Please note that there is no real issue I can observe as Firefox and Flash work perfectly even when AA denies access to the symlink /etc/alternatives/mozilla-flashplugin. The only observable thing I have is a log message.
/etc/alternatives/mozilla-flashplugin is effectively a symlink on my system : r...@simon-laptop:~# dpkg -S /etc/alternatives/mozilla-flashplugin dpkg: /etc/alternatives/mozilla-flashplugin not found. r...@simon-laptop:~# ls -l /etc/alternatives/mozilla-flashplugin lrwxrwxrwx 1 root root 48 2010-07-02 20:05 /etc/alternatives/mozilla-flashplugin -> /usr/lib/flashplugin-installer/libflashplayer.so The thing is only that I noticed that Firefox attempted to read the symlink and that was generating a log in /var/log/kern.log. I tried adding the file pointed to by the symlink to the AA profile but I still have the issue. /var/log/kern.log with the original AA profile : Aug 4 10:45:08 simon-laptop kernel: [ 101.546773] type=1400 audit(1280911508.321:55): operation="getattr" pid=2205 parent=2201 profile="/usr/lib/firefox-3.6.8/firefox-*bin" name="/etc/alternatives /mozilla-flashplugin" pid=2205 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 When I reload the profile with "/etc/alternatives/mozilla-flashplugin r," nothing is logged to /var/log/kern.log (except the profile reload). When I reload with "/usr/lib/flashplugin-installer/libflashplayer.so rm," (I used "rm" as other .so use that) : Aug 4 10:53:17 simon-laptop kernel: [ 590.648180] type=1400 audit(1280911997.422:67): operation="getattr" pid=2501 parent=2497 profile="/usr/lib/firefox-3.6.8/firefox-*bin" name="/etc/alternatives /mozilla-flashplugin" pid=2501 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Note: I quit Firefox before changing the AA profile, I reload the profile (apparmor_parser -r /etc/apparmor.d/usr.bin.firefox) and start Firefox on a Youtube page. -- apparmor denies firefox access to /etc/alternatives/mozilla-flashplugin https://bugs.launchpad.net/bugs/611301 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs