Hello to all,
Need help with creating apparmor profile for firefox. Currently working this tutorial. It seems like something may have been missed somewhere. By the way, I am using 12.10.
Any help would be greatly appreciated.
traxster
Hello to all,
Need help with creating apparmor profile for firefox. Currently working this tutorial. It seems like something may have been missed somewhere. By the way, I am using 12.10.
Any help would be greatly appreciated.
traxster
Last edited by Traxster; March 29th, 2013 at 12:59 AM.
The apparmor-utils package contains command line utilities that you can use to change the AppArmor execution mode.
sudo apt-get install apparmor-utils
Jamie Strandboge has made some default and restrictive apparmor profiles for Ubuntu and firefox. Why not taken them?
sudo /etc/init.d/apparmor status
gives you the enforced/loaded profiles
sudo enforce <name>
etc etc
sudo /etc/init.d/apparmor reload (and again)
sudo /etc/init.d/apparmor status
on my compu:
sudo /etc/init.d/apparmor status
[sudo] password for leor:
apparmor module is loaded.
49 profiles are loaded.
26 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince-thumbnailer//sanitized_helper
/usr/bin/evince//sanitized_helper
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/chromium-browser/chromium-browser//browser_java
/usr/lib/chromium-browser/chromium-browser//browser_openjdk
/usr/lib/chromium-browser/chromium-browser//sanitized_helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/firefox/firefox{,*[^s][^h]}
/usr/lib/firefox/firefox{,*[^s][^h]}//browser_java
/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk
/usr/lib/firefox/firefox{,*[^s][^h]}//sanitized_helper
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper//chromium_browser
/usr/sbin/cupsd
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/ntpd
/usr/sbin/smbd
/usr/sbin/tcpdump
23 profiles are in complain mode.
/bin/ping
/sbin/klogd
/sbin/syslog-ng
/sbin/syslogd
/usr/lib/chromium-browser/chromium-browser
/usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox
/usr/lib/chromium-browser/chromium-browser//xdgsettings
/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-2f
/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-30
/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-31
/usr/lib/chromium-browser/chromium-browser//xdgsettings//null-32
/usr/lib/dovecot/deliver
/usr/lib/dovecot/dovecot-auth
/usr/lib/dovecot/imap
/usr/lib/dovecot/imap-login
/usr/lib/dovecot/managesieve-login
/usr/lib/dovecot/pop3
/usr/lib/dovecot/pop3-login
/usr/sbin/avahi-daemon
/usr/sbin/dnsmasq
/usr/sbin/dovecot
/usr/sbin/identd
/usr/{sbin/traceroute,bin/traceroute.db}
3 processes have profiles defined.
3 processes are in enforce mode.
/sbin/dhclient (1549)
/usr/lib/firefox/firefox{,*[^s][^h]} (4820)
/usr/sbin/ntpd (1785)
0 processes are in complain mode.
Last edited by Soul-Sing; March 28th, 2013 at 05:28 PM.
In terminal, i enter: sudo /etc/init.d/apparmor status the result I get is similar to yours (see pic below)
then I enter: sudo enforce firefox i get a message saying command not found ( see pic below)
then just for kicks, even though the sudo enforce firefox did not work I typed: sudo /etc/init.d/apparmor reload (please see pic below)
notice the last 2 lines. It states it is skipping 2 profiles and one of them is firefox
your input is greatly appreciated.
Traxster
sudo aa-enforce /etc/apparmor.d/usr.bin.firefox
Bookmarks