[apparmor] [Merge] lp:~intrigeri/apparmor/add-firefox-esr-to-ubuntu-browsers into lp:apparmor
Steve Beattie
sbeattie at ubuntu.com
Thu Jun 23 21:36:30 UTC 2016
On Thu, Jun 23, 2016 at 06:51:14PM -0000, intrigeri wrote:
> Two months later: ping?
Sorry about that.
> === modified file 'profiles/apparmor.d/abstractions/ubuntu-browsers'
> --- profiles/apparmor.d/abstractions/ubuntu-browsers 2012-04-25 19:13:15 +0000
> +++ profiles/apparmor.d/abstractions/ubuntu-browsers 2016-04-24 14:26:52 +0000
> @@ -30,7 +30,7 @@
> # this should cover all firefox browsers and versions (including shiretoko
> # and abrowser)
> /usr/bin/firefox Cxr -> sanitized_helper,
> - /usr/lib/firefox*/firefox*.sh Cx -> sanitized_helper,
> + /usr/lib/firefox*/firefox*{,.sh} Cx -> sanitized_helper,
The problem with this is that firefox*{,.sh} is equivalent to firefox*.
Furthermore it matches the firefox binary /usr/lib/firefox/firefox as
shipped in ubuntu, which the original pattern did not.
But (and this is what prevented me from replying when the original merge
request was proposed), I'm not sure what the implications of that change
are, if any. The shipped firefox profile in ubuntu (16.04 LTS at least)
has "/usr/lib/firefox/firefox{,*[^s][^h]}" as it's profile match, so
potentially this could cause interference.
Is there a more tightly bound pattern for the esr firefoxes that debian
is shipping?
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
https://code.launchpad.net/~intrigeri/apparmor/add-firefox-esr-to-ubuntu-browsers/+merge/292725
Your team AppArmor Developers is requested to review the proposed merge of lp:~intrigeri/apparmor/add-firefox-esr-to-ubuntu-browsers into lp:apparmor.
More information about the AppArmor
mailing list