Bug#882122: Your mail

[Schofield, Eric James]

On Thu, 7 Dec 2017 18:22:33 +0200 Vincas Dargis <vin...@gmail.com> wrote:
> I have WIP patch that changes how Thunderbird AppArmor profile 
handles dot files.
>
> Please test it after `sudo aa-enforce 
/etc/apparmor.d/usr.bin.thunderbird`, I will send it to upstream later:
>
> 
https://gitlab.com/Talkless/apparmor-profiles/blob/fix-thunderbird-signature/ubuntu/18.04/usr.bin.thunderbird
>
> Especially it would be useful, if you collect DENIED log entries 
after doing this sequence:
>
> File -> Open -> Saved Messages -> [Navigate to Home] -> select "All 
Files"
>
> File dialog tries to read all files to figure out they file type. 
Since not all dot files are allowed to be read, some
> unimportant DENIED messages might appear that I would like to silence.
Hi,

Using the file above does allow thunderbird to open up on my system. 
Going through the file -> open steps produced the following output in dmesg:

[Thu Dec  7 13:50:02 2017] audit: type=1400 audit(1512676202.555:138): 
apparmor="STATUS" operation="profile_replace" info="same as current 
profile, skipping" profile="unconfined" name="thunderbird" pid=20159 
comm="apparmor_parser"
[Thu Dec  7 13:50:02 2017] audit: type=1400 audit(1512676202.555:139): 
apparmor="STATUS" operation="profile_replace" info="same as current 
profile, skipping" profile="unconfined" name="thunderbird//browser_java" 
pid=20159 comm="apparmor_parser"
[Thu Dec  7 13:50:02 2017] audit: type=1400 audit(1512676202.556:140): 
apparmor="STATUS" operation="profile_replace" info="same as current 
profile, skipping" profile="unconfined" 
name="thunderbird//browser_openjdk" pid=20159 comm="apparmor_parser"
[Thu Dec  7 13:50:02 2017] audit: type=1400 audit(1512676202.556:141): 
apparmor="STATUS" operation="profile_replace" info="same as current 
profile, skipping" profile="unconfined" name="thunderbird//gpg" 
pid=20159 comm="apparmor_parser"
[Thu Dec  7 13:50:02 2017] audit: type=1400 audit(1512676202.557:142): 
apparmor="STATUS" operation="profile_replace" info="same as current 
profile, skipping" profile="unconfined" 
name="thunderbird//sanitized_helper" pid=20159 comm="apparmor_parser"
[Thu Dec  7 13:50:03 2017] audit: type=1400 audit(1512676204.005:143): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=20262 
comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Thu Dec  7 13:50:03 2017] audit: type=1400 audit(1512676204.005:144): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=20262 
comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Thu Dec  7 13:50:25 2017] audit: type=1400 audit(1512676225.895:145): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/client.conf" pid=20247 comm="thunderbird" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:25 2017] audit: type=1400 audit(1512676225.924:146): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/daemon.conf" pid=20362 comm="pulseaudio" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:27 2017] audit: type=1400 audit(1512676227.503:147): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/client.conf" pid=20247 comm="thunderbird" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:27 2017] audit: type=1400 audit(1512676227.526:148): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/daemon.conf" pid=20366 comm="pulseaudio" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:27 2017] audit: type=1400 audit(1512676228.270:149): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/client.conf" pid=20247 comm="thunderbird" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:27 2017] audit: type=1400 audit(1512676228.294:150): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/daemon.conf" pid=20367 comm="pulseaudio" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:28 2017] audit: type=1400 audit(1512676229.007:151): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/client.conf" pid=20247 comm="thunderbird" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:28 2017] audit: type=1400 audit(1512676229.028:152): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/daemon.conf" pid=20368 comm="pulseaudio" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:29 2017] audit: type=1400 audit(1512676229.592:153): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/client.conf" pid=20247 comm="thunderbird" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:29 2017] audit: type=1400 audit(1512676229.613:154): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.config/pulse/daemon.conf" pid=20369 comm="pulseaudio" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:35 2017] audit: type=1400 audit(1512676235.390:155): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.steam/ubuntu12_32/steam" pid=20247 comm="pool" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:35 2017] audit: type=1400 audit(1512676235.392:156): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.steam/steam.pid" pid=20247 comm="pool" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:35 2017] audit: type=1400 audit(1512676235.393:157): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.swp" pid=20247 comm="pool" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec  7 13:50:35 2017] audit: type=1400 audit(1512676235.397:158): 
apparmor="DENIED" operation="open" profile="thunderbird" 
name="/home/e/.devscripts" pid=20247 comm="pool" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000

In addition, the below was pushed out to the terminal window I had 
called thunderbird from:
W: [pulseaudio] core-util.c: Failed to open configuration file 
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: 
Permission denied
W: [pulseaudio] core-util.c: Failed to open configuration file 
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: 
Permission denied
W: [pulseaudio] core-util.c: Failed to open configuration file 
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: 
Permission denied
W: [pulseaudio] core-util.c: Failed to open configuration file 
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: 
Permission denied
W: [pulseaudio] core-util.c: Failed to open configuration file 
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: 
Permission denied

(thunderbird:20247): Gtk-WARNING **: Attempting to read the recently 
used resources file at '/home/e/.local/share/recently-used.xbel', but 
the parser failed: Failed to open file 
“/home/e/.local/share/recently-used.xbel”: Permission denied.

Let me know if there is anything else I can do for you as you fine-tune 
the file.

Thank you,
Eric