I've just put the default AppArmor profile for firefox into enforcing mode ( sudo aa-enforce /etc/apparmor.d/usr.bin.firefox ), and when I tried to view a you tube video ( using the flash plug-in ), and it played normally, until I hit the full-screen button. This caused the plug-in to crash.

The following message was printed to my kern.log:

Dec 29 10:09:43 bill-desktop kernel: [ 1223.788611] type=1503 audit(1293635383.181:1635): operation="file_mmap" pid=1600 parent=1536 profile="/usr/lib/firefox-3.6.13/firefox-*bin" requested_mask="::m" denied_mask="::m" fsuid=1000 ouid=0 name="/dev/zero"

Apparently, dev/zero is a way to copy nulls; "file_mmap" refers to a memory mapping function; so I guess maybe it's trying to create an area in memory and initialize it to nulls.

There's no specific reference to '/dev/zero' in the profile, so I don't know...

Has anyone seen this before? I wonder whether this is a security issue or not.

And, if it's not a security issue, what could be put into the profile to allow the operation?

Thanks in advance. Happy New Year!