← Back to team overview

desktop-packages team mailing list archive

[Bug 1364305] Re: Wrong filename of firefox' apparmor profile

 

Symlinking (or hardlinking) usr.bin.firefox to usr.lib.firefox.firefox
does not work for me.

$ sudo aa-complain /usr/lib/firefox/firefox

Setting /usr/lib/firefox/firefox to complain mode.
Traceback (most recent call last):
  File "/usr/sbin/aa-complain", line 30, in <module>
    tool.cmd_complain()
  File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 178, in cmd_complain
    apparmor.set_complain(profile, program)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 267, in set_complain
    change_profile_flags(filename, program, 'complain', True)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 606, in change_profile_flags
    old_flags = get_profile_flags(filename, program)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 603, in get_profile_flags
    raise AppArmorException(_('%s contains no profile') % filename)
apparmor.common.AppArmorException: '/etc/apparmor.d/usr.lib.firefox.firefox contains no profile'


The culprit seems to be the regex trying to match /usr/lib/firefox/firefox but not /usr/lib/firefox/firefox.sh:

/usr/lib/firefox/firefox{,*[^s][^h]} {

Changing this to

/usr/lib/firefox/firefox {

allows apparmor to load the profile.


AppArmor Version: 2.8.95~2430-0ubuntu5

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1364305

Title:
  Wrong filename of firefox' apparmor profile

Status in “firefox” package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  the apparmor profile that comes with firefox can't be turned on and
  off with the regular command line tools because of it's wrong
  filename:

  
  # aa-complain /usr/bin/firefox
  Profile for /usr/lib/firefox/firefox.sh not found, skipping

  (because /usr/bin/firefox is a link)


   
  # aa-complain /usr/lib/firefox/firefox.sh
  Profile for /usr/lib/firefox/firefox.sh not found, skipping

  (because there is no /etc/apparmor.d/usr.lib.firefox.firefox.sh )



  # aa-complain /usr/lib/firefox/firefox
  Profile for /usr/lib/firefox/firefox not found, skipping

  (because there is no /etc/apparmor.d/usr.lib.firefox.firefox )

  
  so the armor profile has the name, that does not work, i.e. the name of a logical link instead of an executable. 


  It should have the name of the shell script and/or the name of the
  binary.


  regards

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: firefox 31.0+build1-0ubuntu0.14.04.1
  ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
  Uname: Linux 3.13.0-35-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  AddonCompatCheckDisabled: False
  ApportVersion: 2.14.1-0ubuntu3.3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  danisch    3540 F.... panel-11-mixer
                        danisch    3572 F.... pulseaudio
  BuildID: 20140715214327
  Channel: Unavailable
  CurrentDesktop: XFCE
  Date: Tue Sep  2 11:38:12 2014
  ForcedLayersAccel: False
  IncompatibleExtensions:
   Deutsch (DE) Language Pack - langpack-de@xxxxxxxxxxxxxxxxxxx
   English (GB) Language Pack - langpack-en-GB@xxxxxxxxxxxxxxxxxxx
   English (South Africa) Language Pack - langpack-en-ZA@xxxxxxxxxxxxxxxxxxx
   Default - {972ce4c6-7e08-4474-a285-3208198ce6fd}
  IpRoute:
   default via 192.168.103.254 dev em1 
   169.254.0.0/16 dev vlan0  scope link  metric 1000 
   192.168.100.0/22 dev em1  proto kernel  scope link  src 192.168.102.179 
   192.168.200.0/24 dev vlan0  proto kernel  scope link  src 192.168.200.1
  Plugins:
   Windows Media Player Plug-in - /usr/lib/mozilla/plugins/gecko-mediaplayer-wmp.so (gecko-mediaplayer)
   RealPlayer 9 - /usr/lib/mozilla/plugins/gecko-mediaplayer-rm.so (gecko-mediaplayer)
   QuickTime Plug-in 7.6.9 - /usr/lib/mozilla/plugins/gecko-mediaplayer-qt.so (gecko-mediaplayer)
   DivX Browser Plug-In - /usr/lib/mozilla/plugins/gecko-mediaplayer-dvx.so (gecko-mediaplayer)
   mplayerplug-in is now gecko-mediaplayer 1.0.8 - /usr/lib/mozilla/plugins/gecko-mediaplayer.so (gecko-mediaplayer)
  PrefSources:
   prefs.js
   [Profile]/extensions/{6AC85730-7D0F-4de0-B3FA-21142DD85326}/defaults/preferences/colorzilla.js
  Profiles: Profile0 (Default) - LastVersion=31.0/20140715214327 (In use)
  RfKill:
   
  RunningIncompatibleAddons: True
  SourcePackage: firefox
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/23/2012
  dmi.bios.vendor: Intel Corp.
  dmi.bios.version: KCH7710H.86A.0104.2012.1123.1027
  dmi.board.name: DH77DF
  dmi.board.vendor: Intel Corporation
  dmi.board.version: AAG40293-301
  dmi.chassis.type: 3
  dmi.modalias: dmi:bvnIntelCorp.:bvrKCH7710H.86A.0104.2012.1123.1027:bd11/23/2012:svn:pn:pvr:rvnIntelCorporation:rnDH77DF:rvrAAG40293-301:cvn:ct3:cvr:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1364305/+subscriptions