Hi Simon, On 11/01/2017 10:55 PM, Simon Deziel wrote: > On 2017-11-01 05:38 PM, Philipp Kern wrote: >> Package: thunderbird >> Version: 1:52.4.0-1 >> X-Debbugs-Cc: intrig...@debian.org, si...@sdeziel.info >> >> I'm using thunderbird with apparmor enabled and I get the following deny >> with the proprietary nvidia driver installed and active once on every >> application startup: >> >> [37152.076369] audit: type=1400 audit(1509571965.982:138): >> apparmor="DENIED" operation="open" profile="thunderbird" >> name="/proc/modules" pid=15498 comm="thunderbird" requested_mask="r" >> denied_mask="r" fsuid=1000 ouid=0 >> [37152.077458] audit: type=1400 audit(1509571965.983:139): >> apparmor="DENIED" operation="exec" profile="thunderbird" >> name="/usr/bin/nvidia-modprobe" pid=15501 comm="thunderbird" >> requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 >> >> If thunderbird were to use some kind of libGL, I'd understand why this >> happens. (The unfortunate fact that the AppArmor profile needs to know >> about all dependencies of the libraries the application loads.) I don't >> obviously see it in the final process map or the ldd output, though. > > Could you try adding this to near the other includes at the top: > > #include <abstractions/nvidia> > > Then run: > > sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.thunderbird > > And launch Thunderbird again, please. If that removes the denials, I'll > propose the change upstream.
that fixes the denial and the segfault for me. Kind regards and thanks Philipp Kern
signature.asc
Description: OpenPGP digital signature
