these are caused by the following rule in the firefox profile
deny /usr/share/mozilla/extensions/**/ w,
^
notice the deny part of the rule? In AppArmor this will also cause auditing of matching rejects to not log rejects. This
is because the deny rule is a way of documenting known rejects, which in most cases you wouldn't want to fill your
logs with. This can be worked around at the rule level by prepending the audit keyword.
To test if deny rules were causing rejects to be suppressed I did the following
sudo echo -n noquiet >/sys/modules/apparmor/parameters/audit
This tells apparmor to not do any quieting of any denied events.
after disabling the rule, http://www.java.com/de/download/help/testvm.xml worked for me. Further more once firefox had executed successfully and created the files it needed, I was able to enable the rule and java continued to work.
On my system using the Sun JRE, AppArmor is causing the the following 2 rejects:
type=APPARMOR_ DENIED msg=audit( 1263353292. 755:25) : operation="mkdir" pid=2014 parent=1 profile= "/usr/lib/ firefox- 3.5*/firefox{ ,*[^s][ ^h]}" requested_ mask="w: :" denied_mask="w::" fsuid=1000 ouid=1000 name="/ usr/share/ mozilla/ extensions/ {ec8030f7- c20a-464f- 9b0e-13a3a9e973 84}/" DENIED msg=audit( 1263353292. 775:26) : operation="mknod" pid=2014 parent=1 profile= "/usr/lib/ firefox- 3.5*/firefox{ ,*[^s][ ^h]}" requested_ mask="w: :" denied_mask="w::" fsuid=1000 ouid=1000 name="/ usr/lib/ firefox- 3.5.7/update. test"
type=APPARMOR_
these are caused by the following rule in the firefox profile mozilla/ extensions/ **/ w,
deny /usr/share/
^
notice the deny part of the rule? In AppArmor this will also cause auditing of matching rejects to not log rejects. This
is because the deny rule is a way of documenting known rejects, which in most cases you wouldn't want to fill your
logs with. This can be worked around at the rule level by prepending the audit keyword.
To test if deny rules were causing rejects to be suppressed I did the following apparmor/ parameters/ audit
sudo echo -n noquiet >/sys/modules/
This tells apparmor to not do any quieting of any denied events.
after disabling the rule, http:// www.java. com/de/ download/ help/testvm. xml worked for me. Further more once firefox had executed successfully and created the files it needed, I was able to enable the rule and java continued to work.