Web pages not rendering with e10s enabled and AppArmor profile in enforce mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
STR:
0. Enable enforce mode for the Firefox app-armor profile: sudo aa-enforce usr.bin.firefox
1. Open Firefox 49 with clean profile (or force-enable e10s as per https:/
2. Go to any site
What happens: The site loads but the content is rendered blank. The page is loaded properly since I can hover over (invisible) links and see the cursor change & the address to be shown in the bottom of the window.
What should happen: The site is rendered properly.
This is related to e10s and the default AppArmor profile shipped with firefox.
See the attached screenshot for how the first-run page looks like with a clean profile, e10s and AppArmor enabled.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 49.0+build4-
ProcVersionSign
Uname: Linux 4.4.0-38-generic x86_64
AddonCompatChec
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
BuildID: 20160920074044
Channel: Unavailable
CurrentDesktop: Unity
Date: Sat Sep 24 07:38:09 2016
DefaultProfileE
DefaultProfileI
DefaultProfileL
DefaultProfileP
DefaultProfileP
DefaultProfileT
ForcedLayersAccel: False
RunningIncompat
SourcePackage: firefox
Changed in firefox (Ubuntu): | |
importance: | Undecided → High |
Okay. I dug a bit deeper and this issue is caused by the AppArmor profile shipped with Firefox that I have enabled. The syslog contains following entries from AppArmor when running Firefox e10s enabled and the firefox profile in enforce mode:
audit: type=1400 audit(147477677 4.198:579) : apparmor="DENIED" operation="mknod" profile= "/usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" name="/ dev/shm/ org.chromium. h4apSY" pid=5022 comm=5765622043 6F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
audit: type=1400 audit(147477677 4.222:580) : apparmor="DENIED" operation="mknod" profile= "/usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" name="/ dev/shm/ org.chromium. VpQMbW" pid=5022 comm=5765622043 6F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
So Firefox tries to access /dev/shm but the default AppArmor profile denies it. So the profile needs to be changed to make it compatible with e10s.