Ubuntu
firefox package

missing many apparmor rules on Xenial

Bug #1533232 reported by Simon Déziel
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Confirmed
High
Unassigned

Bug Description

I've been accumulating many rules in my /etc/apparmor.d/local/usr.bin.firefox. It's been a few days since I didn't add any so it's time to report about my local additions.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 43.0.4+build3-0ubuntu1
ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3
Uname: Linux 4.3.0-5-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.19.3-0ubuntu2
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/pcmC0D0p: simon 16762 F...m pulseaudio
 /dev/snd/controlC0: simon 16762 F.... pulseaudio
BuildID: 20160106234842
Channel: Unavailable
CurrentDesktop: Unity
CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read kernel buffer failed: Operation not permitted
Date: Tue Jan 12 09:04:59 2016
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
Locales: extensions.sqlite corrupt or missing
PrefSources:
 prefs.js
 [Profile]/<email address hidden>/defaults/preferences/dnssec.js
 [Profile]/<email address hidden>/defaults/preferences/preferences.js
Profiles: Profile0 (Default) - LastVersion=43.0.4/20160106234842 (In use)
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/14/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: 6IET85WW (1.45 )
dmi.board.name: 2516CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6IET85WW(1.45):bd02/14/2013:svnLENOVO:pn2516CTO:pvrThinkPadT410:rvnLENOVO:rn2516CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2516CTO
dmi.product.version: ThinkPad T410
dmi.sys.vendor: LENOVO

Revision history for this message
Simon Déziel (sdeziel) wrote :
Revision history for this message
Simon Déziel (sdeziel) wrote :

I recently also found out that those dbus "receive" rules were missing:

  dbus receive
        bus=session
        path=/org/gtk/Private/RemoteVolumeMonitor
        interface=org.gtk.Private.RemoteVolumeMonitor
        member={VolumeAdded,VolumeRemoved},

Revision history for this message
Simon Déziel (sdeziel) wrote :

I'm attaching my refreshed local include.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in firefox (Ubuntu):
status: New → Confirmed
Revision history for this message
Simon Déziel (sdeziel) wrote :
Alberto Salvia Novella (es20490446e)
Changed in firefox (Ubuntu):
importance: Undecided → High
Revision history for this message
daniel CURTIS (anoda) wrote :

Hello.

It seems, that 'member=' needs some new values. Today, I noticed a few new entries in a log files, such as '/var/log/syslog'. Each entry had icluded "/org/gtk/Private/RemoteVolumeMonitor" with a dbus "receive" etc. Now, I'm using such a rule in a Firefox profile:

dbus (send)
     bus=session
     interface=org.gtk.Private.RemoteVolumeMonitor,

But according to a new log entries, above rule should be updated, at least in my case, with a new values in 'member=' and there should be added 'receive' to 'dbus (send)'. Mr. Simon Déziel rule (see post #2) already contains two options: I saw both in log files. However, there were also:

✗ VolumeChanged,
✗ DriveConnected,
✗ DriveDisconnected,
✗ MountChanged,
✗ MountAdded,
✗ MountRemoved,
✗ MountPreUnmount

I hope, that I didn't miss any option. So, what do You think Mr. Déziel? Should these new options be added to the Firefox profile? If yes, what do You think about something like this:

- dbus (send)
+ dbus (send, receive)

- member={VolumeAdded,VolumeRemoved},
+ member={VolumeAdded,VolumeRemoved,VolumeChanged,DriveConnected,DriveDisconnected,MountChanged,MountAdded,MountRemoved,MountPreUnmount},

I don't know if there should be 'dbus (send, receive)', but I already have a rule with 'send' in Firefox profile (unfortunately, I do not remember and I do not have any log entries. Sorry.) So, what to do? Here are some technical informations:

● Firefox: v59.0.2 (i386)
● Release: 16.04.4 LTS

Thanks, best regards.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.