[Bug 1861408] Re: firefox apparmor messages

2021-01-11 Thread dinar qurbanov
messages, while starting firefox, after updating ubuntu to 20.10:

Jan 11 23:26:48 dinar-comp kernel: [  181.634648] audit: type=1400 
audit(1610396808.475:44): apparmor="DENIED" operation="open" profile="firefox" 
name="/proc/2003/cgroup" pid=2003 comm="firefox" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000
Jan 11 23:26:48 dinar-comp kernel: [  181.989310] audit: type=1400 
audit(1610396808.831:45): apparmor="DENIED" operation="connect" 
profile="firefox" name="/tmp/.X11-unix/X0" pid=2207 comm="MainThread" 
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

i added these rules:
@{PROC}/[0-9]*/cgroup r,
/tmp/.X11-unix/X0 w,

then, after enabling them and ff restart:

Jan 11 23:45:25 dinar-comp kernel: [ 1298.595946] audit: type=1400
audit(1610397925.435:79): apparmor="DENIED" operation="open"
profile="firefox" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us"
pid=2437 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0

i added this rule:
/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-06-04 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox -
77.0.1+build1-0ubuntu0.20.04.1

---
firefox (77.0.1+build1-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream stable release (77.0.1+build1)

  * Minor fixes to the script that creates the source tarball for regressions
that were introduced by the port to Python 3
- debian/build/create-tarball.py

 -- Olivier Tilloy   Wed, 03 Jun 2020
17:17:48 +0200

** Changed in: firefox (Ubuntu)
   Status: Triaged => Fix Released

** Changed in: firefox (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-06-04 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox -
77.0.1+build1-0ubuntu0.19.10.1

---
firefox (77.0.1+build1-0ubuntu0.19.10.1) eoan; urgency=medium

  * New upstream stable release (77.0.1+build1)

  * Minor fixes to the script that creates the source tarball for regressions
that were introduced by the port to Python 3
- debian/build/create-tarball.py

 -- Olivier Tilloy   Wed, 03 Jun 2020
17:16:09 +0200

** Changed in: firefox (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-06-04 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox -
77.0.1+build1-0ubuntu0.18.04.1

---
firefox (77.0.1+build1-0ubuntu0.18.04.1) bionic; urgency=medium

  * New upstream stable release (77.0.1+build1)

  * Minor fixes to the script that creates the source tarball for regressions
that were introduced by the port to Python 3
- debian/build/create-tarball.py

 -- Olivier Tilloy   Wed, 03 Jun 2020
17:08:48 +0200

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-29 Thread dinar qurbanov
python message after update to ubuntu 20.04 :
May 29 08:54:00 dinar-comp kernel: [  369.424679] audit: type=1400 
audit(1590731640.601:54): apparmor="DENIED" operation="file_mmap" profile="fire
fox//lsb_release" name="/usr/bin/python3.8" pid=2939 comm="lsb_release" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

there are several places about python:

  profile lsb_release {
...
#include 
...
/usr/include/python2.[4567]/pyconfig.h r,
...
/usr/local/lib/python3.[0-6]/dist-packages/ r,
...
/usr/bin/python3.[0-7] mr,
...
  }

i change this ones, this way:

/usr/local/lib/python3.[0-8]/dist-packages/ r,
/usr/bin/python3.[0-8] mr,

i look /etc/apparmor.d/abstractions/python and see that python versions
are already appreciated up to 3.9.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-24 Thread dinar qurbanov
after update to 76.0.1, fontconfig messages started again to appear on every 
page opening.
i added
deny @{HOME}/.{,cache/}fontconfig/** w,
to abstractions/fonts, reloaded profile, and that notifications stopped to 
appear.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-14 Thread Olivier Tilloy
That commit/fix was only a small part of all that has been reported in
this bug, and that was an opportunistic fix. I don't plan on working on
the apparmor profile in the near future, unless some serious problem
with it is reported (which, unless I have misread, is not the case of
any of the comments in this bug report).

It doesn't hurt to keep the bug open, though.

** Changed in: firefox (Ubuntu)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-13 Thread Launchpad Bug Tracker
This bug was fixed in the package firefox - 76.0.1+build1-0ubuntu2

---
firefox (76.0.1+build1-0ubuntu2) groovy; urgency=medium

  * Update apparmor profile to allow lsb_release to run with more recent
versions of Python 3 (LP: #1861408)
- debian/usr.bin.firefox.apparmor.14.10
  * Work around clang hanging forever when trying to optimize the build of the
embedded copy of sqlite3 (LP: #1878292)
- debian/patches/s390x-workaround-sqlite3-clang-optimization-hang.patch

 -- Olivier Tilloy   Tue, 12 May 2020
23:11:11 +0200

** Changed in: firefox (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Sebastien Bacher
Olivier, is the commit enough to consider the bug fix commited?

** Changed in: firefox (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Olivier Tilloy
Thanks for that suggestion in comment #25 Динар, I committed the change
to the apparmor profile:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.groovy/revision/1388.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Launchpad Bug Tracker
** Branch linked: lp:firefox

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-11 Thread Launchpad Bug Tracker
** Branch linked: lp:~mozillateam/firefox/firefox.focal

** Branch linked: lp:~mozillateam/firefox/firefox.eoan

** Branch linked: lp:~mozillateam/firefox/firefox.bionic

** Branch linked: lp:~mozillateam/firefox/firefox.xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-09 Thread dinar qurbanov
i said on feb 4:
"dbus_method_call messages still appear in logs, while saving. i do not know 
why they are not reported by aa-notify."
i made this report on apparmor site on march 7:
https://gitlab.com/apparmor/apparmor/-/issues/81
"aa-notify does not show messages about dbus"

** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #81
   https://gitlab.com/apparmor/apparmor/-/issues/81

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-09 Thread dinar qurbanov
i changed /usr/bin/python3.[0-6] mr, to /usr/bin/python3.[0-7] mr, and
the python message disappeared while starting firefox.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-05-09 Thread dinar qurbanov
appeared when opening a file from a manually mounted partition:
May  6 14:59:12 dinar-comp kernel: [544099.237323] audit: type=1400 
audit(1588766352.217:3081): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
name="/run/user/1000/ICEauthority" pid=6886 comm="firefox" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000

linux and firefox were upgraded, firefox profile file was changed, i copied new 
changes to my file.
appeared when starting firefox after system upgrade and reboot:
except dbus messages:
May  9 15:00:47 dinar-comp kernel: [  227.464788] audit: type=1400 
audit(1589025647.896:44): apparmor="DENIED" operation="open" profile="firefox" 
name="/run/user/1000/ICEauthority" pid=2086 comm="firefox" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000
May  9 15:00:49 dinar-comp kernel: [  229.423946] audit: type=1400 
audit(1589025649.856:45): apparmor="DENIED" operation="file_mmap" 
profile="firefox//lsb_release" name="/usr/bin/python3.7" pid=2115 
comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

i have a local file pinned, and tabs are restored after restart, the
"/run/user/1000/ICEauthority" may be because of it. (as in the may 6
message above).

appear when pressing ctrl+o:
May  9 15:23:33 dinar-comp kernel: [ 1592.754371] audit: type=1400 
audit(1589027013.231:63): apparmor="DENIED" operation="open" profile="firefox" 
name="/home/dinar/.xsession-errors" pid=2086 comm="pool-firefox" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
May  9 15:23:36 dinar-comp kernel: [ 1596.437062] audit: type=1400 
audit(1589027016.916:65): apparmor="DENIED" operation="open" profile="firefox" 
name="/run/mount/utab" pid=2086 comm="firefox" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-04-27 Thread dinar qurbanov
appears when pressing ctrl+s:
Apr 17 17:13:48 dinar-comp kernel: [81128.012319] audit: type=1400 
audit(1587132828.960:765): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/mount/utab" pid=4596 
comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-04-19 Thread dinar qurbanov
to
"
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
"
:

cboltz said in apparmor irc channel:

I'd recommend _not_ to allow writing to ~/.cache/fontconfig/ because apps could 
in theory poison that cache
actually we recently (intentionally) removed write permissions in 
abstractions/fonts

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-03-07 Thread dinar qurbanov
seems these are links to browse the profiles online:
https://bazaar.launchpad.net/~mozillateam/firefox/firefox.focal/view/head:/debian/usr.bin.firefox.apparmor.14.10
https://git.launchpad.net/apparmor/tree/profiles/apparmor.d/abstractions

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-03-02 Thread John Johansen
I can not speak to specifics but there are a lot of potential reason's a
packager (not firefox specific) might not be updating the profile.

- They don't use the profile / or maybe apparmor. (package
maintainership evolves and not everyone who might even be aware of it
without digging in)

- The auto package tests don't report a failure. This could be the tests
aren't set up to use apparmor or just that they don't have a specific
test for a change. Packagers are often very busy and won't dig into an
update unless there are problems being reported.

- The packager can be using a different kernel version which results in
apparmor or the kernel/apparmor having different features being used.
Yes they should be testing on a given release but there are HWE kernels
and upstream kernel builds that users may be using that are different
from what the packager tests on.

- Testing didn't show up an issue, but a different config or usage
pattern that a user has will show up an issue.

- The packager is not familiar with apparmor and can't or at least
doesn't feel compfortable updating the profile.

- The upstream packager tries to maintain a single profile version for
all releases of a package. Eg. FF 71 is released on multiple distro
versions (xenial, bionic, ...) each of those distros have different
kernels and the application will use different features and apparmor
presents different features.

- AppArmor does not provide adequate means to distribute/use a single
profile version across multiple releases when the features required are
significantly different.

I am not arguing that the profile should not be updated, just providing
some reasons for why it might not be. Ideally it should be tested, and
updated if necessary with every release especially when the profile is
part of the package.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-29 Thread dinar qurbanov
i have reenabled the capability rules ans added these to them, also from
the chromium profile:

owner @{PROC}/@{pid}/setgroups w,
owner @{PROC}/@{pid}/uid_map w,
owner @{PROC}/@{pid}/gid_map w,
.

i have prepared dbus rules:

dbus send
bus=system
path=/org/freedesktop/RealtimeKit1
interface=org.freedesktop.DBus.Properties
member=Get

peer=(name=org.freedesktop.RealtimeKit1|label="/usr/lib/firefox/firefox{,*[^s][^h]}")

dbus send
bus=session
path=/org/gtk/vfs/Daemon
interface=org.gtk.vfs.Daemon
member=ListMonitorImplementations
peer=(name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )

dbus send
bus="session"
path="/org/gtk/Private/RemoteVolumeMonitor"
interface="org.gtk.Private.RemoteVolumeMonitor"
member="IsSupported"
peer=(name=":1.35" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )

dbus send
bus="session"
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="ListMounts2"
peer=( name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )

dbus send
bus="session"
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="LookupMount"
peer=( name=":1.10" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )

dbus send
bus="system"
path="/org/freedesktop/hostname1"
interface="org.freedesktop.DBus.Properties"
member="GetAll"
peer=( name=":1.120" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )

dbus send
bus="session"
path="/ca/desrt/dconf/Writer/user"
interface="ca.desrt.dconf.Writer"
member="Change"
peer=( name="ca.desrt.dconf" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
)

dbus receive
bus="session"
path="/ca/desrt/dconf/Writer/user"
interface="ca.desrt.dconf.Writer"
member="Notify"
peer=( name=":1.21" | label="/usr/lib/firefox/firefox{,*[^s][^h]}" )

please somebody correct them and say to which file they should be added.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-29 Thread dinar qurbanov
what is ubuntu's policy for updating this profile? it looks like package
maintainers are not updating this profile on every package update. why?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-28 Thread dinar qurbanov
message when switching to read mode:
Feb 26 13:13:13 dinar-HP-Pavilion-g7-Notebook-PC kernel: [64008.165294] audit: 
type=1400 audit(1582711993.444:302): apparmor="DENIED" operation="exec" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
name="/usr/bin/speech-dispatcher" pid=30443 comm=7370656563686420696E6974 
requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1861408] Re: firefox apparmor messages

2020-02-24 Thread Seth Arnold
On Mon, Feb 24, 2020 at 06:48:33AM -, dinar qurbanov wrote:
> after firefox restart these appeared:
> 
> Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  141.932834]
> audit: type=1400 audit(1582525804.452:27): apparmor="DENIED"
> operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name="/proc/1888/uid_map" pid=1888 comm=495043204C61756E6368202331

This file is a necessary part of the Firefox sandbox code. If you deny
this but allow the syscalls and privileges that start the sandbox, you're
going to see some very unusual results.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-24 Thread dinar qurbanov
/ r,
  /**/ r,
is not enough. because thumbnails are not shown. much better would be to use a 
separate program as a helper application, while it can read all files but it is 
very simple and can only open a file by gui mouse click, and cannot connect 
internet.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
after firefox restart these appeared:

Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  141.932834] audit: 
type=1400 audit(1582525804.452:27): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1888/uid_map" 
pid=1888 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" 
fsuid=1000 ouid=1000
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  141.934780] IPC 
Launch #1[1888]: segfault at 0 ip 7fa9fe84808c sp 7fa9f0efa780 error 6 
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:04 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  141.934798] Code: 
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01  04 25 00 00 00 00 1e 02 00 
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:06 dinar-HP-Pavilion-g7-Notebook-PC wpa_supplicant[826]: wlo1: 
CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-85 noise=-95 txrate=14400
Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  148.016837] audit: 
type=1400 audit(1582525810.536:28): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1926/uid_map" 
pid=1926 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" 
fsuid=1000 ouid=1000
Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  148.017346] IPC 
Launch #1[1926]: segfault at 0 ip 7fa9fe84808c sp 7fa9eb29d780 error 6 
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:10 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  148.017359] Code: 
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01  04 25 00 00 00 00 1e 02 00 
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  148.895517] IPC 
Launch #1[1973]: segfault at 0 ip 7fa9fe84808c sp 7fa9ea5a2780 error 6 
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  148.895535] Code: 
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01  04 25 00 00 00 00 1e 02 00 
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:11 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  148.895594] audit: 
type=1400 audit(1582525811.416:29): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1973/uid_map" 
pid=1973 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" 
fsuid=1000 ouid=1000
Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  150.432287] IPC 
Launch #1[1991]: segfault at 0 ip 7fa9fe84808c sp 7fa9fba7f780 error 6 
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  150.432303] Code: 
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01  04 25 00 00 00 00 1e 02 00 
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:12 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  150.432405] audit: 
type=1400 audit(1582525812.952:30): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/1991/uid_map" 
pid=1991 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" 
fsuid=1000 ouid=1000
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC wpa_supplicant[826]: wlo1: 
CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-75 noise=-95 txrate=13000
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  152.373278] IPC 
Launch #1[2012]: segfault at 0 ip 7fa9fe84808c sp 7fa9f6fd9780 error 6 
in libxul.so[7fa9fdfac000+6f21000]
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  152.373293] Code: 
75 12 89 e8 48 81 c4 10 02 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 f5 bb fc ff 48 
8d 05 ae 89 85 04 48 8b 0d 57 75 c6 06 48 89 01  04 25 00 00 00 00 1e 02 00 
00 e8 ac 4a fd ff 48 8d 05 e3 89 85
Feb 24 09:30:14 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  152.373325] audit: 
type=1400 audit(1582525814.892:31): apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2012/uid_map" 
pid=2012 comm=495043204C61756E6368202331 requested_mask="w" denied_mask="w" 
fsuid=1000 ouid=1000

and i have seen some suspicious things, for that i commented out those
capability rules.

also, there were problems, in addition to the new messages: firefox said
{ff has been updated, you must restart it} on every tab, if i open them,
and then after restarting, content of that tabs were lost. one of them
has put ubuntu.com at address bar, another become blank.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
also there are /sys/devices/system/cpu/ r, 
  /etc/firefox*/ r,
  /etc/xulrunner-2.0*/ r,
  /etc/gre.d/ r,

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
i have some questions and wishes about rules that are in the profile:

  # so browsing directories works
  / r,
  /**/ r,

what if comment these out and allow / and owner @{HOME}/** , instead of
these? does firefox need other directory listings? maybe i will try.

i see /usr/ r, /etc/ r, /opt/ r, @{PROC}/ r, /usr/bin/ r, are already
allowed, why are these used? i would like to see there comments, in the
profile.

  # Default profile allows downloads to ~/Downloads and uploads from ~/Public
  owner @{HOME}/ r,
  owner @{HOME}/Public/ r,
  owner @{HOME}/Public/* r,
  owner @{HOME}/Downloads/ r,
  owner @{HOME}/Downloads/* rw,

are not you going to put there all language variants?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
i added these lines to ff profile:

#copied from abstractions/lightdm_chromium-browser
capability sys_admin,  # for sandbox to change namespaces
capability sys_chroot, # fod sandbox to chroot to a safe directory
capability setgid, # for sandbox to drop privileges
capability setuid, # for sandbox to drop privileges
capability sys_ptrace, # chromium needs this to keep track of itself

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-23 Thread dinar qurbanov
>At the moment we recommend granting the capability in the profile and
letting firefox setup its sandbox.

why do not ubuntu developers add it? (before they make it other way.)

>Unfortunately this means you can't guarantee the rest of the program
isn't doing things it shouldn't.

what it can do using this capability, without using any other additional
apparmor allow rules? can you give any examples?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-14 Thread John Johansen
I should further note that this needs kernel patches to be fixed.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-14 Thread John Johansen
Firefox uses cap sys_admin to set up its sandbox, which is extremely
unfortunate but required on linux to be able to set up the
user_namespace, do the chroot etc. Current the LSM and user namespaces
don't interact as well as they should.

AppArmor can NOT properly determine the policy namespace that it should
be in with the user_namespace after firefox enters its sandbox. This
result in the cap_sys admin messages

This is a known problem and we are working on it. At the moment we
recommend granting the capability in the profile and letting firefox
setup its sandbox. Unfortunately this means you can't guarantee the rest
of the program isn't doing things it shouldn't.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-14 Thread dinar qurbanov
i asked about sys_admin capability and got some answers:
https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ

(i wanted to ask in firefox-dev mailing list but the dev-platform list
was said about as more appropriate).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-04 Thread dinar qurbanov
i have added these lines:

in /etc/apparmor.d/abstractions/gnome :

@{HOME}/.local/share/gvfs-metadata/** r,

in /etc/apparmor.d/abstractions/xdg-desktop :

owner @{HOME}/.cache/mesa_shader_cache/** rw,

and messages (i use aa-notify) when saving disappeared.

dbus_method_call messages still appear in logs, while saving. i do not
know why they are not reported by aa-notify.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i think

Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [  464.049675]
audit: type=1400 audit(1580371708.871:38): apparmor="DENIED"
operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

message, which appear while saving files, was caused by my edition. i am
sorry.

i edited /etc/apparmor.d/abstractions/ubuntu-browsers.d/user-files
this way:

i commented out

@{HOME}/** r,
owner @{HOME}/** w,

and have added

@{HOME}/Общедоступные/** r,
owner @{HOME}/Загрузки/** rwk,

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i added w to
owner @{HOME}/.{,cache/}fontconfig/** mrl,
in /etc/apparmor.d/abstractions/fonts
and after profile replace, frequent messages stopped.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i modified /etc/apparmor.d/abstractions/fonts by adding w to
owner @{HOME}/.{,cache/}fontconfig/   r,
and replaced ff apparmor profile with "sudo apparmor_parser -r -T -W 
/etc/apparmor.d/usr.bin.firefox".
then i tried to open a page, and i got these:

Feb  3 21:26:26 dinar-Lenovo-G580 kernel: [14092.695137] audit:
type=1400 audit(1580754386.268:292): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/fontconfig/CACHEDIR.TAG.TMP-ZjyBns" pid=8547
comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c"
fsuid=1000 ouid=1000

Feb  3 21:26:26 dinar-Lenovo-G580 kernel: [14092.695143] audit:
type=1400 audit(1580754386.268:293): apparmor="DENIED" operation="mknod"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.cache/fontconfig/a41116dafaf8b233ac2c61cb73f2ea5f-
le64.cache-7.TMP-6nwuBp" pid=8547 comm=57656220436F6E74656E74
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
** Package changed: firefox (Ubuntu) => apparmor (Ubuntu)

** Also affects: firefox (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread dinar qurbanov
i have simplified all of these messages, i hope this is helpful:
sys_admin
dbus_method_call path="/org/freedesktop/RealtimeKit1" member="Get" 
name="org.freedesktop.RealtimeKit1"
dbus_method_call path="/org/gtk/vfs/Daemon" member="ListMonitorImplementations"
dbus_method_call path="/org/gtk/Private/RemoteVolumeMonitor" 
member="IsSupported"
dbus_method_call path="/org/gtk/vfs/mounttracker" member="ListMounts2"
dbus_method_call member="LookupMount"
dbus_method_call path="/org/freedesktop/hostname1" member="GetAll"
dbus_method_call path="/ca/desrt/dconf/Writer/user" member="Change" 
name="ca.desrt.dconf"
open name="/home/dinar/.cache/mesa_shader_cache/index" requested_mask="wrc" 
denied_mask="wrc"
open name="/home/dinar/.local/share/gvfs-metadata/home" requested_mask="r" 
denied_mask="r"
dbus_signal path="/ca/desrt/dconf/Writer/user" 
interface="ca.desrt.dconf.Writer" member="Notify"
mkdir name="/home/dinar/.cache/fontconfig/" requested_mask="c" denied_mask="c"
mkdir name="/home/dinar/fontconfig/" requested_mask="c" denied_mask="c"
open name="/home/dinar/.config/dconf/user" requested_mask="r" denied_mask="r"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861408] Re: firefox apparmor messages

2020-02-03 Thread Корбанов Динар
i have installed linux mint on another comp and this time i enabled ff
apparmor profile before first run of ff.

now, i get also these messages, every time a page/url is opened/loaded:

Feb  3 18:40:24 dinar-Lenovo-G580 dbus-daemon[1307]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" path="/org/gtk/vfs/Daemon" 
interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" 
name=":1.6" pid=4668 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1368 
peer_label="unconfined"
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.097714] audit: type=1400 
audit(1580744424.242:117): apparmor="DENIED" operation="mkdir" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
name="/home/dinar/.cache/fontconfig/" pid=4668 comm=57656220436F6E74656E74 
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.097721] audit: type=1400 
audit(1580744424.242:118): apparmor="DENIED" operation="mkdir" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.fontconfig/" 
pid=4668 comm=57656220436F6E74656E74 requested_mask="c" denied_mask="c" 
fsuid=1000 ouid=1000
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.162558] audit: type=1107 
audit(1580744424.306:119): pid=767 uid=103 auid=4294967295 ses=4294967295 
msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" 
path="/org/freedesktop/RealtimeKit1" 
interface="org.freedesktop.DBus.Properties" member="Get" mask="send" 
name="org.freedesktop.RealtimeKit1" pid=4668 
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1521 
peer_label="unconfined"
Feb  3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.162558]  
exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?'

on first run of firefox, there were, in addition to the above shown
types, this type:

Feb  3 18:06:58 dinar-Lenovo-G580 kernel: [ 2125.679905] audit:
type=1400 audit(1580742418.752:43): apparmor="DENIED" operation="open"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/home/dinar/.config/dconf/user" pid=3288 comm="firefox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861408

Title:
  firefox apparmor messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1861408/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs