Bug #17681

thunderbird//gpg AppArmor denied entries while testing 4.6 release

Added by nodens 2020-05-05 13:38:21 . Updated 2020-05-07 06:09:36 .

Status:
Duplicate
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

During manual testing of 4.6, I noticed a lot of apparmor denied on thunderbird//gpg in journalctl.

```
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ek0TkZ” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia kernel: audit: type=1400 audit(1588675543.188:144): apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ek0TkZ” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.q4BNQS” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ZhMf8D” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.fK3GIa” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.cvpb1V” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.RM9IjH” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.0MYkCs” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg”
```

It looks like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949450

Enigmail seems to work fine with my quick subsequent tests (generated a key, imported one, sent, receive and verify signed/encrypted e-mail), so I guess we can ignore those for this release.

I have no idea what those chromium path are for in enigmail, tbh. But the profile might use an update: let’s see how it evolves in Debian,

Cheers


Subtasks


Related issues

Is duplicate of Tails - Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser Confirmed
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by CyrilBrulebois 2020-05-05 13:41:54

#2 Updated by intrigeri 2020-05-07 06:09:24

  • is duplicate of Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser added

#3 Updated by intrigeri 2020-05-07 06:09:36

  • Status changed from New to Duplicate