[apparmor] Need help on fixing firefox apparmor rule
John Johansen
john.johansen at canonical.com
Sat Nov 24 11:21:38 UTC 2012
On 11/24/2012 01:50 AM, Aaron Lewis wrote:
> Hi,
>
> I run Arch Linux with apparmor enabled kernel (3.6.7), now I encountered some problem with firefox,
>
> It looked ugly, so I set the profile to complain mode, now I see this:
>
> kernel: type=1400 audit(1353749970.556:556): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name=2F4170706C69636174696F6E2F7468656D65732F4C696F6E2D7468656D652D72656C6F61646564202F67746B2D322E302F67746B7263 pid=14778 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
>
> How should I fix it? the "name" looked way too wired to me, should I just add a "XXX r," ? Or it's something specific to .. dbus or systemd?
>
The name has a special character in it so it has been encoded by the audit system to avoid being parsed incorrectly. You can use the aa-decode tool to unencode the name
aa-decode 2F4170706C69636174696F6E2F7468656D65732F4C696F6E2D7468656D652D72656C6F61646564202F67746B2D322E302F67746B7263
Decoded: /Application/themes/Lion-theme-reloaded /gtk-2.0/gtkrc
so it is the space character that caused this particular name to be encoded
If you include the space in policy make sure it is quoted
"/Application/themes/Lion-theme-reloaded /gtk-2.0/gtkrc" r,
More information about the AppArmor
mailing list