[Bug 676701] [NEW] syslog overflowing with apparmor audit ptrace firefox-*bin messages

Launchpad Bug Tracker 676701 at bugs.launchpad.net
Wed Jun 22 17:01:39 UTC 2011 

You have been subscribed to a public bug:

Binary package hint: apparmor


https://help.ubuntu.com/community/ReportingBugs  compliant report

 1. What you expected to happen

going to the swimming pool

 2. What actually happened

System : Ubuntu 10.04 (upgrade) up to date, Kernel is 2.6.32-26-generic, Firefox:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12

syslog is literally overflowing with messages like this (many suppressed):
xxx kernel: [15514.454740] type=1503 audit(1289919221.465:10403):  operation="ptrace" pid=4885 parent=4884 profile="/usr/lib/firefox-3.6.12/firefox-*bin" tracer=4885 tracee=2247
every time a window or tab or something opens.

I added  deny capability sys_ptrace,  to /etc/apparmor.d/usr.bin.firefox
and I ran   sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox  giving

Nov 16 19:30:13 p-hp-u kernel: [28506.718832] type=1505 audit(1289932213.729:46716):  operation="profile_replace" pid=9268 name="/usr/lib/firefox-3.6.12/firefox-*bin"
Nov 16 19:30:13 p-hp-u kernel: [28506.719106] type=1505 audit(1289932213.729:46717):  operation="profile_replace" pid=9268 name="/usr/lib/firefox-3.6.12/firefox-*bin//firefox_java"
Nov 16 19:30:13 p-hp-u kernel: [28506.719488] type=1505 audit(1289932213.729:46718):  operation="profile_replace" pid=9268 name="/usr/lib/firefox-3.6.12/firefox-*bin//firefox_openjdk"

But the messages continued.  Then

2a. close all firefox windows
2b. sudo apparmor_parser -r -W -T /etc/apparmor.d/usr.bin.firefox
2c. start firefox

Messages continued to continue.

 3. The minimal series of steps necessary to make it happen, where step
1 is "start the program"

0 Boot up and Log in
1 Firefoxtrot.
2 read syslog (optional)

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: Triaged

-- 
syslog overflowing with apparmor audit ptrace firefox-*bin messages
https://bugs.launchpad.net/bugs/676701
You received this bug notification because you are a member of Mozilla Bugs, which is subscribed to firefox in Ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list