Sunday, May 29. 2011

Fixing vimperator on Ubuntu 10.04

After upgrading to Ubuntu 10.04, vimperator could not read or write its .vimperatorrc anymore. Although all permissions were set correctly, the access to this file was denied. The access is also denied to firefox if you want to save a file as '.vimperatorrc'. Strangely, this is true for any file named '.XYZrc' in your home directory. The error message in the logs is

May 29 12:34:27 quick kernel: [ 7021.689247] type=1503 audit(1306665267.160:49):
operation="mknod" pid=4195 parent=1 profile="/usr/lib/firefox-3.6.17/firefox-*bin"
requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/andreas/.vimperatorrc"

The access is denied by apparmor, in particular because of a rule in the privacy settings that disallows read or write access to *.rc files in the user's home directory. I don't know, why this broad apparmor rule is necessary, but I found a workaround for the .vimperatorrc problem. Reading the vimperator sources, I found that the configuration file is expected as '.vimperatorrc' (which causes the aforementioned problem) or '_vimperatorrc' (for Windows machines). It turns out that if on both GNU/Linux and Windows platforms one of the files does not exist, the other one is tried instead.

So, to let vimperator read its .vimperatorrc file, just rename .vimperatorrc to _vimpeatorrc. And keep in mind that firefox cannot read or write any file named *rc in your home directory (such as .my-vimperator.rc).

Alternatively you can disable apparmor (which I don't recommend) or update the apparmor rules (which I don't know how to do without removing the offending rule in the privacy profile as the manual page is incomplete here as far as I can see).