Hello Urs, On Thu, Jan 11, 2018 at 10:11:07AM +0100, Urs Schroffenegger wrote: ... > Took me a while to figure out what was going on. I found some people > mentionning Apparmor while searching the web and in /var/log/syslog, I found > that: > > > Jan 11 09:06:18 flare kernel: [60207.044643] audit: type=1400 > audit(1515657978.983:138): apparmor="DENIED" operation="file_mmap" > profile="thunderbird" name="/tmp/.glXWcTtR" pid=534 comm="thunderbird" > requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 > Jan 11 09:06:18 flare kernel: [60207.044646] audit: type=1400 > audit(1515657978.983:139): apparmor="DENIED" operation="file_mmap" > profile="thunderbird" name="/tmp/.glXWcTtR" pid=534 comm="thunderbird" > requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000 > Jan 11 09:06:18 flare kernel: [60207.044657] audit: type=1400 > audit(1515657978.983:140): apparmor="DENIED" operation="mkdir" > profile="thunderbird" name="/home/nab.nv/" pid=534 comm="thunderbird" > requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
with version 1:52.5.0-1 the AppArmor profile was disabled as default. The upload of 1:52.5.2-2 has fixed a issue where users which had re-enabled the AppArmor profile didn't get this disabled on a update again. So the update to 1:52.5.2-2 didn't has disabled yor active profile I guess. Why you have a active profile before the update I don't know. > Disabling the AppArmor profile for thunderbird fixed the bug: > > $ sudo aa-disable /etc/apparmor.d/usr.bin.thunderbird No, not really, it's a needed workaround for now to prevent unneeded user regressions. > I don't really know about apparmor and didn't change any of it's > configurations, I think it came with recommendation. > > Looking at various bugs, it seems like the profile shouldn't be active. > > I don't have the /etc/apparmor.d/disable/usr.bin.thunderbird mentioned in > README.apparmor. As written, I don't know why you don't get the symlink there. You would need to go through the various entries in the logfiles for apt/dpkg to maybe something more and useful. > I update regularly (couple of times a week), but don't restart to often, I > usually put the machine to sleep. And don't restart thunderbird often either, > in that case. So I don't know exaclty when the change that provoked this > appeared. But I think I did restart since the last thunderbird updates (26 > dec). And restarted yesterday, and the issue appeared. It's not only Thunderbird itself here, there is the kernel involved and also apparmor too. And I've seen various constellations and effects which I personally can't readjust. > So it looks there is an issue with the apparmor profile and with the way the > disabling and enabling of it happens. I have a fairly bif .thunderbird (about > 8GB), maybe that also started it. Mentionning this because it seems to try to > mmap something. Well, without tracing down which component (apparmor, apparmor triggering like enable/disable/reload) it's impossible to fix something. So for me this report isn't very useful. There or some other reports as well which showing some specific problems which happen while apparmor is running and that are needed to be solved. The real solution ins't the disabling of the apparmor profile. As far I see your log from above your issue is #882487. https://wiki.debian.org/Thunderbird#AppArmor_profile https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=tb-apparmor;users=thunderb...@packages.debian.org Regards Carsten
