Hello intri, hello Vincas, this looks like something you guys should have a look at please. Thanks!
@intrigeri The uploads of TB 52.8.0 to stretch- and jessie-security did have cherry-picked your reverted commit c33dba2f from unstable so the issue of the user are not related to this modification I guess. Am 27.05.2018 um 18:54 schrieb Stephen Dowdy: > Package: thunderbird > Version: 1:52.8.0-1~deb9u1 > Severity: important > > > Attempting to send e-mail results in a popup: > > [ Send Message Error ] > Sending of the message failed. > > > # aa-status --enabled && echo "AppArmor Enabled" > AppArmor Enabled > > # aa-status | egrep '(profiles|thunderbird)' > 54 profiles are loaded. > 21 profiles are in enforce mode. > thunderbird > thunderbird//browser_java > thunderbird//browser_openjdk > thunderbird//gpg > thunderbird//sanitized_helper > 33 profiles are in complain mode. > 6 processes have profiles defined. > thunderbird (32689) > > > dmesg shows the following apparmor DENIED messages: > > [62711.954571] audit: type=1400 audit(1527437094.186:58): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/run/user/1000/xauth-1000-_0" pid=32700 comm="thunderbird" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > [62711.960341] audit: type=1400 audit(1527437094.194:59): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > [62711.971343] audit: type=1400 audit(1527437094.202:60): > apparmor="DENIED" operation="mkdir" profile="thunderbird" > name="/run/user/1000/thunderbird_sdowdy/" pid=32689 comm="thunderbird" > requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 > [62711.971925] audit: type=1400 audit(1527437094.206:61): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > [62712.747197] audit: type=1400 audit(1527437094.978:62): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > [62712.895221] audit: type=1400 audit(1527437095.126:63): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/etc/xdg/mimeapps.list" pid=32689 comm="thunderbird" requested_mask="r" > denied_mask="r" fsuid=1000 ouid=0 > [63310.628483] audit: type=1400 audit(1527437692.863:64): > apparmor="DENIED" operation="mknod" profile="thunderbird" > name="/run/user/1000/nsemail.eml" pid=32689 comm="thunderbird" > requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 > [63310.671468] audit: type=1400 audit(1527437692.907:65): > apparmor="DENIED" operation="open" profile="thunderbird" > name="/run/user/1000/xauth-1000-_0" pid=32689 comm="thunderbird" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > > $ env | grep /run/user > TMPDIR=/run/user/1000/ > GPG_AGENT_INFO=/run/user/1000/gnupg/S.gpg-agent:0:1 > DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus > XDG_RUNTIME_DIR=/run/user/1000 > XAUTHORITY=/run/user/1000/xauth-1000-_0 > > I suspect because i explicitly set TMPDIR to XDG_RUNTIME_DIR (something that > should be pretty normal, even better than using /tmp, IMHO), that AppArmor > should allow for this. > (i'm not entirely sure that's the issue, but it seems likely) > > > Also, for general purposes... > I did choose to allow/use maintainer's version of AppArmor configuration in > the recent update, however, i think you should respect the existing > enforce/complain/disable state of the user's system, as i'd previously done: > > aa-complain /etc/apparmor.d/usr.bin.thunderbird > (which i am back to now in order to keep working) > > > thanks, > --stephen > > > -- System Information: > Debian Release: 9.4 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.16.0-0.bpo.1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE= > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages thunderbird depends on: > ii debianutils 4.8.1.1 > ii fontconfig 2.11.0-6.7+b1 > ii libatk1.0-0 2.22.0-1 > ii libc6 2.24-11+deb9u3 > ii libcairo-gobject2 1.14.8-1 > ii libcairo2 1.14.8-1 > ii libdbus-1-3 1.10.26-0+deb9u1 > ii libdbus-glib-1-2 0.108-2 > ii libevent-2.0-5 2.0.21-stable-3 > ii libffi6 3.2.1-6 > ii libfontconfig1 2.11.0-6.7+b1 > ii libfreetype6 2.6.3-3.2 > ii libgcc1 1:6.3.0-18+deb9u1 > ii libgdk-pixbuf2.0-0 2.36.5-2+deb9u2 > ii libglib2.0-0 2.50.3-2 > ii libgtk-3-0 3.22.11-1 > ii libhunspell-1.4-0 1.4.1-2+b2 > ii libpango-1.0-0 1.40.5-1 > ii libpangocairo-1.0-0 1.40.5-1 > ii libpangoft2-1.0-0 1.40.5-1 > ii libpixman-1-0 0.34.0-1 > ii libstartup-notification0 0.12-4+b2 > ii libstdc++6 6.3.0-18+deb9u1 > ii libvpx4 1.6.1-3+deb9u1 > ii libx11-6 2:1.6.4-3 > ii libx11-xcb1 2:1.6.4-3 > ii libxcb-shm0 1.12-1 > ii libxcb1 1.12-1 > ii libxcomposite1 1:0.4.4-2 > ii libxdamage1 1:1.1.4-2+b3 > ii libxext6 2:1.3.3-1+b2 > ii libxfixes3 1:5.0.3-1 > ii libxrender1 1:0.9.10-1 > ii libxt6 1:1.1.5-1 > ii psmisc 22.21-2.1+b2 > ii x11-utils 7.7+3+b1 > ii zlib1g 1:1.2.8.dfsg-5 > > Versions of packages thunderbird recommends: > ii hunspell-en-us [hunspell-dictionary] 20070829-7 > ii lightning 1:52.8.0-1~deb9u1 > > Versions of packages thunderbird suggests: > ii apparmor 2.11.0-3+deb9u2 > pn fonts-lyx <none> > ii libgssapi-krb5-2 1.15-1+deb9u1 > > -- debconf-show failed > -- Regards Carsten Schoenert
