[Desktop-packages] [Bug 1288260] [NEW] firefox apparmor updates for trusty

Wed, 05 Mar 2014 06:05:53 -0800 

Public bug reported:

Attached is a patch to fix the apparmor syslog noise I see after
upgrading to trusty.  It follows the chromium apparmor profile in
terms of what to allow and deny.

--- ./usr.bin.firefox   2014-03-05 13:52:13.470886569 +0000
+++ /etc/apparmor.d/usr.bin.firefox     2014-03-05 13:56:42.640802391 +0000
@@ -38,7 +38,9 @@
   /etc/ r,
   /etc/mime.types r,
   /etc/mailcap r,
+  /etc/udev/udev.conf r,
   /etc/xdg/*buntu/applications/defaults.list    r, # for all derivatives
+  /sys/devices/pci[0-9]*/**/uevent r,
   /usr/share/xubuntu/applications/defaults.list r,
   owner @{HOME}/.local/share/applications/defaults.list r,
   owner @{HOME}/.local/share/applications/mimeapps.list r,
@@ -73,6 +75,9 @@
   # TODO: investigate
   deny /usr/bin/gconftool-2 x,
 
+  # This is requested, but doesn't seem to actually be needed so deny for now
+  deny /run/udev/data/** r,
+
   # These are needed when a new user starts firefox and firefox.sh is used
   @{MOZ_LIBDIR}/** ixr,
   /usr/bin/basename ixr,

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "Firefox apparmor profile updates for Trusty"
   
https://bugs.launchpad.net/bugs/1288260/+attachment/4008299/+files/firefox-apparmor-updates.diff

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1288260

Title:
  firefox apparmor updates for trusty

Status in “firefox” package in Ubuntu:
  New

Bug description:
  Attached is a patch to fix the apparmor syslog noise I see after
  upgrading to trusty.  It follows the chromium apparmor profile in
  terms of what to allow and deny.

  --- ./usr.bin.firefox 2014-03-05 13:52:13.470886569 +0000
  +++ /etc/apparmor.d/usr.bin.firefox   2014-03-05 13:56:42.640802391 +0000
  @@ -38,7 +38,9 @@
     /etc/ r,
     /etc/mime.types r,
     /etc/mailcap r,
  +  /etc/udev/udev.conf r,
     /etc/xdg/*buntu/applications/defaults.list    r, # for all derivatives
  +  /sys/devices/pci[0-9]*/**/uevent r,
     /usr/share/xubuntu/applications/defaults.list r,
     owner @{HOME}/.local/share/applications/defaults.list r,
     owner @{HOME}/.local/share/applications/mimeapps.list r,
  @@ -73,6 +75,9 @@
     # TODO: investigate
     deny /usr/bin/gconftool-2 x,
   
  +  # This is requested, but doesn't seem to actually be needed so deny for now
  +  deny /run/udev/data/** r,
  +
     # These are needed when a new user starts firefox and firefox.sh is used
     @{MOZ_LIBDIR}/** ixr,
     /usr/bin/basename ixr,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1288260/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to