** Description changed:
Binary package hint: firefox-3.5
Using Firefox 3.6 from daily build ppa (this is only in 3.6, not in
3.5). I noticed that many important apps don't open as external clients
whenever I download associated files. Some examples from kern.log:
-
- geany
-
- Dec 24 23:20:12 amilo kernel: [30255.553782] type=1503
- audit(1261693212.011:352): operation="exec" pid=5599 parent=23144
- profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::x"
- denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/geany"
nano
Dec 24 23:21:11 amilo kernel: [30315.457871] type=1503
audit(1261693271.916:360): operation="open" pid=6163 parent=1
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::r"
denied_mask="::r" fsuid=1000 ouid=0 name="/bin/nano"
scid
Dec 20 10:58:58 amilo kernel: [ 486.135551] type=1503
audit(1261303138.592:27): operation="exec" pid=11744 parent=11743
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::x"
denied_mask="::x" fsuid=1000 ouid=0 name="/usr/local/bin/scid"
- other apps are for example, emacs23, loadkeys, less, lesspipe....
+ other blocked apps are for example, emacs23, geany, loadkeys, less,
+ lesspipe....
+
+
+ UPDATE: I noticed that these things can easily be fixed by adding the
+ respective apps to /etc/apparmor.d/usr.bin.firefox-3.6. For example, I
+ added the lines:
+
+ /usr/local/bin/scid Uxr,
+ /usr/bin/emacs Uxr,
+
+ to the miscellaneous section to enable scid and emacs23. If I understand
+ correctly, then the AppArmor default settings have changed recently in
+ Firefox 3.6. So I would suggest that a lot more apps should be
+ whitelisted: geany, openoffice, probly many more that I cannot recall
+ atm.
** Description changed:
Binary package hint: firefox-3.5
Using Firefox 3.6 from daily build ppa (this is only in 3.6, not in
3.5). I noticed that many important apps don't open as external clients
whenever I download associated files. Some examples from kern.log:
nano
Dec 24 23:21:11 amilo kernel: [30315.457871] type=1503
audit(1261693271.916:360): operation="open" pid=6163 parent=1
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::r"
denied_mask="::r" fsuid=1000 ouid=0 name="/bin/nano"
scid
Dec 20 10:58:58 amilo kernel: [ 486.135551] type=1503
audit(1261303138.592:27): operation="exec" pid=11744 parent=11743
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::x"
denied_mask="::x" fsuid=1000 ouid=0 name="/usr/local/bin/scid"
other blocked apps are for example, emacs23, geany, loadkeys, less,
lesspipe....
-
UPDATE: I noticed that these things can easily be fixed by adding the
respective apps to /etc/apparmor.d/usr.bin.firefox-3.6. For example, I
added the lines:
/usr/local/bin/scid Uxr,
/usr/bin/emacs Uxr,
- to the miscellaneous section to enable scid and emacs23. If I understand
- correctly, then the AppArmor default settings have changed recently in
- Firefox 3.6. So I would suggest that a lot more apps should be
- whitelisted: geany, openoffice, probly many more that I cannot recall
+ to the #miscellaneous section to enable scid and emacs23. If I
+ understand correctly, then the AppArmor default settings have changed
+ recently in Firefox 3.6. So I would suggest that a lot more apps should
+ be whitelisted: geany, openoffice, probly many more that I cannot recall
atm.
** Description changed:
Binary package hint: firefox-3.5
Using Firefox 3.6 from daily build ppa (this is only in 3.6, not in
3.5). I noticed that many important apps don't open as external clients
whenever I download associated files. Some examples from kern.log:
nano
Dec 24 23:21:11 amilo kernel: [30315.457871] type=1503
audit(1261693271.916:360): operation="open" pid=6163 parent=1
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::r"
denied_mask="::r" fsuid=1000 ouid=0 name="/bin/nano"
scid
Dec 20 10:58:58 amilo kernel: [ 486.135551] type=1503
audit(1261303138.592:27): operation="exec" pid=11744 parent=11743
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::x"
denied_mask="::x" fsuid=1000 ouid=0 name="/usr/local/bin/scid"
other blocked apps are for example, emacs23, geany, loadkeys, less,
lesspipe....
UPDATE: I noticed that these things can easily be fixed by adding the
respective apps to /etc/apparmor.d/usr.bin.firefox-3.6. For example, I
added the lines:
/usr/local/bin/scid Uxr,
/usr/bin/emacs Uxr,
to the #miscellaneous section to enable scid and emacs23. If I
understand correctly, then the AppArmor default settings have changed
recently in Firefox 3.6. So I would suggest that a lot more apps should
- be whitelisted: geany, openoffice, probly many more that I cannot recall
- atm.
+ be whitelisted: geany, nano, probly many more that I cannot recall atm.
--
AppArmor blocks Firefox 3.6 from opening many important apps
https://bugs.launchpad.net/bugs/500244
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
