Hello, > comm="bwrap" looks like a hint towards bubblewrap, therefore my guess > is that we are looking at a flatpak-packaged evolution here. But that's > just a guess, so I'll wait for the feedback from the reporter.
Evolution is not a flatpak version, it is the default version installed with the OS (Debian 12) > As far as I know we don't confine Evolution with AppArmor in Debian, > so I suppose you've installed or enabled a profile yourself, and then > I would encourage you to report this problem to the authors of > said profile. > If my assumptions are incorrect, please help me understand :) Yes, the Profile is not part of Debian 12, I tried to install the profile from the https://packages.debian.org/bookworm/apparmor-profiles package, but it didn't work at all. So I am trying to create my own profile, mostly using aa-logprof. > For the records. aa-logprof doesn't support mount rules yet (besides > keeping/not breaking existing rules) which is why it doesn't ask > anything for the DENIED event quoted above. Thanks for the info, I hadn't thought of that, so I'll try to resolve unsupported records manually. (It might be a good idea to mention this somewhere, perhaps for other users, if not directly when generating via aa-logprof, at least in its manual) > That said: > The profile will need a mount rule added, probably > mount options=(rw, silent, rslave) -> /, > (I know allowing evolution or bwrap to mount / looks strange, even if > it's inside a sandbox. But I'm afraid that's what the sandbox needs.) Thanks for the syntax. So probably even the default version (non flatpak version) tries to create a sandbox to run Evolution? Without a deeper knowledge of the operating system and especially the application, it's not that easy to make rules as mentioned on the internet.
