Ubuntu
apparmor package

Apparmor reload/restart unloads the Firefox profile

Bug #813265 reported by Simon Déziel on 2011-07-20

This bug report is a duplicate of: Bug #788616: configured_profile_names() in /lib/apparmor/functions breaks eg usr.bin.firefox profile. Edit Remove

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	New	Undecided	Unassigned

Bug Description

When running /etc/init.d/apparmor reload (or restart), the AA profile for Firefox 5.0 vanishes.

Steps to reproduce :

1) Confirm with aa-status that Firefox AA profile is in enforce mode
2) /etc/init.d/apparmor reload
3) Confirm with aa-status that Firefox AA profile no longer in the enforce list (nor any other)

I will attach the output of 'aa-status' for 1) and 3) soon.

$ lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04

$ apt-cache policy apparmor
apparmor:
  Installed: 2.6.1-0ubuntu3
  Candidate: 2.6.1-0ubuntu3
  Version table:
*** 2.6.1-0ubuntu3 0
        500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages
        100 /var/lib/dpkg/status

$ apt-cache policy firefox
firefox:
  Installed: 5.0+build1+nobinonly-0ubuntu0.11.04.2
  Candidate: 5.0+build1+nobinonly-0ubuntu0.11.04.2
  Version table:
*** 5.0+build1+nobinonly-0ubuntu0.11.04.2 0
        500 http://ca.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
        500 http://ca.archive.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     4.0+nobinonly-0ubuntu3 0
        500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: apparmor 2.6.1-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.38-10.46-generic 2.6.38.7
Uname: Linux 2.6.38-10-generic x86_64
Architecture: amd64
Date: Tue Jul 19 22:15:38 2011
ProcEnviron:
LANGUAGE=en_US:en
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-2.6.38-10-generic root=/dev/mapper/vg0-root ro possible_cpus=4 nodelayacct pcie_aspm=force splash vt.handoff=7
ProcVersionSignature_: Ubuntu 2.6.38-10.46-generic 2.6.38.7
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Simon Déziel (sdeziel) wrote on 2011-07-20:

ApparmorPackages.txt Edit (288 bytes, text/plain; charset="utf-8")
ApparmorStatusOutput.txt Edit (1.6 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (1.9 KiB, text/plain; charset="utf-8")
KernLog.txt Edit (26.6 KiB, text/plain; charset="utf-8")
PstreeP.txt Edit (11.5 KiB, text/plain; charset="utf-8")

Revision history for this message

Simon Déziel (sdeziel) wrote on 2011-07-20:

aa-status output for step 1) Edit (1.8 KiB, text/plain)

Revision history for this message

Simon Déziel (sdeziel) wrote on 2011-07-20:

aa-status output for step 3) Edit (1.6 KiB, text/plain)

Revision history for this message

Simon Déziel (sdeziel) wrote on 2011-07-20:

After reloading/restarting Apparmor, I need to re-add the Firefox profile using the following command to have aa-status reporting it as enabled (and enforcing) :

sudo apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.firefox

Simon Déziel (sdeziel) on 2011-07-26

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #788616 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package

Apparmor reload/restart unloads the Firefox profile

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
apparmor package