Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser

Bug #17390

Silence AppArmor false positive denials: Thunderbird, Tor Browser

Added by intrigeri 2019-12-31 09:48:53 . Updated 2020-01-08 22:00:45 .

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

On recent Tails, Thunderbird and Tor Browser trigger errors in the logs such as:

AVC apparmor="DENIED" operation="mkdir" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/TorBrowser/Data/Browser/.mozilla/" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/usr/bin/lsb_release" pid=11175 comm="firefox.real" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/fonts/.uuid.TMP-e3Ws6s" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/TorBrowser/UpdateInfo/update.test" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/home/amnesia/.mozilla/systemextensionsdev/" pid=11469 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/home/amnesia/.cache/fontconfig/" pid=11469 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

This makes it harder than needed to analyze logs, e.g. for bug reports that our Help Desk asks my help with.

Subtasks

Related issues

Has duplicate Tails - ~~Bug #17404~~: DENIED entries for profile="thunderbird//gpg" in Tails 4.2	Duplicate
Has duplicate Tails - ~~Bug #17681~~: thunderbird//gpg AppArmor denied entries while testing 4.6 release	Duplicate
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed

History

#1 Updated by intrigeri 2019-12-31 09:49:13

blocks Feature #16209: Core work: Foundations Team added

#2 Updated by intrigeri 2020-01-08 21:59:03

has duplicate ~~Bug #17404~~: DENIED entries for profile="thunderbird//gpg" in Tails 4.2 added

#3 Updated by intrigeri 2020-01-08 22:00:45

Add to this the other issues mentioned on ~~Bug #17404~~ (let’s fix it all at once).

#4 Updated by intrigeri 2020-05-07 06:09:24

has duplicate ~~Bug #17681~~: thunderbird//gpg AppArmor denied entries while testing 4.6 release added