On Wed, 05 Jun 2019 15:47:48 +0200 Nabile <nabile13...@gmail.com> wrote:> (I am not sure if
Thunderbird mainly uses GTK2, which only reads from
~/.themes, but since I symlinked ~/.themes to ~/.local/share/themes, it works
on my configuration. For those who don't symlink ~/.themes, it may be necessary
to add a third whitelist for this folder, provided Thunderbird does use GTK2,
of course.)
Hi Nabile,
`~/.themes` is currently allowed by `gnome` abstraction (which is already included by
usr.bin.thnunderbird profile):
```
fgrep -R ".themes" /etc/apparmor.d/abstractions/
/etc/apparmor.d/abstractions/gnome: owner @{HOME}/.themes/ r,
/etc/apparmor.d/abstractions/gnome: owner @{HOME}/.themes/** r,
```
You will not "cheat" AppArmor by creating symlinks (unless user uses bind-mount I believe), it has
to check the actual path, so, hence, DENIED.
I do not know if/how `~/.local/share/themes` location is "standard"/expected here. Generally, it's
advised to modify `/etc/apparmor.d/local/usr.bin.thunderbird` for any local customizations.
Currently, it seems that it's user customization rather than AppArmor misconfiguration, so I am not
sure if we should fix it in Thunderbird's profile or either in gnome abstraction.
