Ubuntu
apparmor package

  1. Bug #1426316
  2. Comment #6

Comment 6 for bug 1426316

Revision history for this message
Franck (alci) wrote :

Seth, yes this is contradictory. In fact I had many DENIED messages, as you might have seen here http://askubuntu.com/questions/586611/apparmor-problem-icedtea-plugin-freezes-firefox-35-0-1

But finally, only adding rw to owner /run/user/*/icedteaplugin-*/* did the trick for me.

Regarding the other modifications I made, there all are in my local/usr.bin.firefox:

# Site-specific additions and overrides for usr.bin.firefox.
# For more details, please see /etc/apparmor.d/local/README.
# Allow keyring integration to work
dbus (send,receive)
    bus=session
    interface=org.freedesktop.DBus.Properties
    path=/org/freedesktop/secrets,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.Secret.Service
    path=/org/freedesktop/secrets,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.Secret.Item
    path=/org/freedesktop/secrets/**/*,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.DBus.Properties
    path=/org/freedesktop/secrets/collection/mozilla/*,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.DBus.Properties
    path=/org/freedesktop/secrets/collection/mozilla,
dbus (send,receive)
    bus=session
    interface=org.freedesktop.Secret.Prompt
    path=/org/freedesktop/secrets/prompt/*,
@{HOME}/.cache/mozilla/firefox/**/safebrowsing-to_delete/*.sbstore rw,
deny dbus
    interface=org.gtk.vfs.MountTracker,
deny /tmp/.ICE-unix/* rw,

Everything regarding dbus is related to a gnome-keyring-integration plugin I use (https://github.com/swick/moz-gnome-keyring-integration).
Last two line are here to avoid noisy notifications.

Reagards,
Franck