firefox-notify denied on download completion

Bug #644983 reported by Micah Gersten on 2010-09-22
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Wishlist
Jamie Strandboge
firefox (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: firefox

Sep 22 01:23:13 defiant kernel: [381456.277830] type=1400 audit(1285136593.871:451285): apparmor="ALLOWED" operation="exec" parent=10376 profile="/usr/lib/firefox-3.6.10/firefox-*bin" name="/usr/share/xul-ext/notify/chrome/content/download_complete_notify.py" pid=1574 comm="firefox-bin" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/usr/lib/firefox-3.6.10/firefox-*bin//null-84"

I get these whenever a download completes.

Tried to add the following to the local Firefox abstraction in Maverick, but I got the following error:
  /usr/share/xul-ext/notify/chrome/content/download_complete_notify.py Uxr,

AppArmor parser error, in stdin line 3: syntax error, unexpected TOK_MODE, expecting TOK_OPEN

Jamie Strandboge (jdstrand) wrote :

This should fix it:
#include <abstractions/python>
/usr/bin/python2.[4567] ix,
/usr/share/xul-ext/notify/**/download_complete_notify.py ix,

Jamie Strandboge (jdstrand) wrote :

This has been added to the ubuntu-integration-xul abstraction in apparmor trunk.

Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Wishlist
status: New → Fix Committed
Jamie Strandboge (jdstrand) wrote :

Once the ubuntu-integration-xul is in Ubuntu, debian/firefox.postinst can be adjusted to include:
#include <abstractions/ubuntu-browsers.d/ubuntu-integration-xul>

when creating $ADDONS_APP_PROFILE.

Changed in firefox (Ubuntu):
importance: Undecided → Low
status: New → Triaged
importance: Low → Wishlist
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.6~devel+bzr1601-0ubuntu1

---------------
apparmor (2.6~devel+bzr1601-0ubuntu1) natty; urgency=low

  * Merge with upstream bzr revision 1601 to gain parser speed
    improvements and man page fixes. Closes the following bugs:
    - LP: #349049: document audit, deny and owner rule qualifiers
    - LP: #466228: ubuntu-browsers.d/multimedia: allow flash printing
    - LP: #644983: add ubuntu-browsers.d/ubuntu-integration-xul
    - LP: #692216: use aa_change_hat() instead of change_hat()
    - LP: #692217: add aa_change_profile.pod manpage
  * debian/control: explicitly depend on gettext module.
  * ship apparmor vim syntax file (LP: #646800):
    - debian/vim-apparmor.yaml: vim addon definition file.
    - debian/apparmor-utils.install: add apparmor.vim and vim-apparmor.yaml.
  * debian/libapparmor1.manpages: ship aa_change_profile manpage.
 -- Kees Cook <email address hidden> Mon, 20 Dec 2010 14:37:38 -0800

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

This is fixed in Ubuntu 11.04.

Changed in firefox (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers