Hello Vincas,
On Sun, Dec 03, 2017 at 04:40:38PM +0200, Vincas Dargis wrote:
> Dear Maintainer,
>
> I am suggesting to fix this issue by providing @{thunderbird_user_dirs}
> variable, that could be modified by the user to add addition paths, such
> `/home/me/Archives` or `/mnt/foo`. This kind of functionality is discussed
> in AppArmor mailing list [0].
>
> I have tested with `/etc/apparmor.d/local/tunables/usr.bin.thunderbird`
> having this content:
>
> ```
> @{thunderbird_user_dirs} += /mnt/foo /home/vincas/Archive/
> ```
>
> And it solves this issue, provided that profile has patch applied of course.
>
> _The question is_, will you agree to ship empty file
> `/etc/apparmor.d/local/tunables/usr.bin.thunderbird`? We do not have
> "#include_if_exists" or similar mechanism in AppArmor parser to avoid that
> yet.
I'm not against to ship such a empty file.
OTHOH I have not deep knowledge how AppArmor is working internaly, but
in the longterm we would need some mechanism that allows users to config
the needed behaviour inside their Home.
Couldn't be something added like this?
#include_if_exists <@HOME/.config/apparmor/usr.bin.*>
As long as apparmor stuff is placed in /etc/apparmor the user needs
admin rights to chnage or add something. That's mostly no problem if the
user is a typical SOHO user but quite impossible if using a Linux system
on a university or company e.g.
If the above is possible we could prepare some example stuff in
/u/s/d/thunderbird that user can simply copy and change to their needs.
> Additionally, maybe Thunderbird's README could have useful information about
> this customization point.
That's of course needed. I was thinking about a new additional file
README.apparmor for that extra information. This file will grow over
time I think.
> I have attached WIP patch that I will propose to AppArmor pull request
> myself, but only if you agree with this plan.
We can add that change of course as we need to start somethere. For
52.5.0 it's to late now. But I can upload a further version with more
apparmor related changes in the next weeks.
Regards
Carsten
