On 2017-12-07 21:58, Schofield, Eric James wrote:
Using the file above does allow thunderbird to open up on my system. Going through the file -> open steps produced the
following output in dmesg:
Thanks for testing!
[skipping STATUS entries...]
[Thu Dec 7 13:50:03 2017] audit: type=1400 audit(1512676204.005:143): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=20262 comm="thunderbird" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0
I've seen this `vendor` stuff too. Will propose patch on different PR upstream
later.
[Thu Dec 7 13:50:25 2017] audit: type=1400 audit(1512676225.895:145): apparmor="DENIED" operation="open"
profile="thunderbird" name="/home/e/.config/pulse/client.conf" pid=20247 comm="thunderbird" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec 7 13:50:25 2017] audit: type=1400 audit(1512676225.924:146): apparmor="DENIED" operation="open"
profile="thunderbird" name="/home/e/.config/pulse/daemon.conf" pid=20362 comm="pulseaudio" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
Wow that's interesting, <abstractions/audio> [0] should allow reading
`.config/pulse/*` . Maybe Thunderbird rules
conflicts somehow. Could you hint how could I change pulseaudio configuration
so that it would try to read configs
from $HOME? It does not reproduce on my machine for some reason.
Maybe it's Desktop Environment-specific? What's your setup? I could
troubleshoot on VM.
*intrigeri*, do you have ideas why `/home/e/.config/pulse/{damon,client}.conf`
are denied if there are entries in audio
abstraction?
[Thu Dec 7 13:50:35 2017] audit: type=1400 audit(1512676235.390:155): apparmor="DENIED" operation="open"
profile="thunderbird" name="/home/e/.steam/ubuntu12_32/steam" pid=20247 comm="pool" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
[Thu Dec 7 13:50:35 2017] audit: type=1400 audit(1512676235.392:156): apparmor="DENIED" operation="open"
profile="thunderbird" name="/home/e/.steam/steam.pid" pid=20247 comm="pool" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=1000
[Thu Dec 7 13:50:35 2017] audit: type=1400 audit(1512676235.393:157): apparmor="DENIED" operation="open"
profile="thunderbird" name="/home/e/.swp" pid=20247 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Thu Dec 7 13:50:35 2017] audit: type=1400 audit(1512676235.397:158): apparmor="DENIED" operation="open"
profile="thunderbird" name="/home/e/.devscripts" pid=20247 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
I skipped that .stream stuff (it's symlinks: .steampath -> /home/vincas/.steam/bin32/steam and steampid ->
/home/vincas/.steam/steam.pid), but I guess it's common enough to add deny to silence them too.
.devscripts and .swp are good finds too to be added, too.
In addition, the below was pushed out to the terminal window I had called
thunderbird from:
W: [pulseaudio] core-util.c: Failed to open configuration file
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Permission
denied
W: [pulseaudio] core-util.c: Failed to open configuration file
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Permission
denied
W: [pulseaudio] core-util.c: Failed to open configuration file
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Permission
denied
W: [pulseaudio] core-util.c: Failed to open configuration file
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Permission
denied
W: [pulseaudio] core-util.c: Failed to open configuration file
'/home/e/.config/pulse//daemon.conf': Permission denied
W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Permission
denied
Same issues with pulse as above.
(thunderbird:20247): Gtk-WARNING **: Attempting to read the recently used resources file at
'/home/e/.local/share/recently-used.xbel', but the parser failed: Failed to open file
“/home/e/.local/share/recently-used.xbel”: Permission denied.
Strange that these recently-used does not appear in audit logs, maybe there are
"deny" rule already somewhere.
Let me know if there is anything else I can do for you as you fine-tune the
file.
Thanks! Currently question is how to reproduce that pulse audio issue, and
what's up with that overall.
[0]
https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/abstractions/audio#L57
