Bug #17390

Silence AppArmor false positive denials: Thunderbird, Tor Browser

Added by intrigeri 2019-12-31 09:48:53 . Updated 2020-01-08 22:00:45 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

On recent Tails, Thunderbird and Tor Browser trigger errors in the logs such as:

AVC apparmor="DENIED" operation="mkdir" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/TorBrowser/Data/Browser/.mozilla/" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/usr/bin/lsb_release" pid=11175 comm="firefox.real" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/fonts/.uuid.TMP-e3Ws6s" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/TorBrowser/UpdateInfo/update.test" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/home/amnesia/.mozilla/systemextensionsdev/" pid=11469 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/home/amnesia/.cache/fontconfig/" pid=11469 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

This makes it harder than needed to analyze logs, e.g. for bug reports that our Help Desk asks my help with.


Subtasks


Related issues

Has duplicate Tails - Bug #17404: DENIED entries for profile="thunderbird//gpg" in Tails 4.2 Duplicate
Has duplicate Tails - Bug #17681: thunderbird//gpg AppArmor denied entries while testing 4.6 release Duplicate
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by intrigeri 2019-12-31 09:49:13

#2 Updated by intrigeri 2020-01-08 21:59:03

  • has duplicate Bug #17404: DENIED entries for profile="thunderbird//gpg" in Tails 4.2 added

#3 Updated by intrigeri 2020-01-08 22:00:45

Add to this the other issues mentioned on Bug #17404 (let’s fix it all at once).

#4 Updated by intrigeri 2020-05-07 06:09:24

  • has duplicate Bug #17681: thunderbird//gpg AppArmor denied entries while testing 4.6 release added