deluge doesn't open .torrent files from firefox while apparmor is on

Thanks for reporting this bug and any supporting documentation. Since this bug has enough information provided for a developer to begin work, I'm going to mark it as Triaged and let them handle it from here. Thanks for taking the time to make Ubuntu better! Please report any other issues you may find.

Can you add the following to /etc/apparmor.d/usr.bin.firefox-3.5:
  /usr/bin/deluge Ux,
  /usr/bin/mkfifo Ux,

Then reload the profile with:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox-3.5

Does this fix the problem for you?

Strange; I can't reproduce this on clean karmic install.

I will try to do this on other machine wich is upgraded from previous release.

The firefox profile is opt-in only. It is not enabled in the default install or on upgrades from 9.04. Please see https://wiki.ubuntu.com/KarmicKoala/TechnicalOverview#New%20profiles for details.

" /usr/bin/deluge Ux,
  /usr/bin/mkfifo Ux,"

Solves the problem.

BTW I was upgrading from 9.04 and apparmor for firefox is on; i haven't turned it on myself. Maybe I was doing upgrade in the wrong time.

Iakov,

Thanks for your feedback. It is possible you upgraded at the wrong time because there was a bug in the logic for firefox-3.5 users on Jaunty upgrading to Karmic (which is now fixed).

SRU REQUEST

1. Users of firefox are unable to use the deluge when the AppArmor profile is enabled. The fix is trivial

2. The fix is not in Lucid yet

3. The fix is to add the following in debian/usr.bin.firefox.apparmor.in:
  /usr/bin/deluge Uxr,

4. TEST CASE:
- sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
- Start downloading torrent with firefox
- Select "open with deluge".

5. The regression potential is very low. The profile is disabled in the default installation, and we only allow access to files that we didn't previously have access to.

Hi,

I'm having this problem with torrent files and firefox 3.5 can you tell me where in the file I need to add these lines? Do I need to restart my machine for the changes to work?

Thanks

@Brian Owens: just add it in the plugin section similar the mozplugger lines at line 167.

@Jamie Strandboge: I have the same problem with Transmission. Adding '/usr/bin/transmission Ux,' fixes the issue. Since Transmission is Ubuntu's default torrent client and therefore has a larger userbase and hence a larger regression potential I think it would make sense to include the above line as well.

@Johannes Mockenhaupt
There's bug 476299 for Transmission.

This bug was fixed in the package firefox-3.5 - 3.5.6+nobinonly-0ubuntu1

---------------
firefox-3.5 (3.5.6+nobinonly-0ubuntu1) lucid; urgency=low

  * New upstream release v3.5.6 (FIREFOX_3_5_6_RELEASE)
    - see USN-874-1

  [ Micah Gersten <email address hidden> ]
  * Bump minimum system cairo to 1.8.8
    - update debian/rules
  * Fix .desktop Name field for Slovak translation (LP: 448683)
    - update debian/firefox-3.5-final.desktop
  * Fix .desktop Name field for Estonian and Arabic translations
    (LP: 419507, LP: 321239)
    - update debian/firefox-3.5-final.desktop

  [ Jamie Strandboge <email address hidden> ]
  * AppArmor fixes:
    - allow access to nautilus, to allow "Open containing folder" to work
      (LP: #452591)
    - allow access for deluge (LP: #455792)
    - work better with KDE by adding kde abstraction, allow access to soffice,
      allow access to okular and read access to /etc/fstab (for print dialog)
      (LP: #447006)
    - allow access to acroread (LP: #473268)
    - allow access to eog (LP: #464016)
    - allow access to transmission (LP: #476299)
    - deny noisy write attempts to deny /usr/lib/xulrunner-*/components/*.tmp
      as seen with 'firefox --help')
    - deny noisy read to /.suspended (when navigating directories)
    - allow access to /usr/bin/liferea-add-feed (LP: #488851)
    - allow access to azureus (LP: #482677)
    - don't require 'owner' for /media (LP: #479580)
    - adjust AppArmor profile binary globbing to match other branches
    - allow ixr access to sed (for first runs)

  [ Alexander Sack <email address hidden> ]
  * bump lower bound for system sqlite3 to >= 3.6.16.1
    - update debian/rules
 -- Alexander Sack <email address hidden> Wed, 16 Dec 2009 00:43:08 +0100

Here is my kern.log after I turned on FULL auditing. This appears to log everything, success or failure. It certainly logs a lot of successes, so I know it is definitely working. However, I do not see any failures.

Sorry, wrong bug...

Unassigning myself for the 9.10 task. I don't have time to prepare/test/floow through on an SRU for this, especially since there is an easy workaround. If someone else is inclined to take the lead on an SRU for this, feel free to do so. This should get fixed in the firefox 3.6 update for 9.10 anyway.

Same here on Ubuntu 12.04 (Precise Pangolin) with Firefox (aa-enforced) and Deluge.

The problem still exists on Ubuntu 12.10.