我尝试使用 aa-genprof 为 Firefox 生成配置文件,但当 Firefox 尝试启动时,AppArmor 始终阻止对连接功能的访问,从而引发错误:
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Error: cannot open display: :0
AppArmor 拒绝的消息是:
audit: type=1400 audit(1579485118.392:135258): apparmor="DENIED" operation="connect"
profile="/usr/lib/firefox/firefox.sh" pid=8529 comm="firefox" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive connect" denied_mask="send connect"
addr=none peer_addr="@/tmp/.X11-unix/X0" peer="unconfined"`
我尝试重新运行aa-genprof并检测并允许它,但它从未被aa-genprof.由于不允许此权限,Firefox 将无法打开。
有什么方法可以将此权限硬编码到文件中吗/etc/apparmor.d/usr.lib.firefox.firefox.sh?我应该插入哪一行?