Package: thunderbird Version: 1:52.8.0-1~deb9u1 Severity: important
Attempting to send e-mail results in a popup: [ Send Message Error ] Sending of the message failed. # aa-status --enabled && echo "AppArmor Enabled" AppArmor Enabled # aa-status | egrep '(profiles|thunderbird)' 54 profiles are loaded. 21 profiles are in enforce mode. thunderbird thunderbird//browser_java thunderbird//browser_openjdk thunderbird//gpg thunderbird//sanitized_helper 33 profiles are in complain mode. 6 processes have profiles defined. thunderbird (32689) dmesg shows the following apparmor DENIED messages: [62711.954571] audit: type=1400 audit(1527437094.186:58): apparmor="DENIED" operation="open" profile="thunderbird" name="/run/user/1000/xauth-1000-_0" pid=32700 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [62711.960341] audit: type=1400 audit(1527437094.194:59): apparmor="DENIED" operation="open" profile="thunderbird" name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [62711.971343] audit: type=1400 audit(1527437094.202:60): apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/run/user/1000/thunderbird_sdowdy/" pid=32689 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 [62711.971925] audit: type=1400 audit(1527437094.206:61): apparmor="DENIED" operation="open" profile="thunderbird" name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [62712.747197] audit: type=1400 audit(1527437094.978:62): apparmor="DENIED" operation="open" profile="thunderbird" name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [62712.895221] audit: type=1400 audit(1527437095.126:63): apparmor="DENIED" operation="open" profile="thunderbird" name="/etc/xdg/mimeapps.list" pid=32689 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [63310.628483] audit: type=1400 audit(1527437692.863:64): apparmor="DENIED" operation="mknod" profile="thunderbird" name="/run/user/1000/nsemail.eml" pid=32689 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 [63310.671468] audit: type=1400 audit(1527437692.907:65): apparmor="DENIED" operation="open" profile="thunderbird" name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 $ env | grep /run/user TMPDIR=/run/user/1000/ GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus XDG_RUNTIME_DIR=/run/user/1000 XAUTHORITY=/run/user/1000/xauth-1000-_0 I suspect because i explicitly set TMPDIR to XDG_RUNTIME_DIR (something that should be pretty normal, even better than using /tmp, IMHO), that AppArmor should allow for this. (i'm not entirely sure that's the issue, but it seems likely) Also, for general purposes... I did choose to allow/use maintainer's version of AppArmor configuration in the recent update, however, i think you should respect the existing enforce/complain/disable state of the user's system, as i'd previously done: aa-complain /etc/apparmor.d/usr.bin.thunderbird (which i am back to now in order to keep working) thanks, --stephen -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.16.0-0.bpo.1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages thunderbird depends on: ii debianutils 4.8.1.1 ii fontconfig 2.11.0-6.7+b1 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-11+deb9u3 ii libcairo-gobject2 1.14.8-1 ii libcairo2 1.14.8-1 ii libdbus-1-3 1.10.26-0+deb9u1 ii libdbus-glib-1-2 0.108-2 ii libevent-2.0-5 2.0.21-stable-3 ii libffi6 3.2.1-6 ii libfontconfig1 2.11.0-6.7+b1 ii libfreetype6 2.6.3-3.2 ii libgcc1 1:6.3.0-18+deb9u1 ii libgdk-pixbuf2.0-0 2.36.5-2+deb9u2 ii libglib2.0-0 2.50.3-2 ii libgtk-3-0 3.22.11-1 ii libhunspell-1.4-0 1.4.1-2+b2 ii libpango-1.0-0 1.40.5-1 ii libpangocairo-1.0-0 1.40.5-1 ii libpangoft2-1.0-0 1.40.5-1 ii libpixman-1-0 0.34.0-1 ii libstartup-notification0 0.12-4+b2 ii libstdc++6 6.3.0-18+deb9u1 ii libvpx4 1.6.1-3+deb9u1 ii libx11-6 2:1.6.4-3 ii libx11-xcb1 2:1.6.4-3 ii libxcb-shm0 1.12-1 ii libxcb1 1.12-1 ii libxcomposite1 1:0.4.4-2 ii libxdamage1 1:1.1.4-2+b3 ii libxext6 2:1.3.3-1+b2 ii libxfixes3 1:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt6 1:1.1.5-1 ii psmisc 22.21-2.1+b2 ii x11-utils 7.7+3+b1 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages thunderbird recommends: ii hunspell-en-us [hunspell-dictionary] 20070829-7 ii lightning 1:52.8.0-1~deb9u1 Versions of packages thunderbird suggests: ii apparmor 2.11.0-3+deb9u2 pn fonts-lyx <none> ii libgssapi-krb5-2 1.15-1+deb9u1 -- debconf-show failed