firefox crashes with MOZ_ENABLE_WAYLAND=1 when apparmor profile is enforced

Bug #1894006 reported by Paul Collins on 2020-09-02
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Medium
Olivier Tilloy

Bug Description

Recently I decided to try running firefox 80 directly via Wayland, instead of via X11. It crashed. (I haven't tried any previous versions.)

I found the following in /var/log/audit/audit.log:

type=AVC msg=audit(1599023168.948:3997869): apparmor="DENIED" operation="mknod" profile="firefox" name="/dev/shm/wayland.mozilla.ipc.0" pid=1042373 comm="Compositor" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

I added the following to /etc/apparmor.d/local/usr.bin.firefox:

  /dev/shm/wayland.mozilla.* rw,

reloaded the profile:

sudo apparmor_parser -r < /etc/apparmor.d/usr.bin.firefox

and now it works.
---
ProblemType: Bug
AddonCompatCheckDisabled: False
ApportVersion: 2.20.11-0ubuntu27.8
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: paul 4497 F.... pulseaudio
 /dev/snd/controlC0: paul 4497 F.... pulseaudio
BuildID: 20200818235255
CasperMD5CheckResult: skip
Channel: Unavailable
CurrentDesktop: GNOME
DefaultProfileIncompatibleExtensions: Default - {972ce4c6-7e08-4474-a285-3208198ce6fd}
DefaultProfilePrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:730
DefaultProfilePrefSources:
 /usr/lib/firefox/defaults/pref/all-ubuntu-gnome.js
 prefs.js
DistroRelease: Ubuntu 20.04
ForcedLayersAccel: False
InstallationDate: Installed on 2011-11-06 (3223 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111011)
KernLog:

NonfreeKernelModules: lkp_Ubuntu_5_4_0_40_44_generic_69 zfs zunicode zavl icp zcommon znvpair
Package: firefox 80.0+build2-0ubuntu0.20.04.1
PackageArchitecture: amd64
ProcCmdline: BOOT_IMAGE=/vmlinuz-5.4.0-40-generic root=UUID=617752e9-3054-4928-881c-0e0651a839b0 ro splash quiet
ProcVersionSignature: Ubuntu 5.4.0-40.44-generic 5.4.44
Profile1Extensions: extensions.sqlite corrupt or missing
Profile1IncompatibleExtensions: Unavailable (corrupt or non-existant compatibility.ini or extensions.sqlite)
Profile1Locales: extensions.sqlite corrupt or missing
Profile1PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:730
Profile1PrefSources:
 /usr/lib/firefox/defaults/pref/all-ubuntu-gnome.js
 prefs.js
Profile1Themes: extensions.sqlite corrupt or missing
Profile2IncompatibleExtensions: Default - {972ce4c6-7e08-4474-a285-3208198ce6fd}
Profile2PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:730
Profile2PrefSources:
 /usr/lib/firefox/defaults/pref/all-ubuntu-gnome.js
 prefs.js
Profiles:
 Profile2 - LastVersion=80.0/20200818235255
 Profile1 - LastVersion=78.0.2/20200708170202 (Out of date)
 Profile0 (Default) - LastVersion=80.0/20200818235255 (In use)
RunningIncompatibleAddons: True
Tags: wayland-session focal
Uname: Linux 5.4.0-40-generic x86_64
UpgradeStatus: Upgraded to focal on 2020-02-25 (190 days ago)
UserGroups: adm admin cdrom dialout docker libvirt lpadmin lxd microk8s plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 03/21/2018
dmi.bios.vendor: LENOVO
dmi.bios.version: M1AKT35A
dmi.board.name: 3111
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40700 WIN 3258011708158
dmi.chassis.type: 3
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.modalias: dmi:bvnLENOVO:bvrM1AKT35A:bd03/21/2018:svnLENOVO:pn10MRCTO1WW:pvrThinkCentreM710q:rvnLENOVO:rn3111:rvrSDK0J40700WIN3258011708158:cvnLENOVO:ct3:cvrNone:
dmi.product.family: ThinkCentre M710q
dmi.product.name: 10MRCTO1WW
dmi.product.sku: LENOVO_MT_10MR_BU_LENOVO_FM_ThinkCentre M710q
dmi.product.version: ThinkCentre M710q
dmi.sys.vendor: LENOVO
modified.conffile..etc.cron.daily.apport: [deleted]

apport information

tags: added: apport-collected focal wayland-session
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

Olivier Tilloy (osomon) on 2020-11-25
summary: - firefox crashes with MOZ_WAYLAND_ENABLE=1
+ firefox crashes with MOZ_ENABLE_WAYLAND=1
summary: - firefox crashes with MOZ_ENABLE_WAYLAND=1
+ firefox crashes with MOZ_ENABLE_WAYLAND=1 when apparmor profile is
+ enforced
Olivier Tilloy (osomon) wrote :

I can reproduce with firefox 83 on Ubuntu 20.04, and I can confirm that the suggested addition to the apparmor profile fixes the problem.

Changed in firefox (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Olivier Tilloy (osomon) wrote :

The additional rule should probably be:

    owner /{dev,run}/shm/wayland.mozilla.ipc.[0-9]* rw,

Changed in firefox (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
Olivier Tilloy (osomon) wrote :

Fix committed to all the beta branches (https://bazaar.launchpad.net/~mozillateam/firefox/firefox-beta.hirsute/revision/1387), this will become available as updates when Firefox 84.0 is released.

Changed in firefox (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 84.0+build3-0ubuntu0.20.10.1

---------------
firefox (84.0+build3-0ubuntu0.20.10.1) groovy; urgency=medium

  * New upstream release (84.0+build3)

 -- Olivier Tilloy <email address hidden> Mon, 14 Dec 2020 09:54:22 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 84.0+build3-0ubuntu0.20.04.1

---------------
firefox (84.0+build3-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (84.0+build3)

 -- Olivier Tilloy <email address hidden> Mon, 14 Dec 2020 09:52:38 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers