for firefox 107.0.1 in linux mint 20.3 based on Ubuntu 20.04, when task
manager is opened, this rule is needed:
owner @{PROC}/[0-9]*/task/[0-9]*/comm r,
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
http
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad
Linux Mint 20.1 Ulyssa
Firefox 89.0
after update, i got ff 89, i have messages like this in syslog, on every
start of firefox:
Jun 20 15:24:23 dinar-Lenovo-G580 wpa_supplicant[680]: wlp2s0:
CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-80 noise=-95 txrate=43300
Jun 20 15:25:21 dinar-Lenovo-G580 kerne
** Branch linked: lp:~mozillateam/firefox/firefox-beta.groovy
** Branch linked: lp:~mozillateam/firefox/firefox-beta.focal
** Branch linked: lp:~mozillateam/firefox/firefox-beta.bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subsc
Updated again for Python 3.9:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.hirsute/revision/1489
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
** Branch linked: lp:firefox
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status i
messages, while starting firefox, after updating ubuntu to 20.10:
Jan 11 23:26:48 dinar-comp kernel: [ 181.634648] audit: type=1400
audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox"
name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r"
denied_mask="r"
This bug was fixed in the package firefox -
77.0.1+build1-0ubuntu0.20.04.1
---
firefox (77.0.1+build1-0ubuntu0.20.04.1) focal; urgency=medium
* New upstream stable release (77.0.1+build1)
* Minor fixes to the script that creates the source tarball for regressions
that were in
This bug was fixed in the package firefox -
77.0.1+build1-0ubuntu0.18.04.1
---
firefox (77.0.1+build1-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream stable release (77.0.1+build1)
* Minor fixes to the script that creates the source tarball for regressions
that were i
This bug was fixed in the package firefox -
77.0.1+build1-0ubuntu0.19.10.1
---
firefox (77.0.1+build1-0ubuntu0.19.10.1) eoan; urgency=medium
* New upstream stable release (77.0.1+build1)
* Minor fixes to the script that creates the source tarball for regressions
that were int
python message after update to ubuntu 20.04 :
May 29 08:54:00 dinar-comp kernel: [ 369.424679] audit: type=1400
audit(1590731640.601:54): apparmor="DENIED" operation="file_mmap" profile="fire
fox//lsb_release" name="/usr/bin/python3.8" pid=2939 comm="lsb_release"
requested_mask="r" denied_mask="
after update to 76.0.1, fontconfig messages started again to appear on every
page opening.
i added
deny @{HOME}/.{,cache/}fontconfig/** w,
to abstractions/fonts, reloaded profile, and that notifications stopped to
appear.
--
You received this bug notification because you are a member of Ubuntu
That commit/fix was only a small part of all that has been reported in
this bug, and that was an opportunistic fix. I don't plan on working on
the apparmor profile in the near future, unless some serious problem
with it is reported (which, unless I have misread, is not the case of
any of the commen
This bug was fixed in the package firefox - 76.0.1+build1-0ubuntu2
---
firefox (76.0.1+build1-0ubuntu2) groovy; urgency=medium
* Update apparmor profile to allow lsb_release to run with more recent
versions of Python 3 (LP: #1861408)
- debian/usr.bin.firefox.apparmor.14.10
Olivier, is the commit enough to consider the bug fix commited?
** Changed in: firefox (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bu
Thanks for that suggestion in comment #25 Динар, I committed the change
to the apparmor profile:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.groovy/revision/1388.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to a
** Branch linked: lp:firefox
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status i
** Branch linked: lp:~mozillateam/firefox/firefox.focal
** Branch linked: lp:~mozillateam/firefox/firefox.eoan
** Branch linked: lp:~mozillateam/firefox/firefox.bionic
** Branch linked: lp:~mozillateam/firefox/firefox.xenial
--
You received this bug notification because you are a member of Ubu
i said on feb 4:
"dbus_method_call messages still appear in logs, while saving. i do not know
why they are not reported by aa-notify."
i made this report on apparmor site on march 7:
https://gitlab.com/apparmor/apparmor/-/issues/81
"aa-notify does not show messages about dbus"
** Bug watch added:
i changed /usr/bin/python3.[0-6] mr, to /usr/bin/python3.[0-7] mr, and
the python message disappeared while starting firefox.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/
appeared when opening a file from a manually mounted partition:
May 6 14:59:12 dinar-comp kernel: [544099.237323] audit: type=1400
audit(1588766352.217:3081): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/run/user/1000/ICEauthority" pid=6886 comm="fire
appears when pressing ctrl+s:
Apr 17 17:13:48 dinar-comp kernel: [81128.012319] audit: type=1400
audit(1587132828.960:765): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/mount/utab" pid=4596
comm="firefox" requested_mask="r" denied_mask="r" fsuid=10
to
"
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
"
:
cboltz said in apparmor irc channel:
I'd recommend _not_ to allow writing to ~/.cache/fontconfig/ because apps could
in theory poison that cache
actually we recently (intentionally) removed write permissions in
abstractions/fonts
seems these are links to browse the profiles online:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.focal/view/head:/debian/usr.bin.firefox.apparmor.14.10
https://git.launchpad.net/apparmor/tree/profiles/apparmor.d/abstractions
--
You received this bug notification because you are a me
I can not speak to specifics but there are a lot of potential reason's a
packager (not firefox specific) might not be updating the profile.
- They don't use the profile / or maybe apparmor. (package
maintainership evolves and not everyone who might even be aware of it
without digging in)
- The au
what is ubuntu's policy for updating this profile? it looks like package
maintainers are not updating this profile on every package update. why?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.
i have reenabled the capability rules ans added these to them, also from
the chromium profile:
owner @{PROC}/@{pid}/setgroups w,
owner @{PROC}/@{pid}/uid_map w,
owner @{PROC}/@{pid}/gid_map w,
.
i have prepared dbus rules:
dbus send
bus=system
path=/org/freedesktop/RealtimeKi
message when switching to read mode:
Feb 26 13:13:13 dinar-HP-Pavilion-g7-Notebook-PC kernel: [64008.165294] audit:
type=1400 audit(1582711993.444:302): apparmor="DENIED" operation="exec"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/usr/bin/speech-dispatcher" pid=30443 comm=737065656368
On Mon, Feb 24, 2020 at 06:48:33AM -, dinar qurbanov wrote:
> after firefox restart these appeared:
>
> Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834]
> audit: type=1400 audit(1582525804.452:27): apparmor="DENIED"
> operation="open" profile="/usr/lib/firefox/firefox{,*
/ r,
/**/ r,
is not enough. because thumbnails are not shown. much better would be to use a
separate program as a helper application, while it can read all files but it is
very simple and can only open a file by gui mouse click, and cannot connect
internet.
--
You received this bug notificat
after firefox restart these appeared:
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834] audit:
type=1400 audit(1582525804.452:27): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1888/uid_map"
pid=1888 comm=495043204C61756E6368
also there are /sys/devices/system/cpu/ r,
/etc/firefox*/ r,
/etc/xulrunner-2.0*/ r,
/etc/gre.d/ r,
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
f
i have some questions and wishes about rules that are in the profile:
# so browsing directories works
/ r,
/**/ r,
what if comment these out and allow / and owner @{HOME}/** , instead of
these? does firefox need other directory listings? maybe i will try.
i see /usr/ r, /etc/ r, /opt/ r, @
i added these lines to ff profile:
#copied from abstractions/lightdm_chromium-browser
capability sys_admin, # for sandbox to change namespaces
capability sys_chroot, # fod sandbox to chroot to a safe directory
capability setgid, # for sandbox to drop privileges
capability setu
>At the moment we recommend granting the capability in the profile and
letting firefox setup its sandbox.
why do not ubuntu developers add it? (before they make it other way.)
>Unfortunately this means you can't guarantee the rest of the program
isn't doing things it shouldn't.
what it can do us
I should further note that this needs kernel patches to be fixed.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in appar
Firefox uses cap sys_admin to set up its sandbox, which is extremely
unfortunate but required on linux to be able to set up the
user_namespace, do the chroot etc. Current the LSM and user namespaces
don't interact as well as they should.
AppArmor can NOT properly determine the policy namespace tha
i asked about sys_admin capability and got some answers:
https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ
(i wanted to ask in firefox-dev mailing list but the dev-platform list
was said about as more appropriate).
--
You received this bug notification because you are a me
i have added these lines:
in /etc/apparmor.d/abstractions/gnome :
@{HOME}/.local/share/gvfs-metadata/** r,
in /etc/apparmor.d/abstractions/xdg-desktop :
owner @{HOME}/.cache/mesa_shader_cache/** rw,
and messages (i use aa-notify) when saving disappeared.
dbus_method_call messages still appear
i think
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 464.049675]
audit: type=1400 audit(1580371708.871:38): apparmor="DENIED"
operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool"
requested_mask="r" de
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
in /etc/apparmor.d/abstractions/fonts
and after profile replace, frequent messages stopped.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bu
i modified /etc/apparmor.d/abstractions/fonts by adding w to
owner @{HOME}/.{,cache/}fontconfig/ r,
and replaced ff apparmor profile with "sudo apparmor_parser -r -T -W
/etc/apparmor.d/usr.bin.firefox".
then i tried to open a page, and i got these:
Feb 3 21:26:26 dinar-Lenovo-G580 kernel: [140
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu)
** Also affects: firefox (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpa
43 matches
Mail list logo
