It seems there are lots of apparmor-related issues with Firefox from ppa:mozillateam, see bug #2080768 (apparmor profile: allow gio-launch- desktop) or bug #2083064 (Firefox package built by Canonical should properly remove all of the AppArmor configuration files) for example.
Firefox packages from https://packages.mozilla.org/apt does't include /etc/apparmor.d/usr.bin.firefox profile and removes existing file in debian/post* or pre* scripts. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/2073094 Title: Firefox's AppArmor profile issues (MPRIS) Status in firefox package in Ubuntu: Confirmed Status in firefox package in Baltix: New Bug description: Hi, I am using Firefox from “Mozilla Team” team PPA (https://launchpad.net/~mozillateam/+archive/ubuntu/ppa) and have several issues - described below - with AppArmor profile. == 0 ==> lsb_release -rd No LSB modules are available. Description: Ubuntu 24.04 LTS Release: 24.04 == 0 ==> apt-cache policy firefox firefox: Installed: 128.0+build2-0ubuntu0.24.04.1~mt1 Candidate: 128.0+build2-0ubuntu0.24.04.1~mt1 I was setting up my hardware media keys on my keyboard / Bluetooth headset (MPRIS) with firefox when I saw lot of apparmor related error message in journal log of systemd. Some highlights of these errors: - apparmor denied: IdleMonitor/Core - apparmor denied: ReleaseName - apparmor denied: mpris functionality, so I could not use media keys on my keyboard and/or Bluetooth headset. The "Control media via keyboard, headset, or virtual interface" option was enabled in firefox. I tried to use aa-logprof (from apparmor package) to fix the issues (and installed auditd additionally because aa-logprof can not handle systemd journal files as far as I know), but coould not, because aa- logprof failed to start complaining about duplicate firefox profile. And indeed, firefox package (what I installed) has usr.bin.firefox file included in the package where the profile name is "firefox" and apparmor package also has a file called just firefox with a profile name in it: "firefox". So, I decided to add a "usr.bin.firefox" file into the /etc/apparmor.d/local/ directory and edited that file. I have attached this file as it contains the systemd jouornal error messages as well and those rules(?) that fixed the MPRIS functionality (and other error messages). I also modified the /etc/apparmor.d/usr.bin.firefox file as root in order to include the local profile I have created as it was not enabled by default in the apparmor profile file in firefox package. My modification: # Site-specific additions and overrides. See local/README for details. # Attila - 20240712 - Enable with "if exists" local modifications include if exists <local/usr.bin.firefox> I am not sure this is the right way to fix the mentioned issues, but the hardware keys on my keyboard/headset now can control the playback in firefox. Regards, Attila To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/2073094/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
