[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Apparmor pain

This is a simplified scenario: Say I have 2 machines, both running Debian 10.7. Each machine has 3 users: A, B and C. Each machine has an identical (mantained by Unison) directoery: /home/C/pictures, with permissions ugo:rwx owned by C. Each file therein has permissions ugo:r

Both machines can access any file within pictures with no problems, as one would expect.

However, using Thunderbird, machine A can attach any file from pictures, but machine B fails silently to do so. Examining the syslog for B it would appear that apparmor is preventing access.

From my web research it appears that apparmor was introduced by default at debian 10. On machine B it is blocking Thunderbird, but not on A.

I don't understand why my two machines are behaving so differently.

I don't think I really want apparmor running at all, but at least I'd like either machine to access C's files. Apparmor's man page gives eye-watering detail, but I can'tr find any easily usable configuration suggestions. The debian wiki gives me a way to disable apparmor by patching grub, but that seems like overkill.

Does anyone pease have any suggestions on how to enable an application without major surgery? any help appreciated. Thanks

Tony van der Hoff        | mailto:tony@vanderhoff.org
Buckinghamshire, England |

Reply to: