Please test my WIP solution:
https://gitlab.com/Talkless/apparmor-profiles/blob/fix-thunderbird-signature/ubuntu/18.04/usr.bin.thunderbird
Biggest danger is the fact that, although it is more secure now, it might deny access to some not yet discovered
`$HOME/.directory/whatever`, as I got with `.cache/thumbnails/...` case.
Profile was really too permissive, with:
owner @{HOME}/** rw,
meanwhile denying only dot files, but not directories:
deny @{HOME}/.* r,
I have tested on various desktop environments, discovered some .files to be denied to reduce noise. But maybe (probably)
your $HOME has more to be added for sake of silence in the logs :) .
