apparmor profile should allow access to xubuntu default app list

Bug #500231 reported by Micah Gersten
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Fix Released
Wishlist
Jamie Strandboge

Bug Description

Binary package hint: firefox-3.5

Dec 24 14:49:33 defiant kernel: [127597.922688] type=1503 audit(1261687773.171:50): operation="open" pid=17242 parent=1 profile="/usr/lib/firefox-3.5.*/firefox" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/xdg/xubuntu/applications/defaults.list"

gnome list seems to be allowed:
/etc/gnome/defaults.list r,

Tags: apparmor

Related branches

Micah Gersten (micahg)
Changed in firefox-3.5 (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Changed in firefox-3.5 (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Triaged → In Progress
affects: firefox-3.5 (Ubuntu) → firefox (Ubuntu)
Changed in firefox (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Fix committed to firefox-3.6.head. It will be in the next upload to Lucid.

Changed in firefox (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 3.6.2+nobinonly-0ubuntu1

---------------
firefox (3.6.2+nobinonly-0ubuntu1) lucid; urgency=low

  * New upstream release v3.6.2 (FIREFOX_3_6_2_RELEASE)

  [ Felix Geyer <email address hidden> ]
  * Rebase mozilla-kde.patch for 3.6.2
    - update debian/patches/mozilla-kde.patch

  [ Jamie Strandboge <<email address hidden> > ]
  * AppArmor profile cleanup for Lucid users:
    - remove sys_ptrace now that the kernel DTRT (LP: #498317)
    - don't use @{PROC}/[0-9]*/mounts or /etc/gnome/defaults.list (part of
      gnome abstraction now)
    - don't use @{PROC}/[0-9]*/maps (part of base abstraction)
    - don't use /etc/sound (part of audio abstraction)
    - use 'owner' for Desktop and all dot files and directories in @{HOME}
    - use ubuntu-bittorrent-clients abstraction
    - use ubuntu-media-players abstraction
    - allow access to xubuntu default app list (LP: #500231)
    - add ark and xarchiver for KDE and XFCE archive managers
    - add thunar for XFCE
    - add editors supported by It's All Text, thanks to James Troup
      (LP: #507711)
    - allow RealPlayer plugin and access to /usr/local/lib (LP: #501822)
    - allow Ux for scim and scim-bridge
    - allow ix for gst-plugin-scanner
  * ship different AppArmor profiles for different releases:
    - move usr.bin.firefox.apparmor.in to usr.bin.firefox.apparmor.9.10
    - add usr.bin.firefox.apparmor.10.04
    - debian/rules: ship AppArmor profile based on release:
      + add DISTRIB, DISTRIB_VERSION_MAJOR and DISTRIB_VERSION_MINOR
      + ship 9.10 profile for Karmic and under and 10.04 profile for Lucid
        and later
  * update AppArmor profile to transition to a java child profile rather
    than Ux. This has the added benefit of restricting java a bit more than
    before. This is needed since the java plugins are expecting certain
    environment variables to be present, which get scrubbed with Ux. 'cx'
    doesn't remove these from the environment but allows for better profiling
    over 'ux'. Thanks to John Johansen for discussion and idea. (LP: #484148)

  [ Alexander Sack <email address hidden> ]
  * fix LP: #518422 - Firefox does not start with certain addons installed;
    don't normalize paths for xpti.dat
    - add debian/patches/lp518422.patch
    - update debian/series

  [ Micah Gersten <email address hidden> ]
  * Bump minimum system NSS to 3.12.6 after upstream landing of (bmo: 545755)
    aka Update Mozilla stable branches to NSS 3.12.6 and minimal support for
    RFC 5746
    - update debian/rules
  * Really fix FTBFS for sparc; Add configure flag to correct variable
    - update debian/rules
 -- Micah Gersten <email address hidden> Wed, 24 Mar 2010 01:17:46 -0500

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.