Missing AppArmor rule for Firefox 21

Bug #1180227 reported by Felix Geyer
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Firefox 21 won't start when the AppArmor profile is in enforce mode.
It denies access to create and write into ~/.cache/mozilla/firefox/.

Adding the following rules fixes the problem:
  owner @{HOME}/.cache/mozilla/{,firefox/} rw,
  owner @{HOME}/.cache/mozilla/firefox/** rw,
  owner @{HOME}/.cache/mozilla/firefox/**/*.sqlite k,

Felix Geyer (debfx)
description: updated
Changed in firefox (Ubuntu):
importance: Undecided → High
status: New → Triaged
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

This is fixed in trunk now. Note that giving rw access to ~/.cache/mozilla/firefox is not sufficient, as it also needs to be able to lock the network cache database

Changed in firefox (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

How long for the upload?

Simon Déziel (sdeziel)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 22.0~b3+build1-0ubuntu2

---------------
firefox (22.0~b3+build1-0ubuntu2) saucy; urgency=low

  * Backport upstream patch to #include jsscriptinlines.h in SPSProfiler.cpp
    so that it builds in no-jit configurations; fixes build on powerpc.
    - add debian/patches/spsprofiler-no-jit.patch
    - update debian/patches/series
 -- Colin Watson <email address hidden> Fri, 31 May 2013 12:03:04 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Teo (teo1978) wrote :

This is not fixed, or it is broken again, in Firefox 24.
I'm on a fresh Ubuntu 13.04 install. Firefox 20 was working fine.
Then I've updated it to 24, and it can't read or write the profiles directory.

Can anybody tell me wherethe file is to which I am supposed to add those lines?? So that I can at least work this around?

Revision history for this message
Teo (teo1978) wrote :

And please reopen the bug

Revision history for this message
Teo (teo1978) wrote :

Actually the lines mentioned in the original report ARE THERE, but firefox won't work allthesame.

$ firefox

(process:3673): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
Error: Access was denied while trying to open files in your profile directory.

Revision history for this message
Teo (teo1978) wrote :

I notice the .cache folder within my home belongs to root:root. I would expect it to belong to me.
Is that wrong? Is that the cause of the issue?

Revision history for this message
Teo (teo1978) wrote :

$ sudo service apparmor reload
 * Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd

Is that skipping/disabled stuff expected?

Revision history for this message
Teo (teo1978) wrote :

Errata in #7, sorry, it's not the .cache folder that belongs to root, but .cache/mozilla

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

No Matteo, should belong to your user!

Revision history for this message
Teo (teo1978) wrote :

Ok, I'll report that as a separate bug then.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers