Bug#934024: Next trial

[Karsten]

The configuration of AppArmor for Thunderbird is somehow wrong.

The first time i searched for the configuration files i could only find this:

/lib/apparmor

/etc/init.d/apparmor
/etc/apparmor
/usr/share/doc/apparmor
/usr/share/lintian/overrides/apparmor                                           
                                                                    

/usr/src/linux-headers-4.19.0-5-amd64/include/config/security/apparmor          
                                                                    
/usr/src/linux-headers-4.9.0-8-amd64/include/config/security/apparmor           
                                                                    

/var/cache/apparmor


There where NO subdirectories in /etc/apparmor !

Then i installed the package apparmor-utils to experiment with AppArmor.
After that i found out that i could not set Thunderbird in debug (complain) 
mode.
This fails with 
ERROR: /etc/apparmor.d/usr.bin.thunderbird doesn't contain a valid profile for 
/usr/bin/thunderbird (syntax error?)


Now after my next reboot i checked the path /etc/apparmor again and it looks 
this way:

 # tree -d /etc/apparmor*
/etc/apparmor
/etc/apparmor.d
├── abstractions
│   ├── apparmor_api
│   └── ubuntu-browsers.d
├── disable
├── force-complain
├── local
└── tunables
    ├── home.d
    ├── multiarch.d
    └── xdg-user-dirs.d


# ll /etc/apparmor
insgesamt 40K
drwxr-xr-x   2 root root 4,0K Aug  8 15:43 .
drwxr-xr-x 157 root root  12K Aug  9 16:39 ..
-rw-r--r--   1 root root 5,1K Mär 30 14:23 logprof.conf
-rw-r--r--   1 root root 1,6K Mär 30 14:23 parser.conf
-rw-r--r--   1 root root  11K Mär 30 14:23 severity.db

# ll /etc/apparmor.d
insgesamt 128K
drwxr-xr-x   7 root root 4,0K Aug  9 16:37 .
drwxr-xr-x 157 root root  12K Aug  9 16:39 ..
drwxr-xr-x   4 root root 4,0K Aug  4 15:30 abstractions
drwxr-xr-x   2 root root 4,0K Aug  9 16:40 disable
drwxr-xr-x   2 root root 4,0K Mär 30 14:23 force-complain
-rw-r--r--   1 root root  819 Feb 22 17:50 lightdm-guest-session
drwxr-xr-x   2 root root 4,0K Aug  4 14:55 local
-rw-r--r--   1 root root 1,1K Mär 30 14:23 nvidia_modprobe
drwxr-xr-x   5 root root 4,0K Aug  4 14:52 tunables
-rw-r--r--   1 root root  10K Jan 29  2019 usr.bin.evince
-rw-r--r--   1 root root 3,1K Feb 10 13:11 usr.bin.man
-rw-r--r--   1 root root  14K Aug  9 16:37 usr.bin.thunderbird
-rw-r--r--   1 root root 1,5K Jun 18 20:36 usr.lib.libreoffice.program.oosplash
-rw-r--r--   1 root root 1,4K Jun 18 20:36 usr.lib.libreoffice.program.senddoc
-rw-r--r--   1 root root  11K Jun 18 20:36 
usr.lib.libreoffice.program.soffice.bin
-rw-r--r--   1 root root 1,3K Jun 18 20:36 
usr.lib.libreoffice.program.xpdfimport
-rw-r--r--   1 root root 8,0K Jan 16  2017 usr.lib.telepathy
-rw-r--r--   1 root root  540 Jan 19  2017 usr.sbin.cups-browsed
-rw-r--r--   1 root root 5,5K Apr 23 08:33 usr.sbin.cupsd
-rw-r--r--   1 root root  563 Apr 19 18:29 usr.sbin.haveged
-rw-r--r--   1 root root  798 Aug  6  2018 usr.sbin.mysqld-akonadi


I tried again
# aa-complain thunderbird
Setting /usr/bin/thunderbird to complain mode.

ERROR: /etc/apparmor.d/usr.bin.thunderbird doesn't contain a valid profile for 
/usr/bin/thunderbird (syntax error?)

Why has this profile an error?


But i could deactivate Thunderbird with
# aa-disable thunderbird
Disabling /usr/bin/thunderbird.


After that i could start Thunderbird and send this email.

Cheers
karsten