[apparmor] [profile] Firefox: "DENIED", requested/denied_mask="r" for /proc/*/net/arp.
Seth Arnold
seth.arnold at canonical.com
Tue Nov 8 19:31:11 UTC 2016
On Tue, Nov 08, 2016 at 11:46:50AM +0100, daniel curtis wrote:
> Okay, thanks for an informations. Should I add some rule to the Firefox
> profile? I mean: "/proc/*/net/arp" or leave it as is? Honestly, Firefox
> works normally and I saw this "DENIED" message for the first time.
I guess it depends upon your goals. If you want Firefox to work as
designed but limit the scope of damage if it's attacked, then you should
allow the arp lookups. If you want to prevent Firefox from knowing more
details about your local network, then you should deny the accesses, and
be aware that this might prevent Firefox from working correctly in the
future.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161108/5fb8d6a9/attachment.pgp>
More information about the AppArmor
mailing list