ilu wrote: ↑
09 Jan 2019 07:57
Deactivating the profile is probably not the best solution but we don't have the resources to fix this problem. We'll have to wait for debian to work out a solution. To help getting there please have a look at https://wiki.debian.org/AppArmor/Reportbug
and provide the output of
Code: Select all
sudo journalctl -kaf --no-hostname | grep -w 'apparmor="DENIED"'
-kaf means "kernel all follow" so the command will wait for new messages until you press ctrl-c.
But, since since this just came up following a rather big data leakage in my country: We never click on links in emails - NEVER EVER !! Really, NEVER !!! We always enter them into the browser by hand.
If really neccessary - because the session codes in the link are important, usually to confirm that we registered somewhere - we carefully copy and paste. So in my opinion - and the really knowledgable security guys agree - the apparmor profile stopping you from clicking on links is perfectly correct.
You are right about of links in emails, but IMHO this must be a security option in thunderbird.
But the problem is that for the normal user (me) if a program(thunderbird) not work I thinks that the problem was in the program(thunderbird) so I reinstalled thunderbird, remove config, copy profile from another working thunderbird, execute in verbose mode, google it, search in the forums, etc.
So I gave up few months ago... until I had a little time in work and remember that my work machine (Linux Mint 19) thunderbird works.
So I so the search again and get this bug and then the debian bug.
I never think that apparmor maybe the problem, now I know.
So my mood now is: kill em all apparmor's policies!!. But I know that is not the best solution.
A year ago I try fedora and in the default installation exist a "SELinux troubleshoter" icon tray that inform to the user "Hey! SELinux block access XXX in process YYY, and is not defined any policy, is this rigth?"
with similar tool the normal user can provide info to package maintainers to polish the apparmor policys.