[apparmor] updated extras/usr.lib.firefox.firefox profile
Jamie Strandboge
jamie at canonical.com
Wed Jan 12 06:24:16 UTC 2011
The example firefox profile in extras is pretty out of date. Also, it
allows write to the ~/Desktop directory, which could conceivably allow
writing of .desktop files which could be clicked on and executed by
the user. This is based on the firefox base profile as included in
Ubuntu. Notable features:
- allows for using the browser to navigate through directories
- allows reads from @{HOME}/Public/**
- allows writes to @{HOME}/Downloads/**
The intent of this profile is to restrict code execution, writes to $HOME
and information leaks while allowing basic web browsing and reading of
system
documentation. It does not allow for plugins, extensions or other helpers
(but these can be added via the local/ mechanism).
Rather than including the diff, I decided to attach the full profile,
since that should make it easier to review.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.firefox.firefox
Type: text/x-pascal
Size: 3776 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110112/405e134d/attachment-0001.p>
More information about the AppArmor
mailing list