Hi--
Testing some things here to see if I can find some clues.
1. First I set to complain and asked for a status:
Code:
doug@doug2:/etc/apparmor.d$ sudo aa-complain /etc/apparmor.d/usr.bin.firefox
Setting /etc/apparmor.d/usr.bin.firefox to complain mode.
doug@doug2:/etc/apparmor.d$ sudo service apparmor status | grep firefox
/usr/lib/firefox-9.0.1/firefox-*bin
/usr/lib/firefox-9.0.1/firefox-*bin//firefox_java
/usr/lib/firefox-9.0.1/firefox-*bin//firefox_openjdk
/usr/lib/firefox-10.0/firefox{,*[^s][^h]}
/usr/lib/firefox-10.0/firefox{,*[^s][^h]}//firefox_java
/usr/lib/firefox-10.0/firefox{,*[^s][^h]}//firefox_openjdk
/usr/lib/firefox-10.0/firefox{,*[^s][^h]} (25177)
doug@doug2:/etc/apparmor.d$
The status responses are not comprehensible to me. Are they telling me anything useful?
Before I did this, I could not do a download to a network directory as I wished. After this, I could download to the network folder where I want it. I was running
Code:
tail -F /var/log/messages
while I did this test, and got absolutely no log messages during this download after I set it to complain.
Before I set it to complain, I did get several complaints, some as I started specifying the download on the website, but before I actually hit the download button there:
Code:
Feb 9 20:34:11 localhost kernel: [1380679.327154] type=1503 audit(1328837651.071:785): operation="open" pid=26284 parent=1 profile="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F73616D2F646F7567322F646C2D323031312F3230313130373032206C69666520726576696577206D616E75616C2E646F63
Feb 9 20:34:18 localhost kernel: [1380686.316686] type=1503 audit(1328837658.063:786): operation="open" pid=26292 parent=1 profile="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/sam/doug2/dl-2012/ImportExportTools-2.6.4.xpi"
Feb 9 20:34:42 localhost kernel: [1380710.568448] type=1503 audit(1328837682.315:787): operation="mknod" pid=25177 parent=1 profile="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/sam/doug2/dl-2012/backup-Feb-8-2012-1.tar.gz.test"
Feb 9 20:35:23 localhost kernel: [1380751.874843] type=1503 audit(1328837723.619:788): operation="open" pid=26319 parent=1 profile="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/sam/doug2/dl-2012/ImportExportTools-2.6.4.xpi"
Feb 9 20:35:23 localhost kernel: [1380751.881754] type=1503 audit(1328837723.627:789): operation="open" pid=26317 parent=1 profile="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/sam/doug2/dl-2012/ImportExportTools-2.6.4.xpi"
Feb 9 20:35:33 localhost kernel: [1380761.980555] type=1503 audit(1328837733.727:790): operation="open" pid=26317 parent=1 profile="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F73616D2F646F7567322F646C2D323031312F3230313130373032206C69666520726576696577206D616E75616C2E646F63
Feb 9 20:37:24 localhost sudo: pam_sm_authenticate: Called
Feb 9 20:37:24 localhost sudo: pam_sm_authenticate: username = [doug]
Feb 9 20:41:09 localhost kernel: [1381097.953132] type=1505 audit(1328838069.699:791): operation="profile_replace" pid=26474 name="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}"
Feb 9 20:41:09 localhost kernel: [1381097.953363] type=1505 audit(1328838069.699:792): operation="profile_replace" pid=26474 name="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}//firefox_java"
Feb 9 20:41:09 localhost kernel: [1381097.953594] type=1505 audit(1328838069.699:793): operation="profile_replace" pid=26474 name="/usr/lib/firefox-10.0/firefox{,*[^s][^h]}//firefox_openjdk"
So that is one set of clues, although I do not know what it means.
2. The second is that since this upgrade, I cannot do *uploads* either. I have tried uploads to both Facebook and Dropbox.com and neither will go. The uploads are from a network directory.
Aha! Having this set in complain mode allows me to do some uploading on Facebook. I uploaded 2 or so photos, and then Facebook started complaining about needing the latest Flash Player (which I have), and pushed me into their "Basic uploader" Then it would not publish the pictures, but did allow them to be uploaded. In any case, I don't think I got anything in the log during the first two regular uploads, but these on the basic uploads:
Code:
Feb 9 21:03:38 localhost kernel: [1382447.226468] Inbound IN=eth0 OUT= MAC[blanked] SRC=184.85.82.110 DST=192.168.0.5 LEN=77 TOS=0x00 PREC=0x20 TTL=58 ID=48916 DF PROTO=TCP SPT=443 DPT=57301 WINDOW=17119 RES=0x00 ACK PSH URGP=0
Feb 9 21:03:39 localhost kernel: [1382447.739642] Inbound IN=eth0 OUT= MAC=[blanked] SRC=184.85.82.110 DST=192.168.0.5 LEN=77 TOS=0x00 PREC=0x20 TTL=58 ID=22840 DF PROTO=TCP SPT=443 DPT=57299 WINDOW=17119 RES=0x00 ACK PSH URGP=0
Feb 9 21:03:39 localhost kernel: [1382447.866736] Inbound IN=eth0 OUT= MAC=[blanked] SRC=184.85.82.110 DST=192.168.0.5 LEN=77 TOS=0x00 PREC=0x20 TTL=58 ID=64543 DF PROTO=TCP SPT=443 DPT=57300 WINDOW=17119 RES=0x00 ACK PSH URGP=0
Feb 9 21:04:06 localhost kernel: [1382475.067031] Inbound IN=eth0 OUT= MAC=[blanked] SRC=184.85.82.110 DST=192.168.0.5 LEN=77 TOS=0x00 PREC=0x20 TTL=58 ID=48917 DF PROTO=TCP SPT=443 DPT=57301 WINDOW=17119 RES=0x00 ACK PSH URGP=0
Feb 9 21:04:07 localhost kernel: [1382476.090707] Inbound IN=eth0 OUT= MAC=[blanked] SRC=184.85.82.110 DST=192.168.0.5 LEN=77 TOS=0x00 PREC=0x20 TTL=58 ID=22841 DF PROTO=TCP SPT=443 DPT=57299 WINDOW=17119 RES=0x00 ACK PSH URGP=0
Feb 9 21:04:08 localhost kernel: [1382476.347576] Inbound IN=eth0 OUT= MAC=[blanked] SRC=184.85.82.110 DST=192.168.0.5 LEN=77 TOS=0x00 PREC=0x20 TTL=58 ID=64544 DF PROTO=TCP SPT=443 DPT=57300 WINDOW=17119 RES=0x00 ACK PSH URGP=0
Seems clear to me that Apparmor is the culprit here. (FWIW, I am able to do uploads via the Epiphany browser.)
So is there some solution to all this?
Is Apparmor more trouble than it's worth?
Bookmarks