On Tue, Mar 14, 2017 at 11:33:51PM +1100, Fulano Diego Perez wrote: > are symlinks a problem ?
> i tried adding /local additions unsuccessfully > > lrwxrwxrwx 1 user user 73 Mar 5 14:32 .icedove -> /media/.../icedove > > AVC apparmor="DENIED" operation="open" profile="icedove" > name="/media/user/.../.icedove/profiles.ini" pid=2742 comm="icedove" > requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Yes, the kernel resolves symlinks before querying security modules for permission. There's two potential solutions here: - Modifying an /etc/apparmor.d/local/ file that is #included in the main profile to add the new file paths - Using /etc/apparmor.d/tunables/alias to create an alias. (This should not be undertaken lightly; too-extensive use of alias rules can create situations that are difficult to debug. If this is really just for icedove's ~/.icedove directory, it's probably fine.) > AVC apparmor="DENIED" operation="open" profile="icedove" > name="/sys/devices/pci0000:00/0000:00:02.0/config" pid=2745 > comm="icedove" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 > Interesting; what video card do you have? Thanks
signature.asc
Description: PGP signature