[Bug 1861408] Re: firefox apparmor messages

2021-01-11 Thread dinar qurbanov
messages, while starting firefox, after updating ubuntu to 20.10: Jan 11 23:26:48 dinar-comp kernel: [ 181.634648] audit: type=1400 audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox" name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r"

[Bug 1861408] Re: firefox apparmor messages

2020-06-04 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox - 77.0.1+build1-0ubuntu0.20.04.1 --- firefox (77.0.1+build1-0ubuntu0.20.04.1) focal; urgency=medium * New upstream stable release (77.0.1+build1) * Minor fixes to the script that creates the source tarball for regressions that were

[Bug 1861408] Re: firefox apparmor messages

2020-06-04 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox - 77.0.1+build1-0ubuntu0.19.10.1 --- firefox (77.0.1+build1-0ubuntu0.19.10.1) eoan; urgency=medium * New upstream stable release (77.0.1+build1) * Minor fixes to the script that creates the source tarball for regressions that were

[Bug 1861408] Re: firefox apparmor messages

2020-06-04 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox - 77.0.1+build1-0ubuntu0.18.04.1 --- firefox (77.0.1+build1-0ubuntu0.18.04.1) bionic; urgency=medium * New upstream stable release (77.0.1+build1) * Minor fixes to the script that creates the source tarball for regressions that were

[Bug 1861408] Re: firefox apparmor messages

2020-05-29 Thread dinar qurbanov
python message after update to ubuntu 20.04 : May 29 08:54:00 dinar-comp kernel: [ 369.424679] audit: type=1400 audit(1590731640.601:54): apparmor="DENIED" operation="file_mmap" profile="fire fox//lsb_release" name="/usr/bin/python3.8" pid=2939 comm="lsb_release" requested_mask="r"

[Bug 1861408] Re: firefox apparmor messages

2020-05-24 Thread dinar qurbanov
after update to 76.0.1, fontconfig messages started again to appear on every page opening. i added deny @{HOME}/.{,cache/}fontconfig/** w, to abstractions/fonts, reloaded profile, and that notifications stopped to appear. -- You received this bug notification because you are a member of Ubuntu

[Bug 1861408] Re: firefox apparmor messages

2020-05-14 Thread Olivier Tilloy
That commit/fix was only a small part of all that has been reported in this bug, and that was an opportunistic fix. I don't plan on working on the apparmor profile in the near future, unless some serious problem with it is reported (which, unless I have misread, is not the case of any of the

[Bug 1861408] Re: firefox apparmor messages

2020-05-13 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox - 76.0.1+build1-0ubuntu2 --- firefox (76.0.1+build1-0ubuntu2) groovy; urgency=medium * Update apparmor profile to allow lsb_release to run with more recent versions of Python 3 (LP: #1861408) - debian/usr.bin.firefox.apparmor.14.10

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Sebastien Bacher
Olivier, is the commit enough to consider the bug fix commited? ** Changed in: firefox (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Olivier Tilloy
Thanks for that suggestion in comment #25 Динар, I committed the change to the apparmor profile: https://bazaar.launchpad.net/~mozillateam/firefox/firefox.groovy/revision/1388. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Launchpad Bug Tracker
** Branch linked: lp:firefox -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages To manage notifications about this bug go to:

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Launchpad Bug Tracker
** Branch linked: lp:~mozillateam/firefox/firefox.focal ** Branch linked: lp:~mozillateam/firefox/firefox.eoan ** Branch linked: lp:~mozillateam/firefox/firefox.bionic ** Branch linked: lp:~mozillateam/firefox/firefox.xenial -- You received this bug notification because you are a member of

[Bug 1861408] Re: firefox apparmor messages

2020-05-09 Thread dinar qurbanov
i said on feb 4: "dbus_method_call messages still appear in logs, while saving. i do not know why they are not reported by aa-notify." i made this report on apparmor site on march 7: https://gitlab.com/apparmor/apparmor/-/issues/81 "aa-notify does not show messages about dbus" ** Bug watch

[Bug 1861408] Re: firefox apparmor messages

2020-05-09 Thread dinar qurbanov
i changed /usr/bin/python3.[0-6] mr, to /usr/bin/python3.[0-7] mr, and the python message disappeared while starting firefox. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox

[Bug 1861408] Re: firefox apparmor messages

2020-05-09 Thread dinar qurbanov
appeared when opening a file from a manually mounted partition: May 6 14:59:12 dinar-comp kernel: [544099.237323] audit: type=1400 audit(1588766352.217:3081): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/user/1000/ICEauthority" pid=6886

[Bug 1861408] Re: firefox apparmor messages

2020-04-27 Thread dinar qurbanov
appears when pressing ctrl+s: Apr 17 17:13:48 dinar-comp kernel: [81128.012319] audit: type=1400 audit(1587132828.960:765): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/mount/utab" pid=4596 comm="firefox" requested_mask="r" denied_mask="r"

[Bug 1861408] Re: firefox apparmor messages

2020-04-19 Thread dinar qurbanov
to " i added w to owner @{HOME}/.{,cache/}fontconfig/** mrl, " : cboltz said in apparmor irc channel: I'd recommend _not_ to allow writing to ~/.cache/fontconfig/ because apps could in theory poison that cache actually we recently (intentionally) removed write permissions in abstractions/fonts

[Bug 1861408] Re: firefox apparmor messages

2020-03-07 Thread dinar qurbanov
seems these are links to browse the profiles online: https://bazaar.launchpad.net/~mozillateam/firefox/firefox.focal/view/head:/debian/usr.bin.firefox.apparmor.14.10 https://git.launchpad.net/apparmor/tree/profiles/apparmor.d/abstractions -- You received this bug notification because you are a

[Bug 1861408] Re: firefox apparmor messages

2020-03-02 Thread John Johansen
I can not speak to specifics but there are a lot of potential reason's a packager (not firefox specific) might not be updating the profile. - They don't use the profile / or maybe apparmor. (package maintainership evolves and not everyone who might even be aware of it without digging in) - The

[Bug 1861408] Re: firefox apparmor messages

2020-02-29 Thread dinar qurbanov
i have reenabled the capability rules ans added these to them, also from the chromium profile: owner @{PROC}/@{pid}/setgroups w, owner @{PROC}/@{pid}/uid_map w, owner @{PROC}/@{pid}/gid_map w, . i have prepared dbus rules: dbus send bus=system

[Bug 1861408] Re: firefox apparmor messages

2020-02-29 Thread dinar qurbanov
what is ubuntu's policy for updating this profile? it looks like package maintainers are not updating this profile on every package update. why? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408

[Bug 1861408] Re: firefox apparmor messages

2020-02-28 Thread dinar qurbanov
message when switching to read mode: Feb 26 13:13:13 dinar-HP-Pavilion-g7-Notebook-PC kernel: [64008.165294] audit: type=1400 audit(1582711993.444:302): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/bin/speech-dispatcher" pid=30443

Re: [Bug 1861408] Re: firefox apparmor messages

2020-02-24 Thread Seth Arnold
On Mon, Feb 24, 2020 at 06:48:33AM -, dinar qurbanov wrote: > after firefox restart these appeared: > > Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834] > audit: type=1400 audit(1582525804.452:27): apparmor="DENIED" > operation="open"

[Bug 1861408] Re: firefox apparmor messages

2020-02-24 Thread dinar qurbanov
/ r, /**/ r, is not enough. because thumbnails are not shown. much better would be to use a separate program as a helper application, while it can read all files but it is very simple and can only open a file by gui mouse click, and cannot connect internet. -- You received this bug

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
after firefox restart these appeared: Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 141.932834] audit: type=1400 audit(1582525804.452:27): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1888/uid_map" pid=1888

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
also there are /sys/devices/system/cpu/ r, /etc/firefox*/ r, /etc/xulrunner-2.0*/ r, /etc/gre.d/ r, -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages To

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
i have some questions and wishes about rules that are in the profile: # so browsing directories works / r, /**/ r, what if comment these out and allow / and owner @{HOME}/** , instead of these? does firefox need other directory listings? maybe i will try. i see /usr/ r, /etc/ r, /opt/ r,

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
i added these lines to ff profile: #copied from abstractions/lightdm_chromium-browser capability sys_admin, # for sandbox to change namespaces capability sys_chroot, # fod sandbox to chroot to a safe directory capability setgid, # for sandbox to drop privileges capability

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
>At the moment we recommend granting the capability in the profile and letting firefox setup its sandbox. why do not ubuntu developers add it? (before they make it other way.) >Unfortunately this means you can't guarantee the rest of the program isn't doing things it shouldn't. what it can do

[Bug 1861408] Re: firefox apparmor messages

2020-02-14 Thread John Johansen
I should further note that this needs kernel patches to be fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title: firefox apparmor messages To manage notifications about this bug go

[Bug 1861408] Re: firefox apparmor messages

2020-02-14 Thread John Johansen
Firefox uses cap sys_admin to set up its sandbox, which is extremely unfortunate but required on linux to be able to set up the user_namespace, do the chroot etc. Current the LSM and user namespaces don't interact as well as they should. AppArmor can NOT properly determine the policy namespace

[Bug 1861408] Re: firefox apparmor messages

2020-02-14 Thread dinar qurbanov
i asked about sys_admin capability and got some answers: https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ (i wanted to ask in firefox-dev mailing list but the dev-platform list was said about as more appropriate). -- You received this bug notification because you are a

[Bug 1861408] Re: firefox apparmor messages

2020-02-04 Thread dinar qurbanov
i have added these lines: in /etc/apparmor.d/abstractions/gnome : @{HOME}/.local/share/gvfs-metadata/** r, in /etc/apparmor.d/abstractions/xdg-desktop : owner @{HOME}/.cache/mesa_shader_cache/** rw, and messages (i use aa-notify) when saving disappeared. dbus_method_call messages still

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i think Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 464.049675] audit: type=1400 audit(1580371708.871:38): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool" requested_mask="r"

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i added w to owner @{HOME}/.{,cache/}fontconfig/** mrl, in /etc/apparmor.d/abstractions/fonts and after profile replace, frequent messages stopped. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i modified /etc/apparmor.d/abstractions/fonts by adding w to owner @{HOME}/.{,cache/}fontconfig/ r, and replaced ff apparmor profile with "sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.firefox". then i tried to open a page, and i got these: Feb 3 21:26:26 dinar-Lenovo-G580 kernel:

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu) ** Also affects: firefox (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861408 Title:

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i have simplified all of these messages, i hope this is helpful: sys_admin dbus_method_call path="/org/freedesktop/RealtimeKit1" member="Get" name="org.freedesktop.RealtimeKit1" dbus_method_call path="/org/gtk/vfs/Daemon" member="ListMonitorImplementations" dbus_method_call

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread Корбанов Динар
i have installed linux mint on another comp and this time i enabled ff apparmor profile before first run of ff. now, i get also these messages, every time a page/url is opened/loaded: Feb 3 18:40:24 dinar-Lenovo-G580 dbus-daemon[1307]: apparmor="DENIED" operation="dbus_method_call"