apparmor blocks mmap of openjdk's classes.jsa

Bug #574459 reported by Jamie Strandboge on 2010-05-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Low
Jamie Strandboge

Bug Description

Binary package hint: firefox

On up to date Lucid, received the following on i386 using the icedtea6-plugin.

Profile: /usr/lib/firefox-3.6.3/firefox-*bin//firefox_openjdk
Operation: file_mmap
Name: /usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/classes.jsa
Denied: ::m
Logfile: /var/log/kern.log

Changed in firefox (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Low
status: New → Triaged
Jamie Strandboge (jdstrand) wrote :

=== modified file 'debian/usr.bin.firefox.apparmor.10.04'
--- debian/usr.bin.firefox.apparmor.10.04 2010-04-29 15:37:00 +0000
+++ debian/usr.bin.firefox.apparmor.10.04 2010-05-03 13:31:49 +0000
@@ -263,6 +263,7 @@

     /usr/bin/env ix,
     /usr/lib/jvm/java-6-openjdk/jre/bin/java ix,
+ /usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/classes.jsa m,

     # Why would java need this?
     deny /usr/bin/gconftool-2 x,
@@ -304,6 +305,7 @@

     /usr/bin/env ix,
     /usr/lib/jvm/java-*-sun-1.*/jre/bin/java ix,
+ /usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m,
     /usr/lib/j2*-ibm/jre/bin/java ix,

     # noisy, can't write here anyway

Changed in firefox (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 3.6.4+build7+nobinonly-0ubuntu1

---------------
firefox (3.6.4+build7+nobinonly-0ubuntu1) maverick; urgency=low

  * New upstream release v3.6.4 (FIREFOX_3_6_4_BUILD7)

  [ Micah Gersten <email address hidden> ]
  * Rebase patch after upstream landing of Lorentz branch
    - update debian/patches/bz460917_att350845_reload_new_plugins.patch
  * Drop patch after upstream landing of (bmo: 544481) aka
    Build fails on Ubuntu Lucid Lynx using 'dash' shell
    - drop debian/patches/fix-build-glitch.patch
    - update debian/patches/series

  [ Jamie Strandboge <email address hidden> ]
  * AppArmor:
    - allow ixr access to /usr/lib/xulrunner-*/plugin-container for xul builds
    - finetune Adobe Reader access (LP: #570337)
    - silence noisy denial on /boot/vmlinuz* and /boot/initrd.img* caused by
      readlinking symlinks in / (LP: #571761)
    - allow 'm' for java's 'classes.jsa' file (LP: #574459)
    - transition to firefox_java on Sun's jre/bin/java_vm too (LP: #570128)
    - allow Uxr for gnome-codec-install (LP: #577097)

  [ Chris Coulson <email address hidden> ]
  * Rebase patches for 3.6.4 release
    - update debian/patches/firefox-kde.patch
    - update debian/patches/mozilla-kde.patch
    - update debian/patches/add_syspref_dir.patch
  * Build with --enable-ipc on amd64, i386 and armel. These are the only
    architectures where OOPP is supported. Build with --disable-ipc on all
    other architectures
    - update debian/rules
  * Fix LP: #513887 - Install the plugin-container binary for OOPP support
    when building with --enable-ipc
    - update debian/rules
  * Fix build failure with fontconfig 2.5
    - update debian/patches/lp512615_cairo_lcd_filter.patch
  * Fix LP: #469752 - KDE/Gnome startup notification not disappearing
    when app window is up - build with --enable-startup-notification
    - update debian/rules
 -- Chris Coulson <email address hidden> Wed, 23 Jun 2010 15:31:44 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers