On 16-05-23 17:24:12, Holger Levsen wrote: > On Mon, May 23, 2016 at 07:00:29PM +0200, ge...@riseup.net wrote: > > On 16-05-23 15:43:09, Holger Levsen wrote: > > > next ambigity: is installation and usage broken, or just installation? > > > (IOW: can I disable the apparmor profile for installation and then > > > reenable it for using it…) > > > > Tested both sid and jessie now: Install fails (with aa enabled), but > > usage is possible (with aa disabled). > > and is usage possible with aa enabled after you installed with aa > disabled?
No, this applies to both sid and jessie.
/var/log/syslog shows:
May 23 16:50:35 debian kernel: [ 163.913573] audit: type=1400
audit(1464036635.462:65): apparmor="ALLOWED" operation="open"
profile="/usr/bin/torbrowser-launcher"
name="/sys/devices/pci0000:00/0000:00:0d.0/ata1/host0/target0:0:0/0:0:0:0/block/sda/queue/hw_sector_size"
pid=1359 comm="torbrowser-laun" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
May 23 16:50:36 debian kernel: [ 164.797894] audit: type=1400
audit(1464036636.346:66): apparmor="ALLOWED" operation="exec"
profile="/usr/bin/torbrowser-launcher" name="/sbin/ldconfig" pid=1363 comm="sh"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
target="/usr/bin/torbrowser-launcher//null-1"
May 23 16:50:36 debian kernel: [ 164.819898] audit: type=1400
audit(1464036636.366:67): apparmor="ALLOWED" operation="open"
profile="/usr/bin/torbrowser-launcher//null-1"
name="/usr/lib/locale/locale-archive" pid=1363 comm="ldconfig"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:36 debian kernel: [ 164.820069] audit: type=1400
audit(1464036636.366:68): apparmor="ALLOWED" operation="getattr"
profile="/usr/bin/torbrowser-launcher//null-1"
name="/usr/lib/locale/locale-archive" pid=1363 comm="ldconfig"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:36 debian kernel: [ 164.820225] audit: type=1400
audit(1464036636.366:69): apparmor="ALLOWED" operation="open"
profile="/usr/bin/torbrowser-launcher//null-1" name="/etc/ld.so.cache" pid=1363
comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:36 debian kernel: [ 164.820290] audit: type=1400
audit(1464036636.366:70): apparmor="ALLOWED" operation="getattr"
profile="/usr/bin/torbrowser-launcher//null-1" name="/etc/ld.so.cache" pid=1363
comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:36 debian kernel: [ 164.821061] audit: type=1400
audit(1464036636.370:71): apparmor="ALLOWED" operation="open"
profile="/usr/bin/torbrowser-launcher//null-1" name="/etc/locale.alias"
pid=1363 comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:36 debian kernel: [ 164.821136] audit: type=1400
audit(1464036636.370:72): apparmor="ALLOWED" operation="getattr"
profile="/usr/bin/torbrowser-launcher//null-1" name="/etc/locale.alias"
pid=1363 comm="ldconfig" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:37 debian kernel: [ 166.026773] audit: type=1400
audit(1464036637.575:73): apparmor="DENIED" operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox"
name="/run/NetworkManager/resolv.conf" pid=1383 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:37 debian kernel: [ 166.027256] audit: type=1400
audit(1464036637.575:74): apparmor="DENIED" operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox"
name="/run/NetworkManager/resolv.conf" pid=1383 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
May 23 16:50:43 debian kernel: [ 171.823494] audit: type=1400
audit(1464036643.374:75): apparmor="DENIED" operation="open"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox"
name="/run/NetworkManager/resolv.conf" pid=1383 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
signature.asc
Description: Digital signature
