Hello. I apologize, once again, for such a bad bug report, but I'm in a hurry (I just want to help, because there could be some issues with a new Firefox version - problems, that could appear after update. Just like in my case etc.) Anyway, there is a one entry in log files that makes me confused, because there is not so many informations that could help create a proper rule. Here is the log entry (appeared about 4, 5 times):
✗ apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/tmp/.X11-unix/X0" pid=4643 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 As I already mentioned, "abstractions/X" file contains rule related with "/tmp/.X11-unix/X0" and "connect" operation. However, there is also "type" and "peer" options (see report; last rule) - which is not in the log entry! So, it seems, that such rule is wrong... but Firefox started to work normally. Anyway, I would like to ask if there can/should be used something like this - instead of a rule in bug report: # Explicitly allow 'connect' unix permission unix (connect), (NOTE: chromium-browser profile also contains a few "unix" - but not with 'connect' option - and "capability" rules) What do you think? Which one solution is better: - use the last rule mentioned in bug report (please note, that there is "rw" access for "/tmp/.X11-unix/X0" socket because of 'requested{,denied}_mask'); - allow only 'connect' unix permission (see this post); Or maybe it should be only something like this? But that is just an idea. Crazy idea: /tmp/.X11-unix/X[0-9]* r, Thanks. I'm sorry once again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770600 Title: Firefox v60: does not work after updating, many "DENIED" log entries. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs