apparmor profile denies access to eog
Bug #464016 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.5 (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge | ||
Intrepid |
Invalid
|
Undecided
|
Unassigned | ||
Jaunty |
Invalid
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Low
|
Jamie Strandboge | ||
Lucid |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
Binary package hint: firefox-3.5
When trying to open a tiff file in firefox-3.5 with the apparmor profile enabled, access is denied because firefox-3.5 does not have permission to execute /usr/bin/eog:
Oct 29 20:30:52 sec-karmic-amd64 kernel: [19156.154672] type=1503 audit(125684825
Oddly, there is already a commented out line in the profile:
#/usr/bin/eog Uxr,
Uncommenting this and reloading the profile with:
$ sudo apparmor_parser -r /etc/apparmor.
fixes the issue.
Related branches
lp:~jdstrand/firefox/firefox-452591+455792+447006+464016+473268
Merged
into
lp:firefox/3.5
- Alexander Sack: Pending requested
-
Diff: 104 lines (+34/-1)2 files modifieddebian/changelog (+22/-0)
debian/usr.bin.firefox.apparmor.in (+12/-1)
tags: | added: apparmor |
Changed in firefox-3.5 (Ubuntu Karmic): | |
milestone: | none → karmic-updates |
status: | New → Triaged |
Changed in firefox-3.5 (Ubuntu Lucid): | |
status: | New → Triaged |
Changed in firefox-3.5 (Ubuntu Karmic): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in firefox-3.5 (Ubuntu Lucid): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
description: | updated |
Changed in firefox-3.5 (Ubuntu Jaunty): | |
status: | New → Invalid |
Changed in firefox-3.5 (Ubuntu Intrepid): | |
status: | New → Invalid |
Changed in firefox-3.5 (Ubuntu Lucid): | |
status: | Triaged → In Progress |
importance: | Undecided → Low |
Changed in firefox-3.5 (Ubuntu Karmic): | |
status: | Triaged → In Progress |
importance: | Undecided → Low |
Changed in firefox-3.5 (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in firefox-3.5 (Ubuntu Karmic): | |
status: | In Progress → Fix Released |
Changed in firefox-3.5 (Ubuntu Jaunty): | |
status: | Invalid → Fix Released |
Changed in firefox-3.5 (Ubuntu Intrepid): | |
status: | Invalid → Fix Released |
To post a comment you must log in.
SRU REQUEST
1. Users of firefox are unable to use the eog when the AppArmor profile is enabled. The fix is trivial
2. The fix is not in Lucid yet
3. The fix is to adjust the following in debian/ usr.bin. firefox. apparmor. in:
- #/usr/bin/eog Uxr,
+ /usr/bin/eog Uxr,
4. TEST CASE: d/usr.bin. firefox- 3.5
- sudo aa-enforce /etc/apparmor.
- try to open a tiff file from with firefox
5. The regression potential is very low. The profile is disabled in the default installation, and we only allow access to files that we didn't previously have access to.