search

roddhjav / apparmor.d

Full set of AppArmor profiles (~ 1500 profiles)
https://apparmor.pujol.io
GNU General Public License v2.0
468 stars 47 forks source link

Firefox does not print to file #283

Closed vam67423 closed 10 months ago

vam67423 commented 10 months ago

When using the print feature to save a page as PDF, no actual file is created.

Since I didn't find any apparmor complains in my logs, I am not sure what causes this. During the print attempt this log entry appears in the journal however:

firefox.desktop[4188]: IPDL protocol Error: Received an invalid file descriptor

IPDL is the internal IPC protocol used by firefox and their various child processes https://firefox-source-docs.mozilla.org/ipc/ipdl.html

The target location for the PDF is @{HOME}/Downloads Saving the page as html in Downloads works as expected, therefore the file permission seem fine.

nobody43 commented 10 months ago

That's quite extensive. @roddhjav, I could do this.

  firefox
[/etc/timezone r,]                                 operation=open comm=firefox-esr
[/tmp/00UAI2.tmp r,]                               operation=open,rename_src comm=firefox-esr
[@{bin}/speech-dispatcher rx,]                     path_diffs=/usr/bin operation=exec comm='speechd init'

  firefox▶speech-dispatcher
[/etc/speech-dispatcher/clients/ r,]               operation=open comm=speech-dispatch
[/etc/speech-dispatcher/clients/emacs.conf r,]     operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/ r,]               operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/dtk-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/epos-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/espeak-mbrola-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/espeak-ng-mbrola-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/llia_phon-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/mary-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/mimic3-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/modules/swift-generic.conf r,] operation=open comm=speech-dispatch
[/etc/speech-dispatcher/speechd.conf r,]           operation=open comm=speech-dispatch
[@{bin}/dash rx,]                                  path_diffs=/usr/bin operation=exec comm=speech-dispatch
[@{bin}/speech-dispatcher r,]                      path_diffs=/usr/bin operation=file_mmap comm=speech-dispatch
[@{lib}/speech-dispatcher-modules/sd_dummy rx,]    path_diffs=/usr/lib operation=exec comm=speech-dispatch
[@{lib}/speech-dispatcher-modules/sd_espeak-ng rx,] path_diffs=/usr/lib operation=exec comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/ c,]   path_diffs=/run,1000 operation=mkdir comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/log/ c,] path_diffs=/run,1000 operation=mkdir comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/log/debug/ c,] path_diffs=/run,1000 operation=mkdir comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/log/dummy.log wc,] path_diffs=/run,1000 operation=mknod,open comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/log/espeak-ng-mbrola.log wc,] path_diffs=/run,1000 operation=mknod,open comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/log/espeak-ng.log wc,] path_diffs=/run,1000 operation=mknod,open comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/log/speech-dispatcher.log wc,] path_diffs=/run,1000 operation=file_perm,mknod,open comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/pid/ c,] path_diffs=/run,1000 operation=mkdir comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/pid/speech-dispatcher.pid wdck,] path_diffs=/run,1000 operation=file_lock,mknod,open,unlink comm=speech-dispatch
[owner @{run}/user/@{uid}/speech-dispatcher/speechd.sock c,] path_diffs=/run,1000 operation=mknod comm=speech-dispatch

  firefox▶speech-dispatcher▶/usr/lib/speech-dispatcher-modules/sd_dummy
[/dev/shm/ r,]                                     operation=open comm=sd_dummy
[/etc/machine-id r,]                               operation=open comm=threaded-ml
[/etc/pulse/client.conf r,]                        operation=open comm=sd_dummy
[/etc/pulse/client.conf.d/ r,]                     operation=open comm=sd_dummy
[owner @{run}/user/@{uid}/pulse/ r,]               path_diffs=/run,1000 operation=open comm=sd_dummy
[owner @{run}/user/@{uid}/speech-dispatcher/log/dummy.log w,] path_diffs=/run,1000 operation=file_inherit comm=sd_dummy
[owner @{run}/user/@{uid}/speech-dispatcher/log/espeak-ng.log w,] path_diffs=/run,1000 operation=file_inherit comm=sd_dummy
[owner @{run}/user/@{uid}/speech-dispatcher/log/speech-dispatcher.log a,] path_diffs=/run,1000 operation=file_inherit comm=sd_dummy
[owner @{run}/user/@{uid}/speech-dispatcher/pid/speech-dispatcher.pid w,] path_diffs=/run,1000 operation=file_inherit comm=sd_dummy
[owner @{user_config_dirs}/pulse/cookie rk,]       path_diffs=/home/user/.config operation=file_lock,open comm=threaded-ml

  firefox▶speech-dispatcher▶/usr/lib/speech-dispatcher-modules/sd_espeak-ng
[/dev/shm/ r,]                                     operation=open comm=sd_espeak-ng,sd_espeak-ng-mb
[/etc/machine-id r,]                               operation=open comm=threaded-ml
[/etc/pulse/client.conf r,]                        operation=open comm=sd_espeak-ng,sd_espeak-ng-mb
[/etc/pulse/client.conf.d/ r,]                     operation=open comm=sd_espeak-ng,sd_espeak-ng-mb
[/etc/speech-dispatcher/modules/espeak-ng-mbrola.conf r,] operation=open comm=sd_espeak-ng-mb
[/etc/speech-dispatcher/modules/espeak-ng.conf r,] operation=open comm=sd_espeak-ng
["@{lib}/x86_64-linux-gnu/espeak-ng-data/voices/!v/Mr serious" r,] path_diffs=/usr/lib operation=open comm=sd_espeak-ng,sd_espeak-ng-mb
[owner @{run}/user/@{uid}/pulse/ r,]               path_diffs=/run,1000 operation=open comm=sd_espeak-ng,sd_espeak-ng-mb
[owner @{run}/user/@{uid}/speech-dispatcher/log/espeak-ng-mbrola.log w,] path_diffs=/run,1000 operation=file_inherit comm=sd_espeak-ng-mb
[owner @{run}/user/@{uid}/speech-dispatcher/log/espeak-ng.log w,] path_diffs=/run,1000 operation=file_inherit comm=sd_espeak-ng
[owner @{run}/user/@{uid}/speech-dispatcher/log/speech-dispatcher.log a,] path_diffs=/run,1000 operation=file_inherit comm=sd_espeak-ng-mb
[owner @{run}/user/@{uid}/speech-dispatcher/pid/speech-dispatcher.pid w,] path_diffs=/run,1000 operation=file_inherit comm=sd_espeak-ng-mb
[owner @{user_config_dirs}/pulse/cookie rk,]       path_diffs=/home/user/.config operation=file_lock,open comm=threaded-ml

  firefox▶speech-dispatcher▶dash
[/dev/null wc,]                                    operation=open comm=sh
[/etc/speech-dispatcher/modules/dtk-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/epos-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/espeak-mbrola-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/espeak-ng-mbrola-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/llia_phon-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/mary-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/mimic3-generic.conf r,] operation=file_inherit comm=sh
[/etc/speech-dispatcher/modules/swift-generic.conf r,] operation=file_inherit comm=sh
[@{bin}/dash r,]                                   path_diffs=/usr/bin operation=file_mmap comm=sh
[owner @{run}/user/@{uid}/speech-dispatcher/log/speech-dispatcher.log a,] path_diffs=/run,1000 operation=file_inherit comm=sh
[owner @{run}/user/@{uid}/speech-dispatcher/pid/speech-dispatcher.pid w,] path_diffs=/run,1000 operation=file_inherit comm=sh
roddhjav commented 10 months ago

Thanks, should be fixed now.

nobody43 commented 10 months ago

owner /tmp/@{rand6}.tmp rw, seems to be the only culprit. Probably a side effect from #275 But I cant reproduce speech-dispatcher call anymore!

vam67423 commented 10 months ago

Thanks, should be fixed now.

Thank you. May I ask how you found the issue? I could not locate anything in my logs about it

nobody43 commented 10 months ago

I will answer while Alex is busy. Your options are: aa-log (comes with this package) tail /var/log/audit/audit.log (requires auditd package) tail /var/log/syslog (requires rsyslog package) tail /var/log/messages dmesg

roddhjav commented 10 months ago

owner /tmp/@{rand6}.tmp rw, seems to be the only culprit. Probably a side effect from https://github.com/roddhjav/apparmor.d/pull/275 But I cant reproduce speech-dispatcher call anymore!

That is a side effect from #275. speech-dispatcher is not really an issue (it is explicitly denied in the firefox from apparmor-profiles-extra)

To work aa-log, requires either auditd or rsyslog to be installed and enabled.