Bug #17681: thunderbird//gpg AppArmor denied entries while testing 4.6 release

Bug #17681

thunderbird//gpg AppArmor denied entries while testing 4.6 release

Added by nodens 2020-05-05 13:38:21 . Updated 2020-05-07 06:09:36 .

Status:

Duplicate

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

During manual testing of 4.6, I noticed a lot of apparmor denied on thunderbird//gpg in journalctl.

```
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ek0TkZ” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia kernel: audit: type=1400 audit(1588675543.188:144): apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ek0TkZ” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.q4BNQS” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.ZhMf8D” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.fK3GIa” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.cvpb1V” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.RM9IjH” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg” name=“/dev/shm/org.chromium.0MYkCs” pid=10157 comm=“gpg” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000
May 05 10:45:43 amnesia audit[10157]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“thunderbird//gpg”
```

It looks like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949450

Enigmail seems to work fine with my quick subsequent tests (generated a key, imported one, sent, receive and verify signed/encrypted e-mail), so I guess we can ignore those for this release.

I have no idea what those chromium path are for in enigmail, tbh. But the profile might use an update: let’s see how it evolves in Debian,

Cheers

Subtasks

Related issues

Is duplicate of Tails - Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser	Confirmed
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed

History

#1 Updated by CyrilBrulebois 2020-05-05 13:41:54

blocks Feature #16209: Core work: Foundations Team added

#2 Updated by intrigeri 2020-05-07 06:09:24

is duplicate of Bug #17390: Silence AppArmor false positive denials: Thunderbird, Tor Browser added

#3 Updated by intrigeri 2020-05-07 06:09:36

Status changed from New to Duplicate