When I open a new tab with nightly, I get this page: """ Access to the file was denied The file at resource://activity-streams/data/content/activity-streams.html#/ is not readable. It may have been removed, moved, or file permissions may be preventing access. """ I've got 56.0a1 (2017-07-25) (64-bit) on Linux. STR: 1. hit ctrl-t 2. new tab page pops up with above error

the `resource://activity-streams` (note the last "s") seems to imply the test pilot add-on. What happens if you try going to `about:newtab` instead of ctrl-t?

If I got to about:newtab, I get the old newtab page.

That's.. unexpected. A 2017-07-25 build should have `browser.newtabpage.activity-stream.enabled` by default set to true, which wouldn't show the old newtab (tiles) page. And to confirm, you do have the activity stream test pilot add-on installed?

If I go to about:addons, there's an "Activity Stream" addon. The details of that addon suggest it's from Test Pilot. It's also last updated July 19th, 2017. So, I think that confirms I have the activity stream test pilot add-on installed. Also, I checked about:config and have: browser.newtabpage.activity-stream.enabled = True I haven't tried enabling/disabling anything. I can try some things, but don't want to do anything that changes the state in case there's anything else you want to know. Is there anything else that might help?

I also see this on Fedora 26. Test Pilot Activity stream is activated fwiw.

We did recently upgrade the Linux sandbox to block local file reads from content processes (or something like that). Maybe that's involved here?

When I open a new tab, I see this in my Browser Console: > NS_ERROR_FILE_ACCESS_DENIED: Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIWebNavigation.loadURIWithOptions] browser-child.js:353 Mardak mentioned over on the github issue that someone had suspected a file permissions issue, but I don't think that's it. My Firefox profile's ./extensions/@activity-streams.xpi file is owned by my own user account (username dholbert, group dholbert), and has permissions -rw------- (readable/writable by me), just like every other XPI file in my profile's ./extensions directory.

Yeah, I confirmed that this is an interaction with the sandbox -- I tried changing about:config pref "security.sandbox.content.level" to 0 (from its default value, 3), and restarting Firefox, and then my new tab page loads just fine. Then I restored it to its default value and restarted again, and my new tabs went back to being broken. (<tangent>Warning: I don't recommend trying this ^^ in a profile that you care about -- or backup beforehand, or something. After I reenabled the sandbox and restarted, bugzilla loaded without any styling for some reason, and I was unable to fix it with repeated reloads, and the only way that I could get it to work was to disable the sandbox again. So I think by disabling the sandbox [to test my theory about this bug], I horked my profile a bit. I may file a separate bug on that.</tangent>)

It's possible that the interaction between the new sandboxing, 'legacy addons' ie the Test Pilot Activity Stream addon, and content processes is an unsupported interaction because legacy addons will be going away in 57, including the Test Pilot Activity Stream addon. This might be a case of 'behaving as expected' and not a bug at all, but someone that works on sandboxing would have to weigh in for that. Specifically in the case of Activity Stream, the Test Pilot addon is now end of lifed and unsupported in favour of the new system addon that is being built directly into Firefox and is available in the current nightly (56) and onward behind the pref: browser.newtabpage.activity-stream.enabled;true

(In reply to Jared Kerim [:jkerim] from comment #9) > This might be a case of > 'behaving as expected' and not a bug at all, but someone that works on > sandboxing would have to weigh in for that. > > Specifically in the case of Activity Stream, the Test Pilot addon is now end > of lifed and unsupported Could we ship an Activity Stream "update" that disables it (or removes all of its code, or something like that), then?

(In reply to Jared Kerim [:jkerim] from comment #9) > > Specifically in the case of Activity Stream, the Test Pilot addon is now end > of lifed and unsupported in favour of the new system addon that is being > built directly into Firefox and is available in the current nightly (56) and > onward behind the pref: browser.newtabpage.activity-stream.enabled;true I've updated to 56.0a1 (2017-07-26) (64-bit). I've got that pref enabled (comment #4). I removed the Activity Stream test pilot addon via about:addons and restarted Firefox. I'm no longer getting the file permission error that I reported, but I'm also not seeing the Activity Stream newtab page--I'm seeing the old newtab page. Am I doing something wrong?

(In reply to Daniel Holbert [:dholbert] from comment #10) > (In reply to Jared Kerim [:jkerim] from comment #9) > > This might be a case of > > 'behaving as expected' and not a bug at all, but someone that works on > > sandboxing would have to weigh in for that. > > > > Specifically in the case of Activity Stream, the Test Pilot addon is now end > > of lifed and unsupported > > Could we ship an Activity Stream "update" that disables it (or removes all > of its code, or something like that), then? The plan is to ship a self disabling update to the Test Pilot version when the new system addon that is built into Firefox is fully rolled out in 57 so that we can 'seamlessly' transition the existing users over to the new version. This doesn't help users that are running the Test Pilot version in Nightly with the new sandboxing enabled. But if you're using Nightly, you can just uninstall the Test Pilot version and turn on the new one with this pref: browser.newtabpage.activity-stream.enabled;true (In reply to Will Kahn-Greene [:willkg] ET needinfo? me from comment #11) > (In reply to Jared Kerim [:jkerim] from comment #9) > > > > Specifically in the case of Activity Stream, the Test Pilot addon is now end > > of lifed and unsupported in favour of the new system addon that is being > > built directly into Firefox and is available in the current nightly (56) and > > onward behind the pref: browser.newtabpage.activity-stream.enabled;true > > I've updated to 56.0a1 (2017-07-26) (64-bit). I've got that pref enabled > (comment #4). I removed the Activity Stream test pilot addon via > about:addons and restarted Firefox. > > I'm no longer getting the file permission error that I reported, but I'm > also not seeing the Activity Stream newtab page--I'm seeing the old newtab > page. > > Am I doing something wrong? Hrmmm.... Try disabling that pref and re enabling it and look in the Browser Console to see if it's complaining about something failing to startup. Also what are your e10s settings, how many content processes do you have enabled? Usually I have to open a few tabs before the Activity Stream System Addon kicks in to replace the old new tab.

(The only workaround that has worked for me, so far, is manually clicking the Disable button for the "Activity Stream" listing in about:addons. After that, I end up with a functional (non-testpilot) activity-stream newtab page. It sounds like that didn't happen for willkg, but it does happen for me.)

jkerim closed the issue https://github.com/mozilla/activity-stream/issues/2966#issuecomment-319155896 That seems to imply this bug should be resolved WONTFIX?

(In reply to Daniel Holbert [:dholbert] from comment #8) > Yeah, I confirmed that this is an interaction with the sandbox -- I tried > changing about:config pref "security.sandbox.content.level" to 0 (from its > default value, 3), and restarting Firefox, and then my new tab page loads > just fine. Then I restored it to its default value and restarted again, and > my new tabs went back to being broken. Just as further confirmation of this -- I ran mozregression with an affected profile, and it says this came from this range: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=8e1e06adf80f82d3d5cf08eadaf569a107bd1ecf&tochange=b5fa08551d6e74d8300fa94f3161afdffd867764 ...which is bug 1308400 ("Construct a file broker policy for default-deny read access on the Linux Desktop") and which is where we bumped security.sandbox.content.level to its current level (3). Marking as regression from that bug.

This is probably basically the same as bug 1385891 ("Firefox doesn't load extension's files after upgrade", with mention of a resource:// URI that fails to load, in the first comment). Both are regressions from the same change. gcp, I notice you just assigned bug 1385891 to yourself earlier today -- you might wanna take a look at & test this bug while you're at it, since they're similar.

For testing purposes, here's my activity streams XPI, taken from my affected Firefox profile. (since it's no longer available for download from the Test Pilot site) STR at this point: 1. Start Firefox with a fresh profile *INSIDE YOUR HOME DIRECTORY* (not in /tmp -- that's where I normally create fresh profiles but that doesn't reproduce the sandboxing issue here). For example: mkdir ~/fresh-profile; firefox -no-remote -profile ~/fresh-profile 2. Visit https://testpilot.firefox.com/ and click "Install the Test Pilot Add-on" and complete the install process. 3. Install the attached XPI for activity streams (e.g. by downloading this to an XPI file, and then choosing "Install Add-on from file" from the gear dropdown-menu at about:addons' "extensions" section) 4. Open a new tab.

There's a patch in the other bug, should resolve this issue. If it does this can be duped. >It's possible that the interaction between the new sandboxing, 'legacy addons' ie >the Test Pilot Activity Stream addon, and content processes is an unsupported >interaction because legacy addons will be going away in 57, including the Test Pilot >Activity Stream addon. This might be a case of 'behaving as expected' and not a bug >at all, but someone that works on sandboxing would have to weigh in for that. The sandbox currently ships with an exception for /extensions, but this was forgotten in Linux. This exception will become pointless in 57 because legacy add-ons will no longer be supported anyway. So if you were hit by this, you're going to have an extension problem come 57 anyway. But it will be fixed for 56 in bug 1385891.

Yes, my expectation was that this was a case of a legacy addon conflicting with the new sandboxing techniques which are designed not to support legacy addons by definition, so :gcp's assessment sounds correct to me. If anyone needs to keep testing this, you don't need the test pilot specific version of the Activity Stream Jetpack Addon (the version that ships to test pilot) there's a signed dev version available here: https://moz-activity-streams-dev.s3.amazonaws.com/dist/latest.html that does not depend on having the Test Pilot Addon installed.

I have reports now that bug 1385891 did not fix it.

The fix for bug 1385891 was broken. I have a proper fix, and confirmed that bug 1385891 is the cause for this one.