@all Due a misspelled email address of Ulrike I'm just resend all again.
Sorry Am 19.05.2017 um 07:11 schrieb Carsten Schoenert: > Control: retitle -1 Thunderbird apparmor profile: access problem on /mnt > > Hello Simon, > > On Thu, May 18, 2017 at 06:51:14PM -0400, Simon Deziel wrote: >> On Thu, 27 Apr 2017 12:01:47 +0100 Jim Cobley <j...@priorycomputers.com> >> wrote: >>> audit: type=1400 audit(1493287998.510:88): apparmor="DENIED" >>> operation="open" profile="thunderbird" >>> name="/mnt/Z/temp/Bluebell/TyreSize.jpg" pid=4537 comm="thunderbird" >>> requested_mask="r" denied_mask="r" fsuid=1900 ouid=1900 >> >> Right, /mnt isn't accessible as the Apparmor policy mostly only >> authorize reading files from $HOME and /opt. I think that granting read >> access to the following directories: >> >> /data >> /media >> /mnt >> /srv >> >> And let "owner" write to those would make sense. Carsten, I've pushed a >> commit [*] doing just that. > > thanks for taking care! I'll pick that up too. > >>> audit: type=1400 audit(1493288317.390:149): apparmor="DENIED" >>> operation="exec" profile="thunderbird" >>> name="/usr/lib/firefox-esr/firefox-esr" pid=4906 comm="thunderbird" >>> requested_mask="x" denied_mask="x" fsuid=1900 ouid=0 >> >> It seems like the ESR version of Firefox would need to be added to >> "abstractions/ubuntu-browsers" or it's Debian equivalent. > > The only file I've seen there on my system is for evince. I've installed > firefox-esr. > >> $ ls /etc/apparmor.d/abstractions >> evince > > @Ulrike > You have better knowledge about the apparmor universe in Debian, what we > need to do here? > > ... >> *: >> https://github.com/simondeziel/aa-profiles/blob/master/16.04/usr.bin.thunderbird >> commit 51548d63b2 > > Regards > Carsten > -- Regards Carsten Schoenert