Re: Share your AppArmor Profiles
Quote:
Originally Posted by
BigCityCat
Having problems setting up apparmor profile for firefox. I used sudo aa-genprof firefox. I start the process. Open firefox do all the things I want. Then close firefox. Press S for Scan in the terminal. Allow what I want. Then Save and Finnish. Reload profiles and enforce firefox. Firefox won't open unless I stop apparmor or sudo genprof again. Not sure what I am doing wrong.
I tried that and had the same result. It probably failed because /usr/bin/firefox is not the main binary, only a shell script. Look in /etc/apparmor.d/disable for a link to the old firefox profile and delete it (the link). Then look for the new profile in /etc/apparmor.d (check the date) and move it out or delete it.
Re: Share your AppArmor Profiles
Here is my profile for Skype in ubuntu 11.10
You can also check it on my blog: https://eternalwalkabout.wordpress.c...armor-profile/
Cheers! :p
------
#include <tunables/global>
/usr/bin/skype {
#include <abstractions/base>
#include <abstractions/user-tmp>
#include <abstractions/audio>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/fonts>
#include <abstractions/X>
#include <abstractions/freedesktop.org>
#include <abstractions/kde>
/usr/bin/skype mr,
/opt/skype/skype pix,
/opt/skype/** kmr,
/usr/share/fonts/X11/** m,
@{PROC}/*/net/arp r,
@{PROC}/sys/kernel/ostype r,
@{PROC}/sys/kernel/osrelease r,
/dev/ r,
/dev/tty rw,
/dev/snd/* mrw,
/dev/shm/ r,
/dev/shm/pulse-shm-* mrw,
/etc/pulse/client.conf r,
/dev/pts/* rw,
/dev/video* mrw,
@{HOME}/.Skype/ rw,
@{HOME}/.Skype/** krw,
/usr/share/skype/** kmr,
/usr/share/skype/sounds/*.wav kr,
deny @{HOME}/.mozilla/ r,
deny @{PROC}/[0-9]*/fd/ r,
deny @{PROC}/[0-9]*/task/ r,
deny @{PROC}/[0-9]*/task/** r,
}