[apparmor] [profile] Thunderbird: lack of '/dev/nvidiactl' rule (or <abstraction/nvidia>)?
daniel curtis
sidetripping at gmail.com
Wed May 17 15:20:54 UTC 2017
Hi
A couple days ago, I've noticed DENIED entries related with Thunderbird.
They appeared after trying to configure an email address etc. However, it
seems that two of them are already included in Thunderbird profile [1].
/etc/xfce4/defaults.list r,
owner /run/user/[0-9]*/dconf/user rw,
If it's about the second rule, in my case there was two types of
requested/denied_mask: "c" and "wrc". I would like to ask a question; can I
use something like this (related to a DENIED entries from a log files):
owner /{,var/}run/user/*/dconf/user rwc,
Anyway, there was/is one more DENIED entry. It's related with
'/dev/nvidiactl' but I don't see e.g. <abstraction/nvidia> or just one rule
related with this in a Thunderbird profile. Log entry:
kernel: [25628.392067] audit: type=1400 audit(1494866374.026:59):
apparmor="DENIED" operation="open"
profile="/usr/lib/thunderbird/thunderbird{,*[^s][^h]}"
name="/dev/nvidiactl" pid=5588 comm="thunderbird" requested_mask="wr"
denied_mask="wr" fsuid=1000 ouid=0
Is it better to use <abstraction/nvidia> (there is such a rule) or this one
is completely enough?
/dev/nvidiactl rw,
What is your opinions? Maybe such thing is not needed? These entries had
been seen in the 16.04.2 LTS Release and Thunderbird
45.8.0+build1-0ubuntu0.16.04.1. (Which has been recently updated to
the 52.1.1+build1-0ubuntu0.16.04.1
version.)
Thanks, best regards.
____________________
[1]
http://bazaar.launchpad.net/~sdeziel/apparmor-profiles/usr.bin.thunderbird-profile/view/head:/ubuntu/16.04/usr.bin.thunderbird
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170517/f14e0f9e/attachment.html>
More information about the AppArmor
mailing list