On Tue, 05 Jun 2018 20:11:49 +0100 =?utf-8?q?Hannes_H=C3=B6rl?=
<hannes.hoerl+deb...@snowreporter.com> wrote:
Jun 5 19:04:27 pfah kernel: [22972.942931] audit: type=1400 audit(1528221867.305:54): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=13506 comm="thunderbird"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jun 5 19:04:27 pfah kernel: [22972.943282] audit: type=1400 audit(1528221867.305:55): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=13506 comm="thunderbird"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jun 5 19:04:27 pfah kernel: [22972.943288] audit: type=1400 audit(1528221867.305:56): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=13506 comm="thunderbird"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jun 5 19:04:27 pfah kernel: [22972.943292] audit: type=1400 audit(1528221867.305:57): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=13506 comm="thunderbird"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jun 5 19:04:27 pfah kernel: [22972.947864] audit: type=1400 audit(1528221867.309:58): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=13506 comm="thunderbird"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jun 5 19:04:27 pfah kernel: [22972.948154] audit: type=1400 audit(1528221867.309:59): apparmor="DENIED" operation="open"
profile="thunderbird" name="/sys/devices/pci0000:00/0000:00:02.0/vendor" pid=13506 comm="thunderbird"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
OK so I've reproduced that, and looks like Thunderbird profile now
*needs* to have brand new <abstractions/dri-enumerate> to be included
(earlier it kinda "complained", but still worked).
The problem is, that I should have reported this bug much earlier, but
the fact that I've myself added that include locally for testing it,
kinda made Thunderbird to Work On My Machine™ after latest beta update,
while it broke for everyone else.
intrigeri: what do we do in this case, I guess we just copy-paste
dri-enumarate into some sort of "# backported from dri-enumarete" block?
Worst part is that even Sid does not have that abstraction.
Hannes Hörl: could you edit your
/etc/apparmor.d/local/usr.bin.thunderbird to add this line as workaround
for time being (please remove email wrapping):
/sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor}
r,
