[quote=“troubadour, post:620, topic:108”]An update to apparmor-profile-icedove.
https://github.com/troubadoour/apparmor-profile-icedove/commit/a2859e5bb1e1d03a9dab7dce712a4e42f35b01d6[/quote]
Merged.
All apparmor profiles have been updated in the testers repository. (usual delay of ~ 1 hour for mirror.whonix.de)
Got this error on gateway when installing apparmor–profiles-whonix from testers (virtualbox profile error line 50…“allows dangerous…”)
It’s a warning. Not an error. A non-perfection of the profile.
Are you subscribed (“watch” function) to torbrowser-launcher at github? There was some minor apparmor change. I could keep posting these here, since I subscribed to torbrowser-launcher at github. (Need to keep up with TBB changes.)
Yes, I’m subscribed to torbrowser-launcher at github.
We may need it some day, so added the line to the Whonix profile.
A new one. Related: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805074
fix some denied messages due to installation of iceowl-extension in l… · troubadoour/apparmor-profile-icedove@9ff1964 · GitHub
Most likely related to the above.
Are you sure + /etc/timezone.anondist r, · troubadoour/apparmor-profile-anondist@659bb0b · GitHub is required?
Shouldn’t /etc/apparmor.d/tunables/home.d/anondist prevent need for that?
alias /etc/timezone -> /etc/timezone.anondist,
alias /etc/timezone -> /etc/timezone.anondist-orig,
Or thinking about this differently… Please revert + /etc/timezone.anondist r, · troubadoour/apparmor-profile-anondist@659bb0b · GitHub and add /etc/timezone r, to apparmor-profile-icedove instead please.
Two icedove denied messages. Happening when you try to store a file in Qubes-Whonix inside the ~/Downloads folder.
Dec 10 13:30:11 host kernel: [49430.266714] audit: type=1400 audit(1449754211.436:23): apparmor="DENIED" operation="open" profile="/usr/lib/icedove/icedove" name="/home/user/" pid=20708 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
.
Dec 10 13:30:14 host kernel: [49433.517170] audit: type=1400 audit(1449754214.687:24): apparmor="DENIED" operation="mkdir" profile="/usr/lib/icedove/icedove" name="/home/user/.config/gtk-2.0/" pid=3337 comm="icedove" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000This is now a bug.
Opening links from iceweasel in Tor Browser no longer works because we deprecated the /usr/bin/torbrowser AppArmor profile. Any idea how to fix it?
Yes, we run /usr/bin/torbrowser unconfined. Tor Browser is still enforced.
Merged.
…
Minor.
Merged.
systemd AppArmorProfile= directive unavailable leads to not loading AppArmor profile on Debian jessie: