Hi Today I've had a problem with a Firefox ver 50.0. (Yesterday everything was okay). None of the website was loaded, even when www address was entered by me - nothing was displayed. Some of the websites, for example, duckduck.go were... black. There was so many (about 50 and more) entries in the log files, such as /var/log/kern.log:
Nov 24 13:06:36 t4 kernel: [ 778.637504] type=1400 audit(1479989196.846:1735): apparmor="DENIED" operation="mknod" parent=3733 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/shm/org.chromium.4wF9YL" pid=3764 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 Nov 24 13:01:20 t4 kernel: [ 461.898790] type=1400 audit(1479988880.106:1697): apparmor="DENIED" operation="open" parent=3336 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/dev/nvidiactl" pid=3363 comm="firefox" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0 Everything seems to work OK in a new Firefox profile (created via `firefox -P` command). But browser started normally - not with a new profile - doesn't work and apparmor_status(8) command shows two entry related to a Firefox: /usr/lib/firefox/firefox{,*[^s][^h]} (3336) /usr/lib/firefox/firefox{,*[^s][^h]} (1144) I decided to add two rules to the profile - restart AppArmor via /etc/init.d/ - which seems to solve this problem: /dev/nvidiactl rw, /run/shm/org.chromium.* rw, Can you confirm if these rules are OK - I mean security etc. Can I leave them, or I should do it another way? What is yours opinions on this? Honestly, "/run/shm/org.chromium.*" entries I always saw only with a new Firefox profile - never with a "standard" browsing. Best regards.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor