Ubuntu
firefox package

flashplayer does not work due missing apparmor rule

Bug #1372113 reported by Jean-Louis Dupond
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I updated to Ubuntu 14.10 recently, and I noticed the flashplayer was broken.

After some debugging, I noticed there were alot of the following messages in syslog:
kernel: [56384.537469] audit: type=1400 audit(1411163225.434:2596): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/etc/ssl/openssl.cnf" pid=10890 comm="plugin-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Now I simply added the following to the apparmor rules:
/etc/ssl/openssl.cnf r,

And flash started to work perfectly after that.

Guess 99% of the firefox users have flashplayer installed, so I guess it might be good to have the rule added?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in firefox (Ubuntu):
status: New → Confirmed
Revision history for this message
asgard2 (kamp000x) wrote :

Flash is not working, same syslog apparmor message.

Firefox error messages:
2.4+ kernel w/o ELF notes? -- report this
Auto configuration failed
...:system library:fopen:Keine Berechtigung:bss_file.c:169:fopen('/usr/lib/ssl/openssl.cnf','rb')
...BIO routines:BIO_new_file:system lib:bss_file.c:174:
...configuration file routines:DEF_LOAD:system lib:conf_def.c:199:

###!!! [Parent][MessageChannel::InterruptCall] Error: Channel error: cannot send/recv

Revision history for this message
Daniel Richard G. (skunk) wrote :

The current Firefox AppArmor profile includes the "openssl" abstraction, which allows access to /etc/ssl/openssl.cnf. This bug should no longer be present in Ubuntu.

Changed in firefox (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.