← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #108449

[Bug 1435952] [NEW] Firefox apparmor profile generates DENY messages in logs

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When used with apparmor profile enforced, firefox will generate some
DENY logs. Some operations should be either allowed, or explicitely
denied to avoid logging. Luckily, these messages only happen on firefox
startup, so they don't flood the log.

1) vfs mounttracker

apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMountableInfo" mask="send" name=":1.5" pid=3550
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3039
peer_label="unconfined"

2) .ICE-unix socket (?)

apparmor="DENIED" operation="connect"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=7383 comm="firefox"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive
connect" denied_mask="send connect" addr=none peer_addr="@/tmp/.ICE-
unix/3092" peer="unconfined"

It does not seem to have any impact, but maybe it's will in a use case
that's not mine...

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: firefox 36.0.1+build2-0ubuntu1
ProcVersionSignature: Ubuntu 3.19.0-10.10-generic 3.19.2
Uname: Linux 3.19.0-10-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.16.2-0ubuntu4
Architecture: amd64
AudioDevicesInUse:
 USER        PID ACCESS COMMAND
 /dev/snd/controlC0:  franck     3208 F.... pulseaudio
BuildID: 20150306140302
Channel: Unavailable
CurrentDesktop: Unity
Date: Tue Mar 24 17:05:00 2015
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2014-12-13 (100 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
IpRoute:
 default via 10.0.0.1 dev eth0  proto static  metric 1024 
 10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.75 
 192.168.111.0/24 dev wlan0  proto kernel  scope link  src 192.168.111.8 
 192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
Locales: extensions.sqlite corrupt or missing
Plugins:
 IcedTea-Web Plugin (using IcedTea-Web 1.5.2 (1.5.2-1ubuntu2)) - /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so (icedtea-7-plugin)
 iTunes Application Detector - /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so (rhythmbox-mozilla)
PrefSources:
 prefs.js
 [Profile]/extensions/superstart@xxxxxxxxxxxxxxxxx/defaults/preferences/defaults.js
Profiles: Profile0 (Default) - LastVersion=36.0.1/20150306140302 (In use)
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/14/2014
dmi.bios.vendor: LENOVO
dmi.bios.version: G7ETA0WW (2.60 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2353CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Defined
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG7ETA0WW(2.60):bd05/14/2014:svnLENOVO:pn2353CTO:pvrThinkPadT430s:rvnLENOVO:rn2353CTO:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2353CTO
dmi.product.version: ThinkPad T430s
dmi.sys.vendor: LENOVO
http_proxy: http://localhost:8118/
no_proxy: localhost,127.0.0.0/8,::1

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug vivid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1435952

Title:
  Firefox apparmor profile generates DENY messages in logs

Status in firefox package in Ubuntu:
  New

Bug description:
  When used with apparmor profile enforced, firefox will generate some
  DENY logs. Some operations should be either allowed, or explicitely
  denied to avoid logging. Luckily, these messages only happen on
  firefox startup, so they don't flood the log.

  1) vfs mounttracker

  apparmor="DENIED" operation="dbus_method_call"  bus="session"
  path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
  member="ListMountableInfo" mask="send" name=":1.5" pid=3550
  label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3039
  peer_label="unconfined"

  2) .ICE-unix socket (?)

  apparmor="DENIED" operation="connect"
  profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=7383 comm="firefox"
  family="unix" sock_type="stream" protocol=0 requested_mask="send
  receive connect" denied_mask="send connect" addr=none peer_addr="@/tmp
  /.ICE-unix/3092" peer="unconfined"

  It does not seem to have any impact, but maybe it's will in a use case
  that's not mine...

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: firefox 36.0.1+build2-0ubuntu1
  ProcVersionSignature: Ubuntu 3.19.0-10.10-generic 3.19.2
  Uname: Linux 3.19.0-10-generic x86_64
  AddonCompatCheckDisabled: False
  ApportVersion: 2.16.2-0ubuntu4
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  franck     3208 F.... pulseaudio
  BuildID: 20150306140302
  Channel: Unavailable
  CurrentDesktop: Unity
  Date: Tue Mar 24 17:05:00 2015
  Extensions: extensions.sqlite corrupt or missing
  ForcedLayersAccel: False
  IfupdownConfig:
   # interfaces(5) file used by ifup(8) and ifdown(8)
   auto lo
   iface lo inet loopback
  IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
  InstallationDate: Installed on 2014-12-13 (100 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
  IpRoute:
   default via 10.0.0.1 dev eth0  proto static  metric 1024 
   10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.75 
   192.168.111.0/24 dev wlan0  proto kernel  scope link  src 192.168.111.8 
   192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
  Locales: extensions.sqlite corrupt or missing
  Plugins:
   IcedTea-Web Plugin (using IcedTea-Web 1.5.2 (1.5.2-1ubuntu2)) - /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so (icedtea-7-plugin)
   iTunes Application Detector - /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so (rhythmbox-mozilla)
  PrefSources:
   prefs.js
   [Profile]/extensions/superstart@xxxxxxxxxxxxxxxxx/defaults/preferences/defaults.js
  Profiles: Profile0 (Default) - LastVersion=36.0.1/20150306140302 (In use)
  RunningIncompatibleAddons: False
  SourcePackage: firefox
  Themes: extensions.sqlite corrupt or missing
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 05/14/2014
  dmi.bios.vendor: LENOVO
  dmi.bios.version: G7ETA0WW (2.60 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 2353CTO
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Defined
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvrG7ETA0WW(2.60):bd05/14/2014:svnLENOVO:pn2353CTO:pvrThinkPadT430s:rvnLENOVO:rn2353CTO:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 2353CTO
  dmi.product.version: ThinkPad T430s
  dmi.sys.vendor: LENOVO
  http_proxy: http://localhost:8118/
  no_proxy: localhost,127.0.0.0/8,::1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1435952/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next