Control: clone -1 -2 Control: retitle -2 AppArmor profile prevents pidgin from starting when using pidgin-sipe Control: reopen -2 Control: notfixed -2 apparmor-profiles-extra/1.6 Control: notfixed -2 1.6 Control: tag -2 + moreinfo Control: tag -2 - patch Control: tag -2 - confirmed
Hi Guido, Guido Günther wrote (31 Oct 2015 13:59:50 GMT) : > if using pidgin-sipe the above is not sufficient since we have these > denials: I'm sorry we've not replied to this so far. I'm forking the original bug (that's now been closed) that applied to all Pidgin use cases, into a new one dedicated to the problem you're experiencing. > audit: type=1400 audit(1446299435.901:78): apparmor="DENIED" operation="open" > profile="/usr/bin/pidgin" name="/dev/tty" pid=5958 comm="pidgin" > requested_mask="rw" > denied_mask="rw" fsuid=1000 ouid=0 > audit: type=1400 audit(1446299435.901:79): apparmor="DENIED" operation="open" > profile="/usr/bin/pidgin" name="/dev/pts/3" pid=5958 comm="pidgin" > requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 These ones are often not blockers, I've seen cases when we can simply add "deny" rules for them. So let's first: > audit: type=1400 audit(1446299435.905:80): apparmor="DENIED" operation="open" > profile="/usr/bin/pidgin" name="/etc/default/pidgin-sipe" pid=5958 > comm="pidgin" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Please try adding this to /etc/apparmor.d/local/usr.bin.pidgin : /etc/default/pidgin* r, and then "sudo apparmor_parser -r /etc/apparmor.d/usr.bin.pidgin" and retry. If Pidgin still fails to start, add #include <abstractions/consoles> etc. > audit: type=1400 audit(1446299435.905:81): apparmor="DENIED" operation="exec" > profile="/usr/bin/pidgin" name="/usr/bin/pidgin.orig" pid=5962 comm="pidgin" > requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 > audit: type=1400 audit(1446299435.905:82): apparmor="DENIED" operation="open" This doesn't make much sense to me. If this pidgin.orig is a local thing, can you reproduce without it? Cheers, -- intrigeri
