Firefox Apparmor profile prevents connection with KeePassXC

Bug #1826793 reported by Colan Schwartz
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

The KeePassXC password manager (https://keepassxc.org/) allows passwords to be filled in automatically via the KeePassXC-Browser Firefox add-on (https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/).

In order for this to work, the add-on must communicate with the password manager. However, communication is being blocked by Firefox's Apparmor profile.

If KeePassXC is installed via Apt:

Apr 28 20:25:43 snake kernel: [79057.095759] audit: type=1400 audit(1556497543.512:878): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/bin/keepassxc-proxy" pid=23647 comm=444F4D20576F726B6572 requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

If KeePassXC is installed via Snap:

Apr 28 20:22:24 snake kernel: [78858.165807] audit: type=1400 audit(1556497344.579:799): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/bin/snap" pid=21695 comm=444F4D20576F726B6572 requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

Please alter the Apparmor profile to allow for communication with this password manager with either installation method.

Workaround:

Disable the profile with `sudo aa-disable usr.bin.firefox`.

ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: firefox 66.0.3+build1-0ubuntu1
ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6
Uname: Linux 5.0.0-13-generic x86_64
AddonCompatCheckDisabled: False
ApportVersion: 2.20.10-0ubuntu27
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: colan 12106 F.... pulseaudio
 /dev/snd/controlC0: colan 12106 F.... pulseaudio
BuildID: 20190410124846
Channel: Unavailable
CurrentDesktop: ubuntu:GNOME
Date: Sun Apr 28 20:31:43 2019
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/firefox/firefox
ForcedLayersAccel: False
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
IncompatibleExtensions:
 English (South Africa) Language Pack - <email address hidden>
 English (GB) Language Pack - <email address hidden>
 Default - {972ce4c6-7e08-4474-a285-3208198ce6fd}
IpRoute:
 default via 192.168.1.1 dev wlan0 proto dhcp metric 600
 169.254.0.0/16 dev wlan0 scope link metric 1000
 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.12 metric 600
Plugins: Shockwave Flash - /usr/lib/adobe-flashplugin/libflashplayer.so (adobe-flashplugin)
PrefSources:
 /usr/lib/firefox/defaults/pref/all-ubuntu-gnome.js
 prefs.js
ProcEnviron:
 LANGUAGE=en_CA:en
 PATH=(custom, user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_CA.UTF-8
 SHELL=/bin/zsh
Profiles: Profile0 (Default) - LastVersion=66.0.3/20190410124846 (In use)
RelatedPackageVersions: adobe-flashplugin 1:20190409.1-0ubuntu1
RunningIncompatibleAddons: True
SourcePackage: firefox
UpgradeStatus: Upgraded to disco on 2019-04-26 (2 days ago)
dmi.bios.date: 07/09/2013
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 4.6.5
dmi.board.asset.tag: Tag 12345
dmi.board.name: Galago UltraPro
dmi.board.vendor: System76, Inc.
dmi.board.version: galu1
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 9
dmi.chassis.vendor: System76, Inc,
dmi.chassis.version: galu1
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr4.6.5:bd07/09/2013:svnSystem76,Inc.:pnGalagoUltraPro:pvrgalu1:rvnSystem76,Inc.:rnGalagoUltraPro:rvrgalu1:cvnSystem76,Inc,:ct9:cvrgalu1:
dmi.product.family: Not Applicable
dmi.product.name: Galago UltraPro
dmi.product.sku: Not Applicable
dmi.product.version: galu1
dmi.sys.vendor: System76, Inc.
mtime.conffile..etc.apport.crashdb.conf: 2017-10-30T13:06:38.618550

Revision history for this message
Colan Schwartz (colan) wrote :
Revision history for this message
Jonathan White (droidmonkey) wrote :

Hi KeePassXC maintainer here. This problem is not limited to KeePassXC-Browser Extension, any extension using Native Messaging will be blocked because of the nature with which native messaging works. The Browser itself launches a process that it communicates with using a named pipe.

Revision history for this message
Olivier Tilloy (osomon) wrote :

Please note that the firefox apparmor profile is disabled by default, precisly because it has known limitations like this one. See /usr/share/doc/firefox/README.Debian.

Changed in firefox (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Colan Schwartz (colan) wrote :

Thanks. Does anyone know if there's an upstream (Debian) bug report for this? If not, should one be created? Or is this simply a downstream (Ubuntu) thing?

Revision history for this message
Olivier Tilloy (osomon) wrote :

As far as I know, the firefox apparmor profile is Ubuntu-specific, not in Debian.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.