[apparmor] [profile] Firefox: /proc/*/task/ DENIED entry (not included in the official/default profile.)

[daniel curtis]

Hi

Today, I've noticed one DENIED entry in a log files, such as
/var/log/kern.log etc. It was a little surprising, because I did not saw any
log entry - related to Firefox - for a long time. Anyway, it looks this
way:

Dec 31 20:55:10 t4 kernel: [12559.645813] type=1400
audit(1483214110.873:46): apparmor="DENIED" operation="open" parent=2210
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/3526/task/"
pid=2649 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000

I'm using a default profile (supplied with 12.04 LTS release) with a couple
of rules added by me, because of - for example - e10s and net/arp issues.
Nothing more, nothing less. I don't see any rule related to the above log
entry. There is something like this in Firefox profile:

owner @{PROC}/[0-9]*/task/[0-9]*/stat r,

But, as we can see it doesn't refers to an entry in the log file, right?
So, what could be the reason for such situation and what rule should/could
be added to the profile to avoid similar entries? Could it be something
like this:

owner @{PROC}/[0-9]*/task/* r,

Since Firefox has been updated to version: 49 and 50 etc., log files have
started to log many entries, such as '/proc/*/net/arp' or
'/run/shm/org.chromium.*' (as a result I have had to add a proper rules to
the profile), so maybe it's a time to update a default Firefox profile?

Summarizing: what should I do in such situation? Please remember, that it
is just one log entry, so maybe it was my fault?

Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161231/39a5f92a/attachment.html>