Hi Carsten, thanks for your reply! On 10/31/2017 07:54 AM, Carsten Schoenert wrote: > For Thunderbird intrigeri and myself came to the conclusion that > especially for the apparmor profile someone from the apparmor team > should be able to contribute changes to the profile directly to the git > tree. So intrigeri has become a member of the pkg-mozilla group to be > able to push changes by himself. I trust intrigeri enough that he will > do good contributions. For now it's the best we can do. This at all is > for sure improvable and we should talk about this on upcoming Debian > events or directly via email. Okay, filed the bugs, lets see where they go. :) I was especially concerned about the browser part. > ... >> [1] e.g. >> [ 3459.624852] audit: type=1400 audit(1509283082.571:59): >> apparmor="DENIED" operation="file_inherit" profile="thunderbird//gpg" >> name="/usr/share/thunderbird/omni.ja" pid=24720 comm="gpg2" >> requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Filed as #880425[1]. >> [2] e.g. >> [ 3795.153239] audit: type=1400 audit(1509283418.100:64): >> apparmor="DENIED" operation="exec" profile="thunderbird" >> name="/opt/google/chrome-beta/google-chrome-beta" pid=31896 >> comm="thunderbird" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Filed as #880424[0]. I think there is a deeper question here as to how to handle the browser abstraction for AppArmor in general. > I suggest to open a bug report for each of such issues against > thunderbird with a description what was done and what was expected. As above. :) Kind regards and thanks Philipp Kern [0] https://bugs.debian.org/880424 [1] https://bugs.debian.org/880425
Attachment:
signature.asc
Description: OpenPGP digital signature