/media directory should not use 'owner' in apparmor profile

Architecture: amd64
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0xf9ff8000 irq 22'
   Mixer name : 'Analog Devices AD1989B'
   Components : 'HDA:11d4989b,10438311,00100300'
   Controls : 48
   Simple ctrls : 27
DistroRelease: Ubuntu 9.10
HibernationDevice: RESUME=UUID=83c95442-a3bb-41ea-9822-97768074dcbf
InstallationMedia: Kubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
MachineType: System manufacturer P5Q-E
NonfreeKernelModules: nvidia
Package: linux (not installed)
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.31-15-generic root=UUID=d4f7b656-5965-43fb-acc2-5bc98e3ba8c6 ro quiet splash
ProcEnviron:
 SHELL=/bin/bash
 LANG=fr_CH.UTF-8
 LANGUAGE=
ProcVersionSignature: Ubuntu 2.6.31-15.49-generic
RelatedPackageVersions:
 linux-backports-modules-2.6.31-15-generic N/A
 linux-firmware 1.24
RfKill:

Uname: Linux 2.6.31-15-generic x86_64
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 02/25/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 2001
dmi.board.asset.tag: To Be Filled By O.E.M.
dmi.board.name: P5Q-E
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr2001:bd02/25/2009:svnSystemmanufacturer:pnP5Q-E:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5Q-E:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: P5Q-E
dmi.product.version: System Version
dmi.sys.vendor: System manufacturer

Thank you for using Ubuntu and taking the time to report a bug. The firefox profile should already have the following line:
  owner /media/** rw,

starlights, can you verify this is the case? What is the output of:
$ ls -ln '/media/FreeAgent Drive/torrents/[www.itoma.info]_Les hits de lhiver 2009-ITOMA.torrent'

Hi Jamie,

my output are :

-rwxrwxrwx 1 0 0 46075 2009-11-08 09:15 /media/FreeAgent Drive/torrents/[www.itoma.info]_Les hits de lhiver 2009-ITOMA.torrent

But in fact you can't confirm like that while i have need copy and paste the torrent manually to be accepted. Only on Internal HD it's possible to download a file from firefox.

I have already reported a bug similar, i was not able to know that's possible the same cause because this audit was encrypted.

take a look : https://bugs.launchpad.net/bugs/478158 if are maybe relied.

  # allow read and write to all user's files, except explicitly denied ones
  @{HOME}/ r,
  @{HOME}/** rw,
  @{HOME}/Desktop/** rw,
  @{HOME}/Firefox_wallpaper* rw,
  owner /media/** rw,
  owner /mnt/** rw,
  owner /srv/** rw,

Can you try adjusting this line:
  owner /media/** rw,

to be:
  /media/** rw,

and then reload the apparmor profile with:
$ sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.firefox-3.5

Hi Jamie,

I have adjusted the ligne and now work well.

Thanks very much for your great work and the fix can be commited :P

have a good journey

Best Regards

Stars

This bug was fixed in the package firefox-3.5 - 3.5.6+nobinonly-0ubuntu1

---------------
firefox-3.5 (3.5.6+nobinonly-0ubuntu1) lucid; urgency=low

  * New upstream release v3.5.6 (FIREFOX_3_5_6_RELEASE)
    - see USN-874-1

  [ Micah Gersten <email address hidden> ]
  * Bump minimum system cairo to 1.8.8
    - update debian/rules
  * Fix .desktop Name field for Slovak translation (LP: 448683)
    - update debian/firefox-3.5-final.desktop
  * Fix .desktop Name field for Estonian and Arabic translations
    (LP: 419507, LP: 321239)
    - update debian/firefox-3.5-final.desktop

  [ Jamie Strandboge <email address hidden> ]
  * AppArmor fixes:
    - allow access to nautilus, to allow "Open containing folder" to work
      (LP: #452591)
    - allow access for deluge (LP: #455792)
    - work better with KDE by adding kde abstraction, allow access to soffice,
      allow access to okular and read access to /etc/fstab (for print dialog)
      (LP: #447006)
    - allow access to acroread (LP: #473268)
    - allow access to eog (LP: #464016)
    - allow access to transmission (LP: #476299)
    - deny noisy write attempts to deny /usr/lib/xulrunner-*/components/*.tmp
      as seen with 'firefox --help')
    - deny noisy read to /.suspended (when navigating directories)
    - allow access to /usr/bin/liferea-add-feed (LP: #488851)
    - allow access to azureus (LP: #482677)
    - don't require 'owner' for /media (LP: #479580)
    - adjust AppArmor profile binary globbing to match other branches
    - allow ixr access to sed (for first runs)

  [ Alexander Sack <email address hidden> ]
  * bump lower bound for system sqlite3 to >= 3.6.16.1
    - update debian/rules
 -- Alexander Sack <email address hidden> Wed, 16 Dec 2009 00:43:08 +0100