Symlinking (or hardlinking) usr.bin.firefox to usr.lib.firefox.firefox does not work for me.
$ sudo aa-complain /usr/lib/firefox/firefox Setting /usr/lib/firefox/firefox to complain mode. Traceback (most recent call last): File "/usr/sbin/aa-complain", line 30, in <module> tool.cmd_complain() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 178, in cmd_complain apparmor.set_complain(profile, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 267, in set_complain change_profile_flags(filename, program, 'complain', True) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 606, in change_profile_flags old_flags = get_profile_flags(filename, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 603, in get_profile_flags raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.lib.firefox.firefox contains no profile' The culprit seems to be the regex trying to match /usr/lib/firefox/firefox but not /usr/lib/firefox/firefox.sh: /usr/lib/firefox/firefox{,*[^s][^h]} { Changing this to /usr/lib/firefox/firefox { allows apparmor to load the profile. AppArmor Version: 2.8.95~2430-0ubuntu5 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1364305 Title: Wrong filename of firefox' apparmor profile Status in “firefox” package in Ubuntu: Confirmed Bug description: Hi, the apparmor profile that comes with firefox can't be turned on and off with the regular command line tools because of it's wrong filename: # aa-complain /usr/bin/firefox Profile for /usr/lib/firefox/firefox.sh not found, skipping (because /usr/bin/firefox is a link) # aa-complain /usr/lib/firefox/firefox.sh Profile for /usr/lib/firefox/firefox.sh not found, skipping (because there is no /etc/apparmor.d/usr.lib.firefox.firefox.sh ) # aa-complain /usr/lib/firefox/firefox Profile for /usr/lib/firefox/firefox not found, skipping (because there is no /etc/apparmor.d/usr.lib.firefox.firefox ) so the armor profile has the name, that does not work, i.e. the name of a logical link instead of an executable. It should have the name of the shell script and/or the name of the binary. regards ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: firefox 31.0+build1-0ubuntu0.14.04.1 ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6 Uname: Linux 3.13.0-35-generic x86_64 NonfreeKernelModules: zfs zunicode zavl zcommon znvpair AddonCompatCheckDisabled: False ApportVersion: 2.14.1-0ubuntu3.3 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: danisch 3540 F.... panel-11-mixer danisch 3572 F.... pulseaudio BuildID: 20140715214327 Channel: Unavailable CurrentDesktop: XFCE Date: Tue Sep 2 11:38:12 2014 ForcedLayersAccel: False IncompatibleExtensions: Deutsch (DE) Language Pack - langpack...@firefox.mozilla.org English (GB) Language Pack - langpack-en...@firefox.mozilla.org English (South Africa) Language Pack - langpack-en...@firefox.mozilla.org Default - {972ce4c6-7e08-4474-a285-3208198ce6fd} IpRoute: default via 192.168.103.254 dev em1 169.254.0.0/16 dev vlan0 scope link metric 1000 192.168.100.0/22 dev em1 proto kernel scope link src 192.168.102.179 192.168.200.0/24 dev vlan0 proto kernel scope link src 192.168.200.1 Plugins: Windows Media Player Plug-in - /usr/lib/mozilla/plugins/gecko-mediaplayer-wmp.so (gecko-mediaplayer) RealPlayer 9 - /usr/lib/mozilla/plugins/gecko-mediaplayer-rm.so (gecko-mediaplayer) QuickTime Plug-in 7.6.9 - /usr/lib/mozilla/plugins/gecko-mediaplayer-qt.so (gecko-mediaplayer) DivX Browser Plug-In - /usr/lib/mozilla/plugins/gecko-mediaplayer-dvx.so (gecko-mediaplayer) mplayerplug-in is now gecko-mediaplayer 1.0.8 - /usr/lib/mozilla/plugins/gecko-mediaplayer.so (gecko-mediaplayer) PrefSources: prefs.js [Profile]/extensions/{6AC85730-7D0F-4de0-B3FA-21142DD85326}/defaults/preferences/colorzilla.js Profiles: Profile0 (Default) - LastVersion=31.0/20140715214327 (In use) RfKill: RunningIncompatibleAddons: True SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/23/2012 dmi.bios.vendor: Intel Corp. dmi.bios.version: KCH7710H.86A.0104.2012.1123.1027 dmi.board.name: DH77DF dmi.board.vendor: Intel Corporation dmi.board.version: AAG40293-301 dmi.chassis.type: 3 dmi.modalias: dmi:bvnIntelCorp.:bvrKCH7710H.86A.0104.2012.1123.1027:bd11/23/2012:svn:pn:pvr:rvnIntelCorporation:rnDH77DF:rvrAAG40293-301:cvn:ct3:cvr: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1364305/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp