Troubleshooting Oracle Java 7 with Firefox

java plugins oracle firefox

Solution 1:

I was experiencing the exact same problem running Ubuntu Precise. I'm running Proxmox on a server, and their java viewer requires Oracle java and does not work with icedtea. I installed the latest java 7 from http://www.webupd8.org, but could not get it to work with Firefox. I did discover that java did work in the Opera browser.

When I saw your message and saw the issue with permissions, I thought ahhah! apparmor. Sure enough the kern.log shows:

/var/log/kern.log

Aug  1 09:54:50 laptop kernel: [42653.495082] type=1400 audit(1375368890.811:81): apparmor="DENIED" operation="exec" parent=22495 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/lib/jvm/java-7-oracle/jre/bin/java" pid=22507 comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Aug  1 09:56:38 laptop kernel: [42761.283499] type=1400 audit(1375368998.599:82): apparmor="DENIED" operation="exec" parent=22812 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/lib/jvm/java-7-oracle/jre/bin/java" pid=22824 comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Aug  1 10:11:51 laptop kernel: [43674.436828] type=1400 audit(1375369911.752:83): apparmor="DENIED" operation="exec" parent=23255 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/usr/lib/jvm/java-7-oracle/jre/bin/java" pid=23267 comm="plugin-containe" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

I set apparmor to complain mode

sudo aa-complain /usr/bin/firefox
sudo service apparmor reload

and it started working

Then when I reset apparmor to enforce mode

sudo aa-enforce /usr/bin/firefox
sudo service apparmor reload

it unexpectedly continued to work. I suspect the apparmor reload cleared a cache file that wasn't getting cleared by the many reboots I've done while looking for the cause.

Addition: After playing around awhile, I found that processes started in complain mode, remain in complain mode even after the profile is switched to enforce mode.

Update the apparmor profile for firefox (or other browsers) in /etc/apparmor.d/abstractions/ubuntu-browsers.d/java 

# Under Java plugin, add two lines:
  /usr/lib/jvm/java-*-oracle/jre/bin/java{,_vm} cx -> browser_java,
  /usr/lib/jvm/java-*-oracle/jre/lib/*/libnp*.so cx -> browser_java,
# before the lines:
  /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> browser_java,
  /usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> browser_java,

# In the browser_java profile, add two lines:
  /usr/lib/jvm/java-*-oracle/jre/bin/java{,_vm} ix,
  /usr/lib/jvm/java-*-oracle/jre/lib/i386/client/classes.jsa m,
# before the lines:
  /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} ix,
  /usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m,

Then restart apparmor:

sudo service apparmor restart

When testing, I found it was necessary to reload or restart apparmor after each profile change and then restart the browser. Several times I was fooled into thinking a change was working only to have it fail after a few hours. I'm still receiving a few apparmor messages when running the java browser test, but none seem to prevent it from working.

Related

How do I do a Chrome offline installation?
Ubuntu not taking all disk space?
Ubuntu installer with two disks: whihc one will be selected by "erase disk and install"
Not changing UI [closed]
Ubuntu 20.04.3 LTS can't compile driver for "tp-link AC1300" USB WiFi dongle using an answered previous question
Netcat files transfer over a private backend 10G network [duplicate]
Difference between installing .deb files by CLI and double clicking [duplicate]
How to fix Sublime Text PPA in Ubuntu 20.04? [duplicate]
React Native SafeAreaView background color - How to assign two different background color for top and bottom of the screen?
'Shadows' vs. 'Overrides' in VB.NET
How to use activity indicator view on iPhone?
How to make file creation an atomic operation?