Package: apparmor-profiles
Version: 2.13-8
Control: tags -1 patch
Control: affects -1 src:firefox src:firefox-esr
Firefox now uses /dev/shm in its multiprocess sandboxing. If AppArmor
blocks this (I was using a custom profile, but the packaged profile
appears to have the same problem), the Firefox window (both webpage area
and toolbars) is all-black.
This affects Firefox 60 but not 52, in stretch.
Fix: add these lines to the profile:
owner /dev/shm/org.chromium.* rwlk,
owner /dev/shm/org.mozilla.* rwlk,
(60 uses org.chromium.* , later uses org.mozilla.* :
https://hg.mozilla.org/mozilla-central/rev/83bab8cf29bf )
Reported elsewhere as
https://bugzilla.mozilla.org/show_bug.cgi?id=1334748
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1660031
(The additional permissions suggested in
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600
are *not* currently required to make Firefox work, and probably can't
enable the user-namespace-based sandboxing because
/proc/sys/kernel/unprivileged_userns_clone is off by default.)
