[apparmor profile] allow /proc/$$/net/wireless

Bug #974141 reported by James Troup
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Jamie Strandboge

Bug Description

After a recent dist-upgrade, I started getting apparmor alerts about
this. Like /proc/$$/net/dev, it seems harmless enough to allow.

Apr 5 11:58:39 ornery kernel: [459261.564766] type=1400 audit(1333623519.296:1146): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/23455/net/wireless" pid=15182 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Tags: patch apparmor
Revision history for this message
James Troup (elmo) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Firefox Apparmor profile: allow /proc/$$/net/wireless" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Rick Spencer (rick-rickspencer3) wrote :

@jdstrand - since this is for apparmor, I though you would want to take a look

Changed in firefox (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your patch. This has been committed to the various firefox branches and should appear in the next update (probably after release).

Changed in firefox (Ubuntu):
status: New → Fix Committed
importance: Undecided → Low
tags: added: apparmor
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package firefox - 13.0~b3+build1-0ubuntu1

firefox (13.0~b3+build1-0ubuntu1) quantal; urgency=low

  [ Chris Coulson <email address hidden> ]
  * New upstream release from the beta channel (FIREFOX_13_0b3_BUILD1)

  * Refresh build-depends:
    - Bump minimum GTK version to 2.14 as we build with GIO support
    - Add minimum requirement for glib (2.18)
    - Drop libidl-dev, this doesn't appear to be needed now
    - Bump minimum NSPR version to 4.9.0 for --enable-system-nspr builds
    - Bump minimum sqlite version to 3.7.10 for --enable-system-sqlite
    - Bump minimum NSS version to 3.13.2 for --enable-system-nss builds
  * Refresh patches:
    - update debian/patches/ubuntu-ua-string-changes.patch
    - update debian/patches/ubuntu-codes-google.patch
    - update debian/patches/dont-include-hyphenation-patterns.patch
  * Clean up the file exclude list and add comments for excluded files
    - update debian/build/create-tarball.py
  * Make it easy to run Firefox in valgrind for builds that are compiled
    with explicit valgrind support
    - update debian/firefox.sh.in
  * Bump debhelper compat to 7
    - update debian/apport/blacklist.in
    - update debian/apport/source_firefox.py.in
    - update debian/compat
    - update debian/config/mozconfig.in
    - update debian/control.in
    - update debian/firefox-dev.install.in
    - update debian/firefox-dev.links.in
    - update debian/firefox-globalmenu.dirs.in
    - update debian/firefox-gnome-support.install.in
    - update debian/firefox.dirs.in
    - update debian/firefox.install.in
    - update debian/firefox.links.in
    - update debian/firefox.postinst.in
    - update debian/firefox.preinst.in
    - update debian/firefox.sh.in
    - update debian/pkgconfig/libxul.pc.in
    - update debian/pkgconfig/mozilla-nspr.pc.in
    - update debian/pkgconfig/mozilla-plugin.pc.in
    - update debian/rules
    - update debian/usr.bin.firefox.apparmor.10.04
    - update debian/usr.bin.firefox.apparmor.10.10
    - update debian/usr.bin.firefox.apparmor.11.04
    - update debian/usr.bin.firefox.apparmor.12.04
    - update debian/usr.bin.firefox.apparmor.9.10
  * Override 2 embedded-library lintian errors
    - update debian/firefox.lintian-overrides.in
  * Drop debian/patches/distro-locale-searchplugins after landing of
    bmo: #515232
  * Don't hardcode general.useragent.locale to en-US, now that it's used
    for searchplugin localization. This means we can drop this pref from
    - add debian/patches/dont-override-general-useragent-locale.patch
    - update debian/patches/series
  * Drop patches fixed upstream
    - remove debian/patches/no-sps-profiler-on-unsupported-archs.patch
    - remove debian/patches/avoid-dbus-roundtrip-for-httpchannel.patch
    - update debian/patches/series
  * Apport hook improvements:
    - Add support for reporting preference defaults that are set by extensions
    - When reporting preferences, record the source of each preference
    - Report plugin packages for plugins that are installed with the
      package manager
    - Add some addon manager related prefs to the whitelist
    - Display a...


Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Dennis Baurichter (d-baurichter) wrote :

I got the firefox update (version 12 -> 13) today. It _allows_ reading the files @{PROC}/[0-9]*/net/dev and wireless, but the changelog says:

> adjust apparmor profile to deny reads to @{PROC}/[0-9]*/net/dev.
(same for wireless)

This is just a kind of typo in the changelog, isn't it?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.