[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread Корбанов Динар 
i have installed linux mint on another comp and this time i enabled ff
apparmor profile before first run of ff.

now, i get also these messages, every time a page/url is opened/loaded:

Feb  3 18:40:24 dinar-Lenovo-G580 dbus-daemon[1307]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" path="/org/gtk/vfs/Daemon" 
interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" 
name=":1.6" pid=4668 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1368 
peer_label="unconfined"
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.097714] audit: type=1400 
audit(1580744424.242:117): apparmor="DENIED" operation="mkdir" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
name="/home/dinar/.cache/fontconfig/" pid=4668 comm=57656220436F6E74656E74 
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.097721] audit: type=1400 
audit(1580744424.242:118): apparmor="DENIED" operation="mkdir" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.fontconfig/" 
pid=4668 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" 
fsuid=1000 ouid=1000
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.162558] audit: type=1107 
audit(1580744424.306:119): pid=767 uid=103 auid=4294967295 ses=4294967295 
msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" 
path="/org/freedesktop/RealtimeKit1" 
interface="org.freedesktop.DBus.Properties" member="Get" mask="send" 
name="org.freedesktop.RealtimeKit1" pid=4668 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1521 
peer_label="unconfined"
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.162558]  
exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?'

on first run of firefox, there were, in addition to the above shown
types, this type:

Feb  3 18:06:58 dinar-Lenovo-G580 kernel: [ 2125.679905] audit:
type=1400 audit(1580742418.752:43): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.config/dconf/user" pid=3288 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

Status in firefox package in Ubuntu:
  New

Bug description:
  firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
  19.3.

  i see there is newer ubuntu version in
  
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
  , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
  apparmor.

  i have not found a page for firefox bugs in linux mint sites, so i
  belive i should report here. but i have also asked about that in linux
  mint's irc and then github.

  i have enabled apparmor for firefox and see these types of messages in
  syslog:

  Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
  [system] Activating via systemd: service
  name='org.freedesktop.hostname1' unit='dbus-
  org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
  pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")

  Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
  5525.077960] audit: type=1400 audit(1580226276.440:27):
  apparmor="DENIED" operation="capable"
  profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
  comm="firefox" capability=21  capname="sys_admin"

  Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
  5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
  uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
  operation="dbus_method_call"  bus="system"
  path="/org/freedesktop/RealtimeKit1"
  interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
  name="org.freedesktop.RealtimeKit1" pid=15948
  label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
  peer_label="unconfined"

  Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
  apparmor="DENIED" operation="dbus_method_call"  bus="session"
  path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
  member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
  label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
  peer_label="unconfined"

  Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
  apparmor="DENIED" operation="dbus_method_call"  bus="session"
  path="/org/gtk/Private/RemoteVolumeMonitor"
  interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
  mask="send" name=":1.35" pid=15948
  label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
  peer_label="unconfined"

  Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
  apparmor="DENIED" operation="dbus_method_call"  bus="session"
  path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
  member="ListMounts2" mask="send" name=":1.10" pid=15948

[Desktop-packages] [Bug 1861408] [NEW] firefox apparmor messages

2020-01-30 Thread Корбанов Динар 
Public bug reported:

firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.

i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor.

i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.

i have enabled apparmor for firefox and see these types of messages in
syslog:

Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")

Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960]
audit: type=1400 audit(1580226276.440:27): apparmor="DENIED"
operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
pid=15948 comm="firefox" capability=21  capname="sys_admin"

Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731]
audit: type=1107 audit(1580226277.832:28): pid=735 uid=103
auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call"  bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"

Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"

Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"

Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"

Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"

Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")

Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313]
audit: type=1107 audit(1580226288.143:34): pid=735 uid=103
auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call"  bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send"
name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=16177 peer_label="unconfined"

Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"

Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788]
audit: type=1400 audit(1580237490.777:123): apparmor="DENIED"
operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000

these appeared while saving a file:

Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1151]:
apparmor="DENIED" operation="dbus_method_call"  bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=1584
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1301
peer_label="unconfined"

Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  464.049675]
audit: type=1400 audit(1580371708.871:38): apparmor="DENIED"
operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"