[pkg-apparmor] Bug#949450: thunderbird: tb not usable with apparmor profile enabled.

Dimitris dimitris at stinpriza.org
Fri Jan 31 10:46:49 GMT 2020


On 1/30/20 2:11 PM, Dimitris wrote:

> just reinstalled thunderbird, and enabled apparmor profile.
> strangely, enigmail works now and tb is behaving normally.. (diff from
> previous active profile doesn't show anything ?!).
> ( sorry for the fuzz :( )

well nope, after reboot, back to enigmail not working... (!?)
had to disable profile again, to get it working..

apart from original and these messages, there are more following which
cause tb to get unresponsive..

> 
> [Thu Jan 30 2020] audit: type=1400 audit(1580374356.699:35):
> apparmor="DENIED" operation="capable" profile="thunderbird" pid=23563
> comm="thunderbird" capability=21  capname="sys_admin"
> 
> [Thu Jan 30 2020] audit: type=1400 audit(1580374356.923:36):
> apparmor="DENIED" operation="open"
> profile="thunderbird//sanitized_helper"
> name="/tmp/clearsigned.message.pycT1r" pid=23600 comm="apt-cache"
> requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
> 
> [Thu Jan 30 2020] audit: type=1400 audit(1580374357.943:37):
> apparmor="DENIED" operation="open" profile="thunderbird"
> name="/etc/mate/defaults.list" pid=23563 comm="thunderbird"
> requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
> 
> 
> concerning original report msg, added this to profile :
> 
> owner /dev/shm/org.chromium.* r,
> 
> every filterlog.html in all accounts.. used this in profile to
> go away:
> owner /home/*/{.icedove,.thunderbird}/*/*/*/filterlog.html w,
> 
> but maybe there's a better way.
> 
> also this msg :
> 
> audit: type=1400 audit(1580377190.735:2836): apparmor="DENIED"
> operation="file_inherit" profile="thunderbird//gpg"
> name=2F6XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXD6C
> pid=13850 comm="gpg" requested_mask="a" denied_mask="a" fsuid=1000 ouid=1000
> 
> (replaced chars in between with Xs, since i don't know what this could
> be..?)
> 



new messages emerging making tb/enigmail unusable :

audit: type=1400 audit(1580465922.867:14): apparmor="DENIED"
operation="capable" profile="thunderbird" pid=11974 comm="thunderbird"
capability=21 capname="sys_admin"

audit: type=1400 audit(1580465924.499:15): apparmor="DENIED"
operation="open" profile="thunderbird" name="/etc/mate/defaults.list"
pid=11974 comm="thunderbird" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0

audit: type=1400 audit(1580465929.463:16): apparmor="DENIED"
operation="file_lock" profile="thunderbird"
name="/home/user/.cache/thunderbird/profile.default/OfflineCache/index.sqlite"
pid=11974 comm="thunderbird" requested_mask="k" denied_mask="k"
fsuid=1000 ouid=1000

audit: type=1400 audit(1580465955.367:18): apparmor="DENIED"
operation="file_inherit" profile="thunderbird//gpg"
name="/home/user/.icedove/profile.default/ImapMail/account1/INBOX.sbd/folder"
pid=13491 comm="gpg" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

audit: type=1400 audit(1580466665.275:19): apparmor="DENIED"
operation="file_inherit" profile="thunderbird//gpg"
name="/home/user/.icedove/profile.default/prefs-1.js" pid=20428
comm="gpg" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

audit: type=1400 audit(1580466665.279:20): apparmor="DENIED"
operation="exec" profile="thunderbird//gpg" name="/usr/bin/gpg-agent"
pid=20430 comm="gpg" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0


thanks,
d.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20200131/3d2d854e/attachment.sig>


More information about the pkg-apparmor-team mailing list