intrigeri writes:
> In any case, they don't enforce the profile by default, according to
> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles
If I read that page correctly, Ubuntu enables the profile for Firefox by
default in 20.04 LTS (released on April 23, 2020) and in 20.10.
On 2018-10-30 20:59, intrigeri wrote:
Vincas Dargis:
intrigeri, what is rationale for upping it to "normal"?
What do you mean? Today I merely tagged this bug "upstream".
Oh, sorry, right, it was changed from wishlist to normal in "Sun, 29 Oct 2017 11:21:06 GMT". I
erroneously joined it
Vincas Dargis:
> intrigeri, what is rationale for upping it to "normal"?
What do you mean? Today I merely tagged this bug "upstream".
> Maybe you would like/expect to have it in Buster?
Absolutely not.
> I kinda feel if we can't make Thunderbird profile actually useful,
> it's kinda naive to
intrigeri, what is rationale for upping it to "normal"?
Maybe you would like/expect to have it in Buster? Maybe some one plans to upstream Ubuntu profile,
etc. :)
I would really like to have it, but looking at Thunderbird experience, we kinda lack abstractions
for launching almost arbitrary
2017.04.05 09:08, intrigeri rašė:
IMO the parts that require third-party kernel patches shall be
upstreamed as well: the end goal would be that the resulting upstream
profile can be pulled as-is by as many distros as possible, including
those that apply these patches, i.e. Ubuntu and OpenSUSE.
Hi,
Vincas Dargis:
> 2017.04.04 08:26, intrigeri rašė:
>> Thanks! But it ships disabled (or in complain mode) by default, right?
> Yes it's disabled, and it's from firefox package.
Thanks!
>> OK. So these improvements shall be upstreamed.
>>> Or "fixed" old
2017.04.04 08:26, intrigeri rašė:
Thanks! But it ships disabled (or in complain mode) by default, right?
Yes it's disabled, and it's from firefox package. Tested on clean Ubuntu 16.04
LTS and
17.04 daily build virtual machines (it's the same):
$ file /etc/apparmor.d/disable/usr.bin.firefox
Hi,
Vincas Dargis:
> 2017.03.20 11:23, intrigeri rašė:
> Yes, they have profile in firefox package [0].
Thanks! But it ships disabled (or in complain mode) by default, right?
>> 1. Find out which profile (if there are several, e.g. a non-upstream
>>one shipped in Ubuntu's firefox package)
2017.03.20 11:23, intrigeri rašė:
Last time I checked, they did include it just like we already do, via
/usr/share/doc/apparmor-profiles/extras/usr.lib.firefox.firefox in the
apparmor-profiles package. But I didn't check recently so they might
very well be shipping another profile in their
Hi!
First, thanks a lot for moving this topic forward! It would be awesome
if Debian users could benefit, in a more straightforward manner, from
AppArmor confinement for Firefox :)
Ulrike Uhlig:
> @intrigeri: I was not aware that this profile is considered incomplete.
AFAIK it's incomplete, and
Hi Mike,
Mike Hommey:
> control: reassign -1 apparmor-profiles
>> Package: firefox
>> Severity: normal
>> as you might know, AppArmor confines programs according to a set of
>> rules that specify what files a given program can access. This approach
>> helps protect the system against both known
control: reassign -1 apparmor-profiles
On Sun, Mar 19, 2017 at 11:44:00AM +, Ulrike Uhlig wrote:
>
>
> Package: firefox
> Severity: normal
>
> Hi,
>
> as you might know, AppArmor confines programs according to a set of
> rules that specify what files a given program can access. This
Package: firefox
Severity: normal
Hi,
as you might know, AppArmor confines programs according to a set of
rules that specify what files a given program can access. This approach
helps protect the system against both known and unknown vulnerabilities.
In several distributions such as Ubuntu or
13 matches
Mail list logo
