Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
Hello, On Wed, Jul 12, 2017 at 08:12:01PM +, Grand T wrote: > > Hello Carsten, > > First try was nok, I have to purge Thunderbird and the second try was ok. does that mean the issue is solved? If yes you could close this report by yourself if writing a email adressed to 868120-d...@bugs.debian.org. > The previous problematic file is now this way > > root@debian:/etc/apparmor.d/local# cat usr.bin.thunderbird > # Site-specific additions and overrides for usr.bin.thunderbird. > # For more details, please see /etc/apparmor.d/local/README. > > As far as I can guess this came from the way the update went: > > 1) gnome gpk-update-viewer was running with no ending so I interrupted >it, it seems gnome is unable to display the question thunderbird >update asked. I reported this behaviour > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868122 O.k. Interrupted installations are mostly a problem afterwards as at one point you will run into trouble and you don't see on a first look that the root for the problem is. Like seen by this issue you had. I typically use the classical cli for doing updates and installations so I see more directly if something isn't working as designed. > 2) So I finished the update manually > root@debian:/# dpkg --configure -a > Paramétrage de thunderbird (1:52.2.1-4) ... One nitpick, please unset your local setting for the preferred language in the future if you providing logs. This can be done simple by using the environment variable LANG. So for example for the above command you would call it this way: # LANG= dpkg --configure -a Regards Carsten
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
Hello Carsten,
First try was nok, I have to purge Thunderbird and the second try was ok.
The previous problematic file is now this way
root@debian:/etc/apparmor.d/local# cat usr.bin.thunderbird
# Site-specific additions and overrides for usr.bin.thunderbird.
# For more details, please see /etc/apparmor.d/local/README.
As far as I can guess this came from the way the update went:
1) gnome gpk-update-viewer was running with no ending so I interrupted it, it
seems gnome is unable to display the question thunderbird update asked. I
reported this behaviour
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868122
2) So I finished the update manually
root@debian:/# dpkg --configure -a
Paramétrage de thunderbird (1:52.2.1-4) ...
Fichier de configuration « /etc/apparmor.d/usr.bin.thunderbird »
==> Supprimé (par vous ou par un script) depuis l'installation.
==> Le distributeur du paquet a fourni une version mise à jour.
Que voulez-vous faire ? Vos options sont les suivantes :
Y ou I : installer la version du responsable du paquet
N ou O : garder votre version actuellement installée
D : afficher les différences entre les versions
Z : suspendre ce processus pour examiner la situation
L'action par défaut garde votre version actuelle.
*** usr.bin.thunderbird (Y/I/N/O/D/Z) [défaut=N] ? Y
Installation de la nouvelle version du fichier de configuration
/etc/apparmor.d/usr.bin.thunderbird ...
AppArmor parser error for /etc/apparmor.d/usr.bin.thunderbird in
/etc/apparmor.d/local/usr.bin.thunderbird at line 1: Found unexpected
character: ''
Below all the commands and report you asked.
***first try
***
root@debian:/# find /etc/apparmor.d -type f -name "*thunderbird*" -exec sudo rm
{} \;
root@debian:/# cd /etc/apparmor.d
root@debian:/etc/apparmor.d# ls *thunderbird*
ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce type
root@debian:/etc/apparmor.d# cd local
root@debian:/etc/apparmor.d/local# ls *thunderbird*
ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce type
root@debian:/etc/apparmor.d/local# cd ../disable
root@debian:/etc/apparmor.d/disable# ls *thunderbird*
usr.bin.thunderbird
root@debian:/etc/apparmor.d/disable# rm usr.bin.thunderbird
root@debian:/etc/apparmor.d/disable# apt install --reinstall thunderbird
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
0 mis à jour, 0 nouvellement installés, 1 réinstallés, 0 à enlever et 0 non mis
à jour.
Il est nécessaire de prendre 0 o/40,8 Mo dans les archives.
Après cette opération, 0 o d'espace disque supplémentaires seront utilisés.
(Lecture de la base de données... 208083 fichiers et répertoires déjà
installés.)
Préparation du dépaquetage de .../thunderbird_1%3a52.2.1-4_amd64.deb ...
Dépaquetage de thunderbird (1:52.2.1-4) sur (1:52.2.1-4) ...
Traitement des actions différées (« triggers ») pour mime-support (3.60) ...
Traitement des actions différées (« triggers ») pour desktop-file-utils
(0.23-1) ...
Paramétrage de thunderbird (1:52.2.1-4) ...
Traitement des actions différées (« triggers ») pour man-db (2.7.6.1-2) ...
Traitement des actions différées (« triggers ») pour gnome-menus (3.13.3-9) ...
Traitement des actions différées (« triggers ») pour hicolor-icon-theme
(0.15-1) ...
bad
root@debian:/etc/apparmor.d/disable# aa-disable thunderbird
Profile for /usr/bin/thunderbird not found, skipping
root@debian:/etc/apparmor.d/disable# cd ..
root@debian:/etc/apparmor.d# ls *thunderbird*
ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce type
root@debian:/etc/apparmor.d# ls -alrt
total 232
drwxr-xr-x 2 root root 4096 mars 30 2016 force-complain
-rw-r--r-- 1 root root 964 mars 30 2016 usr.sbin.mdnsd
-rw-r--r-- 1 root root 1013 mars 30 2016 usr.sbin.identd
-rw-r--r-- 1 root root 790 mars 30 2016 usr.lib.dovecot.ssl-params
-rw-r--r-- 1 root root 967 mars 30 2016 usr.lib.dovecot.pop3-login
-rw-r--r-- 1 root root 900 mars 30 2016 usr.lib.dovecot.pop3
-rw-r--r-- 1 root root 1109 mars 30 2016 usr.lib.dovecot.managesieve-login
-rw-r--r-- 1 root root 953 mars 30 2016 usr.lib.dovecot.managesieve
-rw-r--r-- 1 root root 1008 mars 30 2016 usr.lib.dovecot.imap-login
-rw-r--r-- 1 root root 1056 mars 30 2016 usr.lib.dovecot.dovecot-auth
-rw-r--r-- 1 root root 887 mars 30 2016 usr.lib.dovecot.dict
-rw-r--r-- 1 root root 1153 mars 30 2016 usr.lib.dovecot.deliver
-rw-r--r-- 1 root root 733 mars 30 2016 usr.lib.dovecot.anvil
-rw-r--r-- 1 root root 8243 mars 30 2016 usr.bin.chromium-browser
-rw-r--r-- 1 root root 1307 mars 30 2016 sbin.syslogd
-rw-r--r-- 1 root root 999 mars 30 2016 sbin.klogd
-rw-r--r-- 1 root root 5995 avril 26 2016
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
On Wed, Jul 12, 2017 at 01:39:34PM +, Grand T wrote: > Startin from a clean situation > > > root@debian:/etc/apparmor.d# ls -alrt *thunderbird* > -rw-r--r-- 1 root root 8819 juil. 12 15:33 usr.bin.thunderbird > root@debian:/etc/apparmor.d# cd local > root@debian:/etc/apparmor.d/local# ls -alrt *thunderbird* > ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce > type > root@debian:/etc/apparmor.d/local# cd ../disable/ > root@debian:/etc/apparmor.d/disable# ls -alrt *thunderbird* > ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce > type > root@debian:/etc/apparmor.d/disable# aa-disable thunderbird > > ERROR: Include file /etc/apparmor.d/local/usr.bin.thunderbird not found > > > So what? Apparmor says he needs something in local while you say it don't > have anything in local Sorry, I still can't reproduce your issue here even on a second PC. I installed apparmor on a laptop were version 45.8.0-3 is still installed. carsten@x260:~ $ LANG= dpkg -l thunderbird Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version ArchitectureDescription +++--===-===-= ii thunderbird 1:45.8.0-3 amd64 mail/news client with RSS, chat and integrate carsten@x260:~ $ LANG= sudo apt install apparmor Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libass5 libbluray1 libmad0 libntfs-3g871 libraw15 libx265-95 Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: libapparmor-perl Suggested packages: apparmor-profiles apparmor-profiles-extra apparmor-utils The following NEW packages will be installed: apparmor libapparmor-perl 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 609 kB of archives. ... [snip] Created symlink /etc/systemd/system/sysinit.target.wants/apparmor.service -> /lib/systemd/system/apparmor.service. update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory Processing triggers for systemd (233-9) ... I started thunderbird and it worked as expected. Now I updated to 52.2.1-4 by updating the whole system which I needed to anyway ... carsten@x260:~ $ LANG= sudo apt upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: libass5 libbluray1 libmad0 libntfs-3g871 libraw15 libx265-95 python-pyasn1 Use 'sudo apt autoremove' to remove them. The following NEW packages will be installed: firmware-linux-free irqbalance linux-image-4.11.0-1-amd64 python-asn1crypto The following packages will be upgraded: adwaita-icon-theme apt apt-utils at-spi2-core automake calendar-google-provider cpp cpp-6 cups ncurses-term perl perl-base perl-modules-5.24 python-cryptography systemd systemd-sysv thunderbird thunderbird-l10n-de udev xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-legacy xwayland 120 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. Need to get 193 MB of archives. ... [snip] carsten@x260:~ $ LANG= dpkg -l thunderbird Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version ArchitectureDescription +++--===-===-= ii thunderbird 1:52.2.1-4 amd64 mail/news client with RSS, chat and integrate Now again I started Thunderbird ... and all is working again. carsten@x260:~ $ thunderbird --version Thunderbird 52.2.1 carsten@x260:~ $ thunderbird [calBackendLoader] Using Thunderbird's builtin libical backend [calSleepMonitor] Starting sleep monitor. [calTimezoneService] Loading resource://calendar/timezones/zones.json [calTimezoneService] Timezones version 2.2016j loaded [calGoogleSessionManager] Creating session c.schoenert@x [calStorageCalendar] Timezones have been changed from 2.2016c to 2.2016j, updating calendar data. [calGoogleSessionManager] Reusing session c.schoenert@x ... So I'm sorry, but without readjusting the behaviour of your setup it's very difficult to track down the root of your problem. Maybe you can provide a complete backup of the folder /etc/apparmor.d. One thing I need to take back is about the file 'local/usr.bin.thunderbird', We ship this file, or at least the
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
I found another way to disable the thunderbird profile root@debian:/etc/apparmor.d/local# ls bin.ping usr.bin.totem-previewers usr.lib.dovecot.log usr.sbin.dovecot gst_plugin_scanner usr.lib.dovecot.anvil usr.lib.dovecot.managesieve usr.sbin.identd README usr.lib.dovecot.auth usr.lib.dovecot.managesieve-login usr.sbin.mdnsd sbin.klogd usr.lib.dovecot.config usr.lib.dovecot.pop3 usr.sbin.nmbd sbin.syslogd usr.lib.dovecot.deliver usr.lib.dovecot.pop3-login usr.sbin.nscd sbin.syslog-ng usr.lib.dovecot.dict usr.lib.dovecot.ssl-params usr.sbin.smbd usr.bin.chromium-browser usr.lib.dovecot.dovecot-auth usr.sbin.apt-cacher-ng usr.sbin.smbldap-useradd usr.bin.evince usr.lib.dovecot.dovecot-lda usr.sbin.avahi-daemon usr.sbin.tcpdump usr.bin.irssi usr.lib.dovecot.imap usr.sbin.cups-browsed usr.sbin.traceroute usr.bin.pidgin usr.lib.dovecot.imap-login usr.sbin.cupsd usr.bin.totem usr.lib.dovecot.lmtp usr.sbin.dnsmasq root@debian:/etc/apparmor.d/local# touch usr.bin.thunderbird root@debian:/etc/apparmor.d/local# aa-disable usr.bin.thunderbird Disabling /etc/apparmor.d/local/usr.bin.thunderbird. root@debian:/etc/apparmor.d/local# cd ../disable root@debian:/etc/apparmor.d/disable# ls -alrt total 12 lrwxrwxrwx 1 root root 29 juin 30 12:13 usr.bin.totem -> /etc/apparmor.d/usr.bin.totem drwxr-xr-x 9 root root 4096 juil. 12 11:57 .. drwxr-xr-x 2 root root 4096 juil. 12 16:31 local drwxr-xr-x 3 root root 4096 juil. 12 16:31 . root@debian:/etc/apparmor.d/disable# cd local root@debian:/etc/apparmor.d/disable/local# ls -alrt total 8 lrwxrwxrwx 1 root root 41 juil. 12 16:31 usr.bin.thunderbird -> /etc/apparmor.d/local/usr.bin.thunderbird drwxr-xr-x 3 root root 4096 juil. 12 16:31 .. drwxr-xr-x 2 root root 4096 juil. 12 16:31 . root@debian:/etc/apparmor.d/disable/local# systemctl reload apparmor root@debian:/etc/apparmor.d/disable/local# systemctl status apparmor ● apparmor.service - AppArmor initialization Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: active (exited) since Wed 2017-07-12 13:29:05 CEST; 3h 6min ago Docs: man:apparmor(7) http://wiki.apparmor.net/ Process: 4821 ExecReload=/etc/init.d/apparmor reload (code=exited, status=0/SUCCESS) Process: 442 ExecStart=/etc/init.d/apparmor start (code=exited, status=0/SUCCESS) Main PID: 442 (code=exited, status=0/SUCCESS) juil. 12 16:02:19 debian systemd[1]: Reloaded AppArmor initialization. juil. 12 16:20:23 debian systemd[1]: Reloading AppArmor initialization. juil. 12 16:20:27 debian apparmor[4492]: Reloading AppArmor profiles:Skipping profile in /etc/apparmor.d/disable: usr.bin.thunderbird juil. 12 16:20:27 debian apparmor[4492]: Skipping profile in /etc/apparmor.d/disable: usr.bin.totem juil. 12 16:20:32 debian apparmor[4492]: . juil. 12 16:20:32 debian systemd[1]: Reloaded AppArmor initialization. juil. 12 16:34:54 debian systemd[1]: Reloading AppArmor initialization. juil. 12 16:34:59 debian apparmor[4821]: Reloading AppArmor profiles:Skipping profile in /etc/apparmor.d/disable: usr.bin.totem juil. 12 16:35:04 debian apparmor[4821]: . juil. 12 16:35:04 debian systemd[1]: Reloaded AppArmor initialization. Conclusion : it really needs to have a usr.bin.thunderbird in :/etc/apparmor.d/local
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
Startin from a clean situation root@debian:/etc/apparmor.d# ls -alrt *thunderbird* -rw-r--r-- 1 root root 8819 juil. 12 15:33 usr.bin.thunderbird root@debian:/etc/apparmor.d# cd local root@debian:/etc/apparmor.d/local# ls -alrt *thunderbird* ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce type root@debian:/etc/apparmor.d/local# cd ../disable/ root@debian:/etc/apparmor.d/disable# ls -alrt *thunderbird* ls: impossible d'accéder à '*thunderbird*': Aucun fichier ou dossier de ce type root@debian:/etc/apparmor.d/disable# aa-disable thunderbird ERROR: Include file /etc/apparmor.d/local/usr.bin.thunderbird not found So what? Apparmor says he needs something in local while you say it don't have anything in local
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
On Wed, Jul 12, 2017 at 11:38:46AM +, Grand T wrote:
> the profile is the one from
>
> Package: thunderbird
> Version: 1:52.2.1-4
The profile inside /etc/apparmor.d comes from the package, not with the
one from /etc/apparmor.d/local.
> All that mess came after upgrade of Thunderbird
>
> So I suspect this issue is in your original profile.
That's need to be proven.
We had five commits made for the apparmor profile, all picked from
upstream so it's quite unlikely that that nobody else has seen such
issue before the Debian upload.
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/log/debian/apparmor?showmsg=1
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=5d5392b9d036d4af16806ab050903aa9667f7b65
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=f49ad79331742d323e77c52682b5ec5d89b1
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=d8e5d42ce36a73e328448c88932204239ac695ce
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=f18884e0fd87e46fbc4494feb6b8b81a341c9d37
https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=e73afbb82a5f254bf40a69ba044a356d6f6d2f27
> root@debian:/# aa-disable usr.bin.thunderbird
>
> ERROR: local/usr.bin.thunderbird profile in local/usr.bin.thunderbird
> contains syntax errors in line 202: a child profile inside another child
> profile is not allowed.o
^^
That line tells me something different in contrest to your statement
above.
> Line 202 is that one
>
> profile gpg {
> #include
>
> # Required to import keys from keyservers
> #include
> #include
That's correct and no thing we need to talk about.
Apparmor is complaining that a profile is trying to load a profile
within a profile. This can only happen if there is a another profile
included with the same name.
> Brother I dont write this myself!!
Common, what should we or I do to help you?
I've wrote that you please disable/remove the copied profile in
/etc/apparmor.d/local and ensure that *only* the profile from the
thunderbird package in /etc/apparmor.d is alive.
Without knowing the outcome of that it's useless to go further and blame
someone. Issue tracking isn't always easy but the first thing is to know
under which circumstances a problem is occur. And we need to know if the
issue is related to the original profile in the designated folder or
something else. I can't readjust your problem here.
Your report is the first report about a apparmour issue within
Thunderbird > 45.8.0. Given we allready had issues in the past with
Thunderbird 45.x and users reporting such issues immediately after the package
upload I tend to say for now that the problem is a local problem on your
side.
So please follow my request and start with definated environment given
by the usage of no extra profile in /etc/apparmor.d/local.
If the problem is still existing you can try selectively revert the
changes made in the fice commits.
Regards
Carsten
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
the profile is the one from
Package: thunderbird
Version: 1:52.2.1-4
All that mess came after upgrade of Thunderbird
So I suspect this issue is in your original profile.
root@debian:/# aa-disable usr.bin.thunderbird
ERROR: local/usr.bin.thunderbird profile in local/usr.bin.thunderbird contains
syntax errors in line 202: a child profile inside another child profile is not
allowed.
Line 202 is that one
profile gpg {
#include
# Required to import keys from keyservers
#include
#include
Brother I dont write this myself!!
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
On Wed, Jul 12, 2017 at 10:32:35AM +, Grand T wrote:
> Anyway there is issue with Thunderbird apparmor profile
>
>
> root@debian:/# cp /etc/apparmor.d/usr.bin.thunderbird /etc/apparmor.d/local
Why you *copy* the existing profile into the user dedicated folder? That
make no sense at all.
By this the same profile will be loaded within the already included
profile. This brings some nested incusion like seen further down.
> root@debian:/# aa-disable usr.bin.thunderbird
>
> ERROR: local/usr.bin.thunderbird profile in local/usr.bin.thunderbird
> contains syntax errors in line 202: a child profile inside another child
> profile is not allowed.
Well, the gpg profile part is allready loaded by the the profile in
/etc/apparmor-d/ and is again loading than by the including of the whole
folder /etc/apparmor-d/local.
> Here is the section involved
>
>
> # TB tries to create this file but has no business doing so
> deny @{HOME}/.gnupg/gpg-agent.conf w,
>
> profile gpg {
> #include
>
> # Required to import keys from keyservers
> #include
> #include
>
>
> So once again i do it mannually
>
>
> root@debian:/etc/apparmor.d# cp usr.bin.thunderbird disable
> root@debian:/etc/apparmor.d# systemctl reload apparmor.service
>
>
> Jul 12 12:18:08 debian apparmor[1767]: Reloading AppArmor profiles:Skipping
> profile in /etc/apparmor.d/disable: usr.bin.thunderbird
>
>
> And now no more trouble with that bad profile :=))
Remove the copied profile from /etc/apparmor-d/local and I supect were
are no more issues.
The question is if the shipped profile is causing issues or not,
problems by users profiles is something we can't be responsible for. So
how is Thunderbird or apparmor acting with the profile from the
thunderbird package only.
Regards
Carsten
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
Anyway there is issue with Thunderbird apparmor profile
root@debian:/# cp /etc/apparmor.d/usr.bin.thunderbird /etc/apparmor.d/local
root@debian:/# aa-disable usr.bin.thunderbird
ERROR: local/usr.bin.thunderbird profile in local/usr.bin.thunderbird contains
syntax errors in line 202: a child profile inside another child profile is not
allowed.
Here is the section involved
# TB tries to create this file but has no business doing so
deny @{HOME}/.gnupg/gpg-agent.conf w,
profile gpg {
#include
# Required to import keys from keyservers
#include
#include
So once again i do it mannually
root@debian:/etc/apparmor.d# cp usr.bin.thunderbird disable
root@debian:/etc/apparmor.d# systemctl reload apparmor.service
Jul 12 12:18:08 debian apparmor[1767]: Reloading AppArmor profiles:Skipping
profile in /etc/apparmor.d/disable: usr.bin.thunderbird
And now no more trouble with that bad profile :=))
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
there is a lot in /etc/apparmor.d/local/ # ls -alrt /etc/apparmor.d/local/ total 368 -rw-r--r-- 1 root root121 janv. 24 2016 usr.sbin.cupsd -rw-r--r-- 1 root root128 janv. 24 2016 usr.sbin.cups-browsed -rw-r--r-- 1 root root mars 30 2016 README -rw-r--r-- 1 root root121 mai3 2016 usr.bin.evince -rw-r--r-- 1 root root115 mai 11 2016 bin.ping -rw-r--r-- 1 root root117 mai 11 2016 sbin.klogd -rw-r--r-- 1 root root119 mai 11 2016 sbin.syslogd -rw-r--r-- 1 root root121 mai 11 2016 sbin.syslog-ng -rw-r--r-- 1 root root131 mai 11 2016 usr.bin.chromium-browser -rw-r--r-- 1 root root128 mai 11 2016 usr.lib.dovecot.anvil -rw-r--r-- 1 root root127 mai 11 2016 usr.lib.dovecot.auth -rw-r--r-- 1 root root129 mai 11 2016 usr.lib.dovecot.config -rw-r--r-- 1 root root130 mai 11 2016 usr.lib.dovecot.deliver -rw-r--r-- 1 root root127 mai 11 2016 usr.lib.dovecot.dict -rw-r--r-- 1 root root135 mai 11 2016 usr.lib.dovecot.dovecot-auth -rw-r--r-- 1 root root134 mai 11 2016 usr.lib.dovecot.dovecot-lda -rw-r--r-- 1 root root127 mai 11 2016 usr.lib.dovecot.imap -rw-r--r-- 1 root root133 mai 11 2016 usr.lib.dovecot.imap-login -rw-r--r-- 1 root root127 mai 11 2016 usr.lib.dovecot.lmtp -rw-r--r-- 1 root root126 mai 11 2016 usr.lib.dovecot.log -rw-r--r-- 1 root root134 mai 11 2016 usr.lib.dovecot.managesieve -rw-r--r-- 1 root root140 mai 11 2016 usr.lib.dovecot.managesieve-login -rw-r--r-- 1 root root127 mai 11 2016 usr.lib.dovecot.pop3 -rw-r--r-- 1 root root133 mai 11 2016 usr.lib.dovecot.pop3-login -rw-r--r-- 1 root root133 mai 11 2016 usr.lib.dovecot.ssl-params -rw-r--r-- 1 root root128 mai 11 2016 usr.sbin.avahi-daemon -rw-r--r-- 1 root root123 mai 11 2016 usr.sbin.dnsmasq -rw-r--r-- 1 root root123 mai 11 2016 usr.sbin.dovecot -rw-r--r-- 1 root root122 mai 11 2016 usr.sbin.identd -rw-r--r-- 1 root root121 mai 11 2016 usr.sbin.mdnsd -rw-r--r-- 1 root root120 mai 11 2016 usr.sbin.nmbd -rw-r--r-- 1 root root120 mai 11 2016 usr.sbin.nscd -rw-r--r-- 1 root root120 mai 11 2016 usr.sbin.smbd -rw-r--r-- 1 root root131 mai 11 2016 usr.sbin.smbldap-useradd -rw-r--r-- 1 root root126 mai 11 2016 usr.sbin.traceroute -rw-r--r-- 1 root root125 mai 11 2016 gst_plugin_scanner -rw-r--r-- 1 root root120 mai 11 2016 usr.bin.irssi -rw-r--r-- 1 root root121 mai 11 2016 usr.bin.pidgin -rw-r--r-- 1 root root120 mai 11 2016 usr.bin.totem -rw-r--r-- 1 root root131 mai 11 2016 usr.bin.totem-previewers -rw-r--r-- 1 root root129 mai 11 2016 usr.sbin.apt-cacher-ng -rw-r--r-- 1 root root123 mai 11 2016 usr.sbin.tcpdump -rw-r--r-- 1 root root 192598 avril 11 08:17 usr.bin.thunderbird drwxr-xr-x 2 root root 4096 juil. 6 08:43 . I dont know from where is that usr.bin.thunderbird So root@debian:/etc/apparmor.d/local# rm usr.bin.thunderbird
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
Hello, On Wed, Jul 12, 2017 at 09:48:47AM +0200, GT wrote: ... >* What was the outcome of this action? > > AppArmor parser error for /etc/apparmor.d/usr.bin.thunderbird in > /etc/apparmor.d/local/usr.bin.thunderbird at line 1: Fo ^^ we don't ship any files to /etc/apparmor.d/local so I assume you have left over some other stuff there for Thunderbirdi? We do include the folder /etc/apparmor.d/local (see line 293f) in the shipped apparmor file. https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/tree/debian/apparmor/usr.bin.thunderbird#n293 > # aa-disable thunderbird > > ERROR: Syntax Error: Unknown line found in file local/usr.bin.thunderbird > line 896: The error is pointing to a line 896 in that file, so I assume you have ro take a look at that line. Regards Carsten
Bug#868120: thunderbird: Thunderbird Apparmor profile is broken
Package: thunderbird Version: 1:52.2.1-4 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Update of Thunderbird (1:52.2.1-4) * What was the outcome of this action? AppArmor parser error for /etc/apparmor.d/usr.bin.thunderbird in /etc/apparmor.d/local/usr.bin.thunderbird at line 1: Fo # aa-disable thunderbird ERROR: Syntax Error: Unknown line found in file local/usr.bin.thunderbird line 896: So I do it manually root@debian:/etc/apparmor.d# mv usr.bin.thunderbird disable An then restart Apparmor root@debian:/etc/apparmor.d# /etc/init.d/apparmor restart [ ok ] Restarting apparmor (via systemctl): apparmor.service. root@debian:/etc/apparmor.d# systemctl status apparmor.service ● apparmor.service - AppArmor initialization Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: active (exited) since Wed 2017-07-12 09:28:05 CEST; 21s ago Docs: man:apparmor(7) http://wiki.apparmor.net/ Process: 9573 ExecStop=/etc/init.d/apparmor stop (code=exited, status=0/SUCCESS) Process: 9583 ExecStart=/etc/init.d/apparmor start (code=exited, status=0/SUCCESS) Main PID: 9583 (code=exited, status=0/SUCCESS) juil. 12 09:27:56 debian systemd[1]: Starting AppArmor initialization... juil. 12 09:28:01 debian apparmor[9583]: Starting AppArmor profiles:Skipping profile in /etc/apparmor.d/disable: usr.bin juil. 12 09:28:05 debian apparmor[9583]: . juil. 12 09:28:05 debian systemd[1]: Started AppArmor initialization. -- System Information: Debian Release: buster/sid APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages thunderbird depends on: ii debianutils 4.8.1.1 ii fontconfig2.12.3-0.1 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-12 ii libcairo-gobject2 1.14.10-1 ii libcairo2 1.14.10-1 ii libdbus-1-3 1.10.20-1 ii libdbus-glib-1-2 0.108-2 ii libevent-2.0-52.0.21-stable-3 ii libffi6 3.2.1-6 ii libfontconfig12.12.3-0.1 ii libfreetype6 2.8-0.2 ii libgcc1 1:7.1.0-9 ii libgdk-pixbuf2.0-02.36.5-2 ii libglib2.0-0 2.52.3-1 ii libgtk-3-03.22.16-1 ii libhunspell-1.6-0 1.6.1-2 ii libpango-1.0-01.40.6-1 ii libpangocairo-1.0-0 1.40.6-1 ii libpangoft2-1.0-0 1.40.6-1 ii libpixman-1-0 0.34.0-1 ii libstartup-notification0 0.12-4+b2 ii libstdc++67.1.0-9 ii libvpx4 1.6.1-3 ii libx11-6 2:1.6.4-3 ii libx11-xcb1 2:1.6.4-3 ii libxcb-shm0 1.12-1 ii libxcb1 1.12-1 ii libxcomposite11:0.4.4-2 ii libxdamage1 1:1.1.4-2+b3 ii libxext6 2:1.3.3-1+b2 ii libxfixes31:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt61:1.1.5-1 ii psmisc23.1-1 ii x11-utils 7.7+3+b1 ii zlib1g1:1.2.8.dfsg-5 Versions of packages thunderbird recommends: ii hunspell-en-us [hunspell-dictionary] 20070829-7 ii hunspell-fr-modern [hunspell-dictionary] 1:6.1-1 ii lightning 1:52.2.1-4 Versions of packages thunderbird suggests: ii apparmor 2.11.0-6 pn fonts-lyx ii libgssapi-krb5-2 1.15-1 -- Configuration Files: /etc/apparmor.d/usr.bin.thunderbird [Errno 2] Aucun fichier ou dossier de ce type: '/etc/apparmor.d/usr.bin.thunderbird' -- no debconf information
