[apparmor] Thunderbird profile - Links in GNOME
john.johansen at canonical.com
Sun Apr 2 09:25:13 UTC 2017
On 03/19/2017 04:24 AM, u wrote:
> I've added the patch by Douglas Bagnall here:
> Then I thought I need to try to make this work on a Debian/GNOME system
> too. Thunderbird seems to ask gnome-open for my preferred browser but
> it does not open links using gnome-open, instead it wants to open the
> browsers directly.
> But I keep running into this kind of problem when I tell Thunderbird to
> use Chromium:
> type=AVC msg=audit(1489921484.684:12657): apparmor="DENIED"
> operation="file_mmap" profile="icedove//sanitized_helper"
> name="/lib/x86_64-linux-gnu/libpthread-2.19.so" pid=32115
> comm="chrome-sandbox" requested_mask="m" denied_mask="m" fsuid=0 ouid=0
So the sanitized_helper profile is a specialized transition helper, that
helps to sanitize the environment. You will need to add a rule of the
this is likely not the only rule you will need, and I am sure the
chrome/chromium profile will need to updated as well
> And when I tell it to use Firefox-ESR:
> type=AVC msg=audit(1489921598.610:12721): apparmor="DENIED"
> operation="exec" profile="icedove"
> name="/usr/lib/firefox-esr/firefox-esr" pid=32303 comm="icedove"
> requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
> This seems to be a very similar issue here:
No. That bug is more like the first denial message from above.
This is the icedove profile not being allowed to exec firefox-esr
you will need to add an exec rule. Without looking at the debian
profiles, I would hazard a guess at
however I wouldn't be surprised if px might be needed due to env
> I was wondering how to solve this.
More information about the AppArmor