Profile usr.bin.firefox requires additional entries for nVidia hardware acceleration
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
Release: Xubuntu 14.04
Version: AppArmor 2.8.95~
What you expected to happen: Firefox to run without errors when setting usr.bin.firefox to enforce mode with the default profile.
What happened instead: Constant "DENIED" errors were sent to /var/log/kern.log and FireFox was unable use hardware acceleration that the propreitary nVidia driver provides.
Solution:
The following additional rule must be added to usr.bin.firefox for proper operation when using the proprietary nVidia driver:
owner @{HOME}
owner @{HOME}
@{PROC}
@{PROC}/modules r,
Jamie also said that @{PROC}/modules r, is likely not needed and could be replaced with deny /proc/modules r,
tags: | added: patch |
Changed in apparmor (Ubuntu): | |
status: | Triaged → Fix Released |
Sent the attached patch to the upstream list.