Open Bug 1827228 Opened 2 years ago Updated 9 months ago

incorrect dbus service name in apparmor profile for ESR snap package

Categories

(Firefox Build System :: Third Party Packaging, defect, P3)

Product:
Firefox Build System
Component:
Third Party Packaging
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: vm-mozbugz, Unassigned, NeedInfo)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0

Steps to reproduce:

  1. install the ESR snap package
  2. start firefox
  3. try to open any URL from CLI by command like "firefox --new-tab http://ya.ru"

Actual results:

the message box:
Firefox is already running, but is not responding. To use Firefox, you must first close the existing Firefox process, restart your device, or use a different profile.

In the syslog I see messaged regarding to apparmor and dbus:
$ journalctl | egrep "DENIED.*dbus_bind.*firefox" | tail -n 1
апр 10 17:27:21 debian13 dbus-daemon[2848]: apparmor="DENIED" operation="dbus_bind" bus="session" name="org.mozilla.firefox_esr.aDEz" mask="bind" pid=15416 label="snap.firefox.firefox"

The problem is in the apparmor profile which contains the definitions for "org.mozilla.firefox" name instead of "org.mozilla.firefox_esr" that used by ESR build.

Expected results:

open a new tab with provided URL

The problem is in the apparmor profile which contains the definitions for "org.mozilla.firefox" name instead of "org.mozilla.firefox_esr" that used by ESR build.

The profile contains name "org.mozilla.firefox" (this is original unpatched file from snap package):

# egrep -B 2 "name=\"?org\.mozilla\.firefox" /var/lib/snapd/apparmor/profiles/snap.firefox.firefox.orig
dbus (bind)
    bus=session
    name=org.mozilla.firefox,
--
dbus (bind)
    bus=session
    name=org.mozilla.firefox{_,-}[1-9]{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9]}{,_[1-9]{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9]}},
--
dbus (bind)
    bus=session
    name="org.mozilla.firefox.*",

But in the syslog I see the another name — "org.mozilla.firefox_esr.aDEz" that does not match with template in profile.

So, I patched this profile to change this dbus service name and problem was solved:

# diff -ub /var/lib/snapd/apparmor/profiles/snap.firefox.firefox{.orig,}
--- /var/lib/snapd/apparmor/profiles/snap.firefox.firefox.orig  2023-04-10 19:38:41.071319389 +0300
+++ /var/lib/snapd/apparmor/profiles/snap.firefox.firefox       2023-04-10 17:26:01.299990053 +0300
@@ -717,10 +717,10 @@
     member="GetConnectionCredentials"
     peer=(name=org.freedesktop.DBus, label=unconfined),
 
-# bind to a well-known DBus name: org.mozilla.firefox
+# bind to a well-known DBus name: org.mozilla.firefox_esr
 dbus (bind)
     bus=session
-    name=org.mozilla.firefox,
+    name=org.mozilla.firefox_esr,
 
 # For KDE applications and some other cases, also support alternation for:
 # - using org.kde.foo-PID as the 'well-known' name
@@ -731,14 +731,14 @@
 # install'swell-known name to overlap with the normal install.
 dbus (bind)
     bus=session
-    name=org.mozilla.firefox{_,-}[1-9]{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9]}{,_[1-9]{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9]}},
+    name=org.mozilla.firefox_esr{_,-}[1-9]{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9]}{,_[1-9]{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9_]}{,[0-9]}},
 
-# For Firefox, support using org.mozilla.firefox.<id> as the 'well-known' name
+# For Firefox, support using org.mozilla.firefox_esr.<id> as the 'well-known' name
 # where <id> is the base64-encoded profile name.
 # See https://bugzilla.mozilla.org/1441894 for a discussion and details.
 dbus (bind)
     bus=session
-    name="org.mozilla.firefox.*",
+    name="org.mozilla.firefox_esr.*",
 
 # Allow us to talk to dbus-daemon
 dbus (receive)

Maybe I patch unnecessary lines but it works for me.
Please somebody review this patch.

The problem occurred in the fresh installed kubuntu 22.04 and firefox 102.9.0esr-2 from snap.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Startup and Profile System' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Startup and Profile System
Product: Firefox → Toolkit

The severity field is not set for this bug.
:mossop, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dtownsend)
Component: Startup and Profile System → Release Automation: Snap
Flags: needinfo?(dtownsend)
Product: Toolkit → Release Engineering
Version: Firefox 102 → unspecified

Amin can you take a look at this?

Severity: -- → S3
Flags: needinfo?(bandali)
Priority: -- → P3
Component: Release Automation: Snap → Third Party Packaging
Product: Release Engineering → Firefox Build System
Blocks: snappy
You need to log in before you can comment on or make changes to this bug.