Hello Seth Thank You for an answer and sorry for my naive, stupid questions and other things.
>> Strictly speaking, even if you remove the ~/** rw, kinds of >> rules from firefox's profile, you'll still be able to download to >> any writable location in the profile. Doing any different would >> require modifications to Firefox. OK, I understand. Fortunately with Firefox v57 there is a number of various technological improvements. For example: "Notably, it is no longer possible to read private information in the home directory or the Firefox user profile, even if Firefox were to be compromised" and so on. I'm especially thinking about the "security.sandox.content.level" knob. Now default value is "3", which means that "adds blocking of (most) reading from the filesystem". (For more informations, please see [1]) Referring to all these Firefox "sandboxing improvements" in Linux, I think, that making additional changes in a Firefox profile is also a good idea etc. ;- ) Thank you, once again. ______________________ [1] http://www.morbo.org/2017/11/linux-sandboxing-improvements-in.html
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
