Bug #17681
thunderbird//gpg AppArmor denied entries while testing 4.6 release
0%
Description
During manual testing of 4.6, I noticed a lot of apparmor denied on thunderbird//gpg in journalctl.
```
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ek0TkZ” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia kernel: audit: type=1400 audit(1588675543.188:144): apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ek0TkZ” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.q4BNQS” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ZhMf8D” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.fK3GIa” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.cvpb1V” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.RM9IjH” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.0MYkCs” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg”
```
It looks like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949450
Enigmail seems to work fine with my quick subsequent tests (generated a key, imported one, sent, receive and verify signed/encrypted e-mail), so I guess we can ignore those for this release.
I have no idea what those chromium path are for in enigmail, tbh. But the profile might use an update: let’s see how it evolves in Debian,
Cheers
Subtasks
Related issues
Is duplicate of Tails - Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser | Confirmed | ||
Blocks Tails - Feature #16209: Core work: Foundations Team | Confirmed |
History
#1 Updated by CyrilBrulebois 2020-05-05 13:41:54
- blocks Feature #16209: Core work: Foundations Team added
#2 Updated by intrigeri 2020-05-07 06:09:24
- is duplicate of Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser added
#3 Updated by intrigeri 2020-05-07 06:09:36
- Status changed from New to Duplicate