Arch Linux

licanarch

Member

Registered: 2022-08-13

Posts: 1

Apparmor is not listening to a permission I gave in the profile

software:
- Firefox version: 103
- Apparmor version: apparmor-3.0.7-1
- Firefox apparmor profile (AUR): https://github.com/krathalan/apparmor-p … es/firefox

Firefox with an apparmor profile doesn't work with proxychains for me. At first I faced the problem with curl and solved it. But the doing the same with the firefox profile doesn't work for me.

$ proxychains curl
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
couldnt read configuration file: Permission denied

apparmor gave me this error:

Aug 12 09:03:17 hostname kernel: audit: type=1400 audit(1660294997.611:17636): apparmor="DENIED" operation="open" profile="curl" name="/etc/proxychains4.conf" pid=39377 comm="curl" requested_mask="r" denation="open" profile="curl" name="/etc/proxychains4.conf" pid=39377 comm="curl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

I added "/etc/proxychains4.conf ,r" to my curl apparmor profile at the bottom of the file. It solved the problem for curl. After that I added "/etc/proxychains4.conf r," to the bottom of my firefox apparmor profile. I reloaded the apparmor service and profile (later I even desperately rebooted). Ran firefox with proxychains again:

$ proxychains firefox
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.14
[proxychains] DLL init: proxychains-ng 4.14
couldnt read configuration file: Permission denied

I get the error that firefox can't read the proxychains4.conf while I gave it permissions to read it through apparmor:

Aug 12 09:27:45 hostname kernel: audit: type=1400 audit(1660296465.474:17939): apparmor="DENIED" operation="open" profile="firefox" name="/etc/proxychains4.conf" pid=40118 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

On Ubuntu 20.04 with the default firefox profile I have the same issue. I see nothing strange in the abstractions and I have no idea why firefox doesn't read the apparmor permissions I gave to read proxychains4.conf. At the end I tried to move the line with read permission right under "/usr/bin/firefox {" in the apparmor profile. Didn't work.

I'm looking into this for days but can't find the solutions. Any idea how to solve this?

ps: As answer on: "You shouldn't use tor with firefox" or "Use this application/extension to use proxies on firefox".
I don't use tor with firefox and I know about other applications. They can't do what I'm looking for.