Ubuntu
firefox package

Apparmor blocks Firefox to access ScreenSaver/SessionManager

Bug #1660272 reported by Thomas Mayer on 2017-01-30

This bug report is a duplicate of: Bug #1659988: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	firefox (Ubuntu)	New	Undecided	Unassigned

Bug Description

taken from syslog:

Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=12831 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3136 peer_label="unconfined"
Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gnome/SessionManager" interface="org.gnome.SessionManager" member="Inhibit" mask="send" name="org.gnome.SessionManager" pid=12831 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3140 peer_label="unconfined"
Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=12875 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3136 peer_label="unconfined"
Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gnome/SessionManager" interface="org.gnome.SessionManager" member="Inhibit" mask="send" name="org.gnome.SessionManager" pid=12875 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3140 peer_label="unconfined"

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: firefox 51.0.1+build2-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35
Uname: Linux 4.4.0-59-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0c: thomas 3175 F...m pulseaudio
/dev/snd/pcmC0D0p: thomas 3175 F...m pulseaudio
/dev/snd/controlC0: thomas 3175 F.... pulseaudio
BuildID: 20170125172221
Channel: Unavailable
CurrentDesktop: GNOME-Flashback:Unity
Date: Mon Jan 30 10:26:35 2017
Extensions: extensions.sqlite corrupt or missing
ForcedLayersAccel: False
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
InstallationDate: Installed on 2014-11-29 (793 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
IpRoute:
default via 192.168.178.1 dev wlan0 proto static metric 600
169.254.0.0/16 dev docker0 scope link metric 1000 linkdown
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.178.0/24 dev wlan0 proto kernel scope link src 192.168.178.22 metric 600
Locales: extensions.sqlite corrupt or missing
PrefSources: prefs.js
Profiles: Profile0 (Default) - LastVersion=51.0.1/20170125172221 (In use)
RunningIncompatibleAddons: False
SourcePackage: firefox
Themes: extensions.sqlite corrupt or missing
UpgradeStatus: Upgraded to xenial on 2016-06-15 (228 days ago)
dmi.bios.date: 12/06/2013
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A16
dmi.board.name: 023HKR
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA16:bd12/06/2013:svnDellInc.:pnLatitudeE5510:pvr0001:rvnDellInc.:rn023HKR:rvrA00:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude E5510
dmi.product.version: 0001
dmi.sys.vendor: Dell Inc.

Tags:

Revision history for this message

Thomas Mayer (thomas303) wrote on 2017-01-30:

AlsaInfo.txt Edit (32.6 KiB, text/plain; charset="utf-8")
CRDA.txt Edit (251 bytes, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (252.6 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (7.6 KiB, text/plain; charset="utf-8")
IpAddr.txt Edit (1.9 KiB, text/plain; charset="utf-8")
IwConfig.txt Edit (617 bytes, text/plain; charset="utf-8")
JournalErrors.txt Edit (124.9 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (16.2 KiB, text/plain; charset="utf-8")
PciNetwork.txt Edit (1.3 KiB, text/plain; charset="utf-8")
Prefs.txt Edit (3.0 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (112 bytes, text/plain; charset="utf-8")
PulseList.txt Edit (31.5 KiB, text/plain; charset="utf-8")
RfKill.txt Edit (240 bytes, text/plain; charset="utf-8")
WifiSyslog.txt Edit (465.7 KiB, text/plain; charset="utf-8")

Revision history for this message

Thomas Mayer (thomas303) wrote on 2017-01-30:

There's more:

Jan 30 10:31:55 lat61 kernel: [213373.518092] audit: type=1107 audit(1485768715.928:46506): pid=936 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="EnumerateDevices" mask="send" name="org.freedesktop.UPower" pid=14906 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=2278 peer_label="unconfined"

Jan 30 10:39:08 lat61 kernel: [213806.568888] audit: type=1107 audit(1485769148.972:46581): pid=936 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/UPower/devices/battery_BAT0" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.UPower" pid=16669 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=2278 peer_label="unconfined"

All 4 syslog entries are triggered by playing the following 1080p video with FF 51.0.1:

https://www.youtube.com/watch?v=ESFI6gPz-jU

There's more:

Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=12831 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3136 peer_label="unconfined"
Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/gnome/SessionManager" interface="org.gnome.SessionManager" member="Inhibit" mask="send" name="org.gnome.SessionManager" pid=12831 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3140 peer_label="unconfined"
Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=12875 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3136 peer_label="unconfined"
Jan 30 10:25:47 lat61 dbus[3005]: apparmor="DENIED" operation="dbus_method_call"  bus="session" path="/org/gnome/SessionManager" interface="org.gnome.SessionManager" member="Inhibit" mask="send" name="org.gnome.SessionManager" pid=12875 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=3140 peer_label="unconfined"

Jan 30 10:31:55 lat61 kernel: [213373.518092] audit: type=1107 audit(1485768715.928:46506): pid=936 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="EnumerateDevices" mask="send" name="org.freedesktop.UPower" pid=14906 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=2278 peer_label="unconfined"

Jan 30 10:39:08 lat61 kernel: [213806.568888] audit: type=1107 audit(1485769148.972:46581): pid=936 uid=102 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower/devices/battery_BAT0" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name="org.freedesktop.UPower" pid=16669 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=2278 peer_label="unconfined"

All 4 syslog entries are triggered by playing the following 1080p video with FF 51.0.1:

https://www.youtube.com/watch?v=ESFI6gPz-jU

Revision history for this message

Thomas Mayer (thomas303) wrote on 2017-01-30:

All 4 apparmor blockings can be mitigated by adding 4 rules to the apparmor profile:

  dbus (send)
       bus=session
       interface=org.freedesktop.ScreenSaver,
  dbus (send)
       bus=session
       interface=org.gnome.SessionManager,
  dbus (send)
       bus=system
       interface=org.freedesktop.UPower,
  dbus (receive, send)
       bus=system
       interface=org.freedesktop.DBus.Properties,

I've uploaded a patch named "VERSION 4" at
https://bugs.launchpad.net/bugs/1659988

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1659988 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufirefox package

Apparmor blocks Firefox to access ScreenSaver/SessionManager

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
firefox package