Heh, I was going to complain about the /usr/bin/locale Uxr, rule but there's at least those three other Uxr rules right next to it.
I'm surprised about the silenced denials -- those seem wide-ranging and potentially problematic. I might have even thought that thunderbird should have ~/.thunderbird/** rwlk, access.
The static names in /tmp/ are interesting. Those may need more research to see if those need a CVE. (It's possible to use static names in /tmp safely, but the [0-9]* regex there gives me a bad feeling.)
Heh, I was going to complain about the /usr/bin/locale Uxr, rule but there's at least those three other Uxr rules right next to it.
I'm surprised about the silenced denials -- those seem wide-ranging and potentially problematic. I might have even thought that thunderbird should have ~/.thunderbird/** rwlk, access.
The static names in /tmp/ are interesting. Those may need more research to see if those need a CVE. (It's possible to use static names in /tmp safely, but the [0-9]* regex there gives me a bad feeling.)
Thanks