Very interesting, and thank you for sharing this. I've been using Apparmor to sandbox Firefox for quite a while now, so I'll share my profile with you too, in the hope that you might find it semi-useful. If you have any questions, feel free to ask.
Code:
# Last Modified: Fri Jun 20 22:03:44 2008
#include <tunables/global>
/usr/lib/firefox-3.0/firefox.sh {
#include <abstractions/apport>
#include <abstractions/audio>
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/consoles>
#include <abstractions/cups-client>
#include <abstractions/dbus>
#include <abstractions/fonts-custom>
#include <abstractions/freedesktop.org-custom>
#include <abstractions/gnome-custom>
#include <abstractions/nameservice>
#include <abstractions/python>
#include <abstractions/user-download-custom>
#include <abstractions/user-read>
#include <abstractions/user-tmp>
capability sys_ptrace,
/bin/dash ix,
/bin/grep ixr,
/bin/ps ixr,
/bin/sed ixr,
/bin/uname Ux,
/bin/which Ux,
/dev/shm/ r,
/dev/shm/pulse-shm-* rw,
/etc/X11/cursors/* r,
/etc/firefox-3.0/** r,
/etc/fstab r,
/etc/gnome/defaults.list r,
/etc/gre.d/ r,
/etc/gre.d/* r,
/etc/java-6-openjdk/** r,
/etc/mailcap r,
/etc/mime.types r,
/etc/mplayer/input.conf r,
/etc/mplayer/mplayer.conf r,
/etc/mplayerplug-in.conf r,
/etc/pulse/* r,
/etc/sound/events/gtk-events-2.soundlist r,
@{PROC}/ r,
@{PROC}/*/cmdline r,
@{PROC}/*/environ r,
@{PROC}/*/fd/ r,
@{PROC}/*/maps r,
@{PROC}/*/mounts r,
@{PROC}/*/stat r,
@{PROC}/*/status r,
@{PROC}/meminfo r,
@{PROC}/net/* r,
@{PROC}/sys/kernel/pid_max r,
@{PROC}/tty/drivers r,
@{PROC}/uptime r,
@{PROC}/version r,
/sys/devices/system/cpu/ r,
/usr/bin/deluge Px,
/usr/bin/env ixr,
/usr/bin/eog Ux,
/usr/bin/evince Ux,
/usr/bin/evolution Px,
/usr/bin/file-roller Ux,
/usr/bin/gconftool-2 ixr,
/usr/bin/gpg ixr,
/usr/bin/lsb_release ixr,
/usr/bin/mplayer ixr,
/usr/bin/python2.5 ix,
/usr/bin/screem Ux,
/usr/bin/seahorse-tool ixr,
/usr/bin/setarch ixr,
/usr/lib/firefox-3.0/firefox ixr,
/usr/lib/firefox-3.0/firefox.sh mr,
/usr/lib/jvm/java-6-openjdk/jre/bin/pluginappletviewer ixr,
/usr/lib/jvm/java-6-openjdk/jre/lib/amd64/gcjwebplugin.so mr,
/usr/lib/mozilla/plugins/mplayerplug-in-dvx.so mr,
/usr/lib/mozilla/plugins/mplayerplug-in-qt.so mr,
/usr/lib/mozilla/plugins/mplayerplug-in-rm.so mr,
/usr/lib/mozilla/plugins/mplayerplug-in-wmp.so mr,
/usr/lib/mozilla/plugins/mplayerplug-in.so mr,
/usr/lib/nspluginwrapper/i386/linux/npviewer ixr,
/usr/lib/nspluginwrapper/i386/linux/npviewer.bin ixr,
/usr/lib32/Adobe/Reader8/bin/acroread Ux,
/usr/lib32/gtk-2.0/2.10.0/engines/* mr,
/usr/lib32/pango/1.6.0/modules/* mr,
/usr/share/locale-langpack/** r,
/usr/share/ubufox/* r,
/usr/share/ubufox/**/ r,
/var/lib/flashplugin-nonfree/npwrapper.libflashplayer.so mr,
@{HOME}/.ICEauthority r,
@{HOME}/.Xauthority r,
@{HOME}/.adobe/ w,
@{HOME}/.adobe/Flash_Player/ w,
@{HOME}/.adobe/Flash_Player/** rw,
@{HOME}/.config/user-dirs.dirs r,
@{HOME}/.cups/* r,
@{HOME}/.gcjwebplugin/ w,
@{HOME}/.gcjwebplugin/** rw,
@{HOME}/.gnupg r,
@{HOME}/.gnupg/*.gpg r,
@{HOME}/.gstreamer-0.10/registry.*.xml r,
@{HOME}/.gtkrc-2.0-gnome-color-chooser r,
@{HOME}/.local/share/applications/ r,
@{HOME}/.local/share/applications/* r,
@{HOME}/.macromedia/ w,
@{HOME}/.macromedia/Flash_Player/ w,
@{HOME}/.macromedia/Flash_Player/** rw,
@{HOME}/.mailcap r,
@{HOME}/.mcop/random-seed rw,
@{HOME}/.mcoprc r,
@{HOME}/.mime.types r,
@{HOME}/.mozilla/ w,
@{HOME}/.mozilla/default/ rw,
@{HOME}/.mozilla/default/** rw,
@{HOME}/.mozilla/extensions/ rw,
@{HOME}/.mozilla/extensions/** rw,
@{HOME}/.mozilla/firefox/ rw,
@{HOME}/.mozilla/firefox/** krw,
@{HOME}/.mozilla/plugins/ rw,
@{HOME}/.mozilla/plugins/** rw,
@{HOME}/.mplayer/ w,
@{HOME}/.mplayer/config rw,
@{HOME}/.pulse-cookie krw,
@{HOME}/.thumbnails/** r,
@{HOME}/dwhelper/ w,
@{HOME}/dwhelper/* w,
}
For completeness, I have quite a few custom abstractions too.
abstractions/apport:
Code:
# vim:syntax=apparmor
/var/crash/* rw,
abstractions/fonts-custom:
Code:
# vim:syntax=apparmor
#include <abstractions/fonts>
@{HOME}/.fonts.conf r,
abstractions/freedesktop.org-custom:
Code:
# vim:syntax=apparmor
#include <abstractions/freedesktop.org>
@{HOME}/.icons/ r,
@{HOME}/.icons/** r,
@{HOME}/.recently-used.xbel* rw,
@{HOME}/.local/share/icons/ r,
@{HOME}/.local/share/icons/** r,
/opt/share/icons/ r,
/opt/share/icons/** r,
/opt/share/pixmaps/ r,
/opt/share/pixmaps/** r,
abstractions/gnome-custom:
Code:
# vim:syntax=apparmor
#include <abstractions/fonts-custom>
#include <abstractions/freedesktop.org-custom>
#include <abstractions/gnome>
@{HOME}/.themes/ r,
@{HOME}/.themes/** r,
@{HOME}/.config/gtk-2.0/gtkfilechooser.ini rw,
@{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw,
@{HOME}/.fonts/fonts.cache-* rwl,
@{HOME}/.gtkrc-2.0-gnome-color-chooser r,
abstractions/user-download-custom:
Code:
# vim:syntax=apparmor
@{HOME}/Desktop/ rw,
@{HOME}/Desktop/** krwl,
@{HOME}/Download/ rw,
@{HOME}/Download/** krwl,
abstractions/user-read:
Code:
# vim:syntax=apparmor
@{HOME}/[a-zA-Z0-9]*/ r,
@{HOME}/[a-zA-Z0-9]*/** r,
/ r,
/bin/ r,
/bin/** r,
@{HOMEDIRS}/ r,
@{HOME}/ r,
/lib/ r,
/lib/** r,
/lib32/ r,
/lib32/** r,
/media/ r,
/media/** r,
/misc/ r,
/misc/** r,
/mnt/ r,
/mnt/** r,
/opt/ r,
/opt/** r,
/sbin/ r,
/sbin/** r,
/usr/ r,
/usr/** r,
This profile has evolved quite a lot through Gutsy using FF2 and now on Hardy using FF3. Basically, I let FF read most directories in their entirety except for /boot, /dev, /etc, /initrd, /proc, /srv, /sys, /var and any hidden directories in my home folder. This ensures FF has no access to most personal information whilst ensuring that the open/save dialogs still behave in a relatively sane manner, and FF is still largely useful and functional. I only allow FF to write to my desktop, a dedicated download folder or any temporary locations (/tmp, @{HOME}/tmp, /var/tmp).
If you've got other apps you want to profile, feel free to ask - as I may already have done it.
Bookmarks