mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge firefox: allow /etc/writable/timezone and update UPower DBus access

Browse source 
Saw these couple of accesses fail recently on my Ubuntu 22.04 system:

`Jun  3 15:29:24 darkstar kernel: [5401883.070129] audit: type=1107 audit(1717442964.884:9223): pid=729 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.28" pid=2164500 label="firefox" peer_pid=2502 peer_label="unconfined"`

`Jun  3 15:29:24 darkstar kernel: [5401883.070588] audit: type=1107 audit(1717442964.884:9224): pid=729 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UPower" interface="org.freedesktop.UPower" member="EnumerateDevices" mask="send" name=":1.28" pid=2164500 label="firefox" peer_pid=2502 peer_label="unconfined"`

Also, I noticed that the `firefox` profile in the Ubuntu 24.04 package has a rule for `/etc/writable/timezone` that is not present in Git. Figured that should be in here.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/409

Closes #409
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1253
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>

(cherry picked from commit 09d8f886ca)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2024-07-17 08:38:37 +00:00 committed by John Johansen
parent 0f51513a11
commit d8e17207e8
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
profiles/apparmor/profiles/extras/firefox
View file

@ -139,7 +139,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
interface=org.gtk.gio.DesktopAppInfo
member=Launched,
/etc/timezone r,
/etc/{,writable/}timezone r,
/etc/wildmidi/wildmidi.cfg r,
# firefox specific
@ -416,14 +416,17 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
bus=system
path=/org/freedesktop/UPower
interface=org.freedesktop.UPower
member=EnumerateDevices
peer=(name=org.freedesktop.UPower),
member=EnumerateDevices,
dbus (send)
bus=system
path=/org/freedesktop/UPower
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus (send)
bus=system
path=/org/freedesktop/UPower/devices/*
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(name=org.freedesktop.UPower),
member=GetAll,
# File browser
dbus (send)