[apparmor] [profile] Firefox: "DENIED", requested/denied_mask="r" for /proc/*/net/arp.
daniel curtis
sidetripping at gmail.com
Fri Nov 18 18:47:48 UTC 2016
Hi Seth
Sorry for such a long time without answer, but I'm so busy. You wrote
something interesting:
>> If you want Firefox to work as designed but limit the scope
>> of damage if it's attacked... you should allow the arp lookups
So if AppArmor DENIED /proc/2496/net/arp (requested_mask="r"
denied_mask="r") access and according to yours words I should use such
rule:
@{PROC}/[0-9]*/net/arp r,
Am I right? It is a sufficient rule? Can you confirm this?
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161118/0cacc542/attachment.html>
More information about the AppArmor
mailing list