[pkg-apparmor] Bug#884014: apparmor: AppArmor does not allow Thunderbird to open Hyperlinks with Chromium

Martin abaris23 at gmx.net
Sun Dec 10 13:47:58 UTC 2017 

Package: apparmor
Version: 2.11.1-4
Severity: normal

Dear Maintainer,

if Chromium is configured as the default web browser, then clicking a hyperlink
in Thunderbird has no effect. The following error message is printed:

  Failed to execute child process “/usr/bin/chromium” (Permission denied).

After having a look at /etc/apparmor.d/abstractions/ubuntu-browsers, I noticed
that the only lines referring to chromium are the following:

  /usr/bin/chromium-browser Cx -> sanitized_helper,
  /usr/lib/chromium-browser/chromium-browser Cx -> sanitized_helper,

These paths appear to be incorrect. On Debian testing at least, they should
read as follows:

  /usr/bin/chromium Cx -> sanitized_helper,
  /usr/lib/chromium/chromium Cx -> sanitized_helper,

However, while this does allow Thunderbird to execute /usr/bin/chromium, it
still doesn't fix the problem. Clicking on a hyperlink now prints the following
stack trace to the console:

/usr/lib/chromium/chrome-sandbox: error while loading shared libraries:
libpthread.so.0: failed to map segment from shared object
[5139:5139:1210/142450.049037:FATAL:zygote_host_impl_linux.cc(196)] Check
failed: ReceiveFixedMessage(fds[0], kZygoteBootMessage,
sizeof(kZygoteBootMessage), &boot_pid).
#0 0x560540008f56 <unknown>
#1 0x560540022662 <unknown>
#2 0x56053f336803 <unknown>
#3 0x56053f335857 <unknown>
#4 0x56053f335c37 <unknown>
#5 0x56053f05a0af <unknown>
#6 0x56053f05e210 <unknown>
#7 0x56053f05905f <unknown>
#8 0x56053fda3e0b <unknown>
#9 0x56053fdab210 <unknown>
#10 0x56053fda3514 <unknown>
#11 0x56053ebef12c ChromeMain
#12 0x7f6bc79ff561 __libc_start_main
#13 0x56053ebeefba _start

Received signal 6
#0 0x560540008f56 <unknown>
#1 0x56053ebd5a58 <unknown>
#2 0x5605400092dc <unknown>
#3 0x7f6bd314f3b0 <unknown>
#4 0x7f6bc7a12a70 gsignal
#5 0x7f6bc7a1419a abort
#6 0x560540008bc5 <unknown>
#7 0x560540022835 <unknown>
#8 0x56053f336803 <unknown>
#9 0x56053f335857 <unknown>
#10 0x56053f335c37 <unknown>
#11 0x56053f05a0af <unknown>
#12 0x56053f05e210 <unknown>
#13 0x56053f05905f <unknown>
#14 0x56053fda3e0b <unknown>
#15 0x56053fdab210 <unknown>
#16 0x56053fda3514 <unknown>
#17 0x56053ebef12c ChromeMain
#18 0x7f6bc79ff561 __libc_start_main
#19 0x56053ebeefba _start
  r8: 0000000000000000  r9: 00007fff04e189a0 r10: 0000000000000008 r11:
0000000000000246
 r12: 00007fff04e18e60 r13: 00000000000000aa r14: 00007fff04e18e50 r15:
00007fff04e18e70
  di: 0000000000000002  si: 00007fff04e189a0  bp: 00007fff04e18e40  bx:
0000000000000006
  dx: 0000000000000000  ax: 0000000000000000  cx: 00007f6bc7a12a70  sp:
00007fff04e189a0
  ip: 00007f6bc7a12a70 efl: 0000000000000246 cgf: 002b000000000033 erf:
0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.65
ii  libc6                  2.25-3
ii  lsb-base               9.20170808
ii  python3                3.6.3-2

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles        <none>
pn  apparmor-profiles-extra  <none>
pn  apparmor-utils           <none>

-- debconf information:
  apparmor/homedirs:

More information about the pkg-apparmor-team mailing list