| 2018-05-11 09:24:42 |
daniel CURTIS |
bug |
|
|
added bug |
| 2018-05-11 09:27:54 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# comm="firefox" capability=21 capname="sys_admin"
capability sys_admin,
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# comm="firefox" capability=19 capname="sys_ptrace"
capability sys_ptrace,
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# comm="Gecko_IOThread" capability=18 capname="sys_chroot"
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/proc/4137/uid_map" comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/proc/4282/gid_map" comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/proc/4282/setgroups" comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=21 capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/pro /4282/setgroups" comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000
# ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:29:18 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=21 capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/pro /4282/setgroups" comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000
# ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21 capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:29:54 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21 capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21 capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:30:44 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21 capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups" comm="Gecko_IOThread"
# requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox.ZGVmYXVsdA__"
# mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" capability=19
# capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" capability=18
# capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:31:44 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" capability=19
# capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" capability=18
# capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:32:22 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:32:49 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind" label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:33:17 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect" profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox"
# requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:33:46 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file. However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox"
# requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:34:05 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log
# entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:34:59 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# Note: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:36:04 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.ZGVmYXVsdA__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:39:28 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new with 'false' option) etc. There were so many problems. No website was working, I can not click on anything, there was no menu bar and so on.
Anyway, there was a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:41:32 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in log entries so I added "r" -- and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" - for '/tmp/.X11-unix/' - in log entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:42:18 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" - for '/tmp/.X11-unix/' - in log entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/' - in log
# entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:42:50 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/' - in log
# entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/'
# - in log entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 09:46:11 |
daniel CURTIS |
description |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. These are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/'
# - in log entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
Hello.
Today, Firefox has been updated to v60. After first start there was so many problems: with new tab (errors), Sandbox option (one new option with 'false' value). There were so many issues. No website was working, I can not click on anything, there was no menu bar and so on. Firefox main windows has been resized etc.
Anyway, there was also a lot of "DENIED" entries in a log files. Here are the AppArmor rules, that helped and now Firefox works okay. Maybe it will help someone too?
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21
# capname="sys_admin"
#
capability sys_admin,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
# capability=19 capname="sys_ptrace"
#
capability sys_ptrace,
# apparmor="DENIED" operation="capable"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
# capability=18 capname="sys_chroot"
#
capability sys_chroot,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/uid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/gid_map w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups"
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w"
# fsuid=1000 ouid=1000
#
@{PROC}/@{pid}/setgroups w,
# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind" bus="session"
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind"
# label="/usr/lib/firefox/firefox{,*[^s][^h]}"
#
dbus bind bus=session name=org.mozilla.firefox.*,
# NOTE: this rule can be found, for example, in "abstractions/X" file.
# However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/'
# - in log entries, so I added "r" - and now it's "rw".
#
# apparmor="DENIED" operation="connect"
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r"
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
Can someone check if these rules are okay? With above rules, Firefox v60 is working okay again: web browsing, new tabs etc. There are also some "segfaults" error in log files - together with "DENIED" rules. Here are some of them (there is a bug report on Launchpad about "libxul"):
✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in libxul.so[aebed000+66fd000]
I hope, that above rules will help other users who will have an issues with a new Firefox release. Here are some technical informations:
● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS
Thanks, best regards. |
|
| 2018-05-11 16:33:27 |
Launchpad Janitor |
firefox (Ubuntu): status |
New |
Confirmed |
|
| 2018-05-11 20:50:30 |
daniel CURTIS |
summary |
Firefox v60: does not work after updating, many "DENIED" log entries. |
Firefox v60: does not work after update, many "DENIED" log entries etc. |
|
| 2018-07-27 01:08:36 |
Kai Kasurinen |
bug |
|
|
added subscriber Kai Kasurinen |
