[ubuntu-hardened] [AppArmor] Default Firefox profile: ~/Downloads and ~/Public directory issue.

[Daniel Curtis]

Hello,

If, let say, user native language is not English, and he
want to use/enable AppArmor profile for a Firefox, then
he must do some changes in a one place? I mean this
one:

# Default profile allows downloads to ~/Downloads and
# uploads from ~/Public
owner @{HOME}/ r,
owner @{HOME}/Public/ r,
owner @{HOME}/Public/* r,
owner @{HOME}/Downloads/ r,
owner @{HOME}/Downloads/* rw,

By default, all directory names are in English, but for real
it looks different, because of a native user language (which
is non-english). So, to make everything works okay and
really protect Firefox, user should/must make some changes?
I mean changing dirs names to his native language and
- of course - reload Firefox profile.

Summary: after changes, profile should look like in this way:

owner @{HOME}/ r,
owner @{HOME}/Public_in_user_native_language/ r,
owner @{HOME}/Public_in_user_native_language/* r,
owner @{HOME}/Downloads_in_user_native_language/ r,
owner @{HOME}/Downloads_in_user_native_language/* rw,

Am I right or everything is okay and there is no need to change anything in
a Firefox profile? Or the user does not have to
make any changes, because of some other settings?

It seems to be very important issue. Especially from a
security point of view. If someone is a non-english person,
then it seems, that AppArmor is not protecting well, Firefox
and users home directories (see above). I hope I'm wrong.

One more thing. If I remember correctly, there was some discussion about
this issue (e.g. on launchpad), but I would
like to get a short, right answer on this topic.

Best regards.

P.S. I'm sorry for this question on the ubuntu-hardened
mailing list (this one). It rather should be asked on a
mailing list related with AppArmor, right?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20140506/0b5529dc/attachment.html>