3

I'm currently running Ubuntu 18.04.1 and have gnome-calculator 3.30.1 installed. I'm pretty sure that's the one that came bundled with 18.04.

enter image description here

Every time I launch gnome-calculator the following message is logged in /var/log/kern.log by apparmor:

kernel: [10238.459543]
audit: type=1400
audit(1547652310.229:29638):
apparmor="DENIED"
operation="open"
profile="snap.gnome-calculator.gnome-calculator"
name="/home/me/Documents/"
pid=10260
comm="head"
requested_mask="r"
denied_mask="r"
fsuid=1000
ouid=1000

Seven additional, identical messages are logged, with the only difference being the directory that gnome-calculator is attempting to access:

name="/home/me/Desktop/"
name="/home/me/Downloads/"
name="/home/me/Music/"
name="/home/me/Pictures/"
name="/home/me/Videos/"
name="/home/me/Public/"
name="/home/me/Templates/"

My interpretation of the above is that gnome-calculator is attempting to scan the contents of my home directory and AppArmor is preventing it from doing so.

If that's the case, why is gnome-calculator scanning my home directory?

Is anyone else seeing the same log messages? Is gnome-calculator 3.30.1 infected by malware? Should I be concerned?

Tim
  • 587
  • 1
  • 4
  • 11
  • 3
    Pretty sure something to do with snappy (pre-installed calculator is a snap application). – pomsky Jan 16 '19 at 16:10
  • It would seem as though that's got something to do with it. If I replace the snap version with the apt version the messages stop. I've got about 10 different snaps installed, though, and only gnome-calculator is scanning my home directory — so there's something different about gnome-calculator. – Tim Jan 16 '19 at 17:39
  • The snap version of **gnome-system-monitor** seems to generate AppArmor messages as well. Not the same type, but given they happen every 6 seconds they have the potential to chew up a large amount of drive space. – Tim Jan 16 '19 at 18:44
  • 2
    There's some misunderstanding here. The snap of gnome-calculator does not use the `home` interface so it *cannot* access the home directory of the user. The error message you're seeing is a warning that it *cannot* access home. if you replace the snap with a deb you're actually undoing that, and installing a calculator which *can* access your home directory. It's *not* malware, and it's *not* "scanning" your home directory. It's working normally. – popey Jan 16 '19 at 21:42
  • @popey Thanks for the reassurance. Nonetheless, the log entries are being generated because it is _trying._ Why is a calculator _trying_ to open my Documents, Pictures, Desktop and other directories? – Tim Jan 16 '19 at 22:10
  • 2
    Not necessarily. Again, try not to jump to conclusions that the calculator is somehow trying to do something nafarious. The snaps use a generic launcher script which does a bunch of stuff which is generic for many snaps. It's likely just setting up those directories so that *if* the application *needs* to access Music, or Pictures, it has the right mounts/links to get to them. – popey Jan 16 '19 at 22:15
  • @popey Sounds reasonable. Thanks for that. I replaced it with the apt version anyway just to get rid of the messages. Will probably give it another chance the next time I upgrade my OS. Cheers! – Tim Jan 16 '19 at 23:29

1 Answers1

3

No worries, it seems quite normal.

I installed gnome-calculator as a snap. When starting it from the command line, nothing special happens but when I start it via the GUI (Activities → Search → Calculator) then I see the same messages as you do in kern.log about scanning my $HOME.

I again uninstalled the snap and installed the apt package instead with the following commands:

# switch from snap to apt:
sudo snap remove gnome-calculator
sudo apt install gnome-calculator

and the messages do no longer appear.

Plus, I can start gnome-calculator by a special key on my keyboard and it opens far quicker, but that's another cup of tea (see this related and interesting post).

(Btw, I also replaced the snap version of gnome-system-monitor with the apt version because the snap version lists all the snap filesystems while the apt version only lists the "regular" ones. I see no point in listing dozens of those squashfs filesystems which are all 100 % full. It just messes up the display.)

PerlDuck
  • 13,014
  • 1
  • 36
  • 60