[apparmor] [PATCH] include IceWeasel in FireFox abstraction
Jamie Strandboge
jamie at canonical.com
Wed Apr 25 18:53:41 UTC 2012
On Wed, 2012-04-25 at 11:31 -0700, Kees Cook wrote:
> Hi Jamie,
>
> On Wed, Apr 25, 2012 at 07:21:26AM -0500, Jamie Strandboge wrote:
> > On Tue, 2012-04-24 at 17:01 -0700, Kees Cook wrote:
> > > Include IceWeasel in FireFox abstraction.
> > >
> > > Author: Intrigeri <intrigeri at debian.org>
> > > Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661176
> > >
> > > Signed-off-by: Kees Cook <kees at ubuntu.com>
> > >
> > > Index: apparmor-debian/profiles/apparmor.d/abstractions/ubuntu-browsers
> > > ===================================================================
> > > --- apparmor-debian.orig/profiles/apparmor.d/abstractions/ubuntu-browsers 2012-04-24 11:03:46.506994000 -0700
> > > +++ apparmor-debian/profiles/apparmor.d/abstractions/ubuntu-browsers 2012-04-24 13:01:22.499517948 -0700
> > > @@ -29,8 +29,8 @@
> > >
> > > # this should cover all firefox browsers and versions (including shiretoko
> > > # and abrowser)
> > > - /usr/bin/firefox Cxr -> sanitized_helper,
> > > - /usr/lib/firefox*/firefox*.sh Cx -> sanitized_helper,
> > > + /usr/bin/{firefox,iceweasel} Cxr -> sanitized_helper,
> > > + /usr/lib/{firefox*,iceweasel}/{firefox*.sh,iceweasel} Cx -> sanitized_helper,
> > >
> > > # some unpackaged, but popular browsers
> > > /usr/lib/icecat-*/icecat Cx -> sanitized_helper,
> > >
> >
> > Hmmm, there is a namespace issue here. We are fixing a Debian bug in an
> > Ubuntu abstraction for a package that is not available on Ubuntu. I
> > understand why this was done, and I see icecat is in the context. ISTR
> > there being some repo that Ubuntu users could get icecat.... So I guess
> > I just wanted to bring up the point that Debian may want to consider
> > their own namespace. I would prefer if this was not mixed in with the
> > official Ubuntu browser though. Can you separate it out like with
> > icecat? Once that is done:
> >
> > Acked-By: Jamie Strandboge <jamie at canonical.com>
>
> Do you mean putting this in the file:
>
> + /usr/bin/iceweasel Cxr -> sanitized_helper,
> + /usr/lib/iceweasel/iceweasel Cx -> sanitized_helper,
>
> Instead of combining it with firefox... ?
Yes. That would be fine by me for now.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120425/02dbb88d/attachment-0001.pgp>
More information about the AppArmor
mailing list