[apparmor profile] allow /proc/$$/net/wireless

Bug #974141 reported by James Troup
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Jamie Strandboge

Bug Description

After a recent dist-upgrade, I started getting apparmor alerts about
this. Like /proc/$$/net/dev, it seems harmless enough to allow.

Apr 5 11:58:39 ornery kernel: [459261.564766] type=1400 audit(1333623519.296:1146): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/23455/net/wireless" pid=15182 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Tags: patch apparmor
Revision history for this message
James Troup (elmo) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Firefox Apparmor profile: allow /proc/$$/net/wireless" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Rick Spencer (rick-rickspencer3) wrote :

@jdstrand - since this is for apparmor, I though you would want to take a look

Changed in firefox (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your patch. This has been committed to the various firefox branches and should appear in the next update (probably after release).

Changed in firefox (Ubuntu):
status: New → Fix Committed
importance: Undecided → Low
tags: added: apparmor
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package firefox - 13.0~b3+build1-0ubuntu1

firefox (13.0~b3+build1-0ubuntu1) quantal; urgency=low

  [ Chris Coulson <email address hidden> ]
  * New upstream release from the beta channel (FIREFOX_13_0b3_BUILD1)

  * Refresh build-depends:
    - Bump minimum GTK version to 2.14 as we build with GIO support
    - Add minimum requirement for glib (2.18)
    - Drop libidl-dev, this doesn't appear to be needed now
    - Bump minimum NSPR version to 4.9.0 for --enable-system-nspr builds
    - Bump minimum sqlite version to 3.7.10 for --enable-system-sqlite
    - Bump minimum NSS version to 3.13.2 for --enable-system-nss builds
  * Refresh patches:
    - update debian/patches/ubuntu-ua-string-changes.patch
    - update debian/patches/ubuntu-codes-google.patch
    - update debian/patches/dont-include-hyphenation-patterns.patch
  * Clean up the file exclude list and add comments for excluded files
    - update debian/build/create-tarball.py
  * Make it easy to run Firefox in valgrind for builds that are compiled
    with explicit valgrind support
    - update debian/firefox.sh.in
  * Bump debhelper compat to 7
    - update debian/apport/blacklist.in
    - update debian/apport/source_firefox.py.in
    - update debian/compat
    - update debian/config/mozconfig.in
    - update debian/control.in
    - update debian/firefox-dev.install.in
    - update debian/firefox-dev.links.in
    - update debian/firefox-globalmenu.dirs.in
    - update debian/firefox-gnome-support.install.in
    - update debian/firefox.dirs.in
    - update debian/firefox.install.in
    - update debian/firefox.links.in
    - update debian/firefox.postinst.in
    - update debian/firefox.preinst.in
    - update debian/firefox.sh.in
    - update debian/pkgconfig/libxul.pc.in
    - update debian/pkgconfig/mozilla-nspr.pc.in
    - update debian/pkgconfig/mozilla-plugin.pc.in
    - update debian/rules
    - update debian/usr.bin.firefox.apparmor.10.04
    - update debian/usr.bin.firefox.apparmor.10.10
    - update debian/usr.bin.firefox.apparmor.11.04
    - update debian/usr.bin.firefox.apparmor.12.04
    - update debian/usr.bin.firefox.apparmor.9.10
  * Override 2 embedded-library lintian errors
    - update debian/firefox.lintian-overrides.in
  * Drop debian/patches/distro-locale-searchplugins after landing of
    bmo: #515232
  * Don't hardcode general.useragent.locale to en-US, now that it's used
    for searchplugin localization. This means we can drop this pref from
    - add debian/patches/dont-override-general-useragent-locale.patch
    - update debian/patches/series
  * Drop patches fixed upstream
    - remove debian/patches/no-sps-profiler-on-unsupported-archs.patch
    - remove debian/patches/avoid-dbus-roundtrip-for-httpchannel.patch
    - update debian/patches/series
  * Apport hook improvements:
    - Add support for reporting preference defaults that are set by extensions
    - When reporting preferences, record the source of each preference
    - Report plugin packages for plugins that are installed with the
      package manager
    - Add some addon manager related prefs to the whitelist
    - Display a...


Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Dennis Baurichter (d-baurichter) wrote :

I got the firefox update (version 12 -> 13) today. It _allows_ reading the files @{PROC}/[0-9]*/net/dev and wireless, but the changelog says:

> adjust apparmor profile to deny reads to @{PROC}/[0-9]*/net/dev.
(same for wireless)

This is just a kind of typo in the changelog, isn't it?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers