Public bug reported: The firefox profile on utopic is resulting in denials like
[ 351.414861] audit: type=1400 audit(1412190024.478:83): apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505 comm="firefox" requested_mask="read" denied_mask="read" peer="/usr/bin /mediascanner-service-2.0" [ 351.414875] audit: type=1400 audit(1412190024.478:86): apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505 comm="firefox" requested_mask="read" denied_mask="read" peer="unconfined" This is most likely due to firefox scanning for information via /proc/<pid>/ which will result in a ptrace read permission request in the kernel atm I have locally added the rule* deny ptrace read peer=[^f][^i][^r][^e][^f][^o][^x], *my local firefox profile is patched to be named profile firefox /usr/lib/firefox/firefox{,*[^s][^h]} { instead of the default of using the attachment path as a name ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1376411 Title: Firefox profile resulting in ptrace read denials Status in “apparmor” package in Ubuntu: New Bug description: The firefox profile on utopic is resulting in denials like [ 351.414861] audit: type=1400 audit(1412190024.478:83): apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505 comm="firefox" requested_mask="read" denied_mask="read" peer="/usr/bin /mediascanner-service-2.0" [ 351.414875] audit: type=1400 audit(1412190024.478:86): apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505 comm="firefox" requested_mask="read" denied_mask="read" peer="unconfined" This is most likely due to firefox scanning for information via /proc/<pid>/ which will result in a ptrace read permission request in the kernel atm I have locally added the rule* deny ptrace read peer=[^f][^i][^r][^e][^f][^o][^x], *my local firefox profile is patched to be named profile firefox /usr/lib/firefox/firefox{,*[^s][^h]} { instead of the default of using the attachment path as a name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1376411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp