On Thu, 27 Apr 2017 12:01:47 +0100 Jim Cobley <j...@priorycomputers.com> wrote: > audit: type=1400 audit(1493287998.510:88): apparmor="DENIED" > operation="open" profile="thunderbird" > name="/mnt/Z/temp/Bluebell/TyreSize.jpg" pid=4537 comm="thunderbird" > requested_mask="r" denied_mask="r" fsuid=1900 ouid=1900
Right, /mnt isn't accessible as the Apparmor policy mostly only authorize reading files from $HOME and /opt. I think that granting read access to the following directories: /data /media /mnt /srv And let "owner" write to those would make sense. Carsten, I've pushed a commit [*] doing just that. > audit: type=1400 audit(1493288317.390:149): apparmor="DENIED" > operation="exec" profile="thunderbird" > name="/usr/lib/firefox-esr/firefox-esr" pid=4906 comm="thunderbird" > requested_mask="x" denied_mask="x" fsuid=1900 ouid=0 It seems like the ESR version of Firefox would need to be added to "abstractions/ubuntu-browsers" or it's Debian equivalent. Regards, Simon *: https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.bin.thunderbird commit 51548d63b2
signature.asc
Description: OpenPGP digital signature
