[apparmor] Firefox (DENIED for /proc/*/task/) and plugin-container segfault.
Seth Arnold
seth.arnold at canonical.com
Fri Jan 13 02:14:29 UTC 2017
Hi Daniel,
On Wed, Jan 11, 2017 at 03:37:49PM +0100, daniel curtis wrote:
> Today, after a couple hours of using Firefox (mostly YouTube and some
> websites), suddenly browser closed unexpectedly (not by my action) and a
> dialog box appeared related to Mozilla Crash Reporter; there was a message,
> that reporter is disabled (which I did earlier - about a month ago) and no
> crash report is available etc. - here's what I remember.
>
> Anyway, [LastCrash] file (which can be found in ~/.mozilla/firefox/Crash
> Reports/ directory) contains only: 1484142985. Just like all the files in
> this directory. The last two folders; 'events' and 'pending' are empty.
> However, system log files contains an interesting entries. For example
> '/var/log/kern.log' file;
This is probably a Unix epoch measurement:
$ date --date=@1484142985
Wed Jan 11 05:56:25 PST 2017
> Jan 11 14:56:25 t4: [ 4161.295639] type=1400 audit(1484142985.517:46):
> apparmor="DENIED" operation="open" parent=2818
> profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2818/task/"
> pid=3253 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
> ouid=1000
> Jan 11 14:56:25 t4 kernel: [ 4161.540727] Chrome_ChildThr[2890]:
>
> segfault at 0 ip b76df673 sp b1efe9f0 error 6 in
> plugin-container[b76d8000+42000]
>
> As we can see, the first message contains DENIED action for
> "/proc/2818/task/", right? It's the same issue, which is described right
> here [1] (by me). The second entry is about 'plugin-container' - I have to
> mention, that today was available an update for a flashplugin [2].
This denial would prevent the program from using this interface to
enumerate its child threads. That's a reasonable enough request.
> So, I've decided to write a message here - on AppArmor mailing list,
> because of "/proc/*/task/" entry, but maybe the better place would be
> Launchpad in view of 'plugin-container' segfault etc.
>
> What do you think about this? Should I've create a bug report about
> 'plugin-container' segfault on Launchpad? If yes then what about AppArmor
> message and "/proc/*/task/"?
If you would please report back the success or failure of adding:
owner @{PROC}/@{PID}/task/ r,
to your Firefox profile, that'd decide where to file the bug. :)
I'm sorry I overlooked your earlier mail on this denial.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170112/1e081bf6/attachment.pgp>
More information about the AppArmor
mailing list