Ubuntu
firefox package

Firefox apparmor blocks old profile location

Bug #624435 reported by Stephen Gildea on 2010-08-26

12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	firefox (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: firefox

The apparmor profile for Firefox allows locking of
~/.mozilla/**/.parentlock with fcntl SETLK, which Firefox uses to
detect more than one instance of itself using the same profile.

However, I have old profiles stored in the old location ~/.firefox/**/,
and on upgrade from Hardy to Lucid, I find apparmor prevents Firefox
from locking my ~/.firefox/**/.parentlock file. The symptom is a
popup saying 'Firefox cannot use the profile "xyz" because it is in use.'

(If you run "firefox -P some_profile", you'll get a popup saying
"Firefox is already running, [sic] but is not responding.")

Please add support for the old profile location, by adding these
rules:

--- etc/apparmor.d/usr.bin.firefox-dist-10.04 2010-07-23 03:06:34.000000000 -0700
+++ etc/apparmor.d/usr.bin.firefox 2010-08-25 21:15:02.000000000 -0700
@@ -110,6 +110,15 @@
owner @{HOME}/.mozilla/plugins/** rm,
owner @{HOME}/.mozilla/**/plugins/** rm,

+ # Per-user configuration, for profiles originally created by old
+ # versions of Firefox.
+ owner @{HOME}/.firefox/ rw,
+ owner @{HOME}/.firefox/** rw,
+ owner @{HOME}/.firefox/**/*.sqlite* k,
+ owner @{HOME}/.firefox/**/.parentlock k,
+ owner @{HOME}/.firefox/plugins/** rm,
+ owner @{HOME}/.firefox/**/plugins/** rm,
+
   #
   # Extensions
   # /usr/share/.../extensions/... is already covered by '/usr/** r', above.

Tags:

Related branches

lp:ubuntu/natty/firefox

Revision history for this message

Micah Gersten (micahg) wrote on 2010-08-26:

#1

@Securtiy team, Chris Coulson
I think we should migrate the old profile rather than adding this to the apparmor profile. Thoughts?

tags:

added: apparmor lucid

Revision history for this message

Micah Gersten (micahg) wrote on 2010-08-26:

#2

Thank you for reporting this to Ubuntu. Would you happen to remember which version of Firefox created these profiles?

Changed in firefox (Ubuntu):
status:	New → Incomplete

Revision history for this message

Stephen Gildea (stepheng+launchpad) wrote on 2010-08-26:

#3

> Would you happen to remember which version of Firefox created these profiles?

I'm no longer sure, but I would guess Firefox 0.9.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-08-26:

#4

I have no strong opinion on migrate vs not-migrate but feel ~/.firefox to be a worthwhile addition to the profile. If we are not going to migrate, then I suggest the following:
- owner @{HOME}/.mozilla/ rw,
- owner @{HOME}/.mozilla/** rw,
- owner @{HOME}/.mozilla/**/*.sqlite* k,
- owner @{HOME}/.mozilla/**/.parentlock k,
- owner @{HOME}/.mozilla/plugins/** rm,
- owner @{HOME}/.mozilla/**/plugins/** rm,
+ owner @{HOME}/.{firefox,mozilla}/ rw,
+ owner @{HOME}/.{firefox,mozilla}/** rw,
+ owner @{HOME}/.{firefox,mozilla}/**/*.sqlite* k,
+ owner @{HOME}/.{firefox,mozilla}/**/.parentlock k,
+ owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
+ owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2010-08-26:

#5

Do we actually use ~/.firefox in any currently support version of Ubuntu? Or is this from some really old and now unsupported version? If it's the latter, then I think I'd prefer not to migrate, which would add more complexity to the startup script. (Especially not to fix what looks like a very rare corner case, this late in the cycle)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-17:

#6

Download full text (10.2 KiB)

This bug was fixed in the package firefox - 4.0~b7+nobinonly-0ubuntu1

---------------
firefox (4.0~b7+nobinonly-0ubuntu1) natty; urgency=low

* New upstream release v4.0 B7 (FIREFOX_4_0b7_RELEASE)

  [ Chris Coulson <email address hidden> ]
  * Don't build with -pie on Natty (LP: #663294)
    - update debian/rules
  * Update mozclient for mozilla-central
    - update debian/mozclient/firefox.conf
    - update debian/mozclient/firefox.mk
  * Auto-generate Debhelper files at build time, using the Mozilla
    text preprocessor. This makes it easier to maintain branches for
    different versions (because we'll avoid having different filenames for
    each version, which makes merging really difficult). We can also use
    standard preprocessor directives for our different build options,
    which means we drop a lot of logic from debian/rules
    - rename debian/abrowser.desktop => debian/abrowser.desktop.in
    - add debian/abrowser-branding.install.in
    - add debian/abrowser-branding.links.in
    - add debian/firefox-branding.install.in
    - add debian/firefox-branding.links.in
    - rename debian/apport/firefox.py => debian/apport/firefox.py.in
    - rename debian/firefox-final.desktop => debian/firefox-final.desktop.in
    - rename debian/firefox-gnome-support.install =>
       debian/firefox-gnome-support.install.in
    - rename debian/firefox.dirs => debian/firefox.dirs.in
    - rename debian/firefox.install => debian/firefox.install.in
    - rename debian/firefox.links => debian/firefox.links.in
    - rename debian/firefox.menu => debian/firefox.menu.in
    - rename debian/firefox.postinst.in => debian/firefox.postinst.in
    - rename debian/firefox.postrm.in => debian/firefox.postrm.in
    - rename debian/firefox.preinst.in => debian/firefox.preinst.in
    - rename debian/firefox.prerm.in => debian/firefox.prerm.in
    - rename debian/firefox.xml => debian/firefox.xml.in
    - updated debian/abrowser.desktop.in
    - updated debian/firefox-final.desktop.in
    - updated debian/firefox-gnome-support.install.in
    - updated debian/firefox.dirs.in
    - updated debian/firefox.install.in
    - updated debian/firefox.links.in
    - updated debian/firefox.menu.in
    - updated debian/firefox.postinst.in
    - updated debian/firefox.postrm.in
    - updated debian/firefox.preinst.in
    - updated debian/firefox.prerm.in
    - updated deibna/firefox.xml.in
    - updated debian/rules
    - add debian/firefox-mozsymbols.install.in
  * Simplify generating the Apport blacklist file to remove a superfluous
    debian/rules target
    - rename debian/apport/blacklist => debian/apport/firefox.in
    - update debian/rules
  * Auto-generate debian/control in the clean target
    - add debian/control.pp
    - update debian/rules
  * Drop the ability to disable patches on a per-release basis. This adds
    additional complexity, and we're not really using it at the moment.
    We can always add it back again if we need it
    - remove debian/disable-patches.sh
    - update debian/rules
    - remove debian/patches/series-disable-patches.8.04
  * Rework the branding selection logic so that we automatically use
    the nightly branding for nightl...

This bug was fixed in the package firefox - 4.0~b7+nobinonly-0ubuntu1

---------------
firefox (4.0~b7+nobinonly-0ubuntu1) natty; urgency=low

* New upstream release v4.0 B7 (FIREFOX_4_0b7_RELEASE)

[ Chris Coulson <chris.coulson@canonical.com> ]
  * Don't build with -pie on Natty (LP: #663294)
    - update debian/rules
  * Update mozclient for mozilla-central
    - update debian/mozclient/firefox.conf
    - update debian/mozclient/firefox.mk
  * Auto-generate Debhelper files at build time, using the Mozilla
    text preprocessor. This makes it easier to maintain branches for
    different versions (because we'll avoid having different filenames for
    each version, which makes merging really difficult). We can also use
    standard preprocessor directives for our different build options,
    which means we drop a lot of logic from debian/rules
    - rename debian/abrowser.desktop => debian/abrowser.desktop.in
    - add debian/abrowser-branding.install.in
    - add debian/abrowser-branding.links.in
    - add debian/firefox-branding.install.in
    - add debian/firefox-branding.links.in
    - rename debian/apport/firefox.py => debian/apport/firefox.py.in
    - rename debian/firefox-final.desktop => debian/firefox-final.desktop.in
    - rename debian/firefox-gnome-support.install =>
       debian/firefox-gnome-support.install.in
    - rename debian/firefox.dirs => debian/firefox.dirs.in
    - rename debian/firefox.install => debian/firefox.install.in
    - rename debian/firefox.links => debian/firefox.links.in
    - rename debian/firefox.menu => debian/firefox.menu.in
    - rename debian/firefox.postinst.in => debian/firefox.postinst.in
    - rename debian/firefox.postrm.in => debian/firefox.postrm.in
    - rename debian/firefox.preinst.in => debian/firefox.preinst.in
    - rename debian/firefox.prerm.in => debian/firefox.prerm.in
    - rename debian/firefox.xml => debian/firefox.xml.in
    - updated debian/abrowser.desktop.in
    - updated debian/firefox-final.desktop.in
    - updated debian/firefox-gnome-support.install.in
    - updated debian/firefox.dirs.in
    - updated debian/firefox.install.in
    - updated debian/firefox.links.in
    - updated debian/firefox.menu.in
    - updated debian/firefox.postinst.in
    - updated debian/firefox.postrm.in
    - updated debian/firefox.preinst.in
    - updated debian/firefox.prerm.in
    - updated deibna/firefox.xml.in
    - updated debian/rules
    - add debian/firefox-mozsymbols.install.in
  * Simplify generating the Apport blacklist file to remove a superfluous
    debian/rules target
    - rename debian/apport/blacklist => debian/apport/firefox.in
    - update debian/rules
  * Auto-generate debian/control in the clean target
    - add debian/control.pp
    - update debian/rules
  * Drop the ability to disable patches on a per-release basis. This adds
    additional complexity, and we're not really using it at the moment.
    We can always add it back again if we need it
    - remove debian/disable-patches.sh
    - update debian/rules
    - remove debian/patches/series-disable-patches.8.04
  * Rework the branding selection logic so that we automatically use
    the nightly branding for nightly builds, unofficial branding for
    alpha milestones, and official branding for beta, RC's and final.
    Auto-populate the branding names in the desktop files rather than
    hard-coding them, and add a special beta desktop file
    - add debian/firefox-beta.desktop.in
    - rename debian/firefox-minefield.desktop =>
       debian/firefox-nightly.desktop.in
    - rename debian/firefox-namaroka.desktop =>
       debian/firefox-unofficial.desktop.in
    - update debian/rules
  * Drop the update-notifier restart required hook. Instead, we rely on
    the ubufox restart required banner inside the browser, rather than having
    2 notification mechanisms
    - remove debian/firefox-restart-required.update-notifier
    - update debian/firefox.postinst.in
    - update debian/firefox.prerm.in
  * Rewrite the launcher script to not wrap around the upstream start
    scripts, but start the Firefox binary directly. The upstream start scripts
    contain a lot of complexity for dealing with things that we don't need to
    worry about, and are quite slow. Also, add in the hooks for the new
    profile migrator
    - update debian/firefox.sh.in
  * Replace the old profile migrator. The previous one relied on hard-coded
    values and fragile shell script that isn't really scalable enough
    now that stable Ubuntu releases see new major Firefox versions. The
    new profile migrator doesn't require any hard-coded values, and should
    be lower maintenance
    - add debian/migrator/xulapp-profilemigrator
    - remove debian/migrator/main.c
    - update debian/rules
    - update debian/firefox.sh.in
    - update debian/control.pp
  * Build with "make -f client.mk" and using a mozconfig, rather than the
    autoconf/configure/make steps used previously. The client.mk contains the
    sequencing for doing PGO builds
    - update debian/firefox-mozsymbols.install.in
    - add debian/mozconfig.in
    - update debian/rules
  * Add support for building with PGO. Add a build option (DEB_BUILD_PGO)
    which will run the build with make -f client.mk profiledbuild. This is
    off by default.
    - update debian/rules
    - update debian/mozconfig.in
  * Run the Mozilla test suite at build time. Currently, we run the following
    targets: check, xpcshell-tests, reftest and crashtest. Test-suite failures won't
    break the build just yet
    - add debian/testsuite.mk
    - update debian/rules
    - update debian/control.pp
  * Tidy up the vendor preferences
    - remove debian/ubuntu-useragent.js.tmpl
    - rename debian/firefox.js => debian/vendor-firefox.js.in
    - rename debian/ubuntu-abrowser.js.tmpl => debian/vendor-abrowser.js.in
    - update debian/vendor-firefox.js.in
    - update debian/vendor-abrowser.js.in
    - update debian/rules
  * Don't touch .autoreg on upgrade. This isn't necessary with the XPCOM changes
    in Gecko 2.0
    - update debian/firefox.postinst.in
    - remote debian/firefox-gnome-support.postinst.in
  * Disable gnomevfs support on >= 11.04 (LP: #661287)
    - update debian/rules
    - update debian/mozconfig.in
    - update debian/firefox-gnome-support.install.in
  * Add x-scheme-handler magic to desktop files
    - update debian/firefox.desktop.in
    - update debian/firefox-beta.desktop.in
    - update debian/firefox-nightly.desktop.in
    - update debian/firefox-unofficial.desktop.in
  * Dropped obsolete / not-needed patches
    - remove debian/patches/add_syspref_dir.patch
    - remove debian/patches/bz386904_config_rules_install_dist_files.patch
    - remove bz534663_attXXX_normalize_distribution_searchplugins.patch
    - remove debian/patches/bz591331_att469858_breakpad_allow_ptrace.patch
    - remove debian/patches/ubuntu_no_app_updates.patch
    - update debian/patches/series
  * Update build-depends for Firefox 4.0
    - update debian/control.pp
  * Rebased patches for Firefox 4.0
    - update browser_branding.patch
    - update bz460917_att350845_reload_new_plugins.patch
    - update bz467738_att351145_lockPref_everywhere.patch
    - update bz515232_att399338_distro_locale_searchplugins.patch
    - update bzXXX_libxul_sdk_nspr.patch
    - udpate bzXXX_plugin_for_mimetype_pref.patch
    - update lp185622_system_path_default_browser.patch
    - update lp512615_cairo_lcd_filter.patch
    - update lp548866_bz467766_att351173-dont-reset-user-prefs-on-upgrade.patch
    - update ubuntu_bookmarks.patch
  * Disable KDE integration temporarily until I've reviewed the updated patches
    - update debian/patches/series
  * Install top-level chrome.manifest after landing of (bmo: 579178) aka
    single-chrome-manifest
    - update debian/firefox.install.in
  * Add trademarkInfo key to the brand.dtd file in the awesome-branding
    to fix an issue with Help->About not working. Also drop the unneeded
    overrides from the manifest file and rename the patch to reflect it's
    extended scope. Eventually, this patch should be merged in to the
    awesome-branding bzr branch
    - rename debian/patches/awesome_branding_chrome_rename.patch =>
       debian/patches/awesome_branding_updates.patch
    - update debian/patches/awesome_branding_updates.patch
    - update debian/patches/series
  * Install our vendor preferences in to dist/bin before running stage-package.
    This seems to be the only way to ensure that they are included in the
    omni.jar. This means we need to patch the upstream package-manifest to
    include the extra file
    - add debian/patches/install_ubuntu_prefs.patch
    - update debian/rules
  * Clean up the files in /etc/firefox on upgrade
    - update debian/firefox.preinst.in
  * Support builds suitable for valgrind, by building with
    DEB_MOZ_VALGRIND=1. This will automatically pick the right optimisations
    and build flags
    - update debian/rules
    - update debian/mozconfig.in
  * Fix make install with --enable-chrome-format=omni. Add patch to create
    the omni.jar file after running stage-package. This has already
    landed on mozilla-central, so we can drop again at beta 8
    - add debian/patches/bz588410_fix_make_install_with_omnijar.patch
    - update debian/patches/series
  * Drop other unused cruft from the package
    - remove debian/debsearch.src
    - remove debian/firefox.png.uu
    - remove debian/debsearch.gif.uu
    - update debian/rules
  * Build-depend on yasm
    - update debian/control
  * Fix the profile migrator to not crash on profiles where
    'LastVersion=Safe Mode' (LP: #674607)
    - update debian/migrator/xulapp-profilemigrator

[ Jamie Strandboge <jamie@ubuntu.com> ]
  * debian/usr.bin.firefox*:
    - allow .{firefox,mozilla} instead of just .mozilla (LP: #624435)
    - allow owner write to ~/.config/ibus/bus/
    - adjust apparmor profile for latest sun-java6 plugin (LP: #633369)

[ Micah Gersten <micahg@ubuntu.com> ]
  * Drop patch after upstream landing of (bmo: 551152) aka Symlinked components
    break everything
    - drop debian/patches/lp518422.patch
    - update debian/patches/series
  * Add mesa-common-dev to build-depends after landing of configure test aka
    (bmo: 517566) which is for WebGL aka (bmo: 516213)
    - update debian/control
 -- Chris Coulson <chris.coulson@canonical.com>   Wed, 17 Nov 2010 21:35:57 +0000

Changed in firefox (Ubuntu):
status:	Incomplete → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.