Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Need help || Apparmor Profiles

  1. #1
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Need help || Apparmor Profiles

    Hi,

    I am using FF ver 5.0.1 from here

    After reading http://ubuntuforums.org/showpost.php...00&postcount=4

    I did
    Code:
    sudo aa-logprof /path to firefox
    Allowed all when asked. But when I try to start FF in enforce mode I get


    Code:
    $ /home/tux/.firefox/firefox
    /home/tux/.firefox/firefox: 60: basename: Permission denied
    exec: 139: /home/tux/.firefox/run-mozilla.sh: Permission denied
    This is the profile

    Code:
    # Last Modified: Sat Jul 30 02:16:27 2011
    #include <tunables/global>
    
    /home/tux/.firefox/firefox flags=(complain) {
      #include <abstractions/apache2-common>
      #include <abstractions/base>
    
    
      deny owner "/home/tux/Desktop/‪Harsha Bhogle on the 1st Test Match between India and England, at Lord's‬‏ - YouTube.flv" w,
    
      /bin/dash ix,
      owner /home/*/.firefox/firefox r,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/cache.js w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini-temp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/places.sqlite-shm k,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs.js r,
      /proc/meminfo r,
      /usr/bin/dirname rix,
      /usr/share/fonts/** r,
      /usr/share/icons/Humanity/actions/16/document-save-as.svg r,
      /usr/share/icons/Humanity/actions/16/go-home.svg r,
      /usr/share/icons/Humanity/actions/16/go-next.svg r,
      /usr/share/icons/Humanity/actions/16/go-previous.svg r,
    What do I need to change ?
    Last edited by linuxyogi; July 29th, 2011 at 10:10 PM.
    Lubuntu 14.04
    Some people are funny. They spend money they don't have, to buy things they don't need, to impress people they don't even like.

  2. #2
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    Firefox is a big application to write a profile for.

    I see firefox is in complain mode. go ahead and use firefox for a bit, go to a few web sites, use flash, etc.

    Then close firefox and run aa-logprof

    Then put your profile into enforcing mode and try some more.

    Alternately you can look at another firefox profile as a template.

    See the apparmor sticky http://ubuntuforums.org/showthread.php?t=1008906

    And also:

    http://blog.bodhizazen.net/linux/app...ivoxy-profile/

    http://bodhizazen.net/aa-profiles/bo...sr.bin.firefox
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #3
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    @bodhi.zazen

    Hi,

    Code:
    $ sudo aa-logprof 
    [sudo] password for tux: 
    Reading log entries from /var/log/messages.
    Updating AppArmor profiles in /etc/apparmor.d.
    
    Profile:  /home/tux/.firefox/firefox
    Execute:  /usr/bin/basename
    Severity: unknown
    
    
    (I)nherit / (P)rofile / (C)hild / (N)ame / (U)nconfined / (X)ix / (D)eny / Abo(r)t / (F)inish
    ^ This appears at the begining of aa-logprof. Which option should I choose ? I tried both (P)rofile & (I)nherit.
    Last edited by linuxyogi; July 30th, 2011 at 01:41 AM.
    Lubuntu 14.04
    Some people are funny. They spend money they don't have, to buy things they don't need, to impress people they don't even like.

  4. #4
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    @Bodhi.Zazen

    I am atm using FF in complain mode. I am trying read those links, this I guess is going to take some time.

    In the mean time I have created a profile for Chromium browser & using it in enforce mode.

    http://dl.dropbox.com/u/30630174/aa%20profile

    Rules for files include <<<

    Code:
    r = read w = write l = link k = lock a = append

    This is the profile for Chromium

    Code:
    # Last Modified: Sat Jul 30 06:22:31 2011
    #include <tunables/global>
    
    /usr/bin/chromium-browser {
      #include <abstractions/base>
    
    
    
      /bin/dash ix,
      /bin/readlink rix,
      /etc/chromium-browser/default r,
      /etc/lsb-release r,
      /home/tux/ r,
      /proc/meminfo r,
      /usr/bin/chromium-browser r,
      /usr/lib/chromium-browser/chromium-browser px,
    
    }

    Now r=read & the the profile is in enforce mode, but I can still save file in /home/tux.

    Is apparmor suppose to not let that happen ?
    Lubuntu 14.04
    Some people are funny. They spend money they don't have, to buy things they don't need, to impress people they don't even like.

  5. #5
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    Quote Originally Posted by linuxyogi View Post
    @Bodhi.Zazen

    I am atm using FF in complain mode. I am trying read those links, this I guess is going to take some time.

    In the mean time I have created a profile for Chromium browser & using it in enforce mode.

    http://dl.dropbox.com/u/30630174/aa%20profile




    This is the profile for Chromium

    Code:
    # Last Modified: Sat Jul 30 06:22:31 2011
    #include <tunables/global>
    
    /usr/bin/chromium-browser {
      #include <abstractions/base>
    
    
    
      /bin/dash ix,
      /bin/readlink rix,
      /etc/chromium-browser/default r,
      /etc/lsb-release r,
      /home/tux/ r,
      /proc/meminfo r,
      /usr/bin/chromium-browser r,
      /usr/lib/chromium-browser/chromium-browser px,
    
    }

    Now r=read & the the profile is in enforce mode, but I can still save file in /home/tux.

    Is apparmor suppose to not let that happen ?
    As I indicated in my first post, browsers are complex and not the best place to start. I highly suggest you start with an easier program (like privoxy).

    Second, did you reload your apparmor profile for chromium ?

    What is the output of

    Code:
    aa-status
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  6. #6
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    Quote Originally Posted by bodhi.zazen View Post
    As I indicated in my first post, browsers are complex and not the best place to start. I highly suggest you start with an easier program (like privoxy).

    Second, did you reload your apparmor profile for chromium

    What is the output of

    Code:
    aa-status

    Yes, I did
    Code:
    sudo apparmor_parser -r /etc/apparmor.d/usr.bin.chromium-browser
    also

    tried
    Code:
     sudo /etc/init.d/apparmor reload
    .


    Code:
    $ sudo aa-status
    [sudo] password for tux: 
    apparmor module is loaded.
    40 profiles are loaded.
    11 profiles are in enforce mode.
       /sbin/dhclient3
       /usr/bin/chromium-browser
       /usr/bin/evince
       /usr/bin/evince-previewer
       /usr/bin/evince-thumbnailer
       /usr/lib/NetworkManager/nm-dhcp-client.action
       /usr/lib/connman/scripts/dhclient-script
       /usr/lib/cups/backend/cups-pdf
       /usr/sbin/cupsd
       /usr/sbin/tcpdump
       /usr/share/gdm/guest-session/Xsession
    29 profiles are in complain mode.
       /bin/ping
       /home/tux/.firefox/firefox
       /home/tux/.firefox/firefox//null-25
       /home/tux/.firefox/firefox//null-25//null-26
       /home/tux/.firefox/firefox//null-25//null-27
       /home/tux/.firefox/firefox//null-25//null-28
       /home/tux/.firefox/firefox//null-25//null-29
       /sbin/klogd
       /sbin/syslog-ng
       /sbin/syslogd
       /usr/bin/basename
       /usr/bin/expr
       /usr/lib/chromium-browser/chromium-browser
       /usr/lib/dovecot/deliver
       /usr/lib/dovecot/dovecot-auth
       /usr/lib/dovecot/imap
       /usr/lib/dovecot/imap-login
       /usr/lib/dovecot/managesieve-login
       /usr/lib/dovecot/pop3
       /usr/lib/dovecot/pop3-login
       /usr/sbin/avahi-daemon
       /usr/sbin/dnsmasq
       /usr/sbin/dovecot
       /usr/sbin/identd
       /usr/sbin/mdnsd
       /usr/sbin/nmbd
       /usr/sbin/nscd
       /usr/sbin/smbd
       /usr/sbin/traceroute
    5 processes have profiles defined.
    2 processes are in enforce mode :
       /sbin/dhclient3 (1753) 
       /usr/sbin/cupsd (1097) 
    3 processes are in complain mode.
       /home/tux/.firefox/firefox//null-25//null-29 (1720) 
       /usr/sbin/avahi-daemon (814) 
       /usr/sbin/avahi-daemon (812) 
    0 processes are unconfined but have a profile defined.
    Lubuntu 14.04
    Some people are funny. They spend money they don't have, to buy things they don't need, to impress people they don't even like.

  7. #7
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    I do not see chromium on the list, although I see the chromium profile listed as being in enforce mode.

    At any rate, for what it is worth, here is the profile I used for chromium in Ubuntu 10.04

    http://bodhizazen.net/aa-profiles/bo...romium-browser
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  8. #8
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    Quote Originally Posted by bodhi.zazen View Post
    I do not see chromium on the list, although I see the chromium profile listed as being in enforce mode.
    What do you think went wrong ? I actually tried aa-enforce multiple times but same thing.


    Quote Originally Posted by bodhi.zazen View Post

    At any rate, for what it is worth, here is the profile I used for chromium in Ubuntu 10.04

    http://bodhizazen.net/aa-profiles/bo...romium-browser
    Thanks. I will try that once this problem is solved.
    Lubuntu 14.04
    Some people are funny. They spend money they don't have, to buy things they don't need, to impress people they don't even like.

  9. #9
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    I think the profile needs to be pointed at the lib and not the binary.

    usr.lib.chromium-browser.chromium-browser

    But my recollection is chromium was tricky as it uses a sandbox.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #10
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    Finally FF starts when only when 1/2 profiles is in enforce mode, namely the "home.tux..firefox.firefox" but when I FF fails to start when "home.tux..firefox.run-mozilla.sh " is in enforce mode.
    Code:
    $apparmor module is loaded.
    110 profiles are loaded.
    13 profiles are in enforce mode.
       /home/tux/.firefox/firefox
       /home/tux/.firefox/run-mozilla.sh
       /sbin/dhclient3
       /usr/bin/chromium-browser
       /usr/bin/evince
       /usr/bin/evince-previewer
       /usr/bin/evince-thumbnailer
       /usr/lib/NetworkManager/nm-dhcp-client.action
       /usr/lib/connman/scripts/dhclient-script
       /usr/lib/cups/backend/cups-pdf
       /usr/sbin/cupsd
       /usr/sbin/tcpdump
       /usr/share/gdm/guest-session/Xsession
    97 profiles are in complain mode.
       /bin/ping
       /home/tux/.firefox/run-mozilla.sh//null-64
       /home/tux/.firefox/run-mozilla.sh//null-65
       /home/tux/.firefox/run-mozilla.sh//null-66
       /home/tux/.firefox/run-mozilla.sh//null-66//null-67
       /home/tux/.firefox/run-mozilla.sh//null-66//null-68
       /home/tux/.firefox/run-mozilla.sh//null-66//null-69
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6a
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6b
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6c
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6d
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6e
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6f
       /home/tux/.firefox/run-mozilla.sh//null-66//null-70
       /home/tux/.firefox/run-mozilla.sh//null-66//null-71
       /home/tux/.firefox/run-mozilla.sh//null-66//null-72
       /home/tux/.firefox/run-mozilla.sh//null-66//null-73
       /home/tux/.firefox/run-mozilla.sh//null-66//null-74
       /home/tux/.firefox/run-mozilla.sh//null-66//null-75
       /home/tux/.firefox/run-mozilla.sh//null-66//null-76
       /home/tux/.firefox/run-mozilla.sh//null-66//null-77
       /home/tux/.firefox/run-mozilla.sh//null-66//null-78
       /home/tux/.firefox/run-mozilla.sh//null-66//null-79
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7a
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7b
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7c
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7d
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7e
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7f
       /home/tux/.firefox/run-mozilla.sh//null-66//null-80
       /home/tux/.firefox/run-mozilla.sh//null-66//null-81
       /home/tux/.firefox/run-mozilla.sh//null-66//null-82
       /home/tux/.firefox/run-mozilla.sh//null-66//null-83
       /home/tux/.firefox/run-mozilla.sh//null-66//null-84
       /home/tux/.firefox/run-mozilla.sh//null-66//null-85
       /home/tux/.firefox/run-mozilla.sh//null-66//null-86
       /home/tux/.firefox/run-mozilla.sh//null-66//null-87
       /home/tux/.firefox/run-mozilla.sh//null-66//null-88
       /home/tux/.firefox/run-mozilla.sh//null-66//null-89
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8a
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8b
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8c
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8d
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8e
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8f
       /home/tux/.firefox/run-mozilla.sh//null-66//null-90
       /home/tux/.firefox/run-mozilla.sh//null-66//null-91
       /home/tux/.firefox/run-mozilla.sh//null-66//null-92
       /home/tux/.firefox/run-mozilla.sh//null-66//null-93
       /home/tux/.firefox/run-mozilla.sh//null-66//null-94
       /home/tux/.firefox/run-mozilla.sh//null-66//null-95
       /home/tux/.firefox/run-mozilla.sh//null-66//null-96
       /home/tux/.firefox/run-mozilla.sh//null-66//null-97
       /home/tux/.firefox/run-mozilla.sh//null-66//null-98
       /home/tux/.firefox/run-mozilla.sh//null-66//null-99
       /sbin/klogd
       /sbin/syslog-ng
       /sbin/syslogd
       /usr/bin/basename
       /usr/bin/expr
       /usr/lib/chromium-browser/chromium-browser
       /usr/lib/chromium-browser/chromium-browser//null-9a
       /usr/lib/chromium-browser/chromium-browser//null-9b
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9c
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9d
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9e
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9f
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-a0
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-a1
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-a2
       /usr/lib/chromium-browser/chromium-browser//null-a3
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a5
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a6
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a7
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a8
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a9
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-aa
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-ab
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-ac
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-ac//null-ad
       /usr/lib/dovecot/deliver
       /usr/lib/dovecot/dovecot-auth
       /usr/lib/dovecot/imap
       /usr/lib/dovecot/imap-login
       /usr/lib/dovecot/managesieve-login
       /usr/lib/dovecot/pop3
       /usr/lib/dovecot/pop3-login
       /usr/sbin/avahi-daemon
       /usr/sbin/dnsmasq
       /usr/sbin/dovecot
       /usr/sbin/identd
       /usr/sbin/mdnsd
       /usr/sbin/nmbd
       /usr/sbin/nscd
       /usr/sbin/smbd
       /usr/sbin/traceroute
    8 processes have profiles defined.
    2 processes are in enforce mode :
       /sbin/dhclient3 (887) 
       /usr/sbin/cupsd (1117) 
    6 processes are in complain mode.
       /usr/lib/chromium-browser/chromium-browser (3811) 
       /usr/lib/chromium-browser/chromium-browser (3809) 
       /usr/lib/chromium-browser/chromium-browser//null-9a (3813) 
       /usr/lib/chromium-browser/chromium-browser//null-9a (3862) 
       /usr/sbin/avahi-daemon (902) 
       /usr/sbin/avahi-daemon (903) 
    0 processes are unconfined but have a profile defined.

    Code:
    # Last Modified: Sat Jul 30 23:05:58 2011
    #include <tunables/global>
    
    /home/tux/.firefox/firefox {
      #include <abstractions/apache2-common>
      #include <abstractions/base>
    
    
      deny owner "/home/tux/Desktop/‪Harsha Bhogle on the 1st Test Match between India and England, at Lord's‬‏ - YouTube.flv" w,
    
      /bin/dash ix,
      /etc/mailcap r,
      /etc/mime.types r,
      owner /home/*/.firefox/chrome/icons/default/default16.png r,
      owner /home/*/.firefox/chrome/icons/default/default32.png r,
      owner /home/*/.firefox/chrome/icons/default/default48.png r,
      owner /home/*/.firefox/firefox r,
      owner /home/*/.firefox/run-mozilla.sh r,
      /home/*/.firefox/run-mozilla.sh px,
      owner /home/*/.mozilla/firefox/4w442atz.default/NoScriptSTS.db w,
      owner /home/*/.mozilla/firefox/4w442atz.default/NoScriptSTS.db.tmp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/cache.js w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini-temp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/bookmarkbackups/ r,
      owner /home/*/.mozilla/firefox/4w442atz.default/content-prefs.sqlite rwk,
      owner /home/*/.mozilla/firefox/4w442atz.default/cookies.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/downloads.sqlite rwk,
      owner /home/*/.mozilla/firefox/4w442atz.default/dta_queue.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/extensions/netvideohunter@netvideohunter.com/chrome/content/mediaList.xul r,
      owner /home/*/.mozilla/firefox/4w442atz.default/localstore-1.rdf rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/localstore.rdf w,
      owner /home/*/.mozilla/firefox/4w442atz.default/permissions.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/places.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/places.sqlite-shm wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs-1.js rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs.js rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/sessionstore-1.js w,
      owner /home/*/.mozilla/firefox/4w442atz.default/signons.sqlite rwk,
      owner /home/*/.mozilla/firefox/4w442atz.default/urlclassifierkey3.txt rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/webappsstore.sqlite wk,
      owner /home/*/.recently-used.xbel r,
      /proc/meminfo r,
      owner /tmp/plugtmp/plugin-crossdomain.xml w,
      /usr/bin/basename px,
      /usr/bin/dirname rix,
      /usr/bin/expr px,
      /usr/share/fonts/** r,
      /usr/share/icons/DMZ-White/cursors/hand r,
      /usr/share/icons/Humanity/actions/16/document-open.svg r,
      /usr/share/icons/Humanity/actions/16/document-print-preview.svg r,
      /usr/share/icons/Humanity/actions/16/document-print.svg r,
      /usr/share/icons/Humanity/actions/16/document-properties.svg r,
      /usr/share/icons/Humanity/actions/16/document-save-as.svg r,
      /usr/share/icons/Humanity/actions/16/edit-copy.svg r,
      /usr/share/icons/Humanity/actions/16/edit-cut.svg r,
      /usr/share/icons/Humanity/actions/16/edit-delete.svg r,
      /usr/share/icons/Humanity/actions/16/edit-paste.svg r,
      /usr/share/icons/Humanity/actions/16/go-home.svg r,
      /usr/share/icons/Humanity/actions/16/go-next.svg r,
      /usr/share/icons/Humanity/actions/16/go-previous.svg r,
      /usr/share/icons/Humanity/actions/16/media-playback-pause.svg r,
      /usr/share/icons/Humanity/actions/16/media-playback-start.svg r,
      /usr/share/icons/Humanity/actions/16/process-stop.svg r,
      /usr/share/icons/Humanity/actions/16/system-shutdown.svg r,
      /usr/share/icons/Humanity/actions/16/view-refresh.svg r,
      /usr/share/icons/Humanity/actions/22/edit-undo.svg r,
      /usr/share/icons/Humanity/actions/24/go-next.svg r,
      /usr/share/icons/Humanity/actions/24/go-previous.svg r,
      /usr/share/icons/Humanity/places/16/folder.svg r,

    Code:
    # Last Modified: Sat Jul 30 23:05:59 2011
    #include <tunables/global>
    
    /home/tux/.firefox/run-mozilla.sh flags=(complain) {
      #include <abstractions/apache2-common>
      #include <abstractions/base>
    
    
      /bin/dash ix,
      owner /home/*/.firefox/run-mozilla.sh r,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini-temp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs.js r,
      owner /home/*/.mozilla/firefox/4w442atz.default/signons.sqlite k,
      /usr/bin/basename rix,
    
    }



    Code:
    $ /home/tux/.firefox/firefox
    /home/tux/.firefox/run-mozilla.sh: 39: dirname: Permission denied
    /home/tux/.firefox/run-mozilla.sh: 312: uname: Permission denied
    [: 312: !=: unexpected operator
    exec: 392: /home/tux/.firefox/firefox-bin: Permission denied
    Last edited by linuxyogi; July 30th, 2011 at 07:08 PM.
    Lubuntu 14.04
    Some people are funny. They spend money they don't have, to buy things they don't need, to impress people they don't even like.

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •