[pkg-apparmor] Bug#882047: apparmor-utils: aa-complain thunderbird fails
intrigeri
intrigeri at debian.org
Thu Dec 7 09:39:42 UTC 2017
Ben Caradoc-Davies:
> # aa-complain thunderbird
> Setting /usr/bin/thunderbird to complain mode.
> looking for /etc/apparmor.d/usr.bin.thunderbird /usr/bin/thunderbird
> reading file /etc/apparmor.d/usr.bin.thunderbird
> found RE_PROFILE_START in profile thunderbird /usr/lib/thunderbird/thunderbird {
> thunderbird None
> found RE_PROFILE_START in profile gpg {
> gpg None
> found RE_PROFILE_START in profile lsb_release {
> lsb_release None
> no profile /etc/apparmor.d/usr.bin.thunderbird /usr/bin/thunderbird
> ERROR: /etc/apparmor.d/usr.bin.thunderbird contains no profile
Might it be because the profile is about
/usr/lib/thunderbird/thunderbird and not /usr/bin/thunderbird?
Note that with
https://gitlab.com/apparmor/apparmor-profiles/merge_requests/5 it got
a bit more complex.
But `aa-complain /usr/lib/thunderbird/thunderbird' would work (before
the change that prompted the aforementioned merge request)
as documented.
Shall we simply modify aa-complain(8) to make it clearer that one is
supposed to pass the path to the binary that's being confined by the
profile, and not anything else?
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list