desktop-packages team mailing list archive

Thread
Date

[Bug 1376411] [NEW] Firefox profile resulting in ptrace read denials

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1376411@xxxxxxxxxxxxxxxxxx>
Date: Wed, 01 Oct 2014 19:45:09 -0000
Reply-to: Bug 1376411 <1376411@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

The firefox profile on utopic is resulting in denials like

[  351.414861] audit: type=1400 audit(1412190024.478:83):
apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505
comm="firefox" requested_mask="read" denied_mask="read" peer="/usr/bin
/mediascanner-service-2.0"

[  351.414875] audit: type=1400 audit(1412190024.478:86):
apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505
comm="firefox" requested_mask="read" denied_mask="read"
peer="unconfined"


This is most likely due to firefox scanning for information via /proc/<pid>/

which will result in a ptrace read permission request in the kernel

atm I have locally added the rule*
deny ptrace read peer=[^f][^i][^r][^e][^f][^o][^x],

*my local firefox profile is patched to be named
profile firefox /usr/lib/firefox/firefox{,*[^s][^h]} {

instead of the default of using the attachment path as a name

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apparmor
-- 
Firefox profile resulting in ptrace read denials
https://bugs.launchpad.net/bugs/1376411
You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu.