On Tue, 21 Nov 2017 14:58:38 +0000 George Dunlap <dunl...@umich.edu> wrote: > I'm also affected by this bug. At the moment my home directory is on > an NFS share, and my quota isn't big enough to fit my mailboxes (in > addition to making the NFS server a bottleneck for mailbox > operations).
Unfortunately, the current profile only supports files inside
~/.{thunderbird,icedove} and Apparmor doesn't consider symlinks. It only
considers the final destination when matching against the profile.
> Not sure how the AppArmor stuff works -- would it be possible to
> restrict the profile directory *after* reading profile.ini, so you
> know where the actual profile lives?
That would certainly be a good idea but would require upstream efforts
to support Apparmor properly.
I'm afraid that for such cases, the easiest solution would be to disable
the Apparmor profile:
sudo apparmor_parser -R /etc/apparmor.d/usr.bin.thunderbird
sudo ln -s /etc/apparmor.d/usr.bin.thunderbird
/etc/apparmor.d/disable/thunderbird
Regards,
Simon
signature.asc
Description: OpenPGP digital signature
