[apparmor] Multiprocess Firefox (aka. Electrolysis i.e. e10s) confinement
intrigeri
intrigeri at debian.org
Fri Jun 16 18:16:05 UTC 2017
Hi,
FWIW, to those who maintain AppArmor profiles for Firefox here and
there, in the hope I'm not too late at avoiding duplicated work:
I have split the AppArmor profiles for Tor Browser so that the content
rendering processes have only read-only access to the Firefox
components they need + extensions installed by the user. My work was
based on the Tor Browser profiles shipped with torbrowser-launcher, so
it may need some minor adjustments to be useful for regular Firefox,
but that should be a good starting point for anyone interested in
such matters.
Here it is:
https://github.com/intrigeri/torbrowser-launcher/blob/apparmor-e10s/apparmor/torbrowser.Browser.firefox
https://github.com/intrigeri/torbrowser-launcher/blob/apparmor-e10s/apparmor/torbrowser.Browser.plugin-container
Cheers,
--
intrigeri
More information about the AppArmor
mailing list