[apparmor] Packaging of Profiles
Jamie Strandboge
jamie at canonical.com
Tue Aug 10 13:10:54 BST 2010
On Tue, 2010-08-10 at 08:32 +0000, Seth Arnold wrote:
> " do not agree. This is not 'breakage'. One, there shouldn't that many
> people affected if the policy is good enough and two, the user will get
> prompted on upgrade, yes, but upgrades happen seldom for regular users."
>
> You must not have local changes in your firefox config. :)
Actually, I have and do and avoided introducing firefox into the
conversation because it is the most extreme example and because it is
simply still a work in progress. This profile is shipped as disabled in
part because of what we are talking about in this thread.
> I don't want another band-aid. Your profiles make sense for the
> distribution as a whole: they are safer than nothing, but not tight
> enough for me, not even close. But I still want to see what's new in
> your profiles.
>
Sure. The firefox profile as implemented today is only intended to limit
arbitrary, unlimited code execution and access to some particularly
sensitive files, while also providing a starting point of how a browser
could be confined at all. Its policy is changing and will be more
configurable in Ubuntu and this will not require extensive changes to
local/ to achieve, but that is a totally different topic.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100810/ff2c1fa2/attachment.pgp
More information about the AppArmor
mailing list