messages, while starting firefox, after updating ubuntu to 20.10:
Jan 11 23:26:48 dinar-comp kernel: [ 181.634648] audit: type=1400
audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox"
name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
Jan 11 23:26:48 dinar-comp kernel: [ 181.989310] audit: type=1400
audit(1610396808.831:45): apparmor="DENIED" operation="connect"
profile="firefox" name="/tmp/.X11-unix/X0" pid=2207 comm="MainThread"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
i added these rules:
@{PROC}/[0-9]*/cgroup r,
/tmp/.X11-unix/X0 w,
then, after enabling them and ff restart:
Jan 11 23:45:25 dinar-comp kernel: [ 1298.595946] audit: type=1400
audit(1610397925.435:79): apparmor="DENIED" operation="open"
profile="firefox" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us"
pid=2437 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
i added this rule:
/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Fix Released
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
these appeared while saving a file:
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1151]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=1584
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1301
peer_label="unconfined"
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
464.049675] audit: type=1400 audit(1580371708.871:38):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584
comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
these appeared while runned "firefox -p":
Jan 30 11:41:23 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1151]:
apparmor="DENIED" operation="dbus_signal" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Notify" name=":1.21" mask="receive" pid=1584
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1301
peer_label="unconfined"
Jan 30 11:42:07 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[762]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.90' (uid=1000
pid=2892 comm="xed /home/dinar/?????????????? ????????/??????????"
label="unconfined")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
