Hi, FWIW, to those who maintain AppArmor profiles for Firefox here and there, in the hope I'm not too late at avoiding duplicated work:
I have split the AppArmor profiles for Tor Browser so that the content rendering processes have only read-only access to the Firefox components they need + extensions installed by the user. My work was based on the Tor Browser profiles shipped with torbrowser-launcher, so it may need some minor adjustments to be useful for regular Firefox, but that should be a good starting point for anyone interested in such matters. Here it is: https://github.com/intrigeri/torbrowser-launcher/blob/apparmor-e10s/apparmor/torbrowser.Browser.firefox https://github.com/intrigeri/torbrowser-launcher/blob/apparmor-e10s/apparmor/torbrowser.Browser.plugin-container Cheers, -- intrigeri -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
