Every time I open firefox apparmor-notify displays a deny of "m" message to "/dev/zero". I added the line "/dev/zero m," to my /etc/apparmor.d/usr.bin.firefox profile to be able to play Adobe Flash videos. Question #1: What security risks play a role when I allow "m" (?) access to this folder for Firefox?
Now every time I start Firefox apparmor-notify displays a deny of “rw” (read and write) to “/dev/nvidiactl”. Despite this I get messages no matter what web page I'm on after exactly every minute that look something like this, from my “/var/log/kern.log” LogFile,
“
type=AVC msg=audit(1332717987.622:214): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1332718047.625:215): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1332718107.625:216): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1332718167.624:217): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-11.0/firefox{,*[^s][^h]}" name="/proc/2011/net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
“
After every restart of Firefox the proc folder changes in the message logs. Question #2: Will these access denied messages go away if I again edit my /etc/apparmor.d/usr.bin.firefox profile, but this time to add the permissive line, “/dev/nvidiactl rw,”? Question #3: Either way, is it okay to do so (i.e. add /dev/nvidiactl rw, to the Firefox profile)? And what are the security risks for that?
Every time I open firefox apparmor-notify displays a deny of "m" message to "/dev/zero". I added the line "/dev/zero m," to my /etc/apparmor. d/usr.bin. firefox profile to be able to play Adobe Flash videos. Question #1: What security risks play a role when I allow "m" (?) access to this folder for Firefox?
Now every time I start Firefox apparmor-notify displays a deny of “rw” (read and write) to “/dev/nvidiactl”. Despite this I get messages no matter what web page I'm on after exactly every minute that look something like this, from my “/var/log/kern.log” LogFile, 1332717987. 622:214) : apparmor="DENIED" operation="open" parent=1 profile= "/usr/lib/ firefox- 11.0/firefox{ ,*[^s][ ^h]}" name="/ proc/2011/ net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 1332718047. 625:215) : apparmor="DENIED" operation="open" parent=1 profile= "/usr/lib/ firefox- 11.0/firefox{ ,*[^s][ ^h]}" name="/ proc/2011/ net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 1332718107. 625:216) : apparmor="DENIED" operation="open" parent=1 profile= "/usr/lib/ firefox- 11.0/firefox{ ,*[^s][ ^h]}" name="/ proc/2011/ net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 1332718167. 624:217) : apparmor="DENIED" operation="open" parent=1 profile= "/usr/lib/ firefox- 11.0/firefox{ ,*[^s][ ^h]}" name="/ proc/2011/ net/dev" pid=2030 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 d/usr.bin. firefox profile, but this time to add the permissive line, “/dev/nvidiactl rw,”? Question #3: Either way, is it okay to do so (i.e. add /dev/nvidiactl rw, to the Firefox profile)? And what are the security risks for that?
“
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(
type=AVC msg=audit(
“
After every restart of Firefox the proc folder changes in the message logs. Question #2: Will these access denied messages go away if I again edit my /etc/apparmor.
Question #3: Do I need to change this to a bug report as suggested in the aa-notify messages' link to https:/ /wiki.ubuntu. com/DebuggingAp parmor?
Thank you.