Comment 25 for bug 484148

On my system using the Sun JRE, AppArmor is causing the the following 2 rejects:

type=APPARMOR_DENIED msg=audit(1263353292.755:25): operation="mkdir" pid=2014 parent=1 profile="/usr/lib/firefox-3.5*/firefox{,*[^s][^h]}" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/"
type=APPARMOR_DENIED msg=audit(1263353292.775:26): operation="mknod" pid=2014 parent=1 profile="/usr/lib/firefox-3.5*/firefox{,*[^s][^h]}" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/usr/lib/firefox-3.5.7/update.test"

these are caused by the following rule in the firefox profile
  deny /usr/share/mozilla/extensions/**/ w,
  ^
  notice the deny part of the rule? In AppArmor this will also cause auditing of matching rejects to not log rejects. This
  is because the deny rule is a way of documenting known rejects, which in most cases you wouldn't want to fill your
  logs with. This can be worked around at the rule level by prepending the audit keyword.

To test if deny rules were causing rejects to be suppressed I did the following
  sudo echo -n noquiet >/sys/modules/apparmor/parameters/audit
This tells apparmor to not do any quieting of any denied events.

after disabling the rule, http://www.java.com/de/download/help/testvm.xml worked for me. Further more once firefox had executed successfully and created the files it needed, I was able to enable the rule and java continued to work.