I have a 32-bit wine application running in wine64
. In devmode
, everything seems to work but in strict
, the application fails to show certain text.
I’ve read through the scanlog
output of the devmode snap, and I get A TON of complaints about memory mapping fonts.
= AppArmor =
Time: Mar 17 23:54:48
Log: apparmor="ALLOWED" operation="file_mmap" profile="snap.photoscape.photoscape" name="/usr/share/fonts/truetype/noto/NotoSansBuhid-Regular.ttf" pid=15320 comm="PhotoScape.exe" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
File: /usr/share/fonts/truetype/noto/NotoSansBuhid-Regular.ttf (mmap)
This reminds me of the stackexec issue we had on some of the electron snaps. Basically: snap denies memory maps from executables which have the stackexec bit set.
However; when I comb through my snap I can’t find any executables with the stackexec bit set:
$ find /snap/photoscape/current/ -executable -type f -exec execstack "{}" \; 2>&1 | grep "X "
$
So my questions:
- Are these denials caused by
READ_IMPLIES_X
/stackexec
issue? - How can I see whether a running process has the
READ_IMPLIES_X
personality bit set? - Are there other ways to be “granted”
READ_IMPLIES_X
?