Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: Need help || Apparmor Profiles

  1. #1
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Need help || Apparmor Profiles

    Hi,

    I am using FF ver 5.0.1 from here

    After reading http://ubuntuforums.org/showpost.php...00&postcount=4

    I did
    Code:
    sudo aa-logprof /path to firefox
    Allowed all when asked. But when I try to start FF in enforce mode I get


    Code:
    $ /home/tux/.firefox/firefox
    /home/tux/.firefox/firefox: 60: basename: Permission denied
    exec: 139: /home/tux/.firefox/run-mozilla.sh: Permission denied
    This is the profile

    Code:
    # Last Modified: Sat Jul 30 02:16:27 2011
    #include <tunables/global>
    
    /home/tux/.firefox/firefox flags=(complain) {
      #include <abstractions/apache2-common>
      #include <abstractions/base>
    
    
      deny owner "/home/tux/Desktop/‪Harsha Bhogle on the 1st Test Match between India and England, at Lord's‬‏ - YouTube.flv" w,
    
      /bin/dash ix,
      owner /home/*/.firefox/firefox r,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/cache.js w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini-temp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/places.sqlite-shm k,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs.js r,
      /proc/meminfo r,
      /usr/bin/dirname rix,
      /usr/share/fonts/** r,
      /usr/share/icons/Humanity/actions/16/document-save-as.svg r,
      /usr/share/icons/Humanity/actions/16/go-home.svg r,
      /usr/share/icons/Humanity/actions/16/go-next.svg r,
      /usr/share/icons/Humanity/actions/16/go-previous.svg r,
    What do I need to change ?
    Last edited by linuxyogi; July 29th, 2011 at 10:10 PM.
    Lubuntu 14.04 / Manjaro LXQT (openbox)
    Psychology fact: There's a story behind every person. There's a reason why they're the way they are. Pain alters our personality.

  2. #2
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    Firefox is a big application to write a profile for.

    I see firefox is in complain mode. go ahead and use firefox for a bit, go to a few web sites, use flash, etc.

    Then close firefox and run aa-logprof

    Then put your profile into enforcing mode and try some more.

    Alternately you can look at another firefox profile as a template.

    See the apparmor sticky http://ubuntuforums.org/showthread.php?t=1008906

    And also:

    http://blog.bodhizazen.net/linux/app...ivoxy-profile/

    http://bodhizazen.net/aa-profiles/bo...sr.bin.firefox
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #3
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    @bodhi.zazen

    Hi,

    Code:
    $ sudo aa-logprof 
    [sudo] password for tux: 
    Reading log entries from /var/log/messages.
    Updating AppArmor profiles in /etc/apparmor.d.
    
    Profile:  /home/tux/.firefox/firefox
    Execute:  /usr/bin/basename
    Severity: unknown
    
    
    (I)nherit / (P)rofile / (C)hild / (N)ame / (U)nconfined / (X)ix / (D)eny / Abo(r)t / (F)inish
    ^ This appears at the begining of aa-logprof. Which option should I choose ? I tried both (P)rofile & (I)nherit.
    Last edited by linuxyogi; July 30th, 2011 at 01:41 AM.
    Lubuntu 14.04 / Manjaro LXQT (openbox)
    Psychology fact: There's a story behind every person. There's a reason why they're the way they are. Pain alters our personality.

  4. #4
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    @Bodhi.Zazen

    I am atm using FF in complain mode. I am trying read those links, this I guess is going to take some time.

    In the mean time I have created a profile for Chromium browser & using it in enforce mode.

    http://dl.dropbox.com/u/30630174/aa%20profile

    Rules for files include <<<

    Code:
    r = read w = write l = link k = lock a = append

    This is the profile for Chromium

    Code:
    # Last Modified: Sat Jul 30 06:22:31 2011
    #include <tunables/global>
    
    /usr/bin/chromium-browser {
      #include <abstractions/base>
    
    
    
      /bin/dash ix,
      /bin/readlink rix,
      /etc/chromium-browser/default r,
      /etc/lsb-release r,
      /home/tux/ r,
      /proc/meminfo r,
      /usr/bin/chromium-browser r,
      /usr/lib/chromium-browser/chromium-browser px,
    
    }

    Now r=read & the the profile is in enforce mode, but I can still save file in /home/tux.

    Is apparmor suppose to not let that happen ?
    Lubuntu 14.04 / Manjaro LXQT (openbox)
    Psychology fact: There's a story behind every person. There's a reason why they're the way they are. Pain alters our personality.

  5. #5
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    Quote Originally Posted by linuxyogi View Post
    @Bodhi.Zazen

    I am atm using FF in complain mode. I am trying read those links, this I guess is going to take some time.

    In the mean time I have created a profile for Chromium browser & using it in enforce mode.

    http://dl.dropbox.com/u/30630174/aa%20profile




    This is the profile for Chromium

    Code:
    # Last Modified: Sat Jul 30 06:22:31 2011
    #include <tunables/global>
    
    /usr/bin/chromium-browser {
      #include <abstractions/base>
    
    
    
      /bin/dash ix,
      /bin/readlink rix,
      /etc/chromium-browser/default r,
      /etc/lsb-release r,
      /home/tux/ r,
      /proc/meminfo r,
      /usr/bin/chromium-browser r,
      /usr/lib/chromium-browser/chromium-browser px,
    
    }

    Now r=read & the the profile is in enforce mode, but I can still save file in /home/tux.

    Is apparmor suppose to not let that happen ?
    As I indicated in my first post, browsers are complex and not the best place to start. I highly suggest you start with an easier program (like privoxy).

    Second, did you reload your apparmor profile for chromium ?

    What is the output of

    Code:
    aa-status
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  6. #6
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    Quote Originally Posted by bodhi.zazen View Post
    As I indicated in my first post, browsers are complex and not the best place to start. I highly suggest you start with an easier program (like privoxy).

    Second, did you reload your apparmor profile for chromium

    What is the output of

    Code:
    aa-status

    Yes, I did
    Code:
    sudo apparmor_parser -r /etc/apparmor.d/usr.bin.chromium-browser
    also

    tried
    Code:
     sudo /etc/init.d/apparmor reload
    .


    Code:
    $ sudo aa-status
    [sudo] password for tux: 
    apparmor module is loaded.
    40 profiles are loaded.
    11 profiles are in enforce mode.
       /sbin/dhclient3
       /usr/bin/chromium-browser
       /usr/bin/evince
       /usr/bin/evince-previewer
       /usr/bin/evince-thumbnailer
       /usr/lib/NetworkManager/nm-dhcp-client.action
       /usr/lib/connman/scripts/dhclient-script
       /usr/lib/cups/backend/cups-pdf
       /usr/sbin/cupsd
       /usr/sbin/tcpdump
       /usr/share/gdm/guest-session/Xsession
    29 profiles are in complain mode.
       /bin/ping
       /home/tux/.firefox/firefox
       /home/tux/.firefox/firefox//null-25
       /home/tux/.firefox/firefox//null-25//null-26
       /home/tux/.firefox/firefox//null-25//null-27
       /home/tux/.firefox/firefox//null-25//null-28
       /home/tux/.firefox/firefox//null-25//null-29
       /sbin/klogd
       /sbin/syslog-ng
       /sbin/syslogd
       /usr/bin/basename
       /usr/bin/expr
       /usr/lib/chromium-browser/chromium-browser
       /usr/lib/dovecot/deliver
       /usr/lib/dovecot/dovecot-auth
       /usr/lib/dovecot/imap
       /usr/lib/dovecot/imap-login
       /usr/lib/dovecot/managesieve-login
       /usr/lib/dovecot/pop3
       /usr/lib/dovecot/pop3-login
       /usr/sbin/avahi-daemon
       /usr/sbin/dnsmasq
       /usr/sbin/dovecot
       /usr/sbin/identd
       /usr/sbin/mdnsd
       /usr/sbin/nmbd
       /usr/sbin/nscd
       /usr/sbin/smbd
       /usr/sbin/traceroute
    5 processes have profiles defined.
    2 processes are in enforce mode :
       /sbin/dhclient3 (1753) 
       /usr/sbin/cupsd (1097) 
    3 processes are in complain mode.
       /home/tux/.firefox/firefox//null-25//null-29 (1720) 
       /usr/sbin/avahi-daemon (814) 
       /usr/sbin/avahi-daemon (812) 
    0 processes are unconfined but have a profile defined.
    Lubuntu 14.04 / Manjaro LXQT (openbox)
    Psychology fact: There's a story behind every person. There's a reason why they're the way they are. Pain alters our personality.

  7. #7
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    I do not see chromium on the list, although I see the chromium profile listed as being in enforce mode.

    At any rate, for what it is worth, here is the profile I used for chromium in Ubuntu 10.04

    http://bodhizazen.net/aa-profiles/bo...romium-browser
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  8. #8
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    Quote Originally Posted by bodhi.zazen View Post
    I do not see chromium on the list, although I see the chromium profile listed as being in enforce mode.
    What do you think went wrong ? I actually tried aa-enforce multiple times but same thing.


    Quote Originally Posted by bodhi.zazen View Post

    At any rate, for what it is worth, here is the profile I used for chromium in Ubuntu 10.04

    http://bodhizazen.net/aa-profiles/bo...romium-browser
    Thanks. I will try that once this problem is solved.
    Lubuntu 14.04 / Manjaro LXQT (openbox)
    Psychology fact: There's a story behind every person. There's a reason why they're the way they are. Pain alters our personality.

  9. #9
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Need help || Apparmor Profiles

    I think the profile needs to be pointed at the lib and not the binary.

    usr.lib.chromium-browser.chromium-browser

    But my recollection is chromium was tricky as it uses a sandbox.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #10
    Join Date
    Jan 2010
    Location
    India
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Need help || Apparmor Profiles

    Finally FF starts when only when 1/2 profiles is in enforce mode, namely the "home.tux..firefox.firefox" but when I FF fails to start when "home.tux..firefox.run-mozilla.sh " is in enforce mode.
    Code:
    $apparmor module is loaded.
    110 profiles are loaded.
    13 profiles are in enforce mode.
       /home/tux/.firefox/firefox
       /home/tux/.firefox/run-mozilla.sh
       /sbin/dhclient3
       /usr/bin/chromium-browser
       /usr/bin/evince
       /usr/bin/evince-previewer
       /usr/bin/evince-thumbnailer
       /usr/lib/NetworkManager/nm-dhcp-client.action
       /usr/lib/connman/scripts/dhclient-script
       /usr/lib/cups/backend/cups-pdf
       /usr/sbin/cupsd
       /usr/sbin/tcpdump
       /usr/share/gdm/guest-session/Xsession
    97 profiles are in complain mode.
       /bin/ping
       /home/tux/.firefox/run-mozilla.sh//null-64
       /home/tux/.firefox/run-mozilla.sh//null-65
       /home/tux/.firefox/run-mozilla.sh//null-66
       /home/tux/.firefox/run-mozilla.sh//null-66//null-67
       /home/tux/.firefox/run-mozilla.sh//null-66//null-68
       /home/tux/.firefox/run-mozilla.sh//null-66//null-69
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6a
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6b
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6c
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6d
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6e
       /home/tux/.firefox/run-mozilla.sh//null-66//null-6f
       /home/tux/.firefox/run-mozilla.sh//null-66//null-70
       /home/tux/.firefox/run-mozilla.sh//null-66//null-71
       /home/tux/.firefox/run-mozilla.sh//null-66//null-72
       /home/tux/.firefox/run-mozilla.sh//null-66//null-73
       /home/tux/.firefox/run-mozilla.sh//null-66//null-74
       /home/tux/.firefox/run-mozilla.sh//null-66//null-75
       /home/tux/.firefox/run-mozilla.sh//null-66//null-76
       /home/tux/.firefox/run-mozilla.sh//null-66//null-77
       /home/tux/.firefox/run-mozilla.sh//null-66//null-78
       /home/tux/.firefox/run-mozilla.sh//null-66//null-79
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7a
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7b
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7c
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7d
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7e
       /home/tux/.firefox/run-mozilla.sh//null-66//null-7f
       /home/tux/.firefox/run-mozilla.sh//null-66//null-80
       /home/tux/.firefox/run-mozilla.sh//null-66//null-81
       /home/tux/.firefox/run-mozilla.sh//null-66//null-82
       /home/tux/.firefox/run-mozilla.sh//null-66//null-83
       /home/tux/.firefox/run-mozilla.sh//null-66//null-84
       /home/tux/.firefox/run-mozilla.sh//null-66//null-85
       /home/tux/.firefox/run-mozilla.sh//null-66//null-86
       /home/tux/.firefox/run-mozilla.sh//null-66//null-87
       /home/tux/.firefox/run-mozilla.sh//null-66//null-88
       /home/tux/.firefox/run-mozilla.sh//null-66//null-89
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8a
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8b
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8c
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8d
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8e
       /home/tux/.firefox/run-mozilla.sh//null-66//null-8f
       /home/tux/.firefox/run-mozilla.sh//null-66//null-90
       /home/tux/.firefox/run-mozilla.sh//null-66//null-91
       /home/tux/.firefox/run-mozilla.sh//null-66//null-92
       /home/tux/.firefox/run-mozilla.sh//null-66//null-93
       /home/tux/.firefox/run-mozilla.sh//null-66//null-94
       /home/tux/.firefox/run-mozilla.sh//null-66//null-95
       /home/tux/.firefox/run-mozilla.sh//null-66//null-96
       /home/tux/.firefox/run-mozilla.sh//null-66//null-97
       /home/tux/.firefox/run-mozilla.sh//null-66//null-98
       /home/tux/.firefox/run-mozilla.sh//null-66//null-99
       /sbin/klogd
       /sbin/syslog-ng
       /sbin/syslogd
       /usr/bin/basename
       /usr/bin/expr
       /usr/lib/chromium-browser/chromium-browser
       /usr/lib/chromium-browser/chromium-browser//null-9a
       /usr/lib/chromium-browser/chromium-browser//null-9b
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9c
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9d
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9e
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-9f
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-a0
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-a1
       /usr/lib/chromium-browser/chromium-browser//null-9b//null-a2
       /usr/lib/chromium-browser/chromium-browser//null-a3
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a5
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a6
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a7
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a8
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-a9
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-aa
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-ab
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-ac
       /usr/lib/chromium-browser/chromium-browser//null-a3//null-a4//null-ac//null-ad
       /usr/lib/dovecot/deliver
       /usr/lib/dovecot/dovecot-auth
       /usr/lib/dovecot/imap
       /usr/lib/dovecot/imap-login
       /usr/lib/dovecot/managesieve-login
       /usr/lib/dovecot/pop3
       /usr/lib/dovecot/pop3-login
       /usr/sbin/avahi-daemon
       /usr/sbin/dnsmasq
       /usr/sbin/dovecot
       /usr/sbin/identd
       /usr/sbin/mdnsd
       /usr/sbin/nmbd
       /usr/sbin/nscd
       /usr/sbin/smbd
       /usr/sbin/traceroute
    8 processes have profiles defined.
    2 processes are in enforce mode :
       /sbin/dhclient3 (887) 
       /usr/sbin/cupsd (1117) 
    6 processes are in complain mode.
       /usr/lib/chromium-browser/chromium-browser (3811) 
       /usr/lib/chromium-browser/chromium-browser (3809) 
       /usr/lib/chromium-browser/chromium-browser//null-9a (3813) 
       /usr/lib/chromium-browser/chromium-browser//null-9a (3862) 
       /usr/sbin/avahi-daemon (902) 
       /usr/sbin/avahi-daemon (903) 
    0 processes are unconfined but have a profile defined.

    Code:
    # Last Modified: Sat Jul 30 23:05:58 2011
    #include <tunables/global>
    
    /home/tux/.firefox/firefox {
      #include <abstractions/apache2-common>
      #include <abstractions/base>
    
    
      deny owner "/home/tux/Desktop/‪Harsha Bhogle on the 1st Test Match between India and England, at Lord's‬‏ - YouTube.flv" w,
    
      /bin/dash ix,
      /etc/mailcap r,
      /etc/mime.types r,
      owner /home/*/.firefox/chrome/icons/default/default16.png r,
      owner /home/*/.firefox/chrome/icons/default/default32.png r,
      owner /home/*/.firefox/chrome/icons/default/default48.png r,
      owner /home/*/.firefox/firefox r,
      owner /home/*/.firefox/run-mozilla.sh r,
      /home/*/.firefox/run-mozilla.sh px,
      owner /home/*/.mozilla/firefox/4w442atz.default/NoScriptSTS.db w,
      owner /home/*/.mozilla/firefox/4w442atz.default/NoScriptSTS.db.tmp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/cache.js w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini w,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini-temp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/bookmarkbackups/ r,
      owner /home/*/.mozilla/firefox/4w442atz.default/content-prefs.sqlite rwk,
      owner /home/*/.mozilla/firefox/4w442atz.default/cookies.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/downloads.sqlite rwk,
      owner /home/*/.mozilla/firefox/4w442atz.default/dta_queue.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/extensions/netvideohunter@netvideohunter.com/chrome/content/mediaList.xul r,
      owner /home/*/.mozilla/firefox/4w442atz.default/localstore-1.rdf rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/localstore.rdf w,
      owner /home/*/.mozilla/firefox/4w442atz.default/permissions.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/places.sqlite wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/places.sqlite-shm wk,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs-1.js rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs.js rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/sessionstore-1.js w,
      owner /home/*/.mozilla/firefox/4w442atz.default/signons.sqlite rwk,
      owner /home/*/.mozilla/firefox/4w442atz.default/urlclassifierkey3.txt rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/webappsstore.sqlite wk,
      owner /home/*/.recently-used.xbel r,
      /proc/meminfo r,
      owner /tmp/plugtmp/plugin-crossdomain.xml w,
      /usr/bin/basename px,
      /usr/bin/dirname rix,
      /usr/bin/expr px,
      /usr/share/fonts/** r,
      /usr/share/icons/DMZ-White/cursors/hand r,
      /usr/share/icons/Humanity/actions/16/document-open.svg r,
      /usr/share/icons/Humanity/actions/16/document-print-preview.svg r,
      /usr/share/icons/Humanity/actions/16/document-print.svg r,
      /usr/share/icons/Humanity/actions/16/document-properties.svg r,
      /usr/share/icons/Humanity/actions/16/document-save-as.svg r,
      /usr/share/icons/Humanity/actions/16/edit-copy.svg r,
      /usr/share/icons/Humanity/actions/16/edit-cut.svg r,
      /usr/share/icons/Humanity/actions/16/edit-delete.svg r,
      /usr/share/icons/Humanity/actions/16/edit-paste.svg r,
      /usr/share/icons/Humanity/actions/16/go-home.svg r,
      /usr/share/icons/Humanity/actions/16/go-next.svg r,
      /usr/share/icons/Humanity/actions/16/go-previous.svg r,
      /usr/share/icons/Humanity/actions/16/media-playback-pause.svg r,
      /usr/share/icons/Humanity/actions/16/media-playback-start.svg r,
      /usr/share/icons/Humanity/actions/16/process-stop.svg r,
      /usr/share/icons/Humanity/actions/16/system-shutdown.svg r,
      /usr/share/icons/Humanity/actions/16/view-refresh.svg r,
      /usr/share/icons/Humanity/actions/22/edit-undo.svg r,
      /usr/share/icons/Humanity/actions/24/go-next.svg r,
      /usr/share/icons/Humanity/actions/24/go-previous.svg r,
      /usr/share/icons/Humanity/places/16/folder.svg r,

    Code:
    # Last Modified: Sat Jul 30 23:05:59 2011
    #include <tunables/global>
    
    /home/tux/.firefox/run-mozilla.sh flags=(complain) {
      #include <abstractions/apache2-common>
      #include <abstractions/base>
    
    
      /bin/dash ix,
      owner /home/*/.firefox/run-mozilla.sh r,
      owner /home/*/.mozilla/firefox/4w442atz.default/adblockplus/patterns.ini-temp rw,
      owner /home/*/.mozilla/firefox/4w442atz.default/prefs.js r,
      owner /home/*/.mozilla/firefox/4w442atz.default/signons.sqlite k,
      /usr/bin/basename rix,
    
    }



    Code:
    $ /home/tux/.firefox/firefox
    /home/tux/.firefox/run-mozilla.sh: 39: dirname: Permission denied
    /home/tux/.firefox/run-mozilla.sh: 312: uname: Permission denied
    [: 312: !=: unexpected operator
    exec: 392: /home/tux/.firefox/firefox-bin: Permission denied
    Last edited by linuxyogi; July 30th, 2011 at 07:08 PM.
    Lubuntu 14.04 / Manjaro LXQT (openbox)
    Psychology fact: There's a story behind every person. There's a reason why they're the way they are. Pain alters our personality.

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •