Hello, I have a few questions about Firefox and default profile for AppArmor. First: should I create additional profiles for usr.lib.firefox.firefox.sh and usr.lib.firefox.firefox? It seems to be important, because Firefox calls /usr/lib/firefox/firefox.sh before it starts. Second: I can still save files in every folder in user home directories[1] without any message. I am using default profile, which is available with Ubuntu. Could someone told me if everything is okay and , simply, everything is working[2]? Entries from /var/log/syslog file are correct? I'm still unconvinced.
I apologize for the topic and questions, but I wonder for example, why I can still save files in user directories or what about creating profile for usr.lib.firefox.firefox.sh etc.
[1]
Code:
# I added this entry:
deny @{HOME}/ w,
[2]
Code:
# sudo apparmor_status |grep firefox
(these profiles are in enforce mode.)
/usr/lib/firefox/firefox{,*[^s][^h]}
/usr/lib/firefox/firefox{,*[^s][^h]}//browser_java
/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk
/usr/lib/firefox/firefox{,*[^s][^h]}//sanitized_helper
# /var/log/syslog file contains something like this:
Oct 12 13:17:57 testing kernel: [ 453.674896] type=1400 audit(1350040677.264:38):
apparmor="DENIED" operation="open" parent=2844
profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
name="/dev/nvidiactl" pid=2846 comm="firefox"
requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
Bookmarks