Package: thunderbird
Version: 1:60.0~b2-1
Severity: normal
Tags: upstream
User: pkg-apparmor-t...@lists.alioth.debian.org
Dear Maintainer,
AppArmor profile denies access to paths like
`/sys/devices/pci0000:00/0000:00:02.0/{vendor,device,uevent,...}`:
```
type=AVC msg=audit(1523552674.105:410): apparmor="DENIED"
operation="open" profile="thunderbird"
name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=11430
comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1523552771.505:437): apparmor="DENIED"
operation="open" profile="thunderbird"
name="/sys/devices/pci0000:00/0000:00:02.0/device" pid=11569
comm="thunderbird" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```
This can be fixed by including rather new `dri-enumerate` abstraction,
but it is available only in upstream AppArmor maser [0] yet.
I'll propose upstream fix once `dri-enumerate` is shipped.
Thunderbird does seem to work fine even with denies though.
[0]
https://gitlab.com/apparmor/apparmor/blob/master/profiles/apparmor.d/abstractions/dri-enumerate
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt
(charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages thunderbird depends on:
ii debianutils 4.8.4
ii fontconfig 2.13.0-2
ii libatk1.0-0 2.28.1-1
ii libc6 2.27-3
ii libcairo-gobject2 1.15.10-2
ii libcairo2 1.15.10-2
ii libdbus-1-3 1.12.6-2
ii libdbus-glib-1-2 0.110-2
ii libevent-2.1-6 2.1.8-stable-4
ii libffi6 3.2.1-8
ii libfontconfig1 2.13.0-2
ii libfreetype6 2.8.1-2
ii libgcc1 1:8-20180402-1
ii libgdk-pixbuf2.0-0 2.36.11-2
ii libglib2.0-0 2.56.1-2
ii libgtk-3-0 3.22.29-3
ii libgtk2.0-0 2.24.32-1
ii libhunspell-1.6-0 1.6.2-1
ii libjsoncpp1 1.7.4-3
ii libnspr4 2:4.19-1
ii libnss3 2:3.36.1-1
ii libpango-1.0-0 1.42.1-1
ii libpangocairo-1.0-0 1.42.1-1
ii libpangoft2-1.0-0 1.42.1-1
ii libsqlite3-0 3.23.1-1
ii libstartup-notification0 0.12-5
ii libstdc++6 8-20180402-1
ii libvpx5 1.7.0-3
ii libx11-6 2:1.6.5-1
ii libx11-xcb1 2:1.6.5-1
ii libxcb-shm0 1.13-1
ii libxcb1 1.13-1
ii libxcomposite1 1:0.4.4-2
ii libxcursor1 1:1.1.15-1
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxi6 2:1.7.9-1
ii libxrender1 1:0.9.10-1
ii libxt6 1:1.1.5-1
ii psmisc 23.1-1
ii x11-utils 7.7+4
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages thunderbird recommends:
ii hunspell-ar [hunspell-dictionary] 3.2-1
ii hunspell-en-gb [hunspell-dictionary] 1:6.0.3-2
ii hunspell-en-us [hunspell-dictionary] 1:2017.08.24
ii hunspell-lt [hunspell-dictionary] 1:6.0.3-2
ii lightning 1:60.0~b2-1
Versions of packages thunderbird suggests:
ii apparmor 2.12-4
pn fonts-lyx <none>
ii libgssapi-krb5-2 1.16-2
-- Configuration Files:
/etc/apparmor.d/usr.bin.thunderbird changed [not included]
-- no debconf information
