Missing AppArmor rule for Firefox 21

Bug #1180227 reported by Felix Geyer on 2013-05-15
This bug affects 5 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)

Bug Description

Firefox 21 won't start when the AppArmor profile is in enforce mode.
It denies access to create and write into ~/.cache/mozilla/firefox/.

Adding the following rules fixes the problem:
  owner @{HOME}/.cache/mozilla/{,firefox/} rw,
  owner @{HOME}/.cache/mozilla/firefox/** rw,
  owner @{HOME}/.cache/mozilla/firefox/**/*.sqlite k,

Felix Geyer (debfx) on 2013-05-15
description: updated
Changed in firefox (Ubuntu):
importance: Undecided → High
status: New → Triaged
Chris Coulson (chrisccoulson) wrote :

This is fixed in trunk now. Note that giving rw access to ~/.cache/mozilla/firefox is not sufficient, as it also needs to be able to lock the network cache database

Changed in firefox (Ubuntu):
status: Triaged → Fix Committed

How long for the upload?

Simon Déziel (sdeziel) on 2013-05-24
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 22.0~b3+build1-0ubuntu2

firefox (22.0~b3+build1-0ubuntu2) saucy; urgency=low

  * Backport upstream patch to #include jsscriptinlines.h in SPSProfiler.cpp
    so that it builds in no-jit configurations; fixes build on powerpc.
    - add debian/patches/spsprofiler-no-jit.patch
    - update debian/patches/series
 -- Colin Watson <email address hidden> Fri, 31 May 2013 12:03:04 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
Teo (teo1978) wrote :

This is not fixed, or it is broken again, in Firefox 24.
I'm on a fresh Ubuntu 13.04 install. Firefox 20 was working fine.
Then I've updated it to 24, and it can't read or write the profiles directory.

Can anybody tell me wherethe file is to which I am supposed to add those lines?? So that I can at least work this around?

Teo (teo1978) wrote :

And please reopen the bug

Teo (teo1978) wrote :

Actually the lines mentioned in the original report ARE THERE, but firefox won't work allthesame.

$ firefox

(process:3673): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
Error: Access was denied while trying to open files in your profile directory.

Teo (teo1978) wrote :

I notice the .cache folder within my home belongs to root:root. I would expect it to belong to me.
Is that wrong? Is that the cause of the issue?

Teo (teo1978) wrote :

$ sudo service apparmor reload
 * Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

Is that skipping/disabled stuff expected?

Teo (teo1978) wrote :

Errata in #7, sorry, it's not the .cache folder that belongs to root, but .cache/mozilla

No Matteo, should belong to your user!

Teo (teo1978) wrote :

Ok, I'll report that as a separate bug then.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers