Your message dated Mon, 25 May 2020 12:58:51 +0200
with message-id <87367o9t78.fsf@manticora>
and subject line Re: Bug#908437: firefox: black screen if AppArmor blocks
/dev/shm/org.chromium.*
has caused the Debian Bug report #908437,
regarding firefox: black screen if AppArmor blocks /dev/shm/org.chromium.*
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
908437: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908437
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apparmor-profiles
Version: 2.13-8
Control: tags -1 patch
Control: affects -1 src:firefox src:firefox-esr
Firefox now uses /dev/shm in its multiprocess sandboxing. If AppArmor
blocks this (I was using a custom profile, but the packaged profile
appears to have the same problem), the Firefox window (both webpage area
and toolbars) is all-black.
This affects Firefox 60 but not 52, in stretch.
Fix: add these lines to the profile:
owner /dev/shm/org.chromium.* rwlk,
owner /dev/shm/org.mozilla.* rwlk,
(60 uses org.chromium.* , later uses org.mozilla.* :
https://hg.mozilla.org/mozilla-central/rev/83bab8cf29bf )
Reported elsewhere as
https://bugzilla.mozilla.org/show_bug.cgi?id=1334748
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1660031
(The additional permissions suggested in
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600
are *not* currently required to make Firefox work, and probably can't
enable the user-namespace-based sandboxing because
/proc/sys/kernel/unprivileged_userns_clone is off by default.)
--- End Message ---
--- Begin Message ---
Hi,
intrigeri (2018-09-10):
> as per the package description:
>
> These profiles are not mature enough to be shipped in enforce mode by
> default on Debian. They are shipped in complain mode so that users
> can test them, choose which are desired, and help improve them
> upstream if needed.
> ⇒ Please take this upstream. The preferred way nowadays is to open
> a merge request against https://gitlab.com/apparmor/apparmor-profiles
> (README is already updated in upstream Git, just not released/uploaded
> yet). Thanks in advance!
I'm closing this bug report as the affected file is included
in Debian solely so that interested users can more easily
test it and help improve it upstream.
In the next upload of apparmor, reportbug will make this clearer, in
case one attempts to submit a bug report against the apparmor-profiles
Debian package.
In the case at hand, the Firefox profile this bug report is about
comes from:
https://gitlab.com/apparmor/apparmor/-/tree/master/profiles/apparmor/profiles/extras
But there's another one there:
https://gitlab.com/apparmor/apparmor-profiles/-/tree/master/ubuntu/20.04
For additional background information, see:
https://bugs.debian.org/858174
Cheers!
--- End Message ---
