[Desktop-packages] [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm
I had the /dev/shm/org.chromium.XX issues with
- Flash plugin DISABLED
- Java plugin DISABLED
Maybe playing a HTML5 youtube video exposes it.
I'm on ubuntu 16.04 (up-to-date), FF 51.0.1, with apparmor profile
activated.
@fevrier Have you tried my patch (version 6) (taken from
https://bugs.launchpad.net/bugs/1659988)?
I did not try with Java/Flash support, but your log entries look as if
my patch covers that, too.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid= ouid=
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
Re: [Desktop-packages] [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm
On 2017-01-31 05:46 PM, Jean-Philippe Guérard wrote:
> I was able to reproduce the problem, but only using the flash plugin:
>
> Jan 31 23:38:34 tigreraye kernel: [221147.141240] audit: type=1400
> audit(1485902314.881:3406): apparmor="DENIED" operation="mknod"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/dev/shm/org.chromium.CvbXEt" pid=11592 comm="plugin-containe"
> requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
> Jan 31 23:38:34 tigreraye kernel: [221147.141263] audit: type=1400
> audit(1485902314.881:3407): apparmor="DENIED" operation="mknod"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/dev/shm/org.chromium.5Am9iK" pid=11592 comm="plugin-containe"
> requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Good, thanks for the additional information.
> I also tried the java plugin, but it does not use /dev/shm (it fails,
> but for another reason):
>
> Jan 31 23:43:49 tigreraye kernel: [221461.300441] audit: type=1400
> audit(1485902629.062:6116995): apparmor="DENIED" operation="exec"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11779
> comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
> Jan 31 23:43:49 tigreraye kernel: [221461.301683] audit: type=1400
> audit(1485902629.062:6116996): apparmor="DENIED" operation="exec"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11780
> comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Yeah, it seems like the Oracle version of the JRE/JDK isn't authorized
in /etc/apparmor.d/abstractions/ubuntu-browsers.d/java. Even OpenJDK/JRE
8 isn't authorized. Both should be supported IMHO.
Thanks,
Simon
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid= ouid=
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm
I was able to reproduce the problem, but only using the flash plugin:
Jan 31 23:38:34 tigreraye kernel: [221147.141240] audit: type=1400
audit(1485902314.881:3406): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/org.chromium.CvbXEt" pid=11592 comm="plugin-containe"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Jan 31 23:38:34 tigreraye kernel: [221147.141263] audit: type=1400
audit(1485902314.881:3407): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/org.chromium.5Am9iK" pid=11592 comm="plugin-containe"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
I also tried the java plugin, but it does not use /dev/shm (it fails,
but for another reason):
Jan 31 23:43:49 tigreraye kernel: [221461.300441] audit: type=1400
audit(1485902629.062:6116995): apparmor="DENIED" operation="exec"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11779 comm="plugin-containe"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Jan 31 23:43:49 tigreraye kernel: [221461.301683] audit: type=1400
audit(1485902629.062:6116996): apparmor="DENIED" operation="exec"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11780 comm="plugin-containe"
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid= ouid=
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm
@Jean-Philippe, I use the Firefox profile extensively with some
additional local/ rules (LP: #1533232) but I never ran into a situation
where Firefox needed to access /dev/shm. Could you double check if you
still have those denial on a fully updated system? Thanks
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid= ouid=
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm
Patch available in
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid= ouid=
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: firefox (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid= ouid=
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
