On Wed, Jul 12, 2017 at 11:38:46AM +0000, Grand T wrote: > the profile is the one from > > Package: thunderbird > Version: 1:52.2.1-4
The profile inside /etc/apparmor.d comes from the package, not with the one from /etc/apparmor.d/local. > All that mess came after upgrade of Thunderbird > > So I suspect this issue is in your original profile. That's need to be proven. We had five commits made for the apparmor profile, all picked from upstream so it's quite unlikely that that nobody else has seen such issue before the Debian upload. https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/log/debian/apparmor?showmsg=1 https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=5d5392b9d036d4af16806ab050903aa9667f7b65 https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=f49ad79331742d323e77c52682bcccc5ec5d89b1 https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=d8e5d42ce36a73e328448c88932204239ac695ce https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=f18884e0fd87e46fbc4494feb6b8b81a341c9d37 https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/commit/debian/apparmor?id=e73afbb82a5f254bf40a69ba044a356d6f6d2f27 > root@debian:/# aa-disable usr.bin.thunderbird > > ERROR: local/usr.bin.thunderbird profile in local/usr.bin.thunderbird > contains syntax errors in line 202: a child profile inside another child > profile is not allowed.o ^^^^^ ^^^^^ That line tells me something different in contrest to your statement above. > Line 202 is that one > > profile gpg { > #include <abstractions/base> > > # Required to import keys from keyservers > #include <abstractions/nameservice> > #include <abstractions/p11-kit> That's correct and no thing we need to talk about. Apparmor is complaining that a profile is trying to load a profile within a profile. This can only happen if there is a another profile included with the same name. > Brother I dont write this myself!! Common, what should we or I do to help you? I've wrote that you please disable/remove the copied profile in /etc/apparmor.d/local and ensure that *only* the profile from the thunderbird package in /etc/apparmor.d is alive. Without knowing the outcome of that it's useless to go further and blame someone. Issue tracking isn't always easy but the first thing is to know under which circumstances a problem is occur. And we need to know if the issue is related to the original profile in the designated folder or something else. I can't readjust your problem here. Your report is the first report about a apparmour issue within Thunderbird > 45.8.0. Given we allready had issues in the past with Thunderbird 45.x and users reporting such issues immediately after the package upload I tend to say for now that the problem is a local problem on your side. So please follow my request and start with definated environment given by the usage of no extra profile in /etc/apparmor.d/local. If the problem is still existing you can try selectively revert the changes made in the fice commits. Regards Carsten
