[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
Has anyone observed any undesirable behavior from Firefox when access to these mount-related DBus services is denied? It's not clear to me why Firefox is even calling these in the first place, and given that mounts can include NFS servers and the like, I'd just as soon deny this access if there's no good reason for it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553712 Title: usr.bin.firefox apparmor profile blocks access to mounttracker To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
** This bug is no longer a duplicate of bug 1533232 missing many apparmor rules on Xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553712 Title: usr.bin.firefox apparmor profile blocks access to mounttracker To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
*** This bug is a duplicate of bug 1533232 *** https://bugs.launchpad.net/bugs/1533232 @Jean-Philippe, most if not all the rules are covered in the proposed rule addition in LP: #1533232 @Thomas, I just added the dbus session receive Mounted member to the same LP, thanks. Marking as duplicate now. ** This bug has been marked a duplicate of bug 1533232 missing many apparmor rules on Xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553712 Title: usr.bin.firefox apparmor profile blocks access to mounttracker To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
Also catched a "receive", which is part of VERSION 6 of the patch.
Jan 30 12:45:21 lat61 dbus[3005]: apparmor="DENIED"
operation="dbus_signal" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="Mounted" name=":1.8"
mask="receive" pid=836 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=3101 peer_label="unconfined"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1553712
Title:
usr.bin.firefox apparmor profile blocks access to mounttracker
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
A patch which might fix this issue, too, is available at 1659988. https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988 Everyone affected, please give it a try and report back. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553712 Title: usr.bin.firefox apparmor profile blocks access to mounttracker To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: firefox (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553712 Title: usr.bin.firefox apparmor profile blocks access to mounttracker To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
** Description changed:
When I launch Firefox with apparmor enabled, I get the following errors:
Mar 6 13:21:19 tigreraye dbus[2570]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send"
name=":1.46" pid=6604 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=2781 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.71" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4327 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Mar 6 18:47:12 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List" mask="send"
name=":1.76" pid=13082 label="/usr/lib/firefox/firMar 6 19:31:11 tigreraye
dbus[4030]: apparmor="DENIED" operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:32:10 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeAdded"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
efox{,*[^s][^h]}" peer_pid=4333 peer_label="unconfined"
Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountPreUnmount"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountRemoved"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:43:25 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeRemoved"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:43:28 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveDisconnected"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:43:35 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveConnected"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:53:42 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountAdded"
name=":1.49"
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
** Description changed:
When I launch Firefox with apparmor enabled, I get the following errors:
Mar 6 13:21:19 tigreraye dbus[2570]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send"
name=":1.46" pid=6604 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=2781 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.71" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4327 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Mar 6 18:47:12 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List" mask="send"
name=":1.76" pid=13082 label="/usr/lib/firefox/firMar 6 19:31:11 tigreraye
dbus[4030]: apparmor="DENIED" operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Mar 6 19:32:10 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeAdded"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
efox{,*[^s][^h]}" peer_pid=4333 peer_label="unconfined"
-
+ Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountPreUnmount"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:43:24 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="MountRemoved"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:43:25 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeRemoved"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:43:28 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveDisconnected"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:43:35 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveConnected"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
Adding the following lines to the apparmor profile fixes the issue:
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo",
dbus send bus=session
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
** Description changed:
When I launch Firefox with apparmor enabled, I get the following errors:
Mar 6 13:21:19 tigreraye dbus[2570]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send"
name=":1.46" pid=6604 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=2781 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.71" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4327 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
- Mar 6 18:47:12 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List" mask="send"
name=":1.76" pid=13082 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4333 peer_label="unconfined"
+ Mar 6 18:47:12 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List" mask="send"
name=":1.76" pid=13082 label="/usr/lib/firefox/firMar 6 19:31:11 tigreraye
dbus[4030]: apparmor="DENIED" operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveChanged"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ Mar 6 19:32:10 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_signal" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeAdded"
name=":1.49" mask="receive" pid=13082
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4246
peer_label="unconfined"
+ efox{,*[^s][^h]}" peer_pid=4333 peer_label="unconfined"
+
Adding the following lines to the apparmor profile fixes the issue:
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo",
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts",
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount",
+
dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported",
dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List",
+ dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="DriveChanged",
+ dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="VolumeAdded",
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1553712
Title:
usr.bin.firefox apparmor profile blocks access to mounttracker
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
** Description changed:
When I launch Firefox with apparmor enabled, I get the following errors:
Mar 6 13:21:19 tigreraye dbus[2570]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send"
name=":1.46" pid=6604 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=2781 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.71" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4327 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
+ Mar 6 18:47:12 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List" mask="send"
name=":1.76" pid=13082 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4333 peer_label="unconfined"
Adding the following lines to the apparmor profile fixes the issue:
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo",
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts",
dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount",
dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported",
+ dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="List",
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1553712
Title:
usr.bin.firefox apparmor profile blocks access to mounttracker
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1553712] Re: usr.bin.firefox apparmor profile blocks access to mounttracker
** Description changed:
- When I launch Firefox with apparmor enabled, I get the following error:
+ When I launch Firefox with apparmor enabled, I get the following errors:
- Mar 6 11:03:27 tigreraye dbus[4663]: apparmor="DENIED"
- operation="dbus_method_call" bus="session"
- path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
- member="ListMountableInfo" mask="send" name=":1.42" pid=11860
- label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=4834
- peer_label="unconfined"
+ Mar 6 13:21:19 tigreraye dbus[2570]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send"
name=":1.46" pid=6604 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=2781 peer_label="unconfined"
+ Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.71" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4327 peer_label="unconfined"
+ Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
+ Mar 6 17:31:04 tigreraye dbus[4030]: apparmor="DENIED"
operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send"
name=":1.43" pid=4480 label="/usr/lib/firefox/firefox{,*[^s][^h]}"
peer_pid=4206 peer_label="unconfined"
Adding the following lines to the apparmor profile fixes the issue:
- dbus send bus=session path="/org/gtk/vfs/mounttracker"
- interface="org.gtk.vfs.MountTracker" member="ListMountableInfo",
+ dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMountableInfo",
+ dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="ListMounts",
+ dbus send bus=session path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker" member="LookupMount",
+ dbus send bus=session path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported",
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1553712
Title:
usr.bin.firefox apparmor profile blocks access to mounttracker
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1553712/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
