Package: icedove Version: 1:45.2.0-4+b1 Severity: important Dear Maintainer,
movemail is still getting blocked by apparmor: [ +9.515262] audit: type=1400 audit(1473764643.385:763839): apparmor="DENIED" operation="file_lock" profile="icedove" name="/var/mail/infinity0" pid=25709 comm="icedove" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 [ +1.000891] audit: type=1400 audit(1473764644.389:763840): apparmor="DENIED" operation="file_lock" profile="icedove" name="/var/mail/infinity0" pid=25709 comm="icedove" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 [ +1.000920] audit: type=1400 audit(1473764645.389:763841): apparmor="DENIED" operation="file_lock" profile="icedove" name="/var/mail/infinity0" pid=25709 comm="icedove" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 [ +1.000986] audit: type=1400 audit(1473764646.389:763842): apparmor="DENIED" operation="file_lock" profile="icedove" name="/var/mail/infinity0" pid=25709 comm="icedove" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 [ +1.000920] audit: type=1400 audit(1473764647.389:763843): apparmor="DENIED" operation="file_lock" profile="icedove" name="/var/mail/infinity0" pid=25709 comm="icedove" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000 Furthermore the icedove/thunderbird error message contains very dangerous advice: "Unable to create lock file /var/spool/mail/infinity0.lock. For movemail to work, it is necessary to create lock files in the mail spool directory. On many systems, this is best accomplished by making the spool directory be mode 01777." Setting it to 01777 would allow anyone to delete everyone's mail. Instead, a better fix is: /etc/apparmor.d/usr.bin.icedove: # system emails - owner /var/mail/* rw, + owner /var/mail/* rwlk, then `service apparmor reload` and restart icedove X -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (300, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages icedove depends on: ii debianutils 4.8 ii fontconfig 2.11.0-6.7 ii libasound2 1.1.2-1 ii libatk1.0-0 2.20.0-1 ii libc6 2.23-5 ii libcairo2 1.14.6-1+b1 ii libdbus-1-3 1.10.10-1 ii libdbus-glib-1-2 0.106-1 ii libevent-2.0-5 2.0.21-stable-2+b1 ii libffi6 3.2.1-4 ii libfontconfig1 2.11.0-6.7 ii libfreetype6 2.6.3-3+b1 ii libgcc1 1:6.1.1-11 ii libgdk-pixbuf2.0-0 2.34.0-1 ii libglib2.0-0 2.49.6-1 ii libgtk2.0-0 2.24.30-4 ii libhunspell-1.4-0 1.4.1-2 ii libicu57 57.1-3 ii libnspr4 2:4.12-2 ii libnss3 2:3.25-1 ii libpango-1.0-0 1.40.2-1 ii libpangocairo-1.0-0 1.40.2-1 ii libpangoft2-1.0-0 1.40.2-1 ii libpixman-1-0 0.33.6-1 ii libsqlite3-0 3.14.1-1 ii libstartup-notification0 0.12-4 ii libstdc++6 6.1.1-11 ii libvpx4 1.6.0-2 ii libx11-6 2:1.6.3-1 ii libxcomposite1 1:0.4.4-1 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.2-1 ii libxrender1 1:0.9.9-2 ii libxt6 1:1.1.5-1 ii psmisc 22.21-2.1+b1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages icedove recommends: ii hunspell-en-gb [hunspell-dictionary] 1:5.2.0-1 ii hunspell-en-us [hunspell-dictionary] 20070829-6 ii iceowl-extension 1:45.2.0-4+b1 Versions of packages icedove suggests: ii apparmor 2.10.95-4 pn fonts-lyx <none> ii libgssapi-krb5-2 1.14.3+dfsg-1 -- no debconf information
