AppArmor

  1. Bug #1569647
  2. Activity log

Activity log for bug #1569647

Date Who What changed Old value New value Message
2016-04-13 02:26:44 emily_ bug added bug
2016-04-13 02:47:51 emily_ description Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] [New Thread 0x7fdaad51a700 (LWP 17594)] [New Thread 0x7fdaac8dd700 (LWP 17595)] [New Thread 0x7fdaac0dc700 (LWP 17596)] [New Thread 0x7fdaab8db700 (LWP 17597)] [New Thread 0x7fdad182b700 (LWP 17598)] [New Thread 0x7fdaab0da700 (LWP 17599)] [New Thread 0x7fdaaa8d9700 (LWP 17600)] [New Thread 0x7fdaa8e20700 (LWP 17601)] [New Thread 0x7fdaa861f700 (LWP 17602)] [New Thread 0x7fdaa7e1e700 (LWP 17603)] [New Thread 0x7fdaa761d700 (LWP 17604)] [New Thread 0x7fdaa6e1c700 (LWP 17605)] [New Thread 0x7fdaa661b700 (LWP 17606)] [New Thread 0x7fdaa5e1a700 (LWP 17607)] [New Thread 0x7fdaa5619700 (LWP 17608)] [New Thread 0x7fdaa4e18700 (LWP 17609)] [New Thread 0x7fdaa4617700 (LWP 17610)] [New Thread 0x7fdaa2393700 (LWP 17611)] [New Thread 0x7fda9c9bc700 (LWP 17612)] [New Thread 0x7fda9c1bb700 (LWP 17614)] [New Thread 0x7fda9b716700 (LWP 17648)] [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] [Thread 0x7fdaa661b700 (LWP 17606) exited] [Thread 0x7fdaa6e1c700 (LWP 17605) exited] [Thread 0x7fdaa761d700 (LWP 17604) exited] [Thread 0x7fdaa7e1e700 (LWP 17603) exited] [Thread 0x7fdaa861f700 (LWP 17602) exited] [Thread 0x7fdaa5619700 (LWP 17608) exited] [Thread 0x7fdaa8e20700 (LWP 17601) exited] [Thread 0x7fda99f13700 (LWP 17653) exited] [Thread 0x7fdaac0dc700 (LWP 17596) exited] [Thread 0x7fdaa4617700 (LWP 17610) exited] [Thread 0x7fdaa2393700 (LWP 17611) exited] [Thread 0x7fda9a714700 (LWP 17652) exited] [Thread 0x7fdaac8dd700 (LWP 17595) exited] [Thread 0x7fda9b716700 (LWP 17648) exited] [Thread 0x7fdaab0da700 (LWP 17599) exited] [Thread 0x7fdaadd1b700 (LWP 17588) exited] [Thread 0x7fdaaa8d9700 (LWP 17600) exited] [Thread 0x7fdaad51a700 (LWP 17594) exited] [Thread 0x7fdaa4e18700 (LWP 17654) exited] [Thread 0x7fda9c1bb700 (LWP 17614) exited] [Thread 0x7fdad182b700 (LWP 17598) exited] [Thread 0x7fdaab8db700 (LWP 17597) exited] [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last): File "/usr/sbin/aa-genprof", line 107, in <module> apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] [New Thread 0x7fdaad51a700 (LWP 17594)] [New Thread 0x7fdaac8dd700 (LWP 17595)] [New Thread 0x7fdaac0dc700 (LWP 17596)] [New Thread 0x7fdaab8db700 (LWP 17597)] [New Thread 0x7fdad182b700 (LWP 17598)] [New Thread 0x7fdaab0da700 (LWP 17599)] [New Thread 0x7fdaaa8d9700 (LWP 17600)] [New Thread 0x7fdaa8e20700 (LWP 17601)] [New Thread 0x7fdaa861f700 (LWP 17602)] [New Thread 0x7fdaa7e1e700 (LWP 17603)] [New Thread 0x7fdaa761d700 (LWP 17604)] [New Thread 0x7fdaa6e1c700 (LWP 17605)] [New Thread 0x7fdaa661b700 (LWP 17606)] [New Thread 0x7fdaa5e1a700 (LWP 17607)] [New Thread 0x7fdaa5619700 (LWP 17608)] [New Thread 0x7fdaa4e18700 (LWP 17609)] [New Thread 0x7fdaa4617700 (LWP 17610)] [New Thread 0x7fdaa2393700 (LWP 17611)] [New Thread 0x7fda9c9bc700 (LWP 17612)] [New Thread 0x7fda9c1bb700 (LWP 17614)] [New Thread 0x7fda9b716700 (LWP 17648)] [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] [Thread 0x7fdaa661b700 (LWP 17606) exited] [Thread 0x7fdaa6e1c700 (LWP 17605) exited] [Thread 0x7fdaa761d700 (LWP 17604) exited] [Thread 0x7fdaa7e1e700 (LWP 17603) exited] [Thread 0x7fdaa861f700 (LWP 17602) exited] [Thread 0x7fdaa5619700 (LWP 17608) exited] [Thread 0x7fdaa8e20700 (LWP 17601) exited] [Thread 0x7fda99f13700 (LWP 17653) exited] [Thread 0x7fdaac0dc700 (LWP 17596) exited] [Thread 0x7fdaa4617700 (LWP 17610) exited] [Thread 0x7fdaa2393700 (LWP 17611) exited] [Thread 0x7fda9a714700 (LWP 17652) exited] [Thread 0x7fdaac8dd700 (LWP 17595) exited] [Thread 0x7fda9b716700 (LWP 17648) exited] [Thread 0x7fdaab0da700 (LWP 17599) exited] [Thread 0x7fdaadd1b700 (LWP 17588) exited] [Thread 0x7fdaaa8d9700 (LWP 17600) exited] [Thread 0x7fdaad51a700 (LWP 17594) exited] [Thread 0x7fdaa4e18700 (LWP 17654) exited] [Thread 0x7fda9c1bb700 (LWP 17614) exited] [Thread 0x7fdad182b700 (LWP 17598) exited] [Thread 0x7fdaab8db700 (LWP 17597) exited] [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for first "DENIAL" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0"
2016-04-13 04:03:46 emily_ description Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] [New Thread 0x7fdaad51a700 (LWP 17594)] [New Thread 0x7fdaac8dd700 (LWP 17595)] [New Thread 0x7fdaac0dc700 (LWP 17596)] [New Thread 0x7fdaab8db700 (LWP 17597)] [New Thread 0x7fdad182b700 (LWP 17598)] [New Thread 0x7fdaab0da700 (LWP 17599)] [New Thread 0x7fdaaa8d9700 (LWP 17600)] [New Thread 0x7fdaa8e20700 (LWP 17601)] [New Thread 0x7fdaa861f700 (LWP 17602)] [New Thread 0x7fdaa7e1e700 (LWP 17603)] [New Thread 0x7fdaa761d700 (LWP 17604)] [New Thread 0x7fdaa6e1c700 (LWP 17605)] [New Thread 0x7fdaa661b700 (LWP 17606)] [New Thread 0x7fdaa5e1a700 (LWP 17607)] [New Thread 0x7fdaa5619700 (LWP 17608)] [New Thread 0x7fdaa4e18700 (LWP 17609)] [New Thread 0x7fdaa4617700 (LWP 17610)] [New Thread 0x7fdaa2393700 (LWP 17611)] [New Thread 0x7fda9c9bc700 (LWP 17612)] [New Thread 0x7fda9c1bb700 (LWP 17614)] [New Thread 0x7fda9b716700 (LWP 17648)] [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] [Thread 0x7fdaa661b700 (LWP 17606) exited] [Thread 0x7fdaa6e1c700 (LWP 17605) exited] [Thread 0x7fdaa761d700 (LWP 17604) exited] [Thread 0x7fdaa7e1e700 (LWP 17603) exited] [Thread 0x7fdaa861f700 (LWP 17602) exited] [Thread 0x7fdaa5619700 (LWP 17608) exited] [Thread 0x7fdaa8e20700 (LWP 17601) exited] [Thread 0x7fda99f13700 (LWP 17653) exited] [Thread 0x7fdaac0dc700 (LWP 17596) exited] [Thread 0x7fdaa4617700 (LWP 17610) exited] [Thread 0x7fdaa2393700 (LWP 17611) exited] [Thread 0x7fda9a714700 (LWP 17652) exited] [Thread 0x7fdaac8dd700 (LWP 17595) exited] [Thread 0x7fda9b716700 (LWP 17648) exited] [Thread 0x7fdaab0da700 (LWP 17599) exited] [Thread 0x7fdaadd1b700 (LWP 17588) exited] [Thread 0x7fdaaa8d9700 (LWP 17600) exited] [Thread 0x7fdaad51a700 (LWP 17594) exited] [Thread 0x7fdaa4e18700 (LWP 17654) exited] [Thread 0x7fda9c1bb700 (LWP 17614) exited] [Thread 0x7fdad182b700 (LWP 17598) exited] [Thread 0x7fdaab8db700 (LWP 17597) exited] [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for first "DENIAL" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0" Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] ... [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] ... [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for "DENIED" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0"
2016-04-13 04:05:05 emily_ tags aa-tools
2016-04-13 04:07:07 emily_ description Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] ... [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] ... [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for "DENIED" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0" Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] ... [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] ... [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for "DENIED" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0"
2016-04-13 18:17:38 emily_ description Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] ... [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. [New Thread 0x7fda9a714700 (LWP 17652)] [New Thread 0x7fda99f13700 (LWP 17653)] [Thread 0x7fdaa4e18700 (LWP 17609) exited] [Thread 0x7fda9af15700 (LWP 17649) exited] [New Thread 0x7fdaa4e18700 (LWP 17654)] [Thread 0x7fdaa5e1a700 (LWP 17607) exited] ... [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for "DENIED" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0" Currently running on Linux Mint, 17.3; uname -a -> Linux 3.19.0-32-generic #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux By default, I almost always enable AppArmor and all of the profiles it ships with. With the AppArmor profile for chromium-browser ENABLED, Chromium fails to run; debugging presents the following: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7f6de7667700 (LWP 12978)] [12968:12968:0412/212222:FATAL:zygote_host_impl_linux.cc(193)] Check failed: process.IsValid(). Failed to launch zygote process Program received signal SIGABRT, Aborted. 0x00007f6df2b42cc9 in __GI_raise (sig=sig@entry=6)     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. While the AppArmor profile for Chromium is DISABLED, the browser opens normally: Starting program: /usr/lib/chromium-browser/chromium-browser --ppapi-flash-path=/usr/lib/adobe-flashplugin/libpepflashplayer.so --ppapi-flash-version= --enable-pinch [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fdaadd1b700 (LWP 17588)] ... [New Thread 0x7fda9af15700 (LWP 17649)] Created new window in existing browser session. ... [Thread 0x7fdad435ea00 (LWP 17584) exited] [Inferior 1 (process 17584) exited normally] If I try to generate a WORKING AppArmor profile (not the default shipped with apparmor-profiles) for Chromium, things break: sudo aa-genprof chromium-browser Traceback (most recent call last):   File "/usr/sbin/aa-genprof", line 107, in <module>     apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)   File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 613, in get_profile_flags     raise AppArmorException(_('%s contains no profile') % filename) apparmor.common.AppArmorException: '/etc/apparmor.d/usr.bin.chromium-browser contains no profile' Grepping for "DENIED" logs in syslog returns: "kernel: [ 501.053368] audit: type=1400 audit(1460489635.759:318): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.053474] audit: type=1400 audit(1460489635.759:319): apparmor="DENIED" operation="exec" profile="/usr/lib/chromium-browser/chromium-browser" name="/bin/which" pid=5049 comm="BrowserBlocking" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.057446] audit: type=1400 audit(1460489635.763:320): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5049/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Apr 12 15:33:55 void kernel: [ 501.087666] audit: type=1400 audit(1460489635.795:321): apparmor="DENIED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/5050/stat" pid=4802 comm="BrowserBlocking" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0"
2016-04-27 02:56:49 Daniel Richard G. bug added subscriber Daniel Richard G.