On 29/05/18 10:03, The Wanderer wrote:
I thought they'd gotten so many problems with Thunderbird under AppArmor when they first enabled it for user-based testing that they'd wound up disabling the Thunderbird AppArmor profile entirely, with the option for the local admin to enable it if desired. If you're seeing this behavior, that probably means they've found what they think is a solution for enough of those problems, and enabled the profile again - and I'm not at all sure that that's a good thing, at this stage...
The problem is that Thunderbird is driven by user interaction and it is entirely reasonable for it to access any user file. It is designed to do this. Maintainers cannot know in advance what users might want to do with their own data. This differs from system services whose expected file access behaviour can be defined in advance, regulated by an administrator, and audited by apparmor. I think that attempting to apply apparmor file access rules to Thunderbird is a bad idea.
Kind regards, -- Ben Caradoc-Davies <b...@transient.nz> Director Transient Software Limited <https://transient.nz/> New Zealand
