The firefox AppArmor profile is supposed to be opt-in and disabled by
default. Users are supposed to explicitly enable the profile for it to
be used, as mentioned in
https://wiki.ubuntu.com/KarmicKoala/TechnicalOverview#New%20profiles.
There was a bug in the packaging during the development cycle for 9.10
for people using daily builds or using firefox-3.5 on 9.04 and upgrading
to 9.10. I'm somewhat concerned that the profile was enabled without you
specifically enabling it, but if you hit the above bug or another admin
enabled the profile, then that would explain it and I'm sorry for the
inconvenience.
One of the reasons the profile is disabled by default is because of the
issues discussed here, and also because the profile is still in
development (though still quite useful for many users). Realplayer not
working is simply a profile bug. /usr/local/lib is a different matter,
and I would tend to agree with Micah's comment. That said, profiles are
not only supposed to work in the default installation, but all common
configurations. If there are 3rd party plugins that install to
/usr/local, then this should be supported as well.
An AppArmor profile is intended to confine an application to a specific
set of actions to proactively protect against flaws in the software it
is trying to protect. Firefox is an extremely attractive target for
attackers with 50+ CVEs in the software in 2009 alone, and having an
AppArmor profile available for people to use is very important. IMO, too
much autoconfiguration of the profile (ie, via ld.so.conf or other
methods) makes it difficult to understand the profile and why it is
working (or not working) the way it does, though we could probably just
add /usr/local/lib to the profile.
** Changed in: firefox-3.5 (Ubuntu)
Status: New => Triaged
** Changed in: firefox-3.5 (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Summary changed:
- firefox 3.x won't load with libraries in /usr/local/lib
+ firefox apparmor profile blocks access to /usr/local/lib
--
firefox apparmor profile blocks access to /usr/local/lib
https://bugs.launchpad.net/bugs/501822
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
