[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about apparmor and thunderbird



Hi,

Am 08.02.25 um 10:26 schrieb Sam Pinkus:
Thanks for the prompt Reply Rene.

On 2/8/25 00:30, Rene Engelhard wrote:

Am 07.02.25 um 07:22 schrieb Sam Pinkus:

    [27118.177316] audit: type=1400 audit(1738906497.646:1573): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/sam/.thunderbird/vk9x5555.default/key4.db" pid=45330 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
    [27118.177373] audit: type=1400 audit(1738906497.646:1574): apparmor="ALLOWED" operation="file_lock" profile="libreoffice-soffice" name="/home/sam/.thunderbird/vk9x5555.default/key4.db" pid=45330 comm="soffice.bin" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000


(Looking up certificates for signing. Usually firefox, but..)


Oh OK. I can see a related setting there in the UI now. I guess it's initial probing to set guess at a default certificate path.
Yes.
It would be great if it didn't do this by default, because I got this without going anywhere near any libreoffice signing settings.
Maybe, i am not going to change it though :)
Also note there is no apparmor rule about the key9.db, even for firefox.

Yes, indeed.

(Then again those profiles are not really maintained unfortunately - this is also one of the reasons they are in complain mode..)


Regards,


Rene


Reply to: