[ubuntu-hardened] AppArmor profile for plugin-container.

Seth Arnold seth.arnold at canonical.com
Wed Oct 16 21:53:12 UTC 2013

On Wed, Oct 16, 2013 at 09:00:15PM +0200, Daniel Curtis wrote:
> I would like to ask, if there is any reasons to create an
> additional AppArmor profile related to Firefox. I mean:
> plugin-container (e.g. usr.lib32.firefox.plugin-container).
> I have some doubts about my question; maybe Firefox's
> default profile is enough?

Hello Daniel,

This might be a good idea.

It wouldn't make sense for us to ship a "tighter" profile here, since
people use Flash for a huge variety of things (for example, multiple-file
upload widgets), and the existing Firefox profile is well-tuned for
safer-than-nothing but still allows nearly everything that people want to
do with their browsers.

But if you know how you use Flash, and want to drastically limit what
Flash (and other plugins) can do, this would be an easy way to noticably
restrict what third-party software can do on your computer without taking
too much of your time.

Have fun! :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20131016/6ac871fa/attachment.pgp>

More information about the ubuntu-hardened mailing list