[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Solved it for me by editing /etc/apparmor.d/usr.bin.firefox on XSE
(Debian- & Xubutnu 18.04 LTS-based distro):
# per-user firefox configuration
#...
owner @{HOME}/.{firefox,mozilla}/**/gmp-widevinecdm/*/lib*so m,
That solved the problem when using Mz Firefox 100.0 (64-bit) and widevine
4.10.2449.0
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
> these can be added fairly soon.
> https://gitlab.com/apparmor/apparmor/-/merge_requests/684
>
> though that is just landing it upstream and I am not sure when the
> next ubuntu upload will be
At least on 20.04, the profile comes from the firefox package, not the
apparmor one:
$ dpkg -S /etc/apparmor.d/usr.bin.firefox
firefox: /etc/apparmor.d/usr.bin.firefox
Maybe I'm missing something?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit:
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
> The second rule allows firefox to load and run code from that location.
> But doesn't allow firefox to write to it. So if there is malware [...]
That's correct for the added rule, but the profile also has
owner @{HOME}/.{firefox,mozilla}/** rw,
which means firefox _can_ write to that location.
However, this doesn't make the new rule for @{HOME}/.mozilla/firefox
/*/gmp-widevinecdm/*/lib*so m, too bad because the profile also allows m
for plugins already.
owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
which already allows to run code from more writeable locations.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
If someone does not have a subscription on netflix.com, it is also
possible to test Widevine without subscription on spotify.com.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16192
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
I got it working by adding the 2 lines at the end of the
/etc/apparmor.d/usr.bin.firefox just before the closing brack "}".
Without these lines, I had to use another workaround by disabling
Apparmor completely on Firefox with a command like "sudo aa-complain
/usr/lib/firefox/firefox" or using the official Firefox binary from
Mozilla instead of the Ubuntu package.
I saw Daniel wrote "this is not a great way of working (malware could
write to that location and then load in code)" but do you have an idea
how to make it more secure?
When will the fix be added officially to the Firefox Apparmor profile?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Yes, this fixed it for me, too, but I couldn't get it to work, just on
the explanation above. Here's a little more detail. Follow the
instructions at:
https://forums.linuxmint.com/viewtopic.php?t=295649#p1644426
Worked on Firefox Quantum 69.0 (64-bit) on Ubuntu 18.04.3 LTS bionic.
Now I can watch the Great Courses and other movies on Kanopy for free
through my local library account. Yay! Only 6 hours after my first
attempt, LOL.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16192
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Arrgh... this is not a great way of working (malware could write to that
location and then load in code), but as it is what we've got, I've added
the rule to a forthcoming Firefox profile update.
Incidentally, Olivier, if you've got a line on who's responsible for the
Firefox profile there, it would be very helpful. The profile is no
longer maintained by the AppArmor folks, and I'm not sure of a better
place to send an update aside from here.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
And I can confirm that the additions to firefox's apparmor profile
suggested by Seth in comment #1 fix the crash of the CDM.
** Changed in: firefox (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
As far as I know firefox downloads and unpacks the widevine CDM in the
user's profile directory when it is needed to watch DRM-protected
videos. This is unlike chrome/chromium that install the widevine so
system-wide.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Confirmed
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
I think we're going to need more information on how this plugin got in
there in the first place. Being able to map a library in a user-writable
directory doesn't sound terribly safe...
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Thanks! I won't claim to understand what that change did, but adding
the two lines as requested does seem to resolve the issue. I opened up
Netflix and was able to watch, without the crash, and there wasn't any
new entries in syslog.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
Hello Xav, thanks for the bug report.
Can you try adding some AppArmor rules to the firefox profile? I suspect
this may require a few iterations to find all the issues:
ptrace (trace) peer=@{profile_name},
@{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/lib*so m,
You can add these lines to the 'main body' of
/etc/apparmor.d/usr.bin.firefox and reload the profile with
apparmor_parser --replace /etc/apparmor.d/usr.bin.firefox
Then try again and see what else is broken.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
[Touch-packages] [Bug 1777070] Re: firefox plugin libwidevinecdm.so crashes due to apparmor denial
** Tags added: bionic
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
Ubuntu 18.04, Firefox 60.0.1+build2-0ubuntu0.18.04.1
Running firefix, then going to netflix.com and attempting to play a
movie. The widevinecdm plugin crashes, the following is found in
syslog:
Jun 15 19:13:22 xplt kernel: [301351.553043] audit: type=1400
audit(1529046802.585:246): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16118 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:22 xplt kernel: [301351.553236] audit: type=1400
audit(1529046802.585:247): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:22 xplt kernel: [301351.553259] plugin-containe[16118]: segfault
at 0 ip 7fcdfdaa76af sp 7ffc1ff03e28 error 6 in
libxul.so[7fcdfb77a000+6111000]
Jun 15 19:13:22 xplt snmpd[2334]: error on subcontainer 'ia_addr' insert (-1)
Jun 15 19:13:22 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:24 xplt kernel: [301353.960182] audit: type=1400
audit(1529046804.994:248): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16135 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:24 xplt kernel: [301353.960373] audit: type=1400
audit(1529046804.994:249): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:24 xplt kernel: [301353.960398] plugin-containe[16135]: segfault
at 0 ip 7fe3b57f46af sp 7ffe6dc0b488 error 6 in
libxul.so[7fe3b34c7000+6111000]
Jun 15 19:13:28 xplt kernel: [301357.859177] audit: type=1400
audit(1529046808.895:250): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16139 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:28 xplt kernel: [301357.859328] audit: type=1400
audit(1529046808.895:251): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:28 xplt kernel: [301357.859349] plugin-containe[16139]: segfault
at 0 ip 7fcf32ae06af sp 7ffeb8a136c8 error 6 in
libxul.so[7fcf307b3000+6111000]
Jun 15 19:13:25 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ERROR block_reap:328:
[hamster] bad exit code 1
Jun 15 19:13:29 xplt /usr/lib/gdm3/gdm-x-session[6549]: ###!!!
[Parent][MessageChannel::Call] Error: Channel error: cannot send/recv
Jun 15 19:13:29 xplt kernel: [301358.227635] audit: type=1400
audit(1529046809.263:252): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16188 comm="plugin-containe" requested_mask="m" denied_mask="m" fsuid=1000
ouid=1000
Jun 15 19:13:29 xplt kernel: [301358.227811] audit: type=1400
audit(1529046809.263:253): apparmor="DENIED" operation="ptrace"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=24714 comm="firefox"
requested_mask="trace" denied_mask="trace"
peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
Jun 15 19:13:29 xplt kernel: [301358.227844] plugin-containe[16188]: segfault
at 0 ip 7fe5667c66af sp 7fffe8cc0da8 error 6 in
libxul.so[7fe564499000+6111000]
Jun 15 19:13:31 xplt kernel: [301360.574177] audit: type=1400
audit(1529046811.608:254): apparmor="DENIED" operation="file_mmap"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/xav/.mozilla/firefox/wiavokxk.default-1510977878171/gmp-widevinecdm/1.4.8.1008/libwidevinecdm.so"
pid=16192 comm="plugin-containe" requested_mask="m" denied_mask="m"
