← Back to team overview

touch-packages team mailing list archive

[Bug 1376411] Re: Firefox profile resulting in ptrace read denials

 

** Tags added: apparmor

** Package changed: apparmor (Ubuntu) => firefox (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1376411

Title:
  Firefox profile resulting in ptrace read denials

Status in “firefox” package in Ubuntu:
  New

Bug description:
  The firefox profile on utopic is resulting in denials like

  [  351.414861] audit: type=1400 audit(1412190024.478:83):
  apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505
  comm="firefox" requested_mask="read" denied_mask="read" peer="/usr/bin
  /mediascanner-service-2.0"

  [  351.414875] audit: type=1400 audit(1412190024.478:86):
  apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505
  comm="firefox" requested_mask="read" denied_mask="read"
  peer="unconfined"

  
  This is most likely due to firefox scanning for information via /proc/<pid>/

  which will result in a ptrace read permission request in the kernel

  atm I have locally added the rule*
  deny ptrace read peer=[^f][^i][^r][^e][^f][^o][^x],

  *my local firefox profile is patched to be named
  profile firefox /usr/lib/firefox/firefox{,*[^s][^h]} {

  instead of the default of using the attachment path as a name

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1376411/+subscriptions


References