Public bug reported:
When used with apparmor profile enforced, firefox will generate some
DENY logs. Some operations should be either allowed, or explicitely
denied to avoid logging. Luckily, these messages only happen on firefox
startup, so they don't flood the log.
1) vfs mounttracker
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMountableInfo" mask="send" name=":1.5" pid=3550
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3039
peer_label="unconfined"
2) .ICE-unix socket (?)
apparmor="DENIED" operation="connect"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=7383 comm="firefox"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive
connect" denied_mask="send connect" addr=none peer_addr="@/tmp/.ICE-
unix/3092" peer="unconfined"
It does not seem to have any impact, but maybe it's will in a use case
that's not mine...
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: firefox 36.0.1+build2-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-10.10-generic 3.19.2
Uname: Linux 3.19.0-10-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.16.2-0ubuntu4
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: franck 3208 F.... pulseaudio
BuildID: 20150306140302
Channel: Unavailable
CurrentDesktop: Unity
Date: Tue Mar 24 17:05:00 2015
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini
or extensions.sqlite)
InstallationDate: Installed on 2014-12-13 (100 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
IpRoute:
default via 10.0.0.1 dev eth0 proto static metric 1024
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.75
192.168.111.0/24 dev wlan0 proto kernel scope link src 192.168.111.8
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
Locales: extensions.sqlite corrupt or missing
Plugins:
IcedTea-Web Plugin (using IcedTea-Web 1.5.2 (1.5.2-1ubuntu2)) -
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so
(icedtea-7-plugin)
iTunes Application Detector -
/usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
(rhythmbox-mozilla)
PrefSources:
prefs.js
[Profile]/extensions/superst...@enjoyfreeware.org/defaults/preferences/defaults.js
Profiles: Profile0 (Default) - LastVersion=36.0.1/20150306140302 (In use)
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/14/2014
dmi.bios.vendor: LENOVO
dmi.bios.version: G7ETA0WW (2.60 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2353CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Defined
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias:
dmi:bvnLENOVO:bvrG7ETA0WW(2.60):bd05/14/2014:svnLENOVO:pn2353CTO:pvrThinkPadT430s:rvnLENOVO:rn2353CTO:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2353CTO
dmi.product.version: ThinkPad T430s
dmi.sys.vendor: LENOVO
http_proxy: http://localhost:8118/
no_proxy: localhost,127.0.0.0/8,::1
** Affects: firefox (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug vivid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1435952
Title:
Firefox apparmor profile generates DENY messages in logs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1435952/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
