Ubuntu
firefox-3.5 package

usr.bin.firefox* profiles

Bug #510644 reported by Thomas Templin
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
firefox-3.5 (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

Binary package hint: apparmor

apparmor firefox profiles need dirname and pwd entry to allow firefox to start

Paket Name: apparmor-profiles
Release: Ubuntu 10.04 lucid
Version: 2.3.1+bzr1312-0ubuntu4

Symptom: Firefox doesn't start anymore
Error messages:

--8<--
  $ firefox
  /usr/lib/firefox-3.6pre/firefox: 59: dirname: Permission denied
  /usr/lib/firefox-3.6pre/firefox: 88: /bin/pwd: Permission denied
  /usr/lib/firefox-3.6pre/run-mozilla.sh: 39: dirname: Permission denied
  /usr/lib/firefox-3.6pre/firefox-bin: error while loading shared libraries: libxul.so: cannot open shared object file: No such file or directory
-->8--

Fix: add lines for dirname and pwd

--8<--
  # These are needed when a new user starts firefox and firefox.sh is used
  /usr/lib/firefox-3.*/** ixr,
  /usr/bin/basename ixr,
  /usr/bin/dirname ixr,
  /usr/bin/pwd ixr,
  /sbin/killall5 ixr,
-->8--

regards,
thomas

ProblemType: Bug
ApparmorStatusOutput:
 Error: command /usr/sbin/apparmor_status failed with exit code 4: You do not have enough privilege to read the profile set.
 apparmor module is loaded.
Architecture: i386
Date: Thu Jan 21 14:21:38 2010
Dependencies:

DistroRelease: Ubuntu 10.04
NonfreeKernelModules: nvidia
Package: apparmor-profiles 2.3.1+bzr1312-0ubuntu4
ProcEnviron:
 LANGUAGE=de_DE.UTF-8
 PATH=(custom, user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-11.15-generic
SourcePackage: apparmor
Uname: Linux 2.6.32-11-generic i686

Related branches

lp:ubuntu/lucid/firefox
Revision history for this message
Thomas Templin (coastgnu) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updated 3.6 branch for this.

affects: apparmor (Ubuntu) → firefox-3.5 (Ubuntu)
Changed in firefox-3.5 (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → High
status: New → Fix Committed
tags: added: apparmor
removed: i386
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The fix should be in the next daily build. Thanks for your report!

Changed in firefox-3.5 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Thomas Templin (coastgnu) wrote : Re: [Bug 510644] [NEW] usr.bin.firefox* profiles

Paket Name: apparmor-profiles
Release: Ubuntu 10.04 lucid
Version: 2.3.1+bzr1312-0ubuntu4

Symptom: /usr/lib/firefox-3.6pre/firefox.sh doesn't start

Syslog says:

---8<--- /var/log/syslog ---8<---
Jan 22 22:32:47 ubuntu kernel: [43190.440369] type=1503
audit(1264195967.220:55): operation="exec" pid=29293 parent=29286
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::x"
denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/expr"
Jan 22 22:45:57 ubuntu kernel: [43980.869839] type=1503
audit(1264196757.648:56): operation="exec" pid=557 parent=1
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::x"
denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/gdebi-gtk"
Jan 22 22:45:57 ubuntu kernel: [43981.078179] type=1503
audit(1264196757.856:57): operation="open" pid=29298 parent=29294
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::r"
denied_mask="::r" fsuid=1000 ouid=0 name="/etc/asound.conf"
Jan 22 22:45:57 ubuntu kernel: [43981.078203] type=1503
audit(1264196757.856:58): operation="open" pid=29298 parent=29294
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="r::"
denied_mask="r::" fsuid=1000 ouid=1000 name="/home/username/.asoundrc"
Jan 22 22:45:57 ubuntu kernel: [43981.150445] type=1503
audit(1264196757.928:59): operation="open" pid=29298 parent=29294
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="::r"
denied_mask="::r" fsuid=1000 ouid=0 name="/etc/asound.conf"
Jan 22 22:45:57 ubuntu kernel: [43981.150461] type=1503
audit(1264196757.928:60): operation="open" pid=29298 parent=29294
profile="/usr/lib/firefox-3.6*/firefox{,*[^s][^h]}" requested_mask="r::"
denied_mask="r::" fsuid=1000 ouid=1000 name="/home/username/.asoundrc"

--->8--- /var/log/syslog --->8---

In short:
 - denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/expr"
 - denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/gdebi-gtk"
 - denied_mask="::r" fsuid=1000 ouid=0 name="/etc/asound.conf"
 - denied_mask="r::" fsuid=1000 ouid=1000 name="/home/username/.asoundrc"
 - denied_mask="::r" fsuid=1000 ouid=0 name="/etc/asound.conf"
 - denied_mask="r::" fsuid=1000 ouid=1000 name="/home/username/.asoundrc"

regards,
thomas

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Please upgrade to the latest daily. The recent renaming changes of the binary weren't updated in the profile yesterday, but should be available now.

Revision history for this message
aslam karachiwala (akwala) wrote :

Updated earlier today:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.1pre) Gecko/20100123 Ubuntu/9.10 (karmic) DotSpots/20100121-1452 Namoroka/3.6.1pre

The problem persists. See: http://ubuntuforums.org/showthread.php?p=8707536

Firefox doesn't start. The following errors are reported:
/usr/lib/firefox-3.6.1pre/firefox: 59: dirname: Permission denied
/usr/lib/firefox-3.6.1pre/firefox: 88: /bin/pwd: Permission denied
/usr/lib/firefox-3.6.1pre/run-mozilla.sh: 39: dirname: Permission denied
/usr/lib/firefox-3.6.1pre/firefox-bin: error while loading shared libraries: libxul.so: cannot open shared object file: No such file or directory

Doing the following fixes the problem, but it has to be done after every system start:
sudo /etc/init.d/apparmor reload

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.