Hello Seth, Thank You very much for an answers and explanations. I really appreciate it; your help and so on :- ) I will try to take your suggestions and to do something with these entries etc.
However, there is one more DENIED entry - I saw this one today, after first Firefox start. It looks this way: May 6 19:15:47 t1 dbus[1546]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.9" pid=5882 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1654 peer_label="unconfined" As we can see, this DENIED entry appeared once again. You wrote, that; "the 'name' in your proposed policy snippet probably wouldn't work though, it probably needs to be 'interface' (...)." So, could this rule looks this way? dbus (send) bus=session interface=org.gtk.vfs.mounttracker member={ListMountableInfo} Is it OK or bad rule, to use? Thank You once again. Best regards.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor