Hello,
I'm using the official apparmor profile for firefox in enforce mode but keep getting denial messages such as this:
ANDkernel: [ 3610.671282] audit: type=1400 audit(1421929442.220:69): apparmor="DENIED" operation="ptrace" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=3063 comm="firefox" requested_mask="trace" denied_mask="trace" peer="/usr/lib/firefox/firefox{,*[^s][^h]}"
I was wondering if it is safe to allow ptrace for firefox profile itself by using ->dbus[1696]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gtk/vfs/mounttracker" interface="org.gtk.vfs.MountTracker" member="ListMountableInfo" mask="send" name=":1.5" pid=3066 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1732 peer_profile="unconfined", and allowing dbus for mounttracker.ptrace (trace) peer=@{profile_name}
The second issue is aa-tools. I'm on Lubuntu and aa-genprof and aa-logprof are not working for me, it seems these tools are not reading the profile (even if I set it to read /var/syslog). Anyone else with this issue?
Thanks in advance.
Bookmarks