Control: tag -1 + moreinfo
Hi Philipp & Simon,
Philipp Kern:
> I'm using thunderbird with apparmor enabled and I get the following deny
> with the proprietary nvidia driver installed and active once on every
> application startup:
> [37152.076369] audit: type=1400 audit(1509571965.982:138):
> apparmor="DENIED" operation="open" profile="thunderbird"
> name="/proc/modules" pid=15498 comm="thunderbird" requested_mask="r"
> denied_mask="r" fsuid=1000 ouid=0
> [37152.077458] audit: type=1400 audit(1509571965.983:139):
> apparmor="DENIED" operation="exec" profile="thunderbird"
> name="/usr/bin/nvidia-modprobe" pid=15501 comm="thunderbird"
> requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Philipp, thanks for this report! Can you please:
1. add this line to usr.bin.thunderbird:
#include <abstractions/nvidia>
2. sudo apparmor_parser -r /etc/apparmor.d/usr.bin.thunderbird
3. retry
?
If this works I'll submit a MR upstream about this and I expect Simon
will review it promptly :)
FWIW we had to fix a similar issues for Totem recently (#879900).
If more of these pop up we should consider including the nvidia
abstraction in some other abstraction that's itself commonly included
in affected GUI apps.
Cheers,
--
intrigeri
