Ubuntu
apparmor package

Profile usr.bin.firefox requires additional entries for nVidia hardware acceleration

Bug #1325050 reported by Kaosu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Undecided
Marc Deslauriers

Bug Description

Release: Xubuntu 14.04
Version: AppArmor 2.8.95~2430-0ubuntu5, FireFox 29.0+build1-0ubuntu0.14.04.2, nVidia proprietary driver 331.38

What you expected to happen: Firefox to run without errors when setting usr.bin.firefox to enforce mode with the default profile.

What happened instead: Constant "DENIED" errors were sent to /var/log/kern.log and FireFox was unable use hardware acceleration that the propreitary nVidia driver provides.

Solution:

The following additional rule must be added to usr.bin.firefox for proper operation when using the proprietary nVidia driver:

 owner @{HOME}/.nv/GLCache/ r,
 owner @{HOME}/.nv/GLCache/** rwk,
 @{PROC}/driver/nvidia/params r,
 @{PROC}/modules r,

Jamie also said that @{PROC}/modules r, is likely not needed and could be replaced with deny /proc/modules r,

Tags: patch
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Sent the attached patch to the upstream list.

Changed in apparmor (Ubuntu):
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Patch accepted in upstream trunk in r2523

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Assigning Marc since this will be fixed when refreshes Ubuntu's apparmor package with trunk.

Changed in apparmor (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.