Hello Hong, On Thu, May 25, 2017 at 12:41:36AM -0700, Hong Xu wrote: > Now I can't reproduce the issue any more, even after re-enabling > apparmor for thunderbird. I have the following log entry > > May 25 00:35:58 home kernel: [ 3283.982257] audit: type=1400 > audit(1495697758.889:1682): apparmor="ALLOWED" operation="open" > profile="thunderbird//null-3" name="/etc/ld.so.cache" pid=10714 > comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 > > However, enforcing thunderbird also leads to strange results, which also > makes me a bit worried: > > sudo aa-enforce thunderbird > > Setting /usr/bin/thunderbird to enforce mode. > > ERROR: /etc/apparmor.d/usr.bin.thunderbird contains no profile
as written, unfortunately I'm not able to help you in a reliable way. But maybe the profile isn't in a format any more AppArmor can read and parse it. Worked with some kind of other encoding? I highly suggest to get in touch with the people from the Debian Apparmor team and ask for support and error search. I'm sure they will welcome you. https://wiki.debian.org/AppArmor/Contribute Regards Carsten
