Hello.
I apologize, once again, for such a bad bug report, but I'm in a hurry
(I just want to help, because there could be some issues with a new
Firefox version - problems, that could appear after update. Just like in
my case etc.) Anyway, there is a one entry in log files that makes me
confused, because there is not so many informations that could help
create a proper rule. Here is the log entry (appeared about 4, 5 times):
✗ apparmor="DENIED" operation="connect"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/tmp/.X11-unix/X0"
pid=4643 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
As I already mentioned, "abstractions/X" file contains rule related with
"/tmp/.X11-unix/X0" and "connect" operation. However, there is also
"type" and "peer" options (see report; last rule) - which is not in the
log entry! So, it seems, that such rule is wrong... but Firefox started
to work normally.
Anyway, I would like to ask if there can/should be used something like
this - instead of a rule in bug report:
# Explicitly allow 'connect' unix permission
unix (connect),
(NOTE: chromium-browser profile also contains a few "unix" - but not
with 'connect' option - and "capability" rules) What do you think? Which
one solution is better:
- use the last rule mentioned in bug report (please note, that there is "rw"
access for "/tmp/.X11-unix/X0" socket because of 'requested{,denied}_mask');
- allow only 'connect' unix permission (see this post);
Or maybe it should be only something like this? But that is just an idea. Crazy
idea:
/tmp/.X11-unix/X[0-9]* r,
Thanks. I'm sorry once again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770600
Title:
Firefox v60: does not work after updating, many "DENIED" log entries.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
