Bug#880381: apparmor profile breaks xul-ext-exteditor
Maybe we need TODO inside a profile for the future, to not forget that we need abstraction or explicit rules for xul-ext-editor, when we fix that too-permissive `/usr/bin/* Cx -> sanitized_helper`?
Bug#880381: apparmor profile breaks xul-ext-exteditor
On 2017-10-31 07:57, intrigeri wrote: > W. Martin, can you please retry with this profile: > https://anonscm.debian.org/cgit/pkg-mozilla/thunderbird.git/tree/debian/apparmor/usr.bin.thunderbird Works! :~) Thanks to all! signature.asc Description: PGP signature
Bug#880381: apparmor profile breaks xul-ext-exteditor
Control: tag -1 + moreinfo Hi, Carsten Schoenert: > Hello intrigeri, hello Simon, > On Tue, Oct 31, 2017 at 02:49:27AM +0100, W. Martin Borgert wrote: >> Package: thunderbird >> Version: 1:52.4.0-1 >> >> It seems, that apparmor prevents using an external editor with >> Thunderbird. With apparmor, no external editor starts, nor is >> there any warning or error message to the user. If I >> "aa-disable usr.bin.thunderbird", it works fine. >> >> I assume, that Thunderbird must be allowed to execute external >> programs under /usr/bin/, so that /usr/bin/emacs or other user >> defined editors can be used. > I forward this issue to you both as I'm still no apparmor expert and > need your help to solve such problems.Could to have a look at this? Thanks for reaching out to us. I've usertagged this bug "help-needed" for the AppArmor team. The advantage of doing so is that anyone on the pkg-apparmor@ mailing list will learn about it, instead of just Simon and myself. I kindly suggest that you use this usertag in the future (bus factor and all that :) The usertags we use are documented there: https://wiki.debian.org/AppArmor/Reportbug#Usertags > xul-ext-exeditor let users use a external editor instead of the internal > mesaage compose functions. I don't use this extension so I can't help > much here. I guess Martin can help in case of needed tests or requested > feedback. I believe this should incidentally be fixed by the updated profile you (Carsten) merged a couple days ago. W. Martin, can you please retry with this profile: https://anonscm.debian.org/cgit/pkg-mozilla/thunderbird.git/tree/debian/apparmor/usr.bin.thunderbird ? Cheers, -- intrigeri
Bug#880381: apparmor profile breaks xul-ext-exteditor
Hello intrigeri, hello Simon, On Tue, Oct 31, 2017 at 02:49:27AM +0100, W. Martin Borgert wrote: > Package: thunderbird > Version: 1:52.4.0-1 > > It seems, that apparmor prevents using an external editor with > Thunderbird. With apparmor, no external editor starts, nor is > there any warning or error message to the user. If I > "aa-disable usr.bin.thunderbird", it works fine. > > I assume, that Thunderbird must be allowed to execute external > programs under /usr/bin/, so that /usr/bin/emacs or other user > defined editors can be used. I forward this issue to you both as I'm still no apparmor expert and need your help to solve such problems.Could to have a look at this? xul-ext-exeditor let users use a external editor instead of the internal mesaage compose functions. I don't use this extension so I can't help much here. I guess Martin can help in case of needed tests or requested feedback. Regards Carsten
Bug#880381: apparmor profile breaks xul-ext-exteditor
Package: thunderbird Version: 1:52.4.0-1 It seems, that apparmor prevents using an external editor with Thunderbird. With apparmor, no external editor starts, nor is there any warning or error message to the user. If I "aa-disable usr.bin.thunderbird", it works fine. I assume, that Thunderbird must be allowed to execute external programs under /usr/bin/, so that /usr/bin/emacs or other user defined editors can be used.
