Results 1 to 3 of 3

Thread: Using apparmor to restrict file browser

  1. #1
    Join Date
    Jan 2009
    Beans
    50
    Distro
    Ubuntu 10.04 Lucid Lynx

    Question Using apparmor to restrict file browser

    I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media. I tried following the apparmor sticky with no success. I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.

  2. #2
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Using apparmor to restrict file browser

    Quote Originally Posted by joelwhrs View Post
    I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media. I tried following the apparmor sticky with no success. I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.
    I suggest you start by looking at and understanding how apparmor works and perhaps start with an easier application.

    Restricting thunar to /home is not possible as you will need access to binaries, lib, and icons, etc, outside of /home.

    Also although you might confine thunar, it does not do much if users can open a shell and go where they wish.

    At any rate, you need to watch your logs and debug the error message apparmor is giving you.

    As an alternate take a look at jailbash.

    Jailbash
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #3
    Join Date
    Jan 2009
    Beans
    50
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Using apparmor to restrict file browser

    Actually all that I would need to do is keep the user from being able to access the parent directory above the home folder. It would not really matter if they could access the icons, etc just as long as they could not easily view the complete root directory, etc. Would this be easier to accomplish?

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •