Public bug reported:
i started today an empty libreoffice writer and see 5 messages of this
type:
Feb 13 15:33:04 dinar-Lenovo-G580 kernel: [14684.517380] audit:
type=1400 audit(1581597184.725:87): apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
Public bug reported:
i opened libreoffice writer, then, after some time, clicked a document,
to open it in libreoffice, and i see these messages in syslog:
Feb 13 16:24:49 dinar-Lenovo-G580 kernel: [17788.979570] audit: type=1400
audit(1581600289.824:108): apparmor="ALLOWED" operation="connect"
Public bug reported:
i have reported 3 bugs for apparmor's libreoffice profile:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1862331
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863097
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1863103
i am afraid i
i added these lines to ff profile:
#copied from abstractions/lightdm_chromium-browser
capability sys_admin, # for sandbox to change namespaces
capability sys_chroot, # fod sandbox to chroot to a safe directory
capability setgid, # for sandbox to drop privileges
capability
also there are /sys/devices/system/cpu/ r,
/etc/firefox*/ r,
/etc/xulrunner-2.0*/ r,
/etc/gre.d/ r,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox apparmor messages
To
i have some questions and wishes about rules that are in the profile:
# so browsing directories works
/ r,
/**/ r,
what if comment these out and allow / and owner @{HOME}/** , instead of
these? does firefox need other directory listings? maybe i will try.
i see /usr/ r, /etc/ r, /opt/ r,
>At the moment we recommend granting the capability in the profile and
letting firefox setup its sandbox.
why do not ubuntu developers add it? (before they make it other way.)
>Unfortunately this means you can't guarantee the rest of the program
isn't doing things it shouldn't.
what it can do
message when switching to read mode:
Feb 26 13:13:13 dinar-HP-Pavilion-g7-Notebook-PC kernel: [64008.165294] audit:
type=1400 audit(1582711993.444:302): apparmor="DENIED" operation="exec"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/usr/bin/speech-dispatcher" pid=30443
i have reenabled the capability rules ans added these to them, also from
the chromium profile:
owner @{PROC}/@{pid}/setgroups w,
owner @{PROC}/@{pid}/uid_map w,
owner @{PROC}/@{pid}/gid_map w,
.
i have prepared dbus rules:
dbus send
bus=system
what is ubuntu's policy for updating this profile? it looks like package
maintainers are not updating this profile on every package update. why?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408
/ r,
/**/ r,
is not enough. because thumbnails are not shown. much better would be to use a
separate program as a helper application, while it can read all files but it is
very simple and can only open a file by gui mouse click, and cannot connect
internet.
--
You received this bug
after firefox restart these appeared:
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834] audit:
type=1400 audit(1582525804.452:27): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1888/uid_map"
pid=1888
i have added these lines:
in /etc/apparmor.d/abstractions/gnome :
@{HOME}/.local/share/gvfs-metadata/** r,
in /etc/apparmor.d/abstractions/xdg-desktop :
owner @{HOME}/.cache/mesa_shader_cache/** rw,
and messages (i use aa-notify) when saving disappeared.
dbus_method_call messages still
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
in /etc/apparmor.d/abstractions/fonts
and after profile replace, frequent messages stopped.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
i have simplified all of these messages, i hope this is helpful:
sys_admin
dbus_method_call path="/org/freedesktop/RealtimeKit1" member="Get"
name="org.freedesktop.RealtimeKit1"
dbus_method_call path="/org/gtk/vfs/Daemon" member="ListMonitorImplementations"
dbus_method_call
i think
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 464.049675]
audit: type=1400 audit(1580371708.871:38): apparmor="DENIED"
operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool"
requested_mask="r"
i modified /etc/apparmor.d/abstractions/fonts by adding w to
owner @{HOME}/.{,cache/}fontconfig/ r,
and replaced ff apparmor profile with "sudo apparmor_parser -r -T -W
/etc/apparmor.d/usr.bin.firefox".
then i tried to open a page, and i got these:
Feb 3 21:26:26 dinar-Lenovo-G580 kernel:
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu)
** Also affects: firefox (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
Public bug reported:
libreoffice accesses firefox's cert8.db and key3.db, i have found this from
apparmor log messages.
i googled "libreoffice cert8.db key3.db" and have found out that seems
libreoffice does this by design. see
https://bugs.documentfoundation.org/show_bug.cgi?id=119811 ,
Public bug reported:
laptop refused to suspend. stayed at locked screen. also mouse cursor
did not move for some time. in journal (logs) i have found out that some
process refused to freeze... i have found out that updatedb.mlocate is
also running. i removed it with killall, added /mnt/ to pruned
i think that that means that apparmor profile lags behind libreoffice
and should be updated.
if it is by design, than there could be comments about that, and it is
possible to remove the logs by "deny" keywords.
that messages are bad because they use space in syslog making it harder
to read, and
i asked about sys_admin capability and got some answers:
https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ
(i wanted to ask in firefox-dev mailing list but the dev-platform list
was said about as more appropriate).
--
You received this bug notification because you are a
Feb 6 20:53:48 dinar-Lenovo-G580 kernel: [104675.599346] audit: type=1400
audit(1581011628.880:900): apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
name="/home/dinar/.mozilla/firefox/sge95l3o.default/cert8.db" pid=16630
comm="soffice.bin" requested_mask="w" denied_mask="w"
this is fixed in nemo 4.4.2 (cinnamon fork). i am also going to check
this in mate fork soon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/669882
Title:
nautilus unexpextedly changes modification
this is also fixed in caja 1.22.2 (mate fork).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/669882
Title:
nautilus unexpextedly changes modification time when moving files to
other partition
To
ubuntu-mate 19.10 , 64 bit, no updates installed. i have changed panels
and applets, and do not know whether it made high cpu before the
changes. i can put the old settings, "familiar", but then it still uses
high cpu. there are some errors in .xsession-errors. i think i cannot
use apport because
Public bug reported:
.
** Affects: mate-panel (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1866192
Title:
mate-panel constantly uses one
i booted into live usb.
it has immediately said {brisk menu unexpectedly ended, reload it or
not?}. similar message appeared also in installed system when i switched
from some mate settings to some other settings, (like familiar, classic,
redmond). but previous times i booted live usb, i did not
seems these are links to browse the profiles online:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.focal/view/head:/debian/usr.bin.firefox.apparmor.14.10
https://git.launchpad.net/apparmor/tree/profiles/apparmor.d/abstractions
--
You received this bug notification because you are a
i added to usr.lib.libreoffice.program.soffice.bin:
/usr/share/drirc.d/*r,
owner @{HOME}/.cache/mesa_shader_cache/**rw,
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1863097
Title:
to
"
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
"
:
cboltz said in apparmor irc channel:
I'd recommend _not_ to allow writing to ~/.cache/fontconfig/ because apps could
in theory poison that cache
actually we recently (intentionally) removed write permissions in
abstractions/fonts
Public bug reported:
in netcat-openbsd manpage, port argument description is not good. it is
this:
"port can be a specified as a numeric port number, or as a service name.
Ports may be specified in a range of the form nn-mm. In general, a
destination port must be specified, unless the -U option
Public bug reported:
i googled for this message and found:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1040599
"ubiquity: Error restoring installed applications"
some things that might cause this:
i formatted root partition with gparted, and did not reformat it with
ubiquity.
i
Public bug reported:
i am sure this laptop works in legacy/bios mode now, because it booted
windowses while did not had any efi partitions. but xubuntu 19.10
installer warns several times saying that efi partition is not set.
proof that live dvd may be booted in efi mode while laptop works in
Public bug reported:
i booted into xubuntu 19.10 boot usb drive. then i restarted it. i have
not removed the drive when it said "please remove the installation
medium then press enter". after restart, it does not boot, it tries to
boot to the next boot device. then i have rewritten xubuntu drive
Public bug reported:
i have googled for it, and have not found an easily undertstandable
instruction to configure it.
** Affects: ubuntu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
i have found that problem is in russian translation. it is "Изменить
параметры раскладки".
** Package changed: ubuntu => xfce4-settings (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1869603
appears when pressing ctrl+s:
Apr 17 17:13:48 dinar-comp kernel: [81128.012319] audit: type=1400
audit(1587132828.960:765): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/mount/utab" pid=4596
comm="firefox" requested_mask="r" denied_mask="r"
i changed /usr/bin/python3.[0-6] mr, to /usr/bin/python3.[0-7] mr, and
the python message disappeared while starting firefox.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408
Title:
firefox
i said on feb 4:
"dbus_method_call messages still appear in logs, while saving. i do not know
why they are not reported by aa-notify."
i made this report on apparmor site on march 7:
https://gitlab.com/apparmor/apparmor/-/issues/81
"aa-notify does not show messages about dbus"
** Bug watch
appeared when opening a file from a manually mounted partition:
May 6 14:59:12 dinar-comp kernel: [544099.237323] audit: type=1400
audit(1588766352.217:3081): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/run/user/1000/ICEauthority" pid=6886
after update to 76.0.1, fontconfig messages started again to appear on every
page opening.
i added
deny @{HOME}/.{,cache/}fontconfig/** w,
to abstractions/fonts, reloaded profile, and that notifications stopped to
appear.
--
You received this bug notification because you are a member of Ubuntu
mic connected to front is not working with this motherboard in ubuntu
20.04.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004829
Title:
[GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No
i think i should say: does not work. i cannot test that computer now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004829
Title:
[GA-MA74GMT-S2, Realtek ALC887-VD, Pink Mic, Front] No sound at
Public bug reported:
May 24 17:02:54 dinar-comp kernel: [ 6432.118240] audit: type=1400
audit(1590328974.037:195): apparmor="DENIED" operation="capable"
profile="/usr/sbin/cups-browsed" pid=27786 comm="cups-browsed"
capability=23 capname="sys_nice"
this messages started to appear after upgrade
python message after update to ubuntu 20.04 :
May 29 08:54:00 dinar-comp kernel: [ 369.424679] audit: type=1400
audit(1590731640.601:54): apparmor="DENIED" operation="file_mmap" profile="fire
fox//lsb_release" name="/usr/bin/python3.8" pid=2939 comm="lsb_release"
requested_mask="r"
messages when opening a file:
several lines of type
Jul 8 09:28:31 dinar-comp kernel: [436272.154664] audit: type=1400
audit(1594189711.176:1784): apparmor="ALLOWED" operation="open" profile
="libreoffice-soffice" name= pid=194987 comm="pool-soffice"
requested_mask="r" denied_mask="r"
i modified it to this:
owner @{libo_user_dirs}/{,**/}lu??*.tmp rwk, #Temporary file
used when saving
and reloaded profile with this
sudo apparmor_parser -r -T -W
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
and the messages (of the last type) disappeared.
--
You received
messages, while starting firefox, after updating ubuntu to 20.10:
Jan 11 23:26:48 dinar-comp kernel: [ 181.634648] audit: type=1400
audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox"
name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r"
Public bug reported:
1. when running xubuntu 20.10 livecd, some of the icons in main menu
(start menu) are missing. i have seen this 2 times, on 2 different
computers.
2. folder icons in file manager (must be thunar) in xubuntu 20.10 livecd
were black-and-white icons, and after installation and
this appeared on libreoffice 6.4.6.2 on linux mint 20
(1:6.4.6-0ubuntu0.20.04.1):
Feb 3 12:30:34 dinar-HP-Pavilion-g7-Notebook-PC kernel: [79901.149664] audit:
type=1400 audit(1612344634.103:584): apparmor="ALLOWED" operation="open"
profile="libreoffice-soffice"
and
Feb 3 18:05:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [83143.894148]
audit: type=1400 audit(1612364711.925:597): apparmor="ALLOWED"
operation="open" profile="libreoffice-soffice" name="/proc/version"
pid=45709 comm="soffice.bin" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0
--
You
Linux Mint 20.1 Ulyssa
Firefox 89.0
after update, i got ff 89, i have messages like this in syslog, on every
start of firefox:
Jun 20 15:24:23 dinar-Lenovo-G580 wpa_supplicant[680]: wlp2s0:
CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-80 noise=-95 txrate=43300
Jun 20 15:25:21 dinar-Lenovo-G580
at another time i runned this livecd, all icons in main menu appeared,
and folder icons were yellow.
i should say, it was on usb drive, written by rufus.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
i do not use this distro now
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1866192
Title:
mate-panel constantly uses one cpu kernel to 100%
To manage notifications about this bug go to:
55 matches
Mail list logo