Hi Philipp, On 2017-11-01 05:38 PM, Philipp Kern wrote: > Package: thunderbird > Version: 1:52.4.0-1 > X-Debbugs-Cc: intrig...@debian.org, si...@sdeziel.info > > I'm using thunderbird with apparmor enabled and I get the following deny > with the proprietary nvidia driver installed and active once on every > application startup: > > [37152.076369] audit: type=1400 audit(1509571965.982:138): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/proc/modules" pid=15498 comm="thunderbird" requested_mask="r" > denied_mask="r" fsuid=1000 ouid=0 > [37152.077458] audit: type=1400 audit(1509571965.983:139): > apparmor="DENIED" operation="exec" profile="thunderbird" > name="/usr/bin/nvidia-modprobe" pid=15501 comm="thunderbird" > requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 > > If thunderbird were to use some kind of libGL, I'd understand why this > happens. (The unfortunate fact that the AppArmor profile needs to know > about all dependencies of the libraries the application loads.) I don't > obviously see it in the final process map or the ldd output, though.
Could you try adding this to near the other includes at the top: #include <abstractions/nvidia> Then run: sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.thunderbird And launch Thunderbird again, please. If that removes the denials, I'll propose the change upstream. Regards, Simon
signature.asc
Description: OpenPGP digital signature
