[Bug 611301] Re: apparmor denies firefox access to /etc/alternatives/mozilla-flashplugin

Wed, 04 Aug 2010 02:16:03 -0700 

Please note that there is no real issue I can observe as Firefox and
Flash work perfectly even when AA denies access to the symlink
/etc/alternatives/mozilla-flashplugin. The only observable thing I have
is a log message.

/etc/alternatives/mozilla-flashplugin is effectively a symlink on my
system :

r...@simon-laptop:~# dpkg -S /etc/alternatives/mozilla-flashplugin 
dpkg: /etc/alternatives/mozilla-flashplugin not found.
r...@simon-laptop:~# ls -l /etc/alternatives/mozilla-flashplugin 
lrwxrwxrwx 1 root root 48 2010-07-02 20:05 
/etc/alternatives/mozilla-flashplugin -> 
/usr/lib/flashplugin-installer/libflashplayer.so

The thing is only that I noticed that Firefox attempted to read the
symlink and that was generating a log in /var/log/kern.log. I tried
adding the file pointed to by the symlink to the AA profile but I still
have the issue.

/var/log/kern.log with the original AA profile :

Aug  4 10:45:08 simon-laptop kernel: [  101.546773] type=1400
audit(1280911508.321:55):  operation="getattr" pid=2205 parent=2201
profile="/usr/lib/firefox-3.6.8/firefox-*bin" name="/etc/alternatives
/mozilla-flashplugin" pid=2205 comm="firefox-bin" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0

When I reload the profile with "/etc/alternatives/mozilla-flashplugin
r," nothing is logged to /var/log/kern.log (except the profile reload).

When I reload with "/usr/lib/flashplugin-installer/libflashplayer.so
rm," (I used "rm" as other .so use that) :

Aug  4 10:53:17 simon-laptop kernel: [  590.648180] type=1400
audit(1280911997.422:67):  operation="getattr" pid=2501 parent=2497
profile="/usr/lib/firefox-3.6.8/firefox-*bin" name="/etc/alternatives
/mozilla-flashplugin" pid=2501 comm="firefox-bin" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0

Note: I quit Firefox before changing the AA profile, I reload the
profile (apparmor_parser -r /etc/apparmor.d/usr.bin.firefox) and start
Firefox on a Youtube page.

-- 
apparmor denies firefox access to /etc/alternatives/mozilla-flashplugin
https://bugs.launchpad.net/bugs/611301
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to