Quote Originally Posted by tlu View Post
Thanks, bodhi.zazen. Here's the complete output:
Well, you are in quite a tizzy I see.

You really need to start over.

1. Stop firefox.

2. Reload apparmor

Code:
sudo service apparmor stop
sudo service apparmor start
That will clear out all those null profiles.

3. You need to understand what you are doing as I think you are missing the point. As I keep telling you, a null profile is generated when the apparmor denies execute access to something.

In complain mode, access is allowed, but the process is then named null something. For example, you have a long list,

/usr/lib/firefox-3.6.5pre/firefox-*bin//null-24

See the null-24 ?

Apparmor will generate a denial for everything "/usr/lib/firefox-3.6.5pre/firefox-*bin//null-24" tries to access.

You do not debug "/usr/lib/firefox-3.6.5pre/firefox-*bin//null-24" , you fix the initial denial that caused "/usr/lib/firefox-3.6.5pre/firefox-*bin//null-24" to be created.

So you have to look up in your logs to the last denial that does not contain a "null". Fix that denial, and the nulls will go away.

This elaborate procedure is to "help" debugging apparmor profiles, but in practice, it is of little help at all, and as you can see, causes more confusion.

You do not "debug" anything with a "//null-xx" in the name, you have to debug the initial denial that caused the null.

As with previous posts, you are not posting the initial denial. Your posts keep getting longer, but I do not think you understand what to look for.

Please:

1. Do not post long logs like that. They do not help and only clutter your posts.

2. Do not post any log message that contains a null profile. They clutter your post and do not help at all.


Now, open a terminal. Enter:

Code:
tail -F /var/log/messages
Watch this terminal for errors.

With your firefox apparmor in complain mode, open firefox. If firefox is not working, apparmor is not the problem -> go debug firefox or whatever addon or plugin that is broken.

If firefox works, close firefox, and debug any denials you received in the "tail -F /var/log/messages" terminal.

Keep repeating until you have managed all the denials.

Then put the firefox profile into enforcing mode and try to start firefox.

Post any denial you do not understand, but do not post any denial with a null profile in it.