Ubuntu
firefox package

syslog overflowing with apparmor audit ptrace firefox-*bin messages

Bug #676701 reported by André Pirard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Triaged
Undecided
Unassigned

Bug Description

Binary package hint: apparmor

https://help.ubuntu.com/community/ReportingBugs compliant report

 1. What you expected to happen

going to the swimming pool

 2. What actually happened

System : Ubuntu 10.04 (upgrade) up to date, Kernel is 2.6.32-26-generic, Firefox:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12

syslog is literally overflowing with messages like this (many suppressed):
xxx kernel: [15514.454740] type=1503 audit(1289919221.465:10403): operation="ptrace" pid=4885 parent=4884 profile="/usr/lib/firefox-3.6.12/firefox-*bin" tracer=4885 tracee=2247
every time a window or tab or something opens.

I added deny capability sys_ptrace, to /etc/apparmor.d/usr.bin.firefox
and I ran sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox giving

Nov 16 19:30:13 p-hp-u kernel: [28506.718832] type=1505 audit(1289932213.729:46716): operation="profile_replace" pid=9268 name="/usr/lib/firefox-3.6.12/firefox-*bin"
Nov 16 19:30:13 p-hp-u kernel: [28506.719106] type=1505 audit(1289932213.729:46717): operation="profile_replace" pid=9268 name="/usr/lib/firefox-3.6.12/firefox-*bin//firefox_java"
Nov 16 19:30:13 p-hp-u kernel: [28506.719488] type=1505 audit(1289932213.729:46718): operation="profile_replace" pid=9268 name="/usr/lib/firefox-3.6.12/firefox-*bin//firefox_openjdk"

But the messages continued. Then

2a. close all firefox windows
2b. sudo apparmor_parser -r -W -T /etc/apparmor.d/usr.bin.firefox
2c. start firefox

Messages continued to continue.

 3. The minimal series of steps necessary to make it happen, where step 1 is "start the program"

0 Boot up and Log in
1 Firefoxtrot.
2 read syslog (optional)

Tags: apparmor
Revision history for this message
André Pirard (a.pirard) wrote :

As I have introduced this bug on request of a developer, I would appreciate
it got confirmed or triaged status,
some comments,
hopefully a solution.
Thank you.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and filing a bug.

I am unable to reproduce this. What plugins do you have installed? What extensions?

Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → Incomplete
Revision history for this message
André Pirard (a.pirard) wrote : Re: [Bug 676701] Re: syslog overflowing with apparmor audit ptrace firefox-*bin messages

 I have attached the list of my config, extensions and plugins. Hoping
it will help. Best regards.

Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Incomplete → New
Revision history for this message
André Pirard (a.pirard) wrote :

Nice find: these messages completely stopped after uninstalling scim.
I've run 48 hours free of any said messages after doing so.
With the added stop of scim messages themselves, my log became readable.

scim is responsible for a host of very unexpected, surprising problems.
It should not be used if not needed, which is the case if you don't know what it is.

Jamie Strandboge (jdstrand)
affects: apparmor (Ubuntu) → firefox (Ubuntu)
Changed in firefox (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: New → Triaged
tags: added: apparmor
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.