Control: retitle -1 Thunderbird apparmor profile: access problem on /mnt Hello Simon,
On Thu, May 18, 2017 at 06:51:14PM -0400, Simon Deziel wrote: > On Thu, 27 Apr 2017 12:01:47 +0100 Jim Cobley <j...@priorycomputers.com> > wrote: > > audit: type=1400 audit(1493287998.510:88): apparmor="DENIED" > > operation="open" profile="thunderbird" > > name="/mnt/Z/temp/Bluebell/TyreSize.jpg" pid=4537 comm="thunderbird" > > requested_mask="r" denied_mask="r" fsuid=1900 ouid=1900 > > Right, /mnt isn't accessible as the Apparmor policy mostly only > authorize reading files from $HOME and /opt. I think that granting read > access to the following directories: > > /data > /media > /mnt > /srv > > And let "owner" write to those would make sense. Carsten, I've pushed a > commit [*] doing just that. thanks for taking care! I'll pick that up too. > > audit: type=1400 audit(1493288317.390:149): apparmor="DENIED" > > operation="exec" profile="thunderbird" > > name="/usr/lib/firefox-esr/firefox-esr" pid=4906 comm="thunderbird" > > requested_mask="x" denied_mask="x" fsuid=1900 ouid=0 > > It seems like the ESR version of Firefox would need to be added to > "abstractions/ubuntu-browsers" or it's Debian equivalent. The only file I've seen there on my system is for evince. I've installed firefox-esr. > $ ls /etc/apparmor.d/abstractions > evince @Ulrike You have better knowledge about the apparmor universe in Debian, what we need to do here? ... > *: > https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.bin.thunderbird > commit 51548d63b2 Regards Carsten
