Ubuntu
firefox package

Apparmor should have read rights granted to opensc.conf

Bug #1041621 reported by Jean-Louis Dupond on 2012-08-25

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	firefox (Ubuntu)	Triaged	Undecided	Unassigned

Bug Description

type=1400 audit(1345917432.434:29): apparmor="DENIED" operation="open" parent=2579 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/etc/opensc/opensc.conf" pid=2627 comm="plugin-containe" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0

You get this when the OpenSC module is loaded in firefox.

I don't know if this should be added to the default firefox apparmor config.
---
ApportVersion: 2.5.1-0ubuntu2
Architecture: amd64
DistroRelease: Ubuntu 12.10
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha amd64 (20110705.1)
Package: firefox
PackageArchitecture: amd64
ProcEnviron:
LANGUAGE=nl:en_AU:en
TERM=xterm
PATH=(custom, no user)
LANG=nl_BE.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.5.0-11-generic root=UUID=af3a67b1-5cbf-48f1-b0b7-0848ae3017b4 ro quiet splash modeset=1 pcie_aspm=force i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 vt.handoff=7
ProcVersionSignature: Ubuntu 3.5.0-11.11-generic 3.5.2
Tags: quantal
Uname: Linux 3.5.0-11-generic x86_64
UpgradeStatus: Upgraded to quantal on 2012-06-19 (66 days ago)
UserGroups: adm admin cdrom dialout libvirtd lpadmin plugdev sambashare

See original description

Tags:

Revision history for this message

Jean-Louis Dupond (dupondje) wrote on 2012-08-25: ApparmorPackages.txt

#1

ApparmorPackages.txt Edit (277 bytes, text/plain)

apport information

tags:	added: apport-collected quantal
description:	updated

Revision history for this message

Jean-Louis Dupond (dupondje) wrote on 2012-08-25: ApparmorStatusOutput.txt

#2

ApparmorStatusOutput.txt Edit (1.4 KiB, text/plain)

apport information

Revision history for this message

Jean-Louis Dupond (dupondje) wrote on 2012-08-25: Dependencies.txt

#3

Dependencies.txt Edit (2.5 KiB, text/plain)

apport information

Revision history for this message

Jean-Louis Dupond (dupondje) wrote on 2012-08-25: KernLog.txt

#4

KernLog.txt Edit (90.7 KiB, text/plain)

apport information

Revision history for this message

Jean-Louis Dupond (dupondje) wrote on 2012-08-25: PstreeP.txt

#5

PstreeP.txt Edit (18.6 KiB, text/plain)

apport information

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-08-27:

#6

My first thought is this should probably be added to the authentication abstraction, but then, it has a lot of access that consumers of opensc doesn't necessarily need.

Jean-Louis, does adding '/etc/opensc/opensc.conf' allow firefox to work fully with opensc?

Changed in firefox (Ubuntu):
status:	New → Incomplete

Revision history for this message

Jean-Louis Dupond (dupondje) wrote on 2012-08-27:

#7

In my case, it now even works without having access to /etc/opensc/opensc.conf.
But if you have custom settings set in the config, then it won't work ofcourse :)

But read access to the opensc config should be enough I guess.

Changed in firefox (Ubuntu):
status:	Incomplete → New

Jamie Strandboge (jdstrand) on 2014-03-24

no longer affects:	apparmor (Ubuntu)
Changed in firefox (Ubuntu):
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.