[apparmor] [profile] Firefox: "DENIED", requested/denied_mask="r" for /proc/*/net/arp.
daniel curtis
sidetripping at gmail.com
Fri Nov 25 12:48:31 UTC 2016
Hi Christian
There is some problem with reloading Firefox profile and restarting
AppArmor (e.g. via /etc/init.d/). It seems, that responsible is one rule:
@{PROC}/@{pids}/net/arp r,
This is a rule proposed by you. Here's what happens:
[~]$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox
Found reference to variable pids, but is never declared
[~]$ sudo /etc/init.d/apparmor restart
* Reloading AppArmor profiles
Found reference to variable pids, but is never declared [fail]
That's happened, even with Firefox disabled etc. But, adding this rule:
@{PROC}/[0-9]*/net/arp r,
Everything seems to work OK.:
[~]$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox
[~]$
[~]$ sudo /etc/init.d/apparmor restart
* Reloading AppArmor profiles [ OK ]
I don't know why, I don't know the reasons. So, for now I've decided to
leave the second rule and use the first one.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161125/b8573e08/attachment.html>
More information about the AppArmor
mailing list