fail to attach a file from /var/log/

this issue is maybe not limited to /var/log/ but might affect other path(s)

Works fine here. Did you set the firefox apparmor profile to enforce?

into kernel.log got lot of apparmor=denied, like:

kernel: [ 5063.087770] type=1400 audit(1295689225.260:45): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-4.0b9/firefox{,*[^s][^h]}" name="/xorg.conf.new" pid=20744 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

kernel: [ 5068.601088] type=1400 audit(1295689230.777:50): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-4.0b9/firefox{,*[^s][^h]}" name="/var/log/dmesg" pid=20748 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

have reconfigured apparmor and set /var/log/ into dialog box path. now i get apparmor=status, like:

kernel: [34137.280632] type=1400 audit(1295718299.456:445): apparmor="STATUS" operation="profile_replace" name="/sbin/syslogd" pid=23717 comm="apparmor_parser"

Apparmor-profiles have been installed and no change was made, only the default settings

What is the output of sudo aa-status?

aa-status output

Firefox is in enforce mode, which is not the default yet. In any case, I don't think it's a good idea opening up firefox to be able to read from /var/log anyway.

Jamie - thoughts?

hi Jamie,
what i might say:
- there was any problem with FF4.0b8, that happen with 4.0b9
- as i remember i've not made change on that side
- as a result, have the issues described in #4 above, and some log files are not populated: daemon, debug, messages & user.log

So its recent but cant say if its a Firefox problem or something else. I've found an other bug report related to kernel 2.6.35-6 changes, but i wonder if natty kernel (37-12-generic-pae on my system) need to be fixed too:

from bug report 598824:
***** I looked at the Debian changelog for the kernel and there was a change regarding apparmor and hardlinks. *****
Sorry, i dont know if that bug is close or not but it talk about apparmor changes.

i suppose its related to one of the latest development:

http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/1621

" - allows for using the browser to navigate through directories "
that work, but what about "allow for using the browser to upload through directories " ?

Made some tweaks:
- removed/purged all the related apparmor packages
- reinstalled apparmor

so the complain mode is over; will report issue about uploading from /var/log/ later when i'll need it.

@dino99,

There is no reason to purge and reinstall apparmor. All you need to do is disable the profile by doing:
$ sudo ln -s /etc/apparmor.d/usr.bin.firefox /etc/apparmor.d/disable
$ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox # or simply reboot

@all,
The firefox profile is opt-in, and is designed to prevent arbitrary file access (ie, it would prevent a bad extension from accessing system files not needed by firefox). Since the profile is opt-in and is working as it is designed, I suggest this be marked "Won't fix". Users who turn on the profile can copy the files to the appropriate upload location. That said, it would be nice if firefox gave some sort of feedback on not being able to access the file.

its confirmed also with natty i386 beta

Status changed to 'Confirmed' because the bug affects multiple users.