[Desktop-packages] [Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker

Simon Déziel Tue, 31 Jan 2017 09:56:52 -0800

*** This bug is a duplicate of bug 1533232 ***
    https://bugs.launchpad.net/bugs/1533232


@Jean-Philippe, most if not all the rules are covered in the proposed rule 
addition in LP: #1533232
@Thomas, I just added the dbus session receive Mounted member to the same LP, 
thanks.

Marking as duplicate now.

** This bug has been marked a duplicate of bug 1533232
   missing many apparmor rules on Xenial

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1553712

Title:
  usr.bin.firefox apparmor profile blocks access to mounttracker

Status in firefox package in Ubuntu:
  Confirmed

Bug description:
  When I launch Firefox with apparmor enabled, I get the following
  errors:

  Mar  6 13:21:19 tigreraye dbus[2570]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" 
name=":1.46" pid=6604 label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
peer_pid=2781 peer_label="unconfined"
  Mar  6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" 
mask="send" name=":1.71" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
peer_pid=4327 peer_label="unconfined"
  Mar  6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="ListMounts" mask="send" 
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
peer_pid=4206 peer_label="unconfined"
  Mar  6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" 
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
peer_pid=4206 peer_label="unconfined"
  Mar  6 18:47:12 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="List" mask="send" 
name=":1.76" pid=13082 label="/usr/lib/firefox/firMar  6 19:31:11 tigreraye 
dbus[4030]: apparmor="DENIED" operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveChanged" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:32:10 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeAdded" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  efox{,*[^s][^h]}" peer_pid=4333 peer_label="unconfined"
  Mar  6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountPreUnmount" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeChanged" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountChanged" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountRemoved" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:43:25 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeRemoved" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:43:28 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveDisconnected" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:43:35 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveConnected" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 19:53:42 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" 
path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountAdded" 
name=":1.49" mask="receive" pid=13082 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246 
peer_label="unconfined"
  Mar  6 20:57:28 tigreraye dbus[4030]: apparmor="DENIED" 
operation="dbus_signal"  bus="session" path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="Mounted" name=":1.43" 
mask="receive" pid=13082 label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
peer_pid=4206 peer_label="unconfined"

  Adding the following lines to the apparmor profile fixes the issue:

  dbus send bus=session path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo",
  dbus send bus=session path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="ListMounts",
  dbus send bus=session path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="LookupMount",
  dbus receive bus=session path="/org/gtk/vfs/mounttracker" 
interface="org.gtk.vfs.MountTracker" member="Mounted",

  dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported",
  dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="List",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveChanged",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveDisconnected",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveConnected",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeAdded",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeRemoved",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeChanged",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountPreUnmount",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountChanged",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountRemoved",
  dbus receive bus=session path="/org/gtk/Private/RemoteVolumeMonitor" 
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountAdded",

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker

Reply via email to