Ubuntu
apparmor package

  1. Bug #1426316
  2. Activity log

Activity log for bug #1426316

Date Who What changed Old value New value Message
2015-02-27 11:03:28 Franck bug added bug
2015-03-26 17:35:14 Franck attachment added Add owner /run/user/*/icedteaplugin-*/* rw, to allow java plugins execution https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1426316/+attachment/4357231/+files/browser-allow-java.diff
2015-03-26 17:35:54 Franck summary Applets won't run with Apparmor profile activated Java applets won't run in Firefox with Apparmor profile activated
2015-03-26 17:56:53 Franck description After activating firefox profile, be it in complain or enforce mode, no applet will run. The culprit seems to be: apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,[^s][^h]}//browser_openjdk" name="/run/user/1000/dconf/user" pid=11973 comm=64636F6E6620776F726B6572 requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 The rules that prevent the applets to run belong to Apparmor abstractions, specifically /etc/apparmor.d/abstractions/ubuntu-browser.d/java These rules will be enforced, even when usr.in.firefox is in complain mode (I don't know why exactly) Adding write access to the line owner /run/user/*/icedteaplugin-*/ rw in /etc/apparmor.d/abstractions/ubuntu-browser.d/java seems to solve the problem. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: apparmor-profiles 2.8.98-0ubuntu2 ProcVersionSignature: Ubuntu 3.16.0-31.41-lowlatency 3.16.7-ckt5 Uname: Linux 3.16.0-31-lowlatency x86_64 ApportVersion: 2.14.7-0ubuntu8.2 Architecture: amd64 CurrentDesktop: Unity Date: Fri Feb 27 11:05:20 2015 InstallationDate: Installed on 2014-12-13 (75 days ago) InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1) PackageArchitecture: all ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.16.0-31-lowlatency root=/dev/mapper/ubuntu--vg-lv--root ro threadirqs quiet splash vt.handoff=7 SourcePackage: apparmor Syslog: Feb 27 09:42:45 franck-ThinkPad-T430s dbus[3940]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=9748 profile="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk" peer_profile="unconfined" UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified] modified.conffile..etc.apparmor.d.usr.sbin.traceroute: [modified] mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2015-02-20T14:58:28.130461 mtime.conffile..etc.apparmor.d.usr.sbin.traceroute: 2015-02-20T15:04:02.437880 After activating firefox profile, be it in complain or enforce mode, no applet will run with OpenJDK. The culprit seems to be: apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,[^s][^h]}//browser_openjdk" name="/run/user/1000/dconf/user" pid=11973 comm=64636F6E6620776F726B6572 requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000 The rules that prevent the applets to run belong to Apparmor abstractions, specifically /etc/apparmor.d/abstractions/ubuntu-browser.d/java These rules will be enforced, even when usr.in.firefox is in complain mode (I don't know why exactly) Adding write access to the line owner /run/user/*/icedteaplugin-*/ rw in /etc/apparmor.d/abstractions/ubuntu-browser.d/java seems to solve the problem. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: apparmor-profiles 2.8.98-0ubuntu2 ProcVersionSignature: Ubuntu 3.16.0-31.41-lowlatency 3.16.7-ckt5 Uname: Linux 3.16.0-31-lowlatency x86_64 ApportVersion: 2.14.7-0ubuntu8.2 Architecture: amd64 CurrentDesktop: Unity Date: Fri Feb 27 11:05:20 2015 InstallationDate: Installed on 2014-12-13 (75 days ago) InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1) PackageArchitecture: all ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.16.0-31-lowlatency root=/dev/mapper/ubuntu--vg-lv--root ro threadirqs quiet splash vt.handoff=7 SourcePackage: apparmor Syslog: Feb 27 09:42:45 franck-ThinkPad-T430s dbus[3940]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=9748 profile="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk" peer_profile="unconfined" UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.apparmor.d.usr.sbin.dnsmasq: [modified] modified.conffile..etc.apparmor.d.usr.sbin.traceroute: [modified] mtime.conffile..etc.apparmor.d.usr.sbin.dnsmasq: 2015-02-20T14:58:28.130461 mtime.conffile..etc.apparmor.d.usr.sbin.traceroute: 2015-02-20T15:04:02.437880
2015-03-26 20:21:12 Ubuntu Foundations Team Bug Bot tags amd64 apport-bug utopic amd64 apport-bug patch utopic
2015-03-26 20:21:21 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2016-04-21 19:33:13 Mathew Hodson apparmor (Ubuntu): importance Undecided Low
2016-04-29 15:43:06 Launchpad Janitor apparmor (Ubuntu): status New Confirmed