On 1/22/18 9:26 PM, Luca Boccassi wrote:
type=AVC msg=audit(1516647002.968:744): apparmor="DENIED"
operation="mkdir" profile="thunderbird" name="/home/vincas.nv/"
pid=23705 comm="thunderbird" requested_mask="c" denied_mask="c"
fsuid=1000 ouid=1000
type=SYSCALL msg=audit(1516647002.968:744): arch=c000003e syscall=83
success=no exit=-13 a0=7f81fc94ac20 a1=1ff a2=1 a3=1 items=0
ppid=23694
pid=23705 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000
egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=4 comm="thunderbird"
exe="/usr/lib/thunderbird/thunderbird-bin" key=(null)
Can't say I understand how Apparmor works, but don't those logs suggest
that it's Thunderbird doing this?
In this cases yes, it's Thunderbird.
On another case that can be Wine:
```
type=AVC msg=audit(1516649586.406:968): apparmor="DENIED" operation="file_mmap" profile="wine-preloader"
name="/tmp/.glReZDwh" pid=31547 comm="gldriverquery64" requested_mask="m" denied_mask="m" fsuid=1000 ouid=1000
```
...if I run then under optirun, when NVIDIA OpenGL libraries are loaded.
It looks like some shared code actually wanted to create $HOME + / + .nv
directory, though accidentally skipped a slash.
