3

I'm currently running Ubuntu 18.04.1 and have gnome-calculator 3.30.1 installed. I'm pretty sure that's the one that came bundled with 18.04.

enter image description here

Every time I launch gnome-calculator the following message is logged in /var/log/kern.log by apparmor:

kernel: [10238.459543]
audit: type=1400
audit(1547652310.229:29638):
apparmor="DENIED"
operation="open"
profile="snap.gnome-calculator.gnome-calculator"
name="/home/me/Documents/"
pid=10260
comm="head"
requested_mask="r"
denied_mask="r"
fsuid=1000
ouid=1000

Seven additional, identical messages are logged, with the only difference being the directory that gnome-calculator is attempting to access:

name="/home/me/Desktop/"
name="/home/me/Downloads/"
name="/home/me/Music/"
name="/home/me/Pictures/"
name="/home/me/Videos/"
name="/home/me/Public/"
name="/home/me/Templates/"

My interpretation of the above is that gnome-calculator is attempting to scan the contents of my home directory and AppArmor is preventing it from doing so.

If that's the case, why is gnome-calculator scanning my home directory?

Is anyone else seeing the same log messages? Is gnome-calculator 3.30.1 infected by malware? Should I be concerned?

Tim
  • 607
  • 3
    Pretty sure something to do with snappy (pre-installed calculator is a snap application). – pomsky Jan 16 '19 at 16:10
  • It would seem as though that's got something to do with it. If I replace the snap version with the apt version the messages stop. I've got about 10 different snaps installed, though, and only gnome-calculator is scanning my home directory — so there's something different about gnome-calculator. – Tim Jan 16 '19 at 17:39
  • The snap version of gnome-system-monitor seems to generate AppArmor messages as well. Not the same type, but given they happen every 6 seconds they have the potential to chew up a large amount of drive space. – Tim Jan 16 '19 at 18:44
  • 2
    There's some misunderstanding here. The snap of gnome-calculator does not use the home interface so it cannot access the home directory of the user. The error message you're seeing is a warning that it cannot access home. if you replace the snap with a deb you're actually undoing that, and installing a calculator which can access your home directory. It's not malware, and it's not "scanning" your home directory. It's working normally. – popey Jan 16 '19 at 21:42
  • @popey Thanks for the reassurance. Nonetheless, the log entries are being generated because it is trying. Why is a calculator trying to open my Documents, Pictures, Desktop and other directories? – Tim Jan 16 '19 at 22:10
  • 2
    Not necessarily. Again, try not to jump to conclusions that the calculator is somehow trying to do something nafarious. The snaps use a generic launcher script which does a bunch of stuff which is generic for many snaps. It's likely just setting up those directories so that if the application needs to access Music, or Pictures, it has the right mounts/links to get to them. – popey Jan 16 '19 at 22:15
  • @popey Sounds reasonable. Thanks for that. I replaced it with the apt version anyway just to get rid of the messages. Will probably give it another chance the next time I upgrade my OS. Cheers! – Tim Jan 16 '19 at 23:29

1 Answers1

3

No worries, it seems quite normal.

I installed gnome-calculator as a snap. When starting it from the command line, nothing special happens but when I start it via the GUI (Activities → Search → Calculator) then I see the same messages as you do in kern.log about scanning my $HOME.

I again uninstalled the snap and installed the apt package instead with the following commands:

# switch from snap to apt:
sudo snap remove gnome-calculator
sudo apt install gnome-calculator

and the messages do no longer appear.

Plus, I can start gnome-calculator by a special key on my keyboard and it opens far quicker, but that's another cup of tea (see this related and interesting post).

(Btw, I also replaced the snap version of gnome-system-monitor with the apt version because the snap version lists all the snap filesystems while the apt version only lists the "regular" ones. I see no point in listing dozens of those squashfs filesystems which are all 100 % full. It just messes up the display.)

PerlDuck
  • 13,335