Ubuntu
apparmor package

apparmor prevents firefox from starting for an user who belongs to an Active Directory domain

Bug #458846 reported by nilleb on 2009-10-23

This bug report is a duplicate of: Bug #447292: AppArmor does not allow access when @{HOME} is not /home. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Won't Fix	Undecided	Unassigned

Bug Description

Binary package hint: firefox-3.5

on karmic, apparmor prevents an active directory user from starting firefox. An active directory user has his home in a folder following the pattern
/home/DOMAIN/user/
and this is probably the cause of the misbehavior. An user not belonging to Active Directory will be able to start FF when apparmor is on.

starting firefox when AppArmor is off will enable the Active Directory users to see the ubuntu "search page" (default home page for FF3.5.3).

As an evidence, the /var/log/kern.log lines follow. they're related to the lock operations on the FF .parentlock. It seems that the k mask is being denied.

Oct 23 09:23:52 ly-qa-bellinux kernel: [88349.452412] type=1503 audit(1256282632.601:116): operation="file_lock" pid=29900 parent=29827 profile="/usr/lib/firefox-3.5.*/firefox" requested_mask="wk::" denied_mask="k::" fsuid=1893211406 ouid=1893211406 name="/home/ESKERCORP/bellin-salarin/.mozilla/firefox/wxr2z7j2.default/.parentlock"
Oct 23 09:23:53 ly-qa-bellinux kernel: [88349.874611] type=1503 audit(1256282633.021:117): operation="file_lock" pid=29900 parent=29827 profile="/usr/lib/firefox-3.5.*/firefox" requested_mask="wk::" denied_mask="k::" fsuid=1893211406 ouid=1893211406 name="/home/ESKERCORP/bellin-salarin/.pulse-cookie"
Oct 23 09:23:53 ly-qa-bellinux kernel: [88349.877534] type=1503 audit(1256282633.025:118): operation="file_lock" pid=29900 parent=29827 profile="/usr/lib/firefox-3.5.*/firefox" requested_mask="wk::" denied_mask="k::" fsuid=1893211406 ouid=1893211406 name="/home/ESKERCORP/bellin-salarin/.cache/event-sound-cache.tdb.f1b0a25408a48159af64e77c486e058d.i486-pc-linux-gnu"
Oct 23 09:23:53 ly-qa-bellinux kernel: [88349.879828] type=1503 audit(1256282633.025:119): operation="file_lock" pid=29900 parent=29827 profile="/usr/lib/firefox-3.5.*/firefox" requested_mask="wk::" denied_mask="k::" fsuid=1893211406 ouid=1893211406 name="/home/ESKERCORP/bellin-salarin/.cache/event-sound-cache.tdb.f1b0a25408a48159af64e77c486e058d.i486-pc-linux-gnu"

ProblemType: Bug
Architecture: i386
Date: Fri Oct 23 09:29:17 2009
DistroRelease: Ubuntu 9.10
Package: firefox-3.5 3.5.3+build1+nobinonly-0ubuntu6
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: firefox-3.5
Uname: Linux 2.6.31-14-generic i686

Tags:

Revision history for this message

nilleb (ivo-bellinsalarin) wrote on 2009-10-23:

Dependencies.txt Edit (3.4 KiB, text/plain; charset="utf-8")
ExtensionSummary.txt Edit (813 bytes, text/plain; charset="utf-8")
RelatedPackageVersions.txt Edit (163 bytes, text/plain; charset="utf-8")
XsessionErrors.txt Edit (689 bytes, text/plain; charset="utf-8")
profiles.ini.txt Edit (94 bytes, text/plain; charset="utf-8")

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-10-23:

Thank you for the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this bug has already been reported. Please review https://wiki.ubuntu.com/DebuggingApparmor#Adjusting%20Tunables as well as the information and solution in bug #447292.