desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #129178
[Bug 1403050] Re: Firefox profile denied messages with google hangouts
In thinking about this, I don't think the firefox profile should be
changed but instead we should add something to
/etc/apparmor.d/abstractions/ubuntu-browsers.d/. In theory, we could add
policy to 'multimedia', but perhaps it makes sense to add a new
abstraction.
These appear to be the rules that are needed:
/dev/video[0-9]* rw,
/sys/devices/**/video4linux/** r,
owner /run/shm/google-* rw,
/opt/google/talkplugin/** r,
owner @{HOME}/.config/google-googletalkplugin/ rw,
owner @{HOME}/.config/google-googletalkplugin/** rwk,
unix bind type=dgram addr=@google-nacl*,
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu)
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1403050
Title:
Firefox profile denied messages with google hangouts
Status in apparmor package in Ubuntu:
Triaged
Bug description:
Hi,
I am using apparmor on trusty, with the firefox profile in enforce
mode.
I have just tried hangouts for the first time under the profile, and
there are two DENIED:
Dec 16 12:36:31 superstar kernel: [191033.672376] type=1400
audit(1418733391.061:436): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/dev/video0"
pid=19492 comm="GoogleTalkPlugi" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0
Which means that it thinks I have no webcam. I don't know if this should be allowed or not. I'd prefer to enable
my webcam in a hangout, but I can see an argument for denying this to firefox.
Dec 16 12:36:37 superstar kernel: [191039.824064] type=1400
audit(1418733397.217:440): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/shm/google-
nacl-shm--19492.3" pid=19492 comm="GoogleTalkPlugi" requested_mask="c"
denied_mask="c" fsuid=1000 ouid=1000
I assume this is something to do with NaCl. I haven't noticed anything
that is broken by this.
Thanks,
James
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor 2.8.95~2430-0ubuntu5.1
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Dec 16 12:58:32 2014
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.13.0-43-generic root=/dev/mapper/hostname--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1403050/+subscriptions