Broken apparmor profile in 9.0.1 on 10.04

Bug #923461 reported by Alexei Ivanov
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released

Bug Description

The apparmor profile in the new 9.0.1 firefox packages for 10.04 LTS seems to be broken. It doesn't catch the firefox process so that apparmor protection is disabled although the profile is set to enforce mode.

This seems to be connected to the process description in the profile file, /etc/apparmor.d/usr.bin.firefox contains


which is due to the process name of firefox-bin for the old 3.6.24 version of firefox.

It should read something like


because the new executable goes by the process name of "firefox" without "-bin".

visibility: private → public
Changed in firefox (Ubuntu):
status: New → Invalid
Changed in firefox (Ubuntu Lucid):
status: New → Fix Committed
Changed in firefox (Ubuntu Lucid):
importance: Undecided → Medium
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Thanks for your bug report. I respun the Firefox 10 build to pick up the fix for this

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.7 KiB)

This bug was fixed in the package firefox - 10.0+build1-0ubuntu0.10.04.2

firefox (10.0+build1-0ubuntu0.10.04.2) lucid-security; urgency=low

  * New upstream stable release (FIREFOX_10_0_BUILD1)
    - see LP: #923319 for USN information

  [ Chris Coulson <email address hidden> ]
  * Update patches for PRBool -> bool transition
    - refresh debian/patches/firefox-kde.patch
    - refresh debian/patches/mozilla-kde.patch
    - refresh debian/patches/ubuntu-ua-string-changes.patch
  * Drop some more hanging IPC xpcshell tests
    - update debian/build/
  * Remove prerm hook for cleaning up pyc files in the apport package-hooks
    folder. Nothing creates these
    - update debian/
  * Set up alternatives in the postinst script on abort-remove too
    - update debian/
  * Imporove maintainer script magic for removing obsolete conffiles when
    upgrading from 3.6, by doing what dpkg-maintscripts-helper does
    - update debian/
    - update debian/
    - update debian/
  * Only run the Apparmor stuff in the postinst script on configure, and
    in the preinst script on install or upgrade, so it handles upgrade failures
    - update debian/
    - update debian/
  * Drop the Ubuntuzilla workarounds now
    - update debian/
  * Refresh patches
    - update debian/patches/allow-lockPref-everywhere.patch
    - update debian/patches/ubuntu_bookmarks.patch
  * Turn off Network Manager integration for now, as it causes Firefox to
    always start in offline mode. In any case, probing Network Manager isn't
    the most reliable way to test if there is a connection
    - update debian/vendor.js
  * Update after landing of bmo: #701875 - Rename omni.jar to omni.ja
    - update debian/
  * Disable the tests on powerpc, because it sucks too much to run them
    - update debian/rules
  * "Fix" LP: #897794 - some websites expect "X11" to be the first token of
    the platform component in the UA string
    - update debian/patches/ubuntu-ua-string-changes.patch
  * Defuzz ubuntu-codes-google.patch
  * Refresh shipped locales (adds Assamese and Kashubian)
    - refresh debian/config/locales.shipped
    - refresh debian/control
  * Update KDE patches for removal of nsCStringArray
    - update debian/firefox-kde.patch
    - update debian/mozilla-kde.patch
  * Backport changes to allow per-release/per-arch patches
    - add debian/build/
    - update debian/rules
  * Fix LP: #908508 - Add patch from upstream to fix powerpc build failure.
    Only apply this patch on powerpc to avoid compromising the quality of
    the architectures that we care about
    - add debian/patches/fix-build-failure-without-yarr-jit2.patch
    - update debian/patches/series
  * Also make the previous powerpc build fix apply on ppc only
    - update debian/patches/series
  * Fix LP: #923461 - Broken Apparmor profile with Firefox 9.0.1
    - update debian/usr.bin.firefox.apparmor.10.04

  [ Micah Gersten <email address hidden> ]
  * Rebase patches for PRBool -> ...


Changed in firefox (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers