[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
for firefox 107.0.1 in linux mint 20.3 based on Ubuntu 20.04, when task manager is opened, this rule is needed: owner @{PROC}/[0-9]*/task/[0-9]*/comm r, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: Confirmed Status in firefox package in Ubuntu: Fix Released Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
Linux Mint 20.1 Ulyssa Firefox 89.0 after update, i got ff 89, i have messages like this in syslog, on every start of firefox: Jun 20 15:24:23 dinar-Lenovo-G580 wpa_supplicant[680]: wlp2s0: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-80 noise=-95 txrate=43300 Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.956789] audit: type=1400 audit(1624191921.071:165): apparmor="DENIED" operation="open" profile="firefox" name="/sys/devices/pci:00/:00:1f.2/resource" pid=15814 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.956816] firefox[15814]: segfault at 0 ip 7ff585b5ad94 sp 7ffceca77710 error 6 in libxul.so[7ff582318000+5392000] Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.956822] Code: 00 e8 28 69 7c fc 50 80 3d f8 0b 4e 04 00 74 02 58 c3 c6 05 ed 0b 4e 04 01 48 8d 05 29 15 fc 02 48 8b 0d 47 36 3c 04 48 89 01 04 25 00 00 00 00 8b 01 00 00 e8 f4 68 7c fc 66 2e 0f 1f 84 00 Jun 20 15:25:21 dinar-Lenovo-G580 systemd[1]: Started Process Core Dump (PID 15815/UID 0). Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22164.998424] audit: type=1400 audit(1624191921.111:166): apparmor="DENIED" operation="open" profile="firefox" name="/run/user/1000/ICEauthority" pid=15809 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jun 20 15:25:21 dinar-Lenovo-G580 systemd-coredump[15816]: Process 15814 (firefox) of user 1000 dumped core.#012#012Stack trace of thread 15814:#012#0 0x7ff585b5ad94 n/a (libxul.so + 0x4185d94)#012#1 0x7ff58ca19a27 __run_exit_handlers (libc.so.6 + 0x49a27)#012#2 0x7ff58ca19be0 __GI_exit (libc.so.6 + 0x49be0)#012#3 0x7ff5816f6c45 n/a (libpci.so.3 + 0x3c45)#012#4 0x7ff5816fc308 n/a (libpci.so.3 + 0x9308)#012#5 0x7ff585b64054 n/a (libxul.so + 0x418f054)#012#6 0x7ff585b649db n/a (libxul.so + 0x418f9db)#012#7 0x7ff585b5a13e n/a (libxul.so + 0x418513e)#012#8 0x7ff585b60ae3 n/a (libxul.so + 0x418bae3)#012#9 0x7ff585b60ee0 n/a (libxul.so + 0x418bee0)#012#10 0x556820bc9113 n/a (firefox + 0xc113)#012#11 0x7ff58c9f70b3 __libc_start_main (libc.so.6 + 0x270b3)#012#12 0x556820bc8b6e _start (firefox + 0xbb6e) Jun 20 15:25:21 dinar-Lenovo-G580 systemd[1]: systemd-coredump@8-15815-0.service: Succeeded. Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22165.724715] audit: type=1400 audit(1624191921.839:167): apparmor="DENIED" operation="open" profile="firefox" name="/proc/15809/cgroup" pid=15809 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22165.862576] audit: type=1107 audit(1624191921.975:168): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15895 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:21 dinar-Lenovo-G580 kernel: [22165.862576] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.090862] audit: type=1107 audit(1624191922.207:169): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15809 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.090862] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.676720] audit: type=1107 audit(1624191922.791:170): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15973 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:22 dinar-Lenovo-G580 kernel: [22166.676720] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:23 dinar-Lenovo-G580 kernel: [22167.484270] audit: type=1107 audit(1624191923.599:171): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=16038 label="firefox" peer_pid=978 peer_label="unconfined" Jun 20 15:25:23 dinar-Lenovo-G580 kernel: [22167.484270] exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?' Jun 20 15:25:25 dinar-Lenovo-G580 kernel: [22169.310779] audit: type=1107 audit(1624191925.427:172): pid=657 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
messages, while starting firefox, after updating ubuntu to 20.10: Jan 11 23:26:48 dinar-comp kernel: [ 181.634648] audit: type=1400 audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 11 23:26:48 dinar-comp kernel: [ 181.989310] audit: type=1400 audit(1610396808.831:45): apparmor="DENIED" operation="connect" profile="firefox" name="/tmp/.X11-unix/X0" pid=2207 comm="MainThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 i added these rules: @{PROC}/[0-9]*/cgroup r, /tmp/.X11-unix/X0 w, then, after enabling them and ff restart: Jan 11 23:45:25 dinar-comp kernel: [ 1298.595946] audit: type=1400 audit(1610397925.435:79): apparmor="DENIED" operation="open" profile="firefox" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us" pid=2437 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 i added this rule: /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: Fix Released Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1"
[Touch-packages] [Bug 1004829] Re: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all
mic connected to front is not working with this motherboard in ubuntu 20.04. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1004829 Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all Status in alsa-driver package in Ubuntu: Expired Bug description: Mic doesn't work on Ubuntu 12.04 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: alsa-base 1.0.25+dfsg-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16 Uname: Linux 3.2.0-24-generic x86_64 NonfreeKernelModules: nvidia AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 2.0.1-0ubuntu7 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: srinivas 2967 F pulseaudio /dev/snd/controlC0: srinivas 2967 F pulseaudio Card0.Amixer.info: Card hw:0 'SB'/'HDA ATI SB at 0xfe024000 irq 16' Mixer name : 'Realtek ALC887-VD' Components : 'HDA:10ec0887,1458a002,00100302' Controls : 42 Simple ctrls : 21 Card1.Amixer.info: Card hw:1 'NVidia'/'HDA NVidia at 0xfcffc000 irq 19' Mixer name : 'Nvidia GPU 0b HDMI/DP' Components : 'HDA:10de000b,10de0101,00100200' Controls : 24 Simple ctrls : 4 Date: Sat May 26 14:20:32 2012 InstallationMedia: Ubuntu-Server 11.10 "Oneiric Ocelot" - Release amd64 (20111011) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:SB failed Symptom_Card: Built-in Audio - HDA ATI SB Symptom_DevicesInUse: 2967 2967 srinivas F pulseaudio /dev/snd/controlC0: srinivas F pulseaudio Symptom_Jack: Pink Mic, Front Symptom_Type: No sound at all Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all UpgradeStatus: Upgraded to precise on 2012-04-27 (29 days ago) dmi.bios.date: 08/31/2010 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F10 dmi.board.name: GA-MA74GMT-S2 dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF10:bd08/31/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA74GMT-S2:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA74GMT-S2:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-MA74GMT-S2 dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1004829/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1004829] Re: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all
i think i should say: does not work. i cannot test that computer now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1004829 Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all Status in alsa-driver package in Ubuntu: Expired Bug description: Mic doesn't work on Ubuntu 12.04 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: alsa-base 1.0.25+dfsg-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16 Uname: Linux 3.2.0-24-generic x86_64 NonfreeKernelModules: nvidia AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24. ApportVersion: 2.0.1-0ubuntu7 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: srinivas 2967 F pulseaudio /dev/snd/controlC0: srinivas 2967 F pulseaudio Card0.Amixer.info: Card hw:0 'SB'/'HDA ATI SB at 0xfe024000 irq 16' Mixer name : 'Realtek ALC887-VD' Components : 'HDA:10ec0887,1458a002,00100302' Controls : 42 Simple ctrls : 21 Card1.Amixer.info: Card hw:1 'NVidia'/'HDA NVidia at 0xfcffc000 irq 19' Mixer name : 'Nvidia GPU 0b HDMI/DP' Components : 'HDA:10de000b,10de0101,00100200' Controls : 24 Simple ctrls : 4 Date: Sat May 26 14:20:32 2012 InstallationMedia: Ubuntu-Server 11.10 "Oneiric Ocelot" - Release amd64 (20111011) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:SB failed Symptom_Card: Built-in Audio - HDA ATI SB Symptom_DevicesInUse: 2967 2967 srinivas F pulseaudio /dev/snd/controlC0: srinivas F pulseaudio Symptom_Jack: Pink Mic, Front Symptom_Type: No sound at all Title: [GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at all UpgradeStatus: Upgraded to precise on 2012-04-27 (29 days ago) dmi.bios.date: 08/31/2010 dmi.bios.vendor: Award Software International, Inc. dmi.bios.version: F10 dmi.board.name: GA-MA74GMT-S2 dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.chassis.type: 3 dmi.chassis.vendor: Gigabyte Technology Co., Ltd. dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF10:bd08/31/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA74GMT-S2:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA74GMT-S2:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr: dmi.product.name: GA-MA74GMT-S2 dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1004829/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
python message after update to ubuntu 20.04 : May 29 08:54:00 dinar-comp kernel: [ 369.424679] audit: type=1400 audit(1590731640.601:54): apparmor="DENIED" operation="file_mmap" profile="fire fox//lsb_release" name="/usr/bin/python3.8" pid=2939 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 there are several places about python: profile lsb_release { ... #include ... /usr/include/python2.[4567]/pyconfig.h r, ... /usr/local/lib/python3.[0-6]/dist-packages/ r, ... /usr/bin/python3.[0-7] mr, ... } i change this ones, this way: /usr/local/lib/python3.[0-8]/dist-packages/ r, /usr/bin/python3.[0-8] mr, i look /etc/apparmor.d/abstractions/python and see that python versions are already appreciated up to 3.9. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: Triaged Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]:
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
after update to 76.0.1, fontconfig messages started again to appear on every page opening. i added deny @{HOME}/.{,cache/}fontconfig/** w, to abstractions/fonts, reloaded profile, and that notifications stopped to appear. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: Triaged Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i said on feb 4: "dbus_method_call messages still appear in logs, while saving. i do not know why they are not reported by aa-notify." i made this report on apparmor site on march 7: https://gitlab.com/apparmor/apparmor/-/issues/81 "aa-notify does not show messages about dbus" ** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #81 https://gitlab.com/apparmor/apparmor/-/issues/81 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i changed /usr/bin/python3.[0-6] mr, to /usr/bin/python3.[0-7] mr, and the python message disappeared while starting firefox. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 these appeared while
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
appeared when opening a file from a manually mounted partition: May 6 14:59:12 dinar-comp kernel: [544099.237323] audit: type=1400 audit(1588766352.217:3081): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/user/1000/ICEauthority" pid=6886 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 linux and firefox were upgraded, firefox profile file was changed, i copied new changes to my file. appeared when starting firefox after system upgrade and reboot: except dbus messages: May 9 15:00:47 dinar-comp kernel: [ 227.464788] audit: type=1400 audit(1589025647.896:44): apparmor="DENIED" operation="open" profile="firefox" name="/run/user/1000/ICEauthority" pid=2086 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 May 9 15:00:49 dinar-comp kernel: [ 229.423946] audit: type=1400 audit(1589025649.856:45): apparmor="DENIED" operation="file_mmap" profile="firefox//lsb_release" name="/usr/bin/python3.7" pid=2115 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 i have a local file pinned, and tabs are restored after restart, the "/run/user/1000/ICEauthority" may be because of it. (as in the may 6 message above). appear when pressing ctrl+o: May 9 15:23:33 dinar-comp kernel: [ 1592.754371] audit: type=1400 audit(1589027013.231:63): apparmor="DENIED" operation="open" profile="firefox" name="/home/dinar/.xsession-errors" pid=2086 comm="pool-firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 May 9 15:23:36 dinar-comp kernel: [ 1596.437062] audit: type=1400 audit(1589027016.916:65): apparmor="DENIED" operation="open" profile="firefox" name="/run/mount/utab" pid=2086 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
appears when pressing ctrl+s: Apr 17 17:13:48 dinar-comp kernel: [81128.012319] audit: type=1400 audit(1587132828.960:765): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/mount/utab" pid=4596 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
to " i added w to owner @{HOME}/.{,cache/}fontconfig/** mrl, " : cboltz said in apparmor irc channel: I'd recommend _not_ to allow writing to ~/.cache/fontconfig/ because apps could in theory poison that cache actually we recently (intentionally) removed write permissions in abstractions/fonts -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open"
[Touch-packages] [Bug 1872983] [NEW] in netcat-openbsd manpage, port argument description is not good
Public bug reported: in netcat-openbsd manpage, port argument description is not good. it is this: "port can be a specified as a numeric port number, or as a service name. Ports may be specified in a range of the form nn-mm. In general, a destination port must be specified, unless the -U option is given." why this is not good: really, the port argument also is used as source port: while using "nc -l 1234". this "nc -l 1234" is an example from the manpage in "CLIENT/SERVER MODEL" section, which is immediately after the port argument description. and this command works correctly. (while connecting from other computer with nc IPaddressHere 1234, it works, and in that case i think it is destination port, and thus source port for the command on first laptop. it must be source port on first comp, because a process must listen on a specific source port, they do not usually listen on all ports, as i know from my experience... unless it is something like tcpdump, and such programs run with root permission, while netcat runs with non-root permission... and it is because processes should not access to listening ports of other processes... ) the text "In general, a destination port must be specified, unless the -U option is given." is not good, because it says "must" and says "in general", and it is hard to disambiguate this. it can be understood as "in general" refers to the all cases except the "unless the -U option is given". in that way of understanding, it means that if the -U option is not given, it must be source port only. but really it is not so. so, "in general" does not refer to the all cases except the "unless the -U option is given". it just means, that destination port is more usually used in this place. but this way of understanding is also hard to accept, because the usage, the intention of the extra word "must" becomes not understood. it is extra, because it can be said shorter: "a destination port is specified", or it can be said with less of the fierce: "a destination port should be specified". ** Affects: netcat-openbsd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to netcat-openbsd in Ubuntu. https://bugs.launchpad.net/bugs/1872983 Title: in netcat-openbsd manpage, port argument description is not good Status in netcat-openbsd package in Ubuntu: New Bug description: in netcat-openbsd manpage, port argument description is not good. it is this: "port can be a specified as a numeric port number, or as a service name. Ports may be specified in a range of the form nn-mm. In general, a destination port must be specified, unless the -U option is given." why this is not good: really, the port argument also is used as source port: while using "nc -l 1234". this "nc -l 1234" is an example from the manpage in "CLIENT/SERVER MODEL" section, which is immediately after the port argument description. and this command works correctly. (while connecting from other computer with nc IPaddressHere 1234, it works, and in that case i think it is destination port, and thus source port for the command on first laptop. it must be source port on first comp, because a process must listen on a specific source port, they do not usually listen on all ports, as i know from my experience... unless it is something like tcpdump, and such programs run with root permission, while netcat runs with non-root permission... and it is because processes should not access to listening ports of other processes... ) the text "In general, a destination port must be specified, unless the -U option is given." is not good, because it says "must" and says "in general", and it is hard to disambiguate this. it can be understood as "in general" refers to the all cases except the "unless the -U option is given". in that way of understanding, it means that if the -U option is not given, it must be source port only. but really it is not so. so, "in general" does not refer to the all cases except the "unless the -U option is given". it just means, that destination port is more usually used in this place. but this way of understanding is also hard to accept, because the usage, the intention of the extra word "must" becomes not understood. it is extra, because it can be said shorter: "a destination port is specified", or it can be said with less of the fierce: "a destination port should be specified". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/netcat-openbsd/+bug/1872983/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
seems these are links to browse the profiles online: https://bazaar.launchpad.net/~mozillateam/firefox/firefox.focal/view/head:/debian/usr.bin.firefox.apparmor.14.10 https://git.launchpad.net/apparmor/tree/profiles/apparmor.d/abstractions -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
what is ubuntu's policy for updating this profile? it looks like package maintainers are not updating this profile on every package update. why? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 these
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i have reenabled the capability rules ans added these to them, also from the chromium profile: owner @{PROC}/@{pid}/setgroups w, owner @{PROC}/@{pid}/uid_map w, owner @{PROC}/@{pid}/gid_map w, . i have prepared dbus rules: dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties member=Get peer=(name=org.freedesktop.RealtimeKit1|label="/usr/lib/firefox/firefox{,*[^s][^h]}") dbus send bus=session path=/org/gtk/vfs/Daemon interface=org.gtk.vfs.Daemon member=ListMonitorImplementations peer=(name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) dbus send bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" peer=(name=":1.35" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) dbus send bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" peer=( name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) dbus send bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" peer=( name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) dbus send bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" peer=( name=":1.120" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) dbus send bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" peer=( name="ca.desrt.dconf" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) dbus receive bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Notify" peer=( name=":1.21" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" ) please somebody correct them and say to which file they should be added. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
message when switching to read mode: Feb 26 13:13:13 dinar-HP-Pavilion-g7-Notebook-PC kernel: [64008.165294] audit: type=1400 audit(1582711993.444:302): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/bin/speech-dispatcher" pid=30443 comm=7370656563686420696E6974 requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123):
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
/ r, /**/ r, is not enough. because thumbnails are not shown. much better would be to use a separate program as a helper application, while it can read all files but it is very simple and can only open a file by gui mouse click, and cannot connect internet. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
after firefox restart these appeared: Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834] audit: type=1400 audit(1582525804.452:27): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1888/uid_map" pid=1888 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.934780] IPC Launch #1[1888]: segfault at 0 ip 7fa9fe84808c sp 7fa9f0efa780 error 6 in libxul.so[7fa9fdfac000+6f21000] Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.934798] Code: 75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00 00 e8 ac 4a fd ff 48 8d 05 e3 89 85 Feb 24 09:30:06 dinar-HP-Pavilion-g7-Notebook-PC wpa_supplicant[826]: wlo1: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-85 noise=-95 txrate=14400 Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.016837] audit: type=1400 audit(1582525810.536:28): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1926/uid_map" pid=1926 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.017346] IPC Launch #1[1926]: segfault at 0 ip 7fa9fe84808c sp 7fa9eb29d780 error 6 in libxul.so[7fa9fdfac000+6f21000] Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.017359] Code: 75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00 00 e8 ac 4a fd ff 48 8d 05 e3 89 85 Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.895517] IPC Launch #1[1973]: segfault at 0 ip 7fa9fe84808c sp 7fa9ea5a2780 error 6 in libxul.so[7fa9fdfac000+6f21000] Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.895535] Code: 75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00 00 e8 ac 4a fd ff 48 8d 05 e3 89 85 Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 148.895594] audit: type=1400 audit(1582525811.416:29): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1973/uid_map" pid=1973 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 150.432287] IPC Launch #1[1991]: segfault at 0 ip 7fa9fe84808c sp 7fa9fba7f780 error 6 in libxul.so[7fa9fdfac000+6f21000] Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 150.432303] Code: 75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00 00 e8 ac 4a fd ff 48 8d 05 e3 89 85 Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 150.432405] audit: type=1400 audit(1582525812.952:30): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1991/uid_map" pid=1991 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC wpa_supplicant[826]: wlo1: CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-75 noise=-95 txrate=13000 Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 152.373278] IPC Launch #1[2012]: segfault at 0 ip 7fa9fe84808c sp 7fa9f6fd9780 error 6 in libxul.so[7fa9fdfac000+6f21000] Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 152.373293] Code: 75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01 04 25 00 00 00 00 1e 02 00 00 e8 ac 4a fd ff 48 8d 05 e3 89 85 Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 152.373325] audit: type=1400 audit(1582525814.892:31): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2012/uid_map" pid=2012 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 and i have seen some suspicious things, for that i commented out those capability rules. also, there were problems, in addition to the new messages: firefox said {ff has been updated, you must restart it} on every tab, if i open them, and then after restarting, content of that tabs were lost. one of them has put ubuntu.com at address bar, another become blank. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit,
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
also there are /sys/devices/system/cpu/ r, /etc/firefox*/ r, /etc/xulrunner-2.0*/ r, /etc/gre.d/ r, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 these appeared while saving a file: Jan
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i have some questions and wishes about rules that are in the profile: # so browsing directories works / r, /**/ r, what if comment these out and allow / and owner @{HOME}/** , instead of these? does firefox need other directory listings? maybe i will try. i see /usr/ r, /etc/ r, /opt/ r, @{PROC}/ r, /usr/bin/ r, are already allowed, why are these used? i would like to see there comments, in the profile. # Default profile allows downloads to ~/Downloads and uploads from ~/Public owner @{HOME}/ r, owner @{HOME}/Public/ r, owner @{HOME}/Public/* r, owner @{HOME}/Downloads/ r, owner @{HOME}/Downloads/* rw, are not you going to put there all language variants? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i added these lines to ff profile: #copied from abstractions/lightdm_chromium-browser capability sys_admin, # for sandbox to change namespaces capability sys_chroot, # fod sandbox to chroot to a safe directory capability setgid, # for sandbox to drop privileges capability setuid, # for sandbox to drop privileges capability sys_ptrace, # chromium needs this to keep track of itself -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit:
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
>At the moment we recommend granting the capability in the profile and letting firefox setup its sandbox. why do not ubuntu developers add it? (before they make it other way.) >Unfortunately this means you can't guarantee the rest of the program isn't doing things it shouldn't. what it can do using this capability, without using any other additional apparmor allow rules? can you give any examples? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i asked about sys_admin capability and got some answers: https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ (i wanted to ask in firefox-dev mailing list but the dev-platform list was said about as more appropriate). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i have added these lines: in /etc/apparmor.d/abstractions/gnome : @{HOME}/.local/share/gvfs-metadata/** r, in /etc/apparmor.d/abstractions/xdg-desktop : owner @{HOME}/.cache/mesa_shader_cache/** rw, and messages (i use aa-notify) when saving disappeared. dbus_method_call messages still appear in logs, while saving. i do not know why they are not reported by aa-notify. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123):
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i think Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 464.049675] audit: type=1400 audit(1580371708.871:38): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 message, which appear while saving files, was caused by my edition. i am sorry. i edited /etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files this way: i commented out @{HOME}/** r, owner @{HOME}/** w, and have added @{HOME}/Общедоступные/** r, owner @{HOME}/Загрузки/** rwk, -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i added w to owner @{HOME}/.{,cache/}fontconfig/** mrl, in /etc/apparmor.d/abstractions/fonts and after profile replace, frequent messages stopped. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
i modified /etc/apparmor.d/abstractions/fonts by adding w to owner @{HOME}/.{,cache/}fontconfig/ r, and replaced ff apparmor profile with "sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.firefox". then i tried to open a page, and i got these: Feb 3 21:26:26 dinar-Lenovo-G580 kernel: [14092.695137] audit: type=1400 audit(1580754386.268:292): apparmor="DENIED" operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/fontconfig/CACHEDIR.TAG.TMP-ZjyBns" pid=8547 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 Feb 3 21:26:26 dinar-Lenovo-G580 kernel: [14092.695143] audit: type=1400 audit(1580754386.268:293): apparmor="DENIED" operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/fontconfig/a41116dafaf8b233ac2c61cb73f2ea5f- le64.cache-7.TMP-6nwuBp" pid=8547 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send"
[Touch-packages] [Bug 1861408] Re: firefox apparmor messages
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu) ** Also affects: firefox (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages Status in apparmor package in Ubuntu: New Status in firefox package in Ubuntu: New Bug description: firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3. i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor. i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github. i have enabled apparmor for firefox and see these types of messages in syslog: Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined") Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin" Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined" Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus- org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)") Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined" Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined" Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 these