Firefox Apparmor profile prevents connection with KeePassXC

Bug #1826793 reported by Colan Schwartz on 2019-04-29
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Medium
Unassigned

Bug Description

The KeePassXC password manager (https://keepassxc.org/) allows passwords to be filled in automatically via the KeePassXC-Browser Firefox add-on (https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/).

In order for this to work, the add-on must communicate with the password manager. However, communication is being blocked by Firefox's Apparmor profile.

If KeePassXC is installed via Apt:

Apr 28 20:25:43 snake kernel: [79057.095759] audit: type=1400 audit(1556497543.512:878): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/bin/keepassxc-proxy" pid=23647 comm=444F4D20576F726B6572 requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

If KeePassXC is installed via Snap:

Apr 28 20:22:24 snake kernel: [78858.165807] audit: type=1400 audit(1556497344.579:799): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/bin/snap" pid=21695 comm=444F4D20576F726B6572 requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

Please alter the Apparmor profile to allow for communication with this password manager with either installation method.

Workaround:

Disable the profile with `sudo aa-disable usr.bin.firefox`.

ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: firefox 66.0.3+build1-0ubuntu1
ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6
Uname: Linux 5.0.0-13-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.10-0ubuntu27
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: colan 12106 F.... pulseaudio
 /dev/snd/controlC0: colan 12106 F.... pulseaudio
BuildID: 20190410124846
Channel: Unavailable
CurrentDesktop: ubuntu:GNOME
Date: Sun Apr 28 20:31:43 2019
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/firefox/firefox
ForcedLayersAccel: False
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions:
 English (South Africa) Language Pack - <email address hidden>
 English (GB) Language Pack - <email address hidden>
 Default - {972ce4c6-7e08-4474-a285-3208198ce6fd}
IpRoute:
 default via 192.168.1.1 dev wlan0 proto dhcp metric 600
 169.254.0.0/16 dev wlan0 scope link metric 1000
 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.12 metric 600
Plugins: Shockwave Flash - /usr/lib/adobe-flashplugin/libflashplayer.so (adobe-flashplugin)
PrefSources:
 /usr/lib/firefox/defaults/pref/all-ubuntu-gnome.js
 prefs.js
ProcEnviron:
 LANGUAGE=en_CA:en
 PATH=(custom, user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_CA.UTF-8
 SHELL=/bin/zsh
Profiles: Profile0 (Default) - LastVersion=66.0.3/20190410124846 (In use)
RelatedPackageVersions: adobe-flashplugin 1:20190409.1-0ubuntu1
RunningIncompatibleAddons: True
SourcePackage: firefox
UpgradeStatus: Upgraded to disco on 2019-04-26 (2 days ago)
dmi.bios.date: 07/09/2013
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 4.6.5
dmi.board.asset.tag: Tag 12345
dmi.board.name: Galago UltraPro
dmi.board.vendor: System76, Inc.
dmi.board.version: galu1
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 9
dmi.chassis.vendor: System76, Inc,
dmi.chassis.version: galu1
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr4.6.5:bd07/09/2013:svnSystem76,Inc.:pnGalagoUltraPro:pvrgalu1:rvnSystem76,Inc.:rnGalagoUltraPro:rvrgalu1:cvnSystem76,Inc,:ct9:cvrgalu1:
dmi.product.family: Not Applicable
dmi.product.name: Galago UltraPro
dmi.product.sku: Not Applicable
dmi.product.version: galu1
dmi.sys.vendor: System76, Inc.
mtime.conffile..etc.apport.crashdb.conf: 2017-10-30T13:06:38.618550

Colan Schwartz (colan) wrote :
Jonathan White (droidmonkey) wrote :

Hi KeePassXC maintainer here. This problem is not limited to KeePassXC-Browser Extension, any extension using Native Messaging will be blocked because of the nature with which native messaging works. The Browser itself launches a process that it communicates with using a named pipe.

Olivier Tilloy (osomon) wrote :

Please note that the firefox apparmor profile is disabled by default, precisly because it has known limitations like this one. See /usr/share/doc/firefox/README.Debian.

Changed in firefox (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Colan Schwartz (colan) wrote :

Thanks. Does anyone know if there's an upstream (Debian) bug report for this? If not, should one be created? Or is this simply a downstream (Ubuntu) thing?

Olivier Tilloy (osomon) wrote :

As far as I know, the firefox apparmor profile is Ubuntu-specific, not in Debian.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers