apparmor blocks software-center (apturl)

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu & Firefox since the time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test a current, supported, Ubuntu version. If you can test it, and it is still an issue, we would appreciate if you would let us know.

I tested this on Firefox 4 in Ubuntu 11.04 and was able to use apt: urls just fine to install software.

There is enough information here to fix the bug, it is just a question of whether or not it will be fixed.

Jamie, could you please test on Ubuntu 11.04? Because it works fine for me with apparmor enabled there. In other words, it may already have been fixed.

Just confirmed that in natty 'apt:dpkg' uses apturl again, and not software-center. As such, I will mark this as a maverick task.

I also tested this on Maverick and can confirm that even with the firefox-stable PPA (which brings in Firefox 4), this bug is still present.

Jamie, I now found the bug on natty but it works a little differently.
1. Find a .deb like this one for instance: http://ftp.us.debian.org/debian/pool/main/d/d-conf/dconf-tools_0.7.3-3_amd64.deb
2. Save the .deb
3. Double click on the .deb in Firefox's Downloads window
4. Denied by AppArmor

This now affect Natty also, thanks to bug 426215.

This bug was fixed in the package apparmor - 2.7.0-0ubuntu1

---------------
apparmor (2.7.0-0ubuntu1) precise; urgency=low

  * New upstream release. Fixes the following:
    - LP: #794974
    - LP: #815883
    - LP: #840973
  * Drop the following patches, included upstream:
    - af_names-generation.patch
    - 0004-adjust-logprof-log-search-order.patch
    - 0005-lp826914.patch
    - 0006-lp838275.patch
    - 0007-fix-introspection-tests.patch
  * Rename 0003-add-debian-integration-to-lighttpd.patch to 0002
  * debian/patches/0003-commits-through-r1882.patch: several bug,
    documentation and performance fixes on our road to AppArmor 2.8
    (LP: #840734, LP: #905412)
  * debian/patches/0004-lp887992.patch: cups-client abstraction should allow
    owner read of @{HOME}/.cups/client.conf and @{HOME}/.cups/lpoptions
    (LP: #887992)
  * update debian/patches/0001-add-chromium-browser.patch for deeper
    directories of /sys/devices/pci (LP: #885833)
  * debian/patches/0005-lp884748.patch: allow kate as text editor in the
    browsers abstraction (LP: #884748)
  * debian/patches/0006-lp870992.patch: abstractions/fonts should allow access
    to ~/.fonts.conf.d (LP: #870992)
  * debian/patches/0007-lp860856.patch: allow read access to sitecustomize.py
    in the python abstraction, which is needed for apport hooks to work in
    python applications (LP: #860856)
  * debian/patches/0008-lp852062.patch: update binaries for transmission
    clients (LP: #852062)
  * debian/patches/0009-lp851977.patch: allow ixr access to exo-open for
    Xubuntu and friends (LP: #851977)
  * debian/patches/0010-lp890894.patch: allow access to Thunar as well as
    thunar in ubuntu-integration abstraction (LP: #890894)
  * debian/patches/0011-lp817956.patch: update usr.sbin.sshd example profile
    (LP: #817956)
  * debian/patches/0012-lp458922.patch: update dovecot deliver profile to
    access various .conf files for dovecot (LP: #458922)
  * debian/patches/0013-lp769148.patch: allow avahi to do dbus introspection
    (LP: #769148)
  * debian/patches/0014-lp904548.patch: fix typo for multiarch line for gconv
    (LP: #904548)
  * debian/patches/0015-lp712584.patch: Nvidia users need access to
    /dev/nvidia* files for various plugins to work right. Since these are all
    focused around multimedia, add the acceses to the multimedia abstraction.
    (LP: #712584)
  * debian/patches/0016-lp562831.patch: allow fireclam plugin to work
    (LP: #562831)
  * debian/patches/0017-lp662906.patch: allow software-center in the ubuntu
    integration browser abstraction (LP: #662906)
  * debian/patches/0018-deny-home-pki-so.patch: update private-files
    abstraction to deny write and link to ~/.pki/nssdb/*so files (LP: #911847)
  * debian/patches/0019-lp899963.patch: add audacity to the
    ubuntu-media-players abstraction (LP: #899963)
  * debian/patches/0020-lp912754a.patch,0021-lp912754b.patch: add p11-kit
    abstraction and add it to the authentication abstraction (LP: #912754)
  * debian/patches/0022-workaround-lp851986.patch: instead of using Ux
    in the ubuntu and launchpad abstractions, use a helper child profile.
    This will help work around the lack of en...