[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
*** This bug is a duplicate of bug 1659922 *** https://bugs.launchpad.net/bugs/1659922 ** This bug has been marked a duplicate of bug 1659922 Firefox 51.0.1 does not display pages/shows blank pages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
** Attachment added: "reject on 14.04 of usr.bin.firefox.patch v4" https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+attachment/4811043/+files/patch_version4.reject -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
@thomas303 Unfortunately, "usr.bin.firefox" of 14.04 has a different structure when compared to 16.04. So the patch fails. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
@mailing-m1 I uploaded a patch named "VERSION 4" at https://bugs.launchpad.net/bugs/1659988 which integrates your suggestion for 14.04. Would you like to retry? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
@christoph-thomas I did not propose to disable the apparmor profile. I just disabled it to demonstrate that the issue is fully related to the apparmor profile provided by ubuntu and not related to FF upstream. Later on, I uploaded a patch which fixes the profile itself. With the patch applied to the profile while the profile is enabled, the whole issue is fixed whereas apparmor still can take care on security. That goes along with what @mailing-m1 already posted in comment 13. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
The patch of @Thomas Mayer only applies cleanly to LTS 16.04, while I run 14.04. @Sami Jaktholm: I had to add another line to your proposal in comment #3 in /etc/apparmor.d/local/usr.bin.firefox to get it running: /dev/shm/org.chromium.* rw, /run/shm/org.chromium.* rw, Not only "/dev" but also "/run" seems to be necessary for 14.04. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
I do not think the proposed patch by @Thomas Mayer https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+attachment/4809979/+files/usr.bin.firefox.patch completely disables apparmor for firefox, but allows access to certain aspects of the system. Those access rights seem to be necessary to run with e10s. The thread author Sami proposed to just add shm/chromium rw in #3 but this workaround does not fix the issue for me. So there have to be other restrictions which prevent firefox e10s from running smoothly. I will try the patch and report back. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
@Thomas Mayer 1659988 proposes to disable appamor for firefox. This works, but is a very poor solution in terms of security. I prefer the solution proposed by Sami Jaktholm (sjakthol) on 2016-09-25 in his 3'rd post. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
A patch which might fix this issue, too, is available at 1659988. https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988 Everyone affected, please give it a try and report back. I think it should fix your issues too. @Maintainers: This issue might duplicate https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659922 and https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1643200 or vice versa. I'm optimistic that 1659988 fixes all of these apparmor related issues (which is the reason I encourage everyone affected to try it out). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
@mikecaines-gmail This issue is apparmor related, whereas FF's apparmor profile is part of the firefox package as demonstrated here (first file is the apparmor profile): http://packages.ubuntu.com/xenial/amd64/firefox/filelist That said, this issue needs to be fixed in the firefox package and not in the apparmor packages. There's no need to report it against apparmor. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
Just ran into this today, make sure to grant Firefox rw access to /dev/shm/org.chromium.*, I first tried just with write access and it wasn't enough. Is there something I can do to propose a fix? It's just the single line from #3. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
If you are running in complain mode you could look at the audit log and see what AppArmor complains about when you are browsing the web with e10s enabled. If you see AppArmor complaining about Firefox accessing some specific paths, those might be causing he issues you are seeing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
Hi Sami! The proposed workaround does not work for me. Only setting apparmor to complain mode allows shm access and renders websites... Any hints? Thanks Martin -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
Hi, this bug should not be reported against the apparmor package. The profile /etc/apparmor.d/usr.bin.firefox belongs to the firefox package. Also I did not face the problem on all machines, investigating this I found machines where is a link from /etc/apparmor.d/disable/usr.bin.firefox to /etc/apparmor.d/usr.bin.firefox does not face the problem (oviously because apparmor is entirely disabled for this machine). Now /etc/apparmor.d/disable/usr.bin.firefox does not belong to any package, so I assume I created it in mid 2015 because of other problems with firefox. A lot of other people might have done the same, so they do not have a problem with firefox, except for the security hole... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
Should this be reported as a bug against the apparmor package? https://launchpad.net/ubuntu/+source/apparmor/+bugs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
** Changed in: firefox (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: firefox (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1627239] Re: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
As a workaround, you can run the following commands to allow Firefox to access shared memory: echo "/dev/shm/org.chromium.* rw," | sudo tee -a /etc/apparmor.d/local/usr.bin.firefox sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox That should make e10s work again with AppArmor enforcement enabled. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1627239 Title: Web pages not rendering with e10s enabled and AppArmor profile in enforce mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1627239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs