Hello Vincas, could you check if the proposed modification to the profile is acceptable? For me this looks good.
Am 09.02.19 um 22:38 schrieb Anthony DeRobertis: > Package: thunderbird > Version: 1:60.4.0-1 > Severity: minor > > Whenever a calendar reminder is displaying, Thunderbird is flooding my > logs with apparmor denials: > > Feb 9 16:20:34 Watt kernel: [518027.774746] audit: type=1400 > audit(1549747234.261:2371): apparmor="DENIED" operation="open" > profile="thunderbird" name="/home/anthony/.local/share/mime/mime.cache" > pid=4245 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 > ouid=1000 > Feb 9 16:20:34 Watt kernel: [518027.774759] audit: type=1400 > audit(1549747234.261:2372): apparmor="DENIED" operation="open" > profile="thunderbird" name="/home/anthony/.local/share/mime/globs2" pid=4245 > comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > Feb 9 16:20:34 Watt kernel: [518027.774761] audit: type=1400 > audit(1549747234.261:2373): apparmor="DENIED" operation="open" > profile="thunderbird" name="/home/anthony/.local/share/mime/magic" pid=4245 > comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 > ... [snip] > Feb 9 16:22:13 Watt kernel: [518126.872750] audit: type=1400 > audit(1549747333.359:2412): apparmor="DENIED" operation="open" > profile="thunderbird" name="/home/anthony/.local/share/mime/generic-icons" > pid=4245 comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 > ouid=1000 > > The journal has 264 lines of this in the last hour alone (during which > the machine was sitting idle, untouched, but Thunderbird was displaying > a calendar reminder) > > I added this, seems reasonable for Thunderbird to read the MIME > database: > > diff --git a/apparmor.d/usr.bin.thunderbird b/apparmor.d/usr.bin.thunderbird > index b5c6251..bbf11be 100644 > --- a/apparmor.d/usr.bin.thunderbird > +++ b/apparmor.d/usr.bin.thunderbird > @@ -99,6 +99,9 @@ profile thunderbird @{thunderbird_executable} { > @{PROC}/[0-9]*/net/wireless r, > @{PROC}/[0-9]*/net/arp r, > > + # local - more MIME stuff > + owner @{HOME}/.local/share/mime/** r, > + > # should maybe be in abstractions > /etc/ r, > /etc/mime.types r, -- Regards Carsten Schoenert