[Touch-packages] [Bug 1426316] Re: Java applets won't run in Firefox with Apparmor profile activated

Fri, 27 Mar 2015 01:46:19 -0700 

Seth, yes this is contradictory. In fact I had many DENIED messages, as
you might have seen here http://askubuntu.com/questions/586611/apparmor-
problem-icedtea-plugin-freezes-firefox-35-0-1

But finally, only adding rw to owner /run/user/*/icedteaplugin-*/* did
the trick for me.

Regarding the other modifications I made, there all are in my
local/usr.bin.firefox:

# Site-specific additions and overrides for usr.bin.firefox.
# For more details, please see /etc/apparmor.d/local/README.
# Allow keyring integration to work
dbus (send,receive)
    bus=session
    interface=org.freedesktop.DBus.Properties
    path=/org/freedesktop/secrets,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.Secret.Service
    path=/org/freedesktop/secrets,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.Secret.Item
    path=/org/freedesktop/secrets/**/*,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.DBus.Properties
    path=/org/freedesktop/secrets/collection/mozilla/*,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.DBus.Properties
    path=/org/freedesktop/secrets/collection/mozilla,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.Secret.Prompt
    path=/org/freedesktop/secrets/prompt/*,
@{HOME}/.cache/mozilla/firefox/**/safebrowsing-to_delete/*.sbstore rw,
deny dbus
    interface=org.gtk.vfs.MountTracker,
deny /tmp/.ICE-unix/* rw,

Everything regarding dbus is related to a gnome-keyring-integration plugin I 
use (https://github.com/swick/moz-gnome-keyring-integration).
Last two line are here to avoid noisy notifications.

Reagards,
Franck

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1426316

Title:
  Java applets won't run in Firefox with Apparmor profile activated

Status in apparmor package in Ubuntu:
  New

Bug description:
  After activating firefox profile, be it in complain or enforce mode,
  no applet will run with OpenJDK.

  The culprit seems to be:
  apparmor="DENIED" operation="open" 
profile="/usr/lib/firefox/firefox{,[^s][^h]}//browser_openjdk" 
name="/run/user/1000/dconf/user" pid=11973 comm=64636F6E6620776F726B6572 
requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000

  The rules that prevent the applets to run belong to Apparmor
  abstractions, specifically /etc/apparmor.d/abstractions/ubuntu-
  browser.d/java

  These rules will be enforced, even when usr.in.firefox is in complain
  mode (I don't know why exactly)

  Adding write access to the line

  owner /run/user/*/icedteaplugin-*/ rw

  in /etc/apparmor.d/abstractions/ubuntu-browser.d/java

  seems to solve the problem.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: apparmor-profiles 2.8.98-0ubuntu2
  ProcVersionSignature: Ubuntu 3.16.0-31.41-lowlatency 3.16.7-ckt5
  Uname: Linux 3.16.0-31-lowlatency x86_64
  ApportVersion: 2.14.7-0ubuntu8.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Feb 27 11:05:20 2015
  InstallationDate: Installed on 2014-12-13 (75 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
  PackageArchitecture: all
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.16.0-31-lowlatency 
root=/dev/mapper/ubuntu--vg-lv--root ro threadirqs quiet splash vt.handoff=7
  SourcePackage: apparmor
  Syslog: Feb 27 09:42:45 franck-ThinkPad-T430s dbus[3940]: apparmor="DENIED" 
operation="dbus_method_call"  bus="session" path="/org/freedesktop/DBus" 
interface="org.freedesktop.DBus" member="Hello" mask="send" 
name="org.freedesktop.DBus" pid=9748 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk" 
peer_profile="unconfined"
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified]
  modified.conffile..etc.apparmor.d.usr.sbin.traceroute: [modified]
  mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2015-02-20T14:58:28.130461
  mtime.conffile..etc.apparmor.d.usr.sbin.traceroute: 2015-02-20T15:04:02.437880

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1426316/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to