[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
for firefox 107.0.1 in linux mint 20.3 based on Ubuntu 20.04, when task
manager is opened, this rule is needed:
owner @{PROC}/[0-9]*/task/[0-9]*/comm r,
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
Confirmed
Status in firefox package in Ubuntu:
Fix Released
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
Linux Mint 20.1 Ulyssa Firefox 89.0 after update, i got ff 89, i have messages like this in syslog, on every start of firefox: Jun 20 15:24:23 dinar-Lenovo-G580 wpa_supplicant[680]: wlp2s0: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-80 noise=-95 txrate=43300 Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.956789] audit: type=1400 audit(1624191921.071:165): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci:00/:00:1f.2/resource" pid=15814 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.956816] firefox[15814]: segfault at 0 ip 7ff585b5ad94 sp 7ffceca77710 error 6 in libxul.so[7ff582318000+5392000] Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.956822] Code: 00 e8 28 69 7c fc 50 80 3d f8 0b 4e 04 00 74 02 58 c3 c6 05 ed 0b 4e 04 01 48 8d 05 29 15 fc 02 48 8b 0d 47 36 3c 04 48 89 01 04 25 00 00 00 00 8b 01 00 00 e8 f4 68 7c fc 66 2e 0f 1f 84 00 Jun 20 15:25:21 dinar-Lenovo-G580 systemd[1]: Started Process Core Dump (PID 15815/UID 0). Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.998424] audit: type=1400 audit(1624191921.111:166): apparmor="DENIED" operation="open" profile="firefox" name="/run/user/1000/ICEauthority" pid=15809 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jun 20 15:25:21 dinar-Lenovo-G580 systemd-coredump[15816]: Process 15814 (firefox) of user 1000 dumped core.#012#012Stack trace of thread 15814:#012#0 0x7ff585b5ad94 n/a (libxul.so + 0x4185d94)#012#1 0x7ff58ca19a27 __run_exit_handlers (libc.so.6 + 0x49a27)#012#2 0x7ff58ca19be0 __GI_exit (libc.so.6 + 0x49be0)#012#3 0x7ff5816f6c45 n/a (libpci.so.3 + 0x3c45)#012#4 0x7ff5816fc308 n/a (libpci.so.3 + 0x9308)#012#5 0x7ff585b64054 n/a (libxul.so + 0x418f054)#012#6 0x7ff585b649db n/a (libxul.so + 0x418f9db)#012#7 0x7ff585b5a13e n/a (libxul.so + 0x418513e)#012#8 0x7ff585b60ae3 n/a (libxul.so + 0x418bae3)#012#9 0x7ff585b60ee0 n/a (libxul.so + 0x418bee0)#012#10 0x556820bc9113 n/a (firefox + 0xc113)#012#11 0x7ff58c9f70b3 __libc_start_main (libc.so.6 + 0x270b3)#012#12 0x556820bc8b6e _start (firefox + 0xbb6e) Jun 20 15:25:21 dinar-Lenovo-G580 systemd[1]: systemd-coredump@8-15815-0.service: Succeeded. Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22165.724715] audit: type=1400 audit(1624191921.839:167): apparmor="DENIED" operation="open" profile="firefox" name="/proc/15809/cgroup" pid=15809 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22165.862576] audit: type=1107 audit(1624191921.975:168): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15895 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22165.862576] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.090862] audit: type=1107 audit(1624191922.207:169): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15809 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.090862] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.676720] audit: type=1107 audit(1624191922.791:170): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15973 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.676720] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:23 dinar-Lenovo-G580 kernel: [22167.484270] audit: type=1107 audit(1624191923.599:171): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=16038 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:23 dinar-Lenovo-G580 kernel: [22167.484270] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:25 dinar-Lenovo-G580 kernel: [22169.310779] audit: type=1107 audit(1624191925.427:172): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system"
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
this appeared on libreoffice 6.4.6.2 on linux mint 20 (1:6.4.6-0ubuntu0.20.04.1): Feb 3 12:30:34 dinar-HP-Pavilion-g7-Notebook-PC kernel: [79901.149664] audit: type=1400 audit(1612344634.103:584): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/zoneinfo-icu/44/le/zoneinfo64.res" pid=43909 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 3 12:30:34 dinar-HP-Pavilion-g7-Notebook-PC kernel: [79901.149678] audit: type=1400 audit(1612344634.103:585): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/zoneinfo-icu/44/le/timezoneTypes.res" pid=43909 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
and Feb 3 18:05:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [83143.894148] audit: type=1400 audit(1612364711.925:597): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/proc/version" pid=45709 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
messages, while starting firefox, after updating ubuntu to 20.10:
Jan 11 23:26:48 dinar-comp kernel: [ 181.634648] audit: type=1400
audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox"
name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
Jan 11 23:26:48 dinar-comp kernel: [ 181.989310] audit: type=1400
audit(1610396808.831:45): apparmor="DENIED" operation="connect"
profile="firefox" name="/tmp/.X11-unix/X0" pid=2207 comm="MainThread"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
i added these rules:
@{PROC}/[0-9]*/cgroup r,
/tmp/.X11-unix/X0 w,
then, after enabling them and ff restart:
Jan 11 23:45:25 dinar-comp kernel: [ 1298.595946] audit: type=1400
audit(1610397925.435:79): apparmor="DENIED" operation="open"
profile="firefox" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us"
pid=2437 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
i added this rule:
/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Fix Released
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
[Desktop-packages] [Bug 1004829] Re: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all
mic connected to front is not working with this motherboard in ubuntu 20.04. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1004829 Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all Status in alsa-driver package in Ubuntu: Expired Bug description: Mic doesn't work on Ubuntu 12.04 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: alsa-base 1.0.25+dfsg-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16 Uname: Linux 3.2.0-24-generic x86_64 NonfreeKernelModules: nvidia AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 2.0.1-0ubuntu7 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: srinivas 2967 F pulseaudio /dev/snd/controlC0: srinivas 2967 F pulseaudio Card0.Amixer.info: Card hw:0 'SB'/'HDA ATI SB at 0xfe024000 irq 16' Mixer name : 'Realtek ALC887-VD' Components : 'HDA:10ec0887,1458a002,00100302' Controls : 42 Simple ctrls : 21 Card1.Amixer.info: Card hw:1 'NVidia'/'HDA NVidia at 0xfcffc000 irq 19' Mixer name : 'Nvidia GPU 0b HDMI/DP' Components : 'HDA:10de000b,10de0101,00100200' Controls : 24 Simple ctrls : 4 Date: Sat May 26 14:20:32 2012 InstallationMedia: Ubuntu-Server 11.10 "Oneiric Ocelot" - Release amd64 (20111011) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:SB failed Symptom_Card: Built-in Audio - HDA ATI SB Symptom_DevicesInUse: 2967 2967 srinivas F pulseaudio /dev/snd/controlC0: srinivas F pulseaudio Symptom_Jack: Pink Mic, Front Symptom_Type: No sound at all Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all UpgradeStatus: Upgraded to precise on 2012-04-27 (29 days ago) dmi.bios.date: 08/31/2010 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F10 dmi.board.name: GA-MA74GMT-S2 dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF10:bd08/31/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA74GMT-S2:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA74GMT-S2:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-MA74GMT-S2 dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1004829/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1004829] Re: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all
i think i should say: does not work. i cannot test that computer now. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1004829 Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all Status in alsa-driver package in Ubuntu: Expired Bug description: Mic doesn't work on Ubuntu 12.04 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: alsa-base 1.0.25+dfsg-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16 Uname: Linux 3.2.0-24-generic x86_64 NonfreeKernelModules: nvidia AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 2.0.1-0ubuntu7 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: srinivas 2967 F pulseaudio /dev/snd/controlC0: srinivas 2967 F pulseaudio Card0.Amixer.info: Card hw:0 'SB'/'HDA ATI SB at 0xfe024000 irq 16' Mixer name : 'Realtek ALC887-VD' Components : 'HDA:10ec0887,1458a002,00100302' Controls : 42 Simple ctrls : 21 Card1.Amixer.info: Card hw:1 'NVidia'/'HDA NVidia at 0xfcffc000 irq 19' Mixer name : 'Nvidia GPU 0b HDMI/DP' Components : 'HDA:10de000b,10de0101,00100200' Controls : 24 Simple ctrls : 4 Date: Sat May 26 14:20:32 2012 InstallationMedia: Ubuntu-Server 11.10 "Oneiric Ocelot" - Release amd64 (20111011) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:SB failed Symptom_Card: Built-in Audio - HDA ATI SB Symptom_DevicesInUse: 2967 2967 srinivas F pulseaudio /dev/snd/controlC0: srinivas F pulseaudio Symptom_Jack: Pink Mic, Front Symptom_Type: No sound at all Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all UpgradeStatus: Upgraded to precise on 2012-04-27 (29 days ago) dmi.bios.date: 08/31/2010 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F10 dmi.board.name: GA-MA74GMT-S2 dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF10:bd08/31/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA74GMT-S2:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA74GMT-S2:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-MA74GMT-S2 dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1004829/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
i modified it to this:
owner @{libo_user_dirs}/{,**/}lu??*.tmp rwk, #Temporary file
used when saving
and reloaded profile with this
sudo apparmor_parser -r -T -W
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
and the messages (of the last type) disappeared.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1863151
Title:
apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
Status in libreoffice package in Ubuntu:
New
Bug description:
i have reported 3 bugs for apparmor's libreoffice profile:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103
i am afraid i make too much bug reports, so i am going to write other reports
here, if they appear.
i have now seen this message:
Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit:
type=1400 audit(1581616585.668:272): apparmor="ALLOWED"
operation="open" profile="libreoffice-soffice"
name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
messages when opening a file:
several lines of type
Jul 8 09:28:31 dinar-comp kernel: [436272.154664] audit: type=1400
audit(1594189711.176:1784): apparmor="ALLOWED" operation="open" profile
="libreoffice-soffice" name= pid=194987 comm="pool-soffice"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
with file names in /home/dinar/Загрузки/ with different extensions,
which are not allowed for libreoffice. is it possible to hide this
messages with audit deny?
messages when saving a file:
Jul 8 09:29:25 dinar-comp kernel: [436326.363734] audit: type=1400
audit(1594189765.369:1806): apparmor="ALLOWED" operation="mknod"
profile="libreoffice-soffice"
name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70
pid=194987 comm="soffice.bin" requested_mask="c" denied_mask="c" fsuid=1000
ouid=1000
Jul 8 09:29:25 dinar-comp kernel: [436326.363772] audit: type=1400
audit(1594189765.369:1807): apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70
pid=194987 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc"
fsuid=1000 ouid=1000
Jul 8 09:29:25 dinar-comp kernel: [436326.364023] audit: type=1400
audit(1594189765.369:1808): apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
name=2F686F6D652F64696E61722FD097D0B0D0B3D180D183D0B7D0BAD0B82F6C75313934393837637A647636682E746D70
pid=194987 comm="soffice.bin" :
the code decoded is /home/dinar/Загрузки/lu194987czdv6h.tmp
there is this corresponding rule in
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin :
owner @{libo_user_dirs}/{,**/}lu??{,?}.tmp rwk, #Temporary file
used when saving
with man apparmor.d i see:
{ab,cd} will expand to one rule to match ab, one rule to match cd
so, the rule allows only 10 or 11 chars after lu, before dot, but there
is 12.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1863151
Title:
apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
Status in libreoffice package in Ubuntu:
New
Bug description:
i have reported 3 bugs for apparmor's libreoffice profile:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103
i am afraid i make too much bug reports, so i am going to write other reports
here, if they appear.
i have now seen this message:
Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit:
type=1400 audit(1581616585.668:272): apparmor="ALLOWED"
operation="open" profile="libreoffice-soffice"
name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
python message after update to ubuntu 20.04 :
May 29 08:54:00 dinar-comp kernel: [ 369.424679] audit: type=1400
audit(1590731640.601:54): apparmor="DENIED" operation="file_mmap" profile="fire
fox//lsb_release" name="/usr/bin/python3.8" pid=2939 comm="lsb_release"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
there are several places about python:
profile lsb_release {
...
#include
...
/usr/include/python2.[4567]/pyconfig.h r,
...
/usr/local/lib/python3.[0-6]/dist-packages/ r,
...
/usr/bin/python3.[0-7] mr,
...
}
i change this ones, this way:
/usr/local/lib/python3.[0-8]/dist-packages/ r,
/usr/bin/python3.[0-8] mr,
i look /etc/apparmor.d/abstractions/python and see that python versions
are already appreciated up to 3.9.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Triaged
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED"
[Desktop-packages] [Bug 1880512] [NEW] cups apparmor profile denied sys_nice
Public bug reported: May 24 17:02:54 dinar-comp kernel: [ 6432.118240] audit: type=1400 audit(1590328974.037:195): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=27786 comm="cups-browsed" capability=23 capname="sys_nice" this messages started to appear after upgrade ubuntu from 19.10 to 20.04. ** Affects: cups-filters (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups-filters in Ubuntu. https://bugs.launchpad.net/bugs/1880512 Title: cups apparmor profile denied sys_nice Status in cups-filters package in Ubuntu: New Bug description: May 24 17:02:54 dinar-comp kernel: [ 6432.118240] audit: type=1400 audit(1590328974.037:195): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=27786 comm="cups-browsed" capability=23 capname="sys_nice" this messages started to appear after upgrade ubuntu from 19.10 to 20.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups-filters/+bug/1880512/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
after update to 76.0.1, fontconfig messages started again to appear on every
page opening.
i added
deny @{HOME}/.{,cache/}fontconfig/** w,
to abstractions/fonts, reloaded profile, and that notifications stopped to
appear.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
Triaged
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i said on feb 4:
"dbus_method_call messages still appear in logs, while saving. i do not know
why they are not reported by aa-notify."
i made this report on apparmor site on march 7:
https://gitlab.com/apparmor/apparmor/-/issues/81
"aa-notify does not show messages about dbus"
** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #81
https://gitlab.com/apparmor/apparmor/-/issues/81
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i changed /usr/bin/python3.[0-6] mr, to /usr/bin/python3.[0-7] mr, and
the python message disappeared while starting firefox.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
these appeared while saving a file:
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
appeared when opening a file from a manually mounted partition:
May 6 14:59:12 dinar-comp kernel: [544099.237323] audit: type=1400
audit(1588766352.217:3081): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/run/user/1000/ICEauthority" pid=6886 comm="firefox" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
linux and firefox were upgraded, firefox profile file was changed, i copied new
changes to my file.
appeared when starting firefox after system upgrade and reboot:
except dbus messages:
May 9 15:00:47 dinar-comp kernel: [ 227.464788] audit: type=1400
audit(1589025647.896:44): apparmor="DENIED" operation="open" profile="firefox"
name="/run/user/1000/ICEauthority" pid=2086 comm="firefox" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
May 9 15:00:49 dinar-comp kernel: [ 229.423946] audit: type=1400
audit(1589025649.856:45): apparmor="DENIED" operation="file_mmap"
profile="firefox//lsb_release" name="/usr/bin/python3.7" pid=2115
comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
i have a local file pinned, and tabs are restored after restart, the
"/run/user/1000/ICEauthority" may be because of it. (as in the may 6
message above).
appear when pressing ctrl+o:
May 9 15:23:33 dinar-comp kernel: [ 1592.754371] audit: type=1400
audit(1589027013.231:63): apparmor="DENIED" operation="open" profile="firefox"
name="/home/dinar/.xsession-errors" pid=2086 comm="pool-firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
May 9 15:23:36 dinar-comp kernel: [ 1596.437062] audit: type=1400
audit(1589027016.916:65): apparmor="DENIED" operation="open" profile="firefox"
name="/run/mount/utab" pid=2086 comm="firefox" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
appears when pressing ctrl+s:
Apr 17 17:13:48 dinar-comp kernel: [81128.012319] audit: type=1400
audit(1587132828.960:765): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/mount/utab" pid=4596
comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
to
"
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
"
:
cboltz said in apparmor irc channel:
I'd recommend _not_ to allow writing to ~/.cache/fontconfig/ because apps could
in theory poison that cache
actually we recently (intentionally) removed write permissions in
abstractions/fonts
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Desktop-packages] [Bug 1863097] Re: apparmor messages for libreoffice about mesa
i added to usr.lib.libreoffice.program.soffice.bin:
/usr/share/drirc.d/*r,
owner @{HOME}/.cache/mesa_shader_cache/**rw,
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1863097
Title:
apparmor messages for libreoffice about mesa
Status in libreoffice package in Ubuntu:
New
Bug description:
i started today an empty libreoffice writer and see 5 messages of this
type:
Feb 13 15:33:04 dinar-Lenovo-G580 kernel: [14684.517380] audit:
type=1400 audit(1581597184.725:87): apparmor="ALLOWED"
operation="open" profile="libreoffice-soffice"
name="/usr/share/drirc.d/00-mesa-defaults.conf" pid=8830
comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
several days ago i started it by clicking a document, and together
with these messages there also was one this:
Feb 6 20:47:08 dinar-Lenovo-G580 kernel: [104275.544663] audit:
type=1400 audit(1581011228.808:876): apparmor="ALLOWED"
operation="open" profile="libreoffice-soffice"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=15667
comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
seems these are links to browse the profiles online:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.focal/view/head:/debian/usr.bin.firefox.apparmor.14.10
https://git.launchpad.net/apparmor/tree/profiles/apparmor.d/abstractions
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
[Desktop-packages] [Bug 669882] Re: nautilus unexpextedly changes modification time when moving files to other partition
this is also fixed in caja 1.22.2 (mate fork). -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/669882 Title: nautilus unexpextedly changes modification time when moving files to other partition Status in Nautilus: Confirmed Status in nautilus package in Ubuntu: Triaged Bug description: Binary package hint: nautilus if you move "myfolder" from /home/user/dir1/ to /home/user/dir2/ , last modification times of all files in myfolder are preserved, also all that modification times are preserved when folder is copied to other directory including directory un other partition, but, if you move "myfolder" to other partition, for example, target folder can be named /mnt/sdb7/dir3/ , all files in "myfolder" lose their last modification times, and get instead of them the moving time. To manage notifications about this bug go to: https://bugs.launchpad.net/nautilus/+bug/669882/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 669882] Re: nautilus unexpextedly changes modification time when moving files to other partition
this is fixed in nemo 4.4.2 (cinnamon fork). i am also going to check this in mate fork soon. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/669882 Title: nautilus unexpextedly changes modification time when moving files to other partition Status in Nautilus: Confirmed Status in nautilus package in Ubuntu: Triaged Bug description: Binary package hint: nautilus if you move "myfolder" from /home/user/dir1/ to /home/user/dir2/ , last modification times of all files in myfolder are preserved, also all that modification times are preserved when folder is copied to other directory including directory un other partition, but, if you move "myfolder" to other partition, for example, target folder can be named /mnt/sdb7/dir3/ , all files in "myfolder" lose their last modification times, and get instead of them the moving time. To manage notifications about this bug go to: https://bugs.launchpad.net/nautilus/+bug/669882/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
what is ubuntu's policy for updating this profile? it looks like package
maintainers are not updating this profile on every package update. why?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
these appeared
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i have reenabled the capability rules ans added these to them, also from
the chromium profile:
owner @{PROC}/@{pid}/setgroups w,
owner @{PROC}/@{pid}/uid_map w,
owner @{PROC}/@{pid}/gid_map w,
.
i have prepared dbus rules:
dbus send
bus=system
path=/org/freedesktop/RealtimeKit1
interface=org.freedesktop.DBus.Properties
member=Get
peer=(name=org.freedesktop.RealtimeKit1|label="/usr/lib/firefox/firefox{,*[^s][^h]}")
dbus send
bus=session
path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=ListMonitorImplementations
peer=(name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )
dbus send
bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor"
member="IsSupported"
peer=(name=":1.35" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )
dbus send
bus="session"
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="ListMounts2"
peer=( name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )
dbus send
bus="session"
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="LookupMount"
peer=( name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )
dbus send
bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties"
member="GetAll"
peer=( name=":1.120" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )
dbus send
bus="session"
path="/ca/desrt/dconf/Writer/user"
interface="ca.desrt.dconf.Writer"
member="Change"
peer=( name="ca.desrt.dconf" | label="/usr/lib/firefox/firefox{,*[^s][^h]}"
)
dbus receive
bus="session"
path="/ca/desrt/dconf/Writer/user"
interface="ca.desrt.dconf.Writer"
member="Notify"
peer=( name=":1.21" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )
please somebody correct them and say to which file they should be added.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
message when switching to read mode:
Feb 26 13:13:13 dinar-HP-Pavilion-g7-Notebook-PC kernel: [64008.165294] audit:
type=1400 audit(1582711993.444:302): apparmor="DENIED" operation="exec"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/usr/bin/speech-dispatcher" pid=30443 comm=7370656563686420696E6974
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
/ r,
/**/ r,
is not enough. because thumbnails are not shown. much better would be to use a
separate program as a helper application, while it can read all files but it is
very simple and can only open a file by gui mouse click, and cannot connect
internet.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
after firefox restart these appeared:
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834] audit:
type=1400 audit(1582525804.452:27): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1888/uid_map"
pid=1888 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w"
fsuid=1000 ouid=1000
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.934780] IPC
Launch #1[1888]: segfault at 0 ip 7fa9fe84808c sp 7fa9f0efa780 error 6
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.934798] Code:
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:06 dinar-HP-Pavilion-g7-Notebook-PC wpa_supplicant[826]: wlo1:
CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-85 noise=-95 txrate=14400
Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.016837] audit:
type=1400 audit(1582525810.536:28): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1926/uid_map"
pid=1926 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w"
fsuid=1000 ouid=1000
Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.017346] IPC
Launch #1[1926]: segfault at 0 ip 7fa9fe84808c sp 7fa9eb29d780 error 6
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.017359] Code:
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.895517] IPC
Launch #1[1973]: segfault at 0 ip 7fa9fe84808c sp 7fa9ea5a2780 error 6
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.895535] Code:
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.895594] audit:
type=1400 audit(1582525811.416:29): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1973/uid_map"
pid=1973 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w"
fsuid=1000 ouid=1000
Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 150.432287] IPC
Launch #1[1991]: segfault at 0 ip 7fa9fe84808c sp 7fa9fba7f780 error 6
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 150.432303] Code:
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 150.432405] audit:
type=1400 audit(1582525812.952:30): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1991/uid_map"
pid=1991 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w"
fsuid=1000 ouid=1000
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC wpa_supplicant[826]: wlo1:
CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-75 noise=-95 txrate=13000
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 152.373278] IPC
Launch #1[2012]: segfault at 0 ip 7fa9fe84808c sp 7fa9f6fd9780 error 6
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 152.373293] Code:
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 152.373325] audit:
type=1400 audit(1582525814.892:31): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2012/uid_map"
pid=2012 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w"
fsuid=1000 ouid=1000
and i have seen some suspicious things, for that i commented out those
capability rules.
also, there were problems, in addition to the new messages: firefox said
{ff has been updated, you must restart it} on every tab, if i open them,
and then after restarting, content of that tabs were lost. one of them
has put ubuntu.com at address bar, another become blank.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia ,
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
also there are /sys/devices/system/cpu/ r,
/etc/firefox*/ r,
/etc/xulrunner-2.0*/ r,
/etc/gre.d/ r,
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
these appeared while saving a file:
Jan 30 11:08:28
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i have some questions and wishes about rules that are in the profile:
# so browsing directories works
/ r,
/**/ r,
what if comment these out and allow / and owner @{HOME}/** , instead of
these? does firefox need other directory listings? maybe i will try.
i see /usr/ r, /etc/ r, /opt/ r, @{PROC}/ r, /usr/bin/ r, are already
allowed, why are these used? i would like to see there comments, in the
profile.
# Default profile allows downloads to ~/Downloads and uploads from ~/Public
owner @{HOME}/ r,
owner @{HOME}/Public/ r,
owner @{HOME}/Public/* r,
owner @{HOME}/Downloads/ r,
owner @{HOME}/Downloads/* rw,
are not you going to put there all language variants?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i added these lines to ff profile:
#copied from abstractions/lightdm_chromium-browser
capability sys_admin, # for sandbox to change namespaces
capability sys_chroot, # fod sandbox to chroot to a safe directory
capability setgid, # for sandbox to drop privileges
capability setuid, # for sandbox to drop privileges
capability sys_ptrace, # chromium needs this to keep track of itself
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
>At the moment we recommend granting the capability in the profile and
letting firefox setup its sandbox.
why do not ubuntu developers add it? (before they make it other way.)
>Unfortunately this means you can't guarantee the rest of the program
isn't doing things it shouldn't.
what it can do using this capability, without using any other additional
apparmor allow rules? can you give any examples?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i asked about sys_admin capability and got some answers:
https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ
(i wanted to ask in firefox-dev mailing list but the dev-platform list
was said about as more appropriate).
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
[Desktop-packages] [Bug 1863151] Re: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
i think that that means that apparmor profile lags behind libreoffice and should be updated. if it is by design, than there could be comments about that, and it is possible to remove the logs by "deny" keywords. that messages are bad because they use space in syslog making it harder to read, and they appear on desktop if aa-notify is used. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863151] [NEW] apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc
Public bug reported: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863151 Title: apparmor messages for libreoffice 1:6.0.7-0ubuntu0.18.04.10 etc Status in libreoffice package in Ubuntu: New Bug description: i have reported 3 bugs for apparmor's libreoffice profile: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097 https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103 i am afraid i make too much bug reports, so i am going to write other reports here, if they appear. i have now seen this message: Feb 13 20:56:25 dinar-Lenovo-G580 kernel: [29200.067772] audit: type=1400 audit(1581616585.668:272): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.config/dconf/user" pid=14211 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863151/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1863103] [NEW] apparmor messages for libreoffice-oopslash about /tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a...
Public bug reported: i opened libreoffice writer, then, after some time, clicked a document, to open it in libreoffice, and i see these messages in syslog: Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979570] audit: type=1400 audit(1581600289.824:108): apparmor="ALLOWED" operation="connect" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979578] audit: type=1400 audit(1581600289.824:109): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979581] audit: type=1400 audit(1581600289.824:110): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979781] audit: type=1400 audit(1581600289.828:111): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979786] audit: type=1400 audit(1581600289.828:112): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 also there was Feb 13 16:24:50 dinar-Lenovo-G580 kernel: [17789.649828] audit: type=1400 audit(1581600290.496:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.mozilla/firefox/sge95l3o.default/cert8.db" pid=8829 comm="soffice.bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 i reported about that type of message: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 . (but this time there is no request for key3.db). also there are messages about the opened document file itself, i am going to write a separate bug about that. ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863103 Title: apparmor messages for libreoffice-oopslash about /tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a... Status in libreoffice package in Ubuntu: New Bug description: i opened libreoffice writer, then, after some time, clicked a document, to open it in libreoffice, and i see these messages in syslog: Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979570] audit: type=1400 audit(1581600289.824:108): apparmor="ALLOWED" operation="connect" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979578] audit: type=1400 audit(1581600289.824:109): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979581] audit: type=1400 audit(1581600289.824:110): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979781] audit: type=1400 audit(1581600289.828:111): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979786] audit: type=1400 audit(1581600289.828:112): apparmor="ALLOWED" operation="file_perm" profile="libreoffice-oopslash" name="/tmp/OSL_PIPE_1000_SingleOfficeIPC_a0196a99a9a51821ceebe3195d43" pid=9969 comm="oosplash" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 also there was Feb 13 16:24:50 dinar-Lenovo-G580 kernel: [17789.649828] audit: type=1400 audit(1581600290.496:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.mozilla/firefox/sge95l3o.default/cert8.db" pid=8829 comm="soffice.bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 i reported about that type
[Desktop-packages] [Bug 1863097] [NEW] apparmor messages for libreoffice about mesa
Public bug reported: i started today an empty libreoffice writer and see 5 messages of this type: Feb 13 15:33:04 dinar-Lenovo-G580 kernel: [14684.517380] audit: type=1400 audit(1581597184.725:87): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/drirc.d/00-mesa- defaults.conf" pid=8830 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 several days ago i started it by clicking a document, and together with these messages there also was one this: Feb 6 20:47:08 dinar-Lenovo-G580 kernel: [104275.544663] audit: type=1400 audit(1581011228.808:876): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.cache/mesa_shader_cache/index" pid=15667 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New ** Description changed: i started today an empty libreoffice writer and see 5 messages of this type: Feb 13 15:33:04 dinar-Lenovo-G580 kernel: [14684.517380] audit: type=1400 audit(1581597184.725:87): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/drirc.d/00-mesa- defaults.conf" pid=8830 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 several days ago i started it by clicking a document, and together with these messages there also was one this: Feb 6 20:47:08 dinar-Lenovo-G580 kernel: [104275.544663] audit: type=1400 audit(1581011228.808:876): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.cache/mesa_shader_cache/index" pid=15667 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 - - on that time, there were also messages about firefox's files: - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331 . -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1863097 Title: apparmor messages for libreoffice about mesa Status in libreoffice package in Ubuntu: New Bug description: i started today an empty libreoffice writer and see 5 messages of this type: Feb 13 15:33:04 dinar-Lenovo-G580 kernel: [14684.517380] audit: type=1400 audit(1581597184.725:87): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/usr/share/drirc.d/00-mesa-defaults.conf" pid=8830 comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 several days ago i started it by clicking a document, and together with these messages there also was one this: Feb 6 20:47:08 dinar-Lenovo-G580 kernel: [104275.544663] audit: type=1400 audit(1581011228.808:876): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.cache/mesa_shader_cache/index" pid=15667 comm="soffice.bin" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1862331] Re: [upstream] mozilla cert8.db and key3.db are denied by apparmor
Feb 6 20:53:48 dinar-Lenovo-G580 kernel: [104675.599346] audit: type=1400 audit(1581011628.880:900): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.mozilla/firefox/sge95l3o.default/cert8.db" pid=16630 comm="soffice.bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 6 20:53:48 dinar-Lenovo-G580 kernel: [104675.600771] audit: type=1400 audit(1581011628.880:901): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice" name="/home/dinar/.mozilla/firefox/sge95l3o.default/key3.db" pid=16630 comm="soffice.bin" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1862331 Title: [upstream] mozilla cert8.db and key3.db are denied by apparmor Status in LibreOffice: Confirmed Status in libreoffice package in Ubuntu: New Bug description: libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages. i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https://bugs.documentfoundation.org/show_bug.cgi?id=119811 , https://weekly-geekly.github.io/articles/357692/index.html . do you agree with this? then there should be allow rule, i think. if you do not, then should be a comment and / or deny rule. does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions. i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords. i think this pages also can be helpful: https://stackoverflow.com/questions/45126738/what-is-cert8-db-and-key3 -db-file , https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil , these are found by googling "cert8.db key3.db". this also can be helpful: https://en.wikipedia.org/wiki/Public_key_certificate . To manage notifications about this bug go to: https://bugs.launchpad.net/df-libreoffice/+bug/1862331/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1862331] [NEW] mozilla cert8.db and key3.db are denied by apparmor
Public bug reported: libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages. i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https://bugs.documentfoundation.org/show_bug.cgi?id=119811 , https://weekly-geekly.github.io/articles/357692/index.html . do you agree with this? then there should be allow rule, i think. if you do not, then should be a comment and / or deny rule. does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions. i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords. i think this pages also can be helpful: https://stackoverflow.com/questions/45126738/what-is-cert8-db-and-key3 -db-file , https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil , these are found by googling "cert8.db key3.db". this also can be helpful: https://en.wikipedia.org/wiki/Public_key_certificate . ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1862331 Title: mozilla cert8.db and key3.db are denied by apparmor Status in libreoffice package in Ubuntu: New Bug description: libreoffice accesses firefox's cert8.db and key3.db, i have found this from apparmor log messages. i googled "libreoffice cert8.db key3.db" and have found out that seems libreoffice does this by design. see https://bugs.documentfoundation.org/show_bug.cgi?id=119811 , https://weekly-geekly.github.io/articles/357692/index.html . do you agree with this? then there should be allow rule, i think. if you do not, then should be a comment and / or deny rule. does libreoffice really need write access to these files? i think it can potentially add some bad certificates, and some sites would have verified sign then, while user has not added it to exceptions. i think if user have not secured his master password, it can be considered it is ok if some app can access his passwords. i think this pages also can be helpful: https://stackoverflow.com/questions/45126738/what-is-cert8-db-and-key3 -db-file , https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil , these are found by googling "cert8.db key3.db". this also can be helpful: https://en.wikipedia.org/wiki/Public_key_certificate . To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i have added these lines:
in /etc/apparmor.d/abstractions/gnome :
@{HOME}/.local/share/gvfs-metadata/** r,
in /etc/apparmor.d/abstractions/xdg-desktop :
owner @{HOME}/.cache/mesa_shader_cache/** rw,
and messages (i use aa-notify) when saving disappeared.
dbus_method_call messages still appear in logs, while saving. i do not
know why they are not reported by aa-notify.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i think
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 464.049675]
audit: type=1400 audit(1580371708.871:38): apparmor="DENIED"
operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
message, which appear while saving files, was caused by my edition. i am
sorry.
i edited /etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files
this way:
i commented out
@{HOME}/** r,
owner @{HOME}/** w,
and have added
@{HOME}/Общедоступные/** r,
owner @{HOME}/Загрузки/** rwk,
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
in /etc/apparmor.d/abstractions/fonts
and after profile replace, frequent messages stopped.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
these appeared
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i modified /etc/apparmor.d/abstractions/fonts by adding w to
owner @{HOME}/.{,cache/}fontconfig/ r,
and replaced ff apparmor profile with "sudo apparmor_parser -r -T -W
/etc/apparmor.d/usr.bin.firefox".
then i tried to open a page, and i got these:
Feb 3 21:26:26 dinar-Lenovo-G580 kernel: [14092.695137] audit:
type=1400 audit(1580754386.268:292): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/fontconfig/CACHEDIR.TAG.TMP-ZjyBns" pid=8547
comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c"
fsuid=1000 ouid=1000
Feb 3 21:26:26 dinar-Lenovo-G580 kernel: [14092.695143] audit:
type=1400 audit(1580754386.268:293): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/fontconfig/a41116dafaf8b233ac2c61cb73f2ea5f-
le64.cache-7.TMP-6nwuBp" pid=8547 comm=57656220436F6E74656E74
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120"
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu)
** Also affects: firefox (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in apparmor package in Ubuntu:
New
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties" member="GetAll"
mask="send" name=":1.120" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177
peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer"
member="Change" mask="send" name="ca.desrt.dconf" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370
peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel:
[10131.880788] audit: type=1400 audit(1580237490.777:123):
apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000
ouid=1000
these appeared while
[Desktop-packages] [Bug 1861408] Re: firefox apparmor messages
i have simplified all of these messages, i hope this is helpful:
sys_admin
dbus_method_call path="/org/freedesktop/RealtimeKit1" member="Get"
name="org.freedesktop.RealtimeKit1"
dbus_method_call path="/org/gtk/vfs/Daemon" member="ListMonitorImplementations"
dbus_method_call path="/org/gtk/Private/RemoteVolumeMonitor"
member="IsSupported"
dbus_method_call path="/org/gtk/vfs/mounttracker" member="ListMounts2"
dbus_method_call member="LookupMount"
dbus_method_call path="/org/freedesktop/hostname1" member="GetAll"
dbus_method_call path="/ca/desrt/dconf/Writer/user" member="Change"
name="ca.desrt.dconf"
open name="/home/dinar/.cache/mesa_shader_cache/index" requested_mask="wrc"
denied_mask="wrc"
open name="/home/dinar/.local/share/gvfs-metadata/home" requested_mask="r"
denied_mask="r"
dbus_signal path="/ca/desrt/dconf/Writer/user"
interface="ca.desrt.dconf.Writer" member="Notify"
mkdir name="/home/dinar/.cache/fontconfig/" requested_mask="c" denied_mask="c"
mkdir name="/home/dinar/fontconfig/" requested_mask="c" denied_mask="c"
open name="/home/dinar/.config/dconf/user" requested_mask="r" denied_mask="r"
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
Status in firefox package in Ubuntu:
New
Bug description:
firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint
19.3.
i see there is newer ubuntu version in
https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox
, 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for
apparmor.
i have not found a page for firefox bugs in linux mint sites, so i
belive i should report here. but i have also asked about that in linux
mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in
syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000
pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5525.077960] audit: type=1400 audit(1580226276.440:27):
apparmor="DENIED" operation="capable"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948
comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
path="/org/freedesktop/RealtimeKit1"
interface="org.freedesktop.DBus.Properties" member="Get" mask="send"
name="org.freedesktop.RealtimeKit1" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon"
member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported"
mask="send" name=":1.35" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="ListMounts2" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
apparmor="DENIED" operation="dbus_method_call" bus="session"
path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
member="LookupMount" mask="send" name=":1.10" pid=15948
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262
peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]:
[system] Activating via systemd: service
name='org.freedesktop.hostname1' unit='dbus-
org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000
pid=15948 comm="/usr/lib/firefox/firefox "
label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [
5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735
uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED"
operation="dbus_method_call" bus="system"
