Project

General

Profile

Bug #17390

Silence AppArmor false positive denials: Thunderbird, Tor Browser

Added by intrigeri 3 months ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

On recent Tails, Thunderbird and Tor Browser trigger errors in the logs such as:

AVC apparmor="DENIED" operation="mkdir" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/TorBrowser/Data/Browser/.mozilla/" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="exec" profile="torbrowser_firefox" name="/usr/bin/lsb_release" pid=11175 comm="firefox.real" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/fonts/.uuid.TMP-e3Ws6s" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mknod" profile="torbrowser_firefox" name="/usr/local/lib/tor-browser/TorBrowser/UpdateInfo/update.test" pid=11128 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/home/amnesia/.mozilla/systemextensionsdev/" pid=11469 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
AVC apparmor="DENIED" operation="mkdir" profile="thunderbird" name="/home/amnesia/.cache/fontconfig/" pid=11469 comm="thunderbird" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

This makes it harder than needed to analyze logs, e.g. for bug reports that our Help Desk asks my help with.


Related issues

Duplicated by Tails - Bug #17404: DENIED entries for profile="thunderbird//gpg" in Tails 4.2 Duplicate
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by intrigeri 3 months ago

#2 Updated by intrigeri 3 months ago

  • Duplicated by Bug #17404: DENIED entries for profile="thunderbird//gpg" in Tails 4.2 added

#3 Updated by intrigeri 3 months ago

Add to this the other issues mentioned on #17404 (let's fix it all at once).

Also available in: Atom PDF