Comment 5 for bug 1495248

Revision history for this message
Simon Déziel (sdeziel) wrote : Re: [Bug 1495248] Re: usr.bin.firefox blocks /dev/shm

On 2017-01-31 05:46 PM, Jean-Philippe Guérard wrote:
> I was able to reproduce the problem, but only using the flash plugin:
>
> Jan 31 23:38:34 tigreraye kernel: [221147.141240] audit: type=1400 audit(1485902314.881:3406): apparmor="DENIED" operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/dev/shm/org.chromium.CvbXEt" pid=11592 comm="plugin-containe" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
> Jan 31 23:38:34 tigreraye kernel: [221147.141263] audit: type=1400 audit(1485902314.881:3407): apparmor="DENIED" operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/dev/shm/org.chromium.5Am9iK" pid=11592 comm="plugin-containe" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

Good, thanks for the additional information.

> I also tried the java plugin, but it does not use /dev/shm (it fails,
> but for another reason):
>
> Jan 31 23:43:49 tigreraye kernel: [221461.300441] audit: type=1400 audit(1485902629.062:6116995): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11779 comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
> Jan 31 23:43:49 tigreraye kernel: [221461.301683] audit: type=1400 audit(1485902629.062:6116996): apparmor="DENIED" operation="exec" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/lib/jvm/java-8-oracle/jre/bin/java" pid=11780 comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

Yeah, it seems like the Oracle version of the JRE/JDK isn't authorized
in /etc/apparmor.d/abstractions/ubuntu-browsers.d/java. Even OpenJDK/JRE
8 isn't authorized. Both should be supported IMHO.

Thanks,
Simon