On 2017-09-21 02:46 AM, Vincas Dargis wrote: > /etc/apparmor.d/usr.bin.thunderbird has these lines: > > owner /tmp/** m, > owner /var/tmp/** m, > > Is this really necesarry? If Thunderbir actually tries to mmap files with > executable flags, I believe it should be reported as a bug upstream. > >>From AppArmor wiki [0]: > ``` > Short form permissions map to > > m - mmap_x, mprot_wx > > mmap_x - mmap a file executable > mprot_wx - allow transitioning an mmap from w to x, (this sticks for the > lifetime of the mmap even if w is removed before trying to apply x > > ``` > > I will try to use Thunderbird profile with these lines commented out, I'll see > if DENIES appear.
I just removed those 2 lines and ran some tests (calendar, enigmail, etc) and saw no denials. > By the way, I see same lines on usr.lib.firefox.firefox, maybe it's just old > bug and blind copy-paste? That's right, Thunderbird's profile started out as a copy of the Firefox one. I don't know if Firefox needs/needed those but it seems like Thunderbird is happy without. I don't have many extensions so it would be nice to hear from other testers. Thanks for reporting this! Regards, Simon
signature.asc
Description: OpenPGP digital signature