[apparmor] [profile] Firefox: DENIED "m" access to /home/user/.nv folder.
Seth Arnold
seth.arnold at canonical.com
Mon Jan 30 19:24:46 UTC 2017
On Sat, Jan 28, 2017 at 12:05:54PM +0100, daniel curtis wrote:
> Thank You for helping me and for explanation. I'm thinking about three ways
> to handle the whole situation;
>
> 1) add "lsb_release" child profile (which You provided) to my Firefox
> profile and of course make it works on my system etc.,
>
> 2) ignore the whole thing - I mean DENIED entry in the log files etc.,
>
> 3) add one rule, which I mentioned earlier (I mean: "owner
> /usr/bin/lsb_release mrix,")
>
> What is your opinion? If, for example, third step is OK and I can use just
> this one rule, I would like to ask if it's secure or should I don't use an
> 'owner' prefix or some of the "mrix" permissions? Or maybe there is one
> more option?
Hi Daniel, I strongly recommend following #1.
You could follow #3 (after removing the 'owner' conditional) but you'd
have to add many of the same, or similar, rules to the firefox profile.
You might as well add them to a child profile instead and keep things
slightly tighter from the start.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170130/b1dd4547/attachment.pgp>
More information about the AppArmor
mailing list