Ubuntu
firefox package

Firefox profile resulting in ptrace read denials

Bug #1376411 reported by John Johansen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
New
Undecided
Unassigned

Bug Description

The firefox profile on utopic is resulting in denials like

[ 351.414861] audit: type=1400 audit(1412190024.478:83): apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505 comm="firefox" requested_mask="read" denied_mask="read" peer="/usr/bin/mediascanner-service-2.0"

[ 351.414875] audit: type=1400 audit(1412190024.478:86): apparmor="DENIED" operation="ptrace" profile="firefox" pid=4505 comm="firefox" requested_mask="read" denied_mask="read" peer="unconfined"

This is most likely due to firefox scanning for information via /proc/<pid>/

which will result in a ptrace read permission request in the kernel

atm I have locally added the rule*
deny ptrace read peer=[^f][^i][^r][^e][^f][^o][^x],

*my local firefox profile is patched to be named
profile firefox /usr/lib/firefox/firefox{,*[^s][^h]} {

instead of the default of using the attachment path as a name

Tags: apparmor
Jamie Strandboge (jdstrand)
tags: added: apparmor
affects: apparmor (Ubuntu) → firefox (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.