touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #22812
[Bug 1376411] Re: Firefox profile resulting in ptrace read denials
** Tags added: apparmor
** Package changed: apparmor (Ubuntu) => firefox (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1376411
Title:
Firefox profile resulting in ptrace read denials
Status in “firefox” package in Ubuntu:
New
Bug description:
The firefox profile on utopic is resulting in denials like
[ 351.414861] audit: type=1400 audit(1412190024.478:83):
apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505
comm="firefox" requested_mask="read" denied_mask="read" peer="/usr/bin
/mediascanner-service-2.0"
[ 351.414875] audit: type=1400 audit(1412190024.478:86):
apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505
comm="firefox" requested_mask="read" denied_mask="read"
peer="unconfined"
This is most likely due to firefox scanning for information via /proc/<pid>/
which will result in a ptrace read permission request in the kernel
atm I have locally added the rule*
deny ptrace read peer=[^f][^i][^r][^e][^f][^o][^x],
*my local firefox profile is patched to be named
profile firefox /usr/lib/firefox/firefox{,*[^s][^h]} {
instead of the default of using the attachment path as a name
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1376411/+subscriptions
References