firefox version 72.0.1 64 bit, 72.0.1+linuxmint1+tricia , linux mint 19.3.
i see there is newer ubuntu version in https://www.ubuntuupdates.org/package/ubuntu_mozilla_security/bionic/main/base/firefox , 72.0.2+build1-0ubuntu0.18.04.1 , but its changes are not for apparmor.
i have not found a page for firefox bugs in linux mint sites, so i belive i should report here. but i have also asked about that in linux mint's irc and then github.
i have enabled apparmor for firefox and see these types of messages in syslog:
Jan 28 18:43:33 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.111' (uid=1000 pid=1922 comm="/usr/lib/firefox/firefox " label="unconfined")
Jan 28 18:44:36 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5525.077960] audit: type=1400 audit(1580226276.440:27): apparmor="DENIED" operation="capable" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=15948 comm="firefox" capability=21 capname="sys_admin"
Jan 28 18:44:37 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5526.471731] audit: type=1107 audit(1580226277.832:28): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/RealtimeKit1" interface="org.freedesktop.DBus.Properties" member="Get" mask="send" name="org.freedesktop.RealtimeKit1" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1320 peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/Daemon" interface="org.gtk.vfs.Daemon" member="ListMonitorImplementations" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/Private/RemoteVolumeMonitor" interface="org.gtk.Private.RemoteVolumeMonitor" member="IsSupported" mask="send" name=":1.35" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1385 peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMounts2" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined"
Jan 28 18:44:47 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="LookupMount" mask="send" name=":1.10" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1262 peer_label="unconfined"
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[735]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.119' (uid=1000 pid=15948 comm="/usr/lib/firefox/firefox " label="/usr/lib/firefox/firefox{,*[^s][^h]} (enforce)")
Jan 28 18:44:48 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 5536.783313] audit: type=1107 audit(1580226288.143:34): pid=735 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.120" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=16177 peer_label="unconfined"
Jan 28 18:45:02 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1181]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=15948 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1370 peer_label="unconfined"
Jan 28 21:51:30 dinar-HP-Pavilion-g7-Notebook-PC kernel: [10131.880788] audit: type=1400 audit(1580237490.777:123): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.cache/mesa_shader_cache/index" pid=19720 comm="firefox" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
these appeared while saving a file:
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1151]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Change" mask="send" name="ca.desrt.dconf" pid=1584 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1301 peer_label="unconfined"
Jan 30 11:08:28 dinar-HP-Pavilion-g7-Notebook-PC kernel: [ 464.049675] audit: type=1400 audit(1580371708.871:38): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/home/dinar/.local/share/gvfs-metadata/home" pid=1584 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
these appeared while runned "firefox -p":
Jan 30 11:41:23 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[1151]: apparmor="DENIED" operation="dbus_signal" bus="session" path="/ca/desrt/dconf/Writer/user" interface="ca.desrt.dconf.Writer" member="Notify" name=":1.21" mask="receive" pid=1584 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1301 peer_label="unconfined"
Jan 30 11:42:07 dinar-HP-Pavilion-g7-Notebook-PC dbus-daemon[762]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.90' (uid=1000 pid=2892 comm="xed /home/dinar/?????????????? ????????/??????????" label="unconfined")
i have installed linux mint on another comp and this time i enabled ff apparmor profile before first run of ff.
now, i get also these messages, every time a page/url is opened/loaded:
Feb 3 18:40:24 dinar-Lenovo-G580 dbus-daemon[1307]: apparmor="DENIED" operation= "dbus_method_ call" bus="session" path="/ org/gtk/ vfs/Daemon" interface= "org.gtk. vfs.Daemon" member= "ListMonitorImp lementations" mask="send" name=":1.6" pid=4668 label=" /usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" peer_pid=1368 peer_label= "unconfined" 4.242:117) : apparmor="DENIED" operation="mkdir" profile= "/usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" name="/ home/dinar/ .cache/ fontconfig/ " pid=4668 comm=5765622043 6F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 4.242:118) : apparmor="DENIED" operation="mkdir" profile= "/usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" name="/ home/dinar/ .fontconfig/ " pid=4668 comm=5765622043 6F6E74656E74 requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 4.306:119) : pid=767 uid=103 auid=4294967295 ses=4294967295 msg='apparmor= "DENIED" operation= "dbus_method_ call" bus="system" path="/ org/freedesktop /RealtimeKit1" interface= "org.freedeskto p.DBus. Properties" member="Get" mask="send" name="org. freedesktop. RealtimeKit1" pid=4668 label=" /usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" peer_pid=1521 peer_label= "unconfined" bin/dbus- daemon" sauid=103 hostname=? addr=? terminal=?'
Feb 3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.097714] audit: type=1400 audit(158074442
Feb 3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.097721] audit: type=1400 audit(158074442
Feb 3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.162558] audit: type=1107 audit(158074442
Feb 3 18:40:24 dinar-Lenovo-G580 kernel: [ 4131.162558] exe="/usr/
on first run of firefox, there were, in addition to the above shown types, this type:
Feb 3 18:06:58 dinar-Lenovo-G580 kernel: [ 2125.679905] audit: type=1400 audit(158074241 8.752:43) : apparmor="DENIED" operation="open" profile= "/usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" name="/ home/dinar/ .config/ dconf/user" pid=3288 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0