Question

27

Why is firefox trying to access fstab and how can I stop it?

rated 0 times [ 27] [ 0] / answers: 1 / hits: 4649 / 3 Years ago, wed, july 14, 2021, 12:04:23

Today I ran journalctl -k and found hundreds of entries like this one:

Mar 27 22:15:11 charm kernel: audit: type=1400 audit(1679915711.422:1671372): apparmor="DENIED" operation="open" profile="snap.firefox.firefox" name="/etc/fstab" pid=14539 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Why is firefox trying to access fstab and how can I stop it from trying?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

mance

Add To Favorites

Follow

Total Points: 198

Total Questions: 105

Total Answers: 128

Location: South Georgia

Member since Mon, Aug 16, 2021

3 Years ago

mance questions

1 Move duplicated folder name up one level

Tue, Jul 20, 21, 10:52, 3 Years ago

1 GNOME Shell extensions not working in Ubuntu 22.04

Thu, Sep 1, 22, 15:22, 2 Years ago

1 How to install amazon prime video as an app in ubuntu 20.04

Sun, Jun 13, 21, 05:50, 3 Years ago

1 Gnome control center not opening from command line as root user

Tue, Apr 25, 23, 22:14, 1 Year ago

1 No updates since a long time

Sun, Nov 21, 21, 11:02, 2 Years ago

View All

answered 3 Years ago diket · Accepted Answer

I managed to easily reproduce this:

[Mon Mar 27 12:31:56 2023] audit: type=1400 audit(1679916718.256:598): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/fstab" pid=3791195 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0

I just installed Firefox, ran through the startup wizard, browsed to a page and then used the menu "File -> Save Page As" to trigger the event.

Two things to note, Firefox didn't read /etc/fstab because the AppArmor rules stopped it (hence "DENIED" in the error). Secondly, this isn't unique to Firefox. I installed the "Musicpod" application and it does the same thing when selecting a folder for music.

[Mon Mar 27 12:37:25 2023] audit: type=1400 audit(1679917047.146:637): apparmor="DENIED" operation="open" class="file" profile="snap.musicpod.musicpod" name="/etc/fstab" pid=3793570 comm="musicpod" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0

Looks to me like the application (or the GTK File Chooser) is merely trying to figure out all the mounted filesystems so it can present them in the file chooser dialog. Nothing sinister, or anything to worry about.

That said, it's possible to disable logging, not just for that action, but all actions, should you wish.

sudo apt install auditd

sudo auditctl -a exit,never -F exe=/snap/firefox/current/usr/lib/firefox/firefox

Tested here, and it completely suppresses the output from apparmor in the syslog.