[Bug 592121] Re: firefox apparmor profile is too lenient

[Jamie Strandboge]

I have changed this to Fix Committed since at least part of the issue in
this bug is that the shipped profile is a conffile which makes
restricting the profile more difficult than it needs to be.

With the next firefox in Ubuntu 10.10, this easier to configure.
Specifically, a stripped down /etc/apparmor.d/usr.bin.firefox profile is
shipped by firefox and it will include
/etc/apparmor.d/local/usr.bin.firefox and /etc/apparmor.d/abstractions
/ubuntu-browsers.d/firefox. The latter will ship by default with the
abstractions in /etc/apparmor.d/abstractions/ubuntu-browsers.d/*
enabled, but this can be controlled with the aa-update-browser command
or hand edited to remove what is not wanted (for now, this won't be
touched on upgrades, see debconf note below). The former can be adjusted
as desired and will never be touched on upgrades.

The profile is still disabled by default. Setting the firefox profile's
mode (ie enabled vs disabled) and configuring
/etc/apparmor.d/abstractions/ubuntu-browsers.d/firefox via debconf is
planned, but may not land this cycle.

-- 
firefox apparmor profile is too lenient
https://bugs.launchpad.net/bugs/592121
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.