I had this in my logs:
Jan 21 16:32:30 localhost kernel: [24900.927939] audit: type=1400 audit(1421879550.441:534): apparmor="DENIED" operation="bind" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=12356 comm="plugin-containe" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr="@676F6F676C652D6E61636C2D6F316431323335362D3339310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
So I tried the following:
unix bind type=dgram addr=@google-nacl*,
unix bind type=dgram addr="@google-nacl*",
unix bind type=dgram addr=@676F6F676C652D6E61636C2D6*,
unix bind type=dgram addr="@676F6F676C652D6E61636C2D6*",
but none of them match. The best I could do was:
unix bind type=dgram,
This is likely going to be important for snappy since snappy will have the concept of different coordinating snaps interacting via abstract sockets. What is interesting is that this seems to work ok for some things, eg:
./lightdm: unix (bind, listen) type=stream addr="@/com/ubuntu/upstart-session/**",
./lightdm: unix (bind, listen) type=stream addr="@/tmp/dbus-*",
./lightdm: unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*",
./lightdm: unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*",
./lightdm: unix (bind, listen) type=stream addr="@guest*",
Is this something in how firefox is setting up the socket?
I had this in my logs: 0.441:534) : apparmor="DENIED" operation="bind" profile= "/usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" pid=12356 comm="plugin- containe" family="unix" sock_type="dgram" protocol=0 requested_ mask="bind" denied_mask="bind" addr="@ 676F6F676C652D6 E61636C2D6F3164 31323335362D333 931000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 0000"
Jan 21 16:32:30 localhost kernel: [24900.927939] audit: type=1400 audit(142187955
$ aa-decode 676F6F676C652D6 E61636C2D6F3164 31323335362D333 931000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 000000000000000 0000 nacl-o1d12356- 391
Decoded: google-
$ aa-decode 676F6F676C652D6 E61636C2D6
Decoded: google-nacl-`
So I tried the following: google- nacl*", C652D6E61636C2D 6*, 676F6F676C652D6 E61636C2D6* ",
unix bind type=dgram addr=@google-nacl*,
unix bind type=dgram addr="@
unix bind type=dgram addr=@676F6F676
unix bind type=dgram addr="@
but none of them match. The best I could do was:
unix bind type=dgram,
This is likely going to be important for snappy since snappy will have the concept of different coordinating snaps interacting via abstract sockets. What is interesting is that this seems to work ok for some things, eg: /com/ubuntu/ upstart- session/ **", /tmp/dbus- *", /tmp/.ICE- unix/[0- 9]*", /dbus-vfs- daemon/ *",
./lightdm: unix (bind, listen) type=stream addr="@
./lightdm: unix (bind, listen) type=stream addr="@
./lightdm: unix (bind, listen) type=stream addr="@
./lightdm: unix (bind, listen) type=stream addr="@
./lightdm: unix (bind, listen) type=stream addr="@guest*",
Is this something in how firefox is setting up the socket?