[Bug 676701] [NEW] syslog overflowing with apparmor audit ptrace firefox-*bin messages

Wed, 17 Nov 2010 13:20:46 -0800 

Public bug reported:

Binary package hint: apparmor


https://help.ubuntu.com/community/ReportingBugs  compliant report

 1. What you expected to happen

going to the swimming pool

 2. What actually happened

System : Ubuntu 10.04 (upgrade) up to date, Kernel is 2.6.32-26-generic, 
Firefox:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 
Ubuntu/10.04 (lucid) Firefox/3.6.12

syslog is literally overflowing with messages like this (many suppressed):
xxx kernel: [15514.454740] type=1503 audit(1289919221.465:10403):  
operation="ptrace" pid=4885 parent=4884 
profile="/usr/lib/firefox-3.6.12/firefox-*bin" tracer=4885 tracee=2247
every time a window or tab or something opens.

I added  deny capability sys_ptrace,  to /etc/apparmor.d/usr.bin.firefox
and I ran   sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox  giving

Nov 16 19:30:13 p-hp-u kernel: [28506.718832] type=1505 
audit(1289932213.729:46716):  operation="profile_replace" pid=9268 
name="/usr/lib/firefox-3.6.12/firefox-*bin"
Nov 16 19:30:13 p-hp-u kernel: [28506.719106] type=1505 
audit(1289932213.729:46717):  operation="profile_replace" pid=9268 
name="/usr/lib/firefox-3.6.12/firefox-*bin//firefox_java"
Nov 16 19:30:13 p-hp-u kernel: [28506.719488] type=1505 
audit(1289932213.729:46718):  operation="profile_replace" pid=9268 
name="/usr/lib/firefox-3.6.12/firefox-*bin//firefox_openjdk"

But the messages continued.  Then

2a. close all firefox windows
2b. sudo apparmor_parser -r -W -T /etc/apparmor.d/usr.bin.firefox
2c. start firefox

Messages continued to continue.

 3. The minimal series of steps necessary to make it happen, where step
1 is "start the program"

0 Boot up and Log in
1 Firefoxtrot.
2 read syslog (optional)

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
syslog overflowing with apparmor audit ptrace firefox-*bin messages
https://bugs.launchpad.net/bugs/676701
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to