Change to Firefox profile causes seemingly unrelated problems
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When I change the line "/usr/bin/evince PUxr," in my Firefox apparmor profile to either "/usr/bin/evince Pxr," or "/usr/bin/evince Uxr," or when I comment the line out or delete it entirely, whenever I browse to a website with flash content, the browser hangs and a "unresponsive script" message pops up.
Changing the line to "/usr/bin/evinc{,e} PUxr," or moving it to another location in the same profile does not trigger this behavior.
I use Kubuntu 10.04 64 bit and don't even have Evince installed, there is no /usr/bin/evince on my system.
There are no error messages when I load the modified profile and nothing gets logged to /var/log/messages when Firefox hangs.
The problem occurs in different Firefox user profiles, both with and without addons, though the slowdown is worse with more addons.
The exact same apparmor profile doesn't cause this behavior on my 32 bit Kubuntu 10.04 netbook.
I couldn't reproduce this behavior with the official 3.6.13 aa profile, so here's the difference between my version and 3.6.13:
6c6
< /usr/lib/
---
> /usr/lib/
50c50
< deny /usr/lib/
---
> deny /usr/lib/
54a55,56
> deny /boot/initrd.img* r,
> deny /boot/vmlinuz* r,
57c59
< /usr/lib/
---
> /usr/lib/
72a75,80
> # Needed for the crash reporter
> owner @{PROC}
> owner @{PROC}/[0-9]*/auxv r,
> /etc/lsb-release r,
> /usr/bin/expr ix,
>
85c93
< # owner @{HOME}/** w
---
> owner @{HOME}/** w,
92,94c100,102
< # owner /media/** w,
< # owner /mnt/** w,
< # owner /srv/** w,
---
> owner /media/** w,
> owner /mnt/** w,
> owner /srv/** w,
106,107c114
< owner @{HOME}
< owner @{HOME}
---
> owner @{HOME}
117c124
< deny /usr/lib/
---
> deny /usr/lib/
133a141
> /usr/bin/
136c144
< /usr/lib/
---
> /usr/lib/
140a149,151
> # Needed for container to work in xul builds
> /usr/lib/
>
152,154c163,166
< # /opt/Adobe/
< # /usr/bin/evince PUxr,
< /usr/bin/okular Pxr,
---
> /opt/Adobe/
> /opt/Adobe/
> /usr/bin/evince PUxr,
> /usr/bin/okular Uxr,
161,166c173,178
< # /usr/bin/ooffice Uxr,
< # /usr/bin/oocalc Uxr,
< # /usr/bin/oodraw Uxr,
< # /usr/bin/ooimpress Uxr,
< # /usr/bin/oowriter Uxr,
< # /usr/lib/
---
> /usr/bin/ooffice Uxr,
> /usr/bin/oocalc Uxr,
> /usr/bin/oodraw Uxr,
> /usr/bin/ooimpress Uxr,
> /usr/bin/oowriter Uxr,
> /usr/lib/
194c206
< owner @{HOME}
---
> @{HOME}
198,200c210,212
< # /usr/lib/
< # /usr/lib/
< # /usr/lib/
---
> /usr/lib/
> /usr/lib/
> /usr/lib/
221,269d232
< #############
<
< /etc/kde4rc r,
< /etc/kubuntu-
<
< owner @{HOME}
< owner @{HOME}
< owner @{HOME}
< owner @{HOME}
< owner @{HOME}
< owner @{HOME}/.kde/** rkl,
< owner @{HOME}/.esd_auth rwk,
<
<
< /usr/bin/perl ix,
< /bin/mv ix,
< /usr/bin/ffmpeg ix,
< /usr/bin/mencoder ix,
< # /usr/bin/
< /usr/lib/mozilla/** ix,
<
< /usr/bin/kwrite ix,
<
< deny /usr/lib/mozilla/** w,
<
< # gnash
< owner @{HOME}
< owner @{HOME}
<
< # vlc-plugin
< owner @{HOME}
<
< # plugincontainer
<
< /usr/lib/
<
< profile firefox_
< #include <abstractions/
< #include <abstractions/base>
< #include <abstractions/kde>
< #include <abstractions/
<
< /usr/lib{,32,64}/** rm,
<
< owner @{HOME}/.adobe/** rklw,
< owner @{HOME}
< owner @{HOME}
<
< }
278c241
< profile firefox_openjdk {
---
> profile firefox_openjdk {
308a272
> /usr/lib/
313,315c277,278
< owner @{HOME}/.netx/** rkw,
< owner @{HOME}
<
---
> owner @{HOME}/ r,
> owner @{HOME}/** rwk,
320c283
< profile firefox_java {
---
> profile firefox_java {
333a297
> @{PROC}/loadavg r,
334a299
> /etc/debian_version r,
350c315,316
< /usr/lib/
---
> /usr/lib/
> /usr/lib/
360a327
> owner @{HOME}
This isn't an AppArmor upstream problem, but a problem with the Ubuntu policy. Please file a new bug in Ubuntu if you are still having this issue.