink to the one corresponding to my current location. (And do some extra work in new locations) That didn't work with the discussed restriction (but I could easily put all the different configs in `.config/redshift/`. For now my workaround was simply to replace the symlink with a copy.
I just read (and understood) Mikkel's suggestion. That won't help in my case, I basically need read permissions to *all* files in `.config/redshift`. Unfortunately I don't know apparmor well enough to suggest an addition to the policy that will accomplish that.
On Tue, 26 Apr 2022 09:58:11 +0200 Henrik Christian Grove <debian@3001.dk> wrote:
> I just read (and understood) Mikkel's suggestion. That won't help in my
> case, I basically need read permissions to *all* files in
> `.config/redshift`.
>
> Unfortunately I don't know apparmor well enough to suggest an addition
> to the policy that will accomplish that.
>
>
This could help until it gets fixed upstream:
Edit the file /etc/apparmor.d/usr.bin.redshift and change the line
owner @{HOME}/.config/redshift.conf r,
To
owner @{HOME}/.config/redshift/* r,
Then restart apparmor: sudo systemctl restart apparmor
I'm having a similar problem, because my redshift config file is in version control, and ~/.config/redshift.conf is a symlink to the version controlled file. I changed it to a hardlink, which allows redshift to read the config file, but this is not a robust solution. I don't know anything about apparmor, but is there some hope that the config could be changed to follow symlinks? Or perhaps that "defeats the purpose" of apparmor?
On Sat, 4 Mar 2023 15:02:59 -0300 Gonzalo Arreche <gonzaloarreche@gmail.com> wrote: I added the entry instead of changing the original (which could work for some users) and can confirm that it fixed the issue for me with missing read permissions.