[pkg-apparmor] Bug#882048: apparmor should let thunderbird use signatures from files
intrigeri
intrigeri at debian.org
Thu Nov 23 19:14:24 UTC 2017
Hi,
Vincas Dargis:
> Looks like the culprit is this line in usr.bin.thunderbird [0]:
> ```
> deny @{HOME}/.* r,
> ```
[…]
Thanks for your detailed analysis!
> 4. Opening a File dialog to select file to be attached, produces bunch of DENIED
> messages in log, when user browses it's $HOME, which contains dot-files and
> directories. I have experienced this myself, as for some reason file select dialog
> tries to read files being displayed (probably for create/modify dates?). To avoid
> these noisy DENIED messages, someone have put `deny @{HOME}/.* r,` rule to silence
> it. This is my speculation.
I can't reproduce this after commenting out the "deny @{HOME}/.* r" rule.
If I do that and then add a new rule:
owner @{HOME}/.signature* r,
… then the use case this bug report is about is fixed.
Simon, any problem with doing that?
If we do that, then we need to document in README.Debian than
signatures can be loaded only from ~/.signature*. I'm not sure that's
good enough to avoid creating a "AppArmor breaks basic stuff, let's
disable it" culture in Debian, which is something I've been trying
hard to avoid for years.
I'm very tempted to propose we simply disable this profile by default:
I have very little hope at this point that we can make it open enough
to avoid breaking all kinds of corner cases, while keeping it strict
enough to be meaningful at all. Opinions?
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list