[Bug 921042] Re: firefox apparmor profile prevents viewing contents of downloaded tarball
Jamie Strandboge
jamie at ubuntu.com
Tue Jan 24 16:29:19 UTC 2012
Yeah, this is an unfortunate by-product of the sanitized_helper child
profile hack to work around the lack of proper environment filtering in
AppArmor. The read is denied because a read is all that is needed for
python to import code, so the sanitized_helper is protecting children
from inheriting a modified PYTHONPATH and executing arbitrary code.
The solution for this bug with the current AppArmor is to create system-
wide profiles for file-roller and gedit (so that these profiles are used
instead of the sanitized_helper). These profiles could be very open. You
could alternatively not use the ubuntu-browsers.d/multimedia abstraction
and redefine file-roller to not use sanitized_helper (but lose the
protection it affords).
The workaround for this bug is to download the tarball first and open it
via nautilus.
** Changed in: firefox (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/921042
Title:
firefox apparmor profile prevents viewing contents of downloaded
tarball
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/921042/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list