On 2017-01-31 05:46 PM, Jean-Philippe Guérard wrote:
> I was able to reproduce the problem, but only using the flash plugin:
>
> Jan 31 23:38:34 tigreraye kernel: [221147.141240] audit: type=1400
> audit(1485902314.881:3406): apparmor="DENIED" operation="mknod"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/dev/shm/org.chromium.CvbXEt" pid=11592 comm="plugin-containe"
> requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
> Jan 31 23:38:34 tigreraye kernel: [221147.141263] audit: type=1400
> audit(1485902314.881:3407): apparmor="DENIED" operation="mknod"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/dev/shm/org.chromium.5Am9iK" pid=11592 comm="plugin-containe"
> requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Good, thanks for the additional information.
> I also tried the java plugin, but it does not use /dev/shm (it fails,
> but for another reason):
>
> Jan 31 23:43:49 tigreraye kernel: [221461.300441] audit: type=1400
> audit(1485902629.062:6116995): apparmor="DENIED" operation="exec"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11779
> comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
> Jan 31 23:43:49 tigreraye kernel: [221461.301683] audit: type=1400
> audit(1485902629.062:6116996): apparmor="DENIED" operation="exec"
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11780
> comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Yeah, it seems like the Oracle version of the JRE/JDK isn't authorized
in /etc/apparmor.d/abstractions/ubuntu-browsers.d/java. Even OpenJDK/JRE
8 isn't authorized. Both should be supported IMHO.
Thanks,
Simon
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1495248
Title:
usr.bin.firefox blocks /dev/shm
Status in firefox package in Ubuntu:
Confirmed
Bug description:
When apparmor is activated for Firefox, I get the following log
messages:
[28547.841769] audit: type=1400 audit(1442154214.608:109): apparmor="DENIED"
operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/shm/shmfd-mSnoHU" pid=7425 comm
="firefox" requested_mask="c" denied_mask="c" fsuid=1111 ouid=1111
Both /run/shm/shmfd-* and /var/run/shm/shmfd-* are allowed, but not
/dev/shm/shmfd-*.
Changing :
owner /{,var/}run/shm/shmfd-* rw,
To:
owner /{dev,{,var/}run}/shm/shmfd-* rw,
seems to fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1495248/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
