This only occurs when actually dialing so I was wrong to say that it worked in comment #4. Please note that even with those warnings it is possible to use the Google Talk plugin.
Here is the profile configuration I came up with that works well and generates no AA log :
@Jamie
I just noticed several lines like those below in /var/log/kern.log :
Sep 27 15:13:33 simon-laptop kernel: [25083.645117] type=1400 audit(128561481 3.028:89) : apparmor="DENIED" operation="exec" parent=16043 profile= "/usr/lib/ firefox- 3.6.10/ firefox- *bin" name="/ usr/bin/ lsb_release" pid=16044 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 3.028:90) : apparmor="DENIED" operation="open" parent=1 profile= "/usr/lib/ firefox- 3.6.10/ firefox- *bin" name="/ proc/16009/ net/route" pid=16009 comm="GoogleTal kPlugi" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Sep 27 15:13:33 simon-laptop kernel: [25083.646496] type=1400 audit(128561481
This only occurs when actually dialing so I was wrong to say that it worked in comment #4. Please note that even with those warnings it is possible to use the Google Talk plugin.
Here is the profile configuration I came up with that works well and generates no AA log :
/opt/ google/ talkplugin/ *.so mr, google/ talkplugin/ lib/*.so mr, google/ talkplugin/ GoogleTalkPlugi n ixr, bin/lsb_ release Ux, /[0-9]* /net/route r,
/opt/
/opt/
/usr/
@{PROC}
I have also tried "ix" flags for lsb_release but it generated those errors :
Sep 27 16:17:34 simon-laptop kernel: [28925.071870] type=1400 audit(128561865 4.458:123) : apparmor="DENIED" operation="open" parent=18417 profile= "/usr/lib/ firefox- 3.6.10/ firefox- *bin" name="/ etc/python2. 6/sitecustomize .py" pid=18418 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 4.468:124) : apparmor="DENIED" operation="open" parent=18417 profile= "/usr/lib/ firefox- 3.6.10/ firefox- *bin" name="/ etc/lsb- release" pid=18418 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 4.468:125) : apparmor="DENIED" operation="open" parent=18417 profile= "/usr/lib/ firefox- 3.6.10/ firefox- *bin" name="/ etc/debian_ version" pid=18418 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 4.468:126) : apparmor="DENIED" operation="exec" parent=18419 profile= "/usr/lib/ firefox- 3.6.10/ firefox- *bin" name="/ usr/bin/ apt-cache" pid=18420 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Sep 27 16:17:34 simon-laptop kernel: [28925.086222] type=1400 audit(128561865
Sep 27 16:17:34 simon-laptop kernel: [28925.086782] type=1400 audit(128561865
Sep 27 16:17:34 simon-laptop kernel: [28925.088605] type=1400 audit(128561865
IMO, it's better to run lsb_release unconfined.