[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

Could we eventually use xdg-desktop-portal? https://bugzilla.mozilla.org/show_bug.cgi?id=1490186 ** Bug watch added: Mozilla Bugzilla #1490186 https://bugzilla.mozilla.org/show_bug.cgi?id=1490186 -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

Hmmm, interesting! I wouldn't hold out too long on giving the friendly tools smarts vis-a-vis conditionals, since that kind of logic isn't necessarily straightforward (i.e. can be hard/time-consuming to implement), it's not necessary for power/paranoid users (we're happy resorting to a text

Re: [Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

On Sun, Jul 29, 2018 at 11:35:58PM -, Daniel Richard G. wrote: > I think we could really use some kind of conditional construct (IF ... > THEN ...) in AppArmor syntax. Everything being talking about here apparmor_parser does in fact have conditionals of exactly this form. They aren't

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

I think we could really use some kind of conditional construct (IF ... THEN ...) in AppArmor syntax. Everything being talking about here should, ideally, be adjustable using tunables. With a debconf configuration option, even. Between users who want strict access control to user files, and users

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

Hello. I think that the default Firefox profile can be made more restrictive, stricter. It's pretty simple and can be done by removing a few default rules (mentioned in bug report by Vlad K., for example) etc. Anyway, here are some ideas (based on testing made in the past). As an example, we can

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

I have created simialr bug in https://bugs.launchpad.net/firefox/+bug/1609439 . It's confusing having too (or more?) Firefoxes in launchpad... My original issue was that usr.bin.firefox contains kinda.. misinformation, if I may, with rules like: owner @{HOME}/Downloads/* rw, while included

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

Jamie, thanks for the elaborate explanation and directing the issue where it matters. I'd just like to comment on switching the issue to "firefox" package and "the firefox profile can be adjusted to remove the user-files abstraction ..." Removal of "user-files" abstraction would weaken the

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

Clarification re snaps and the 'home' interface> the 'home' interface does not grant access to toplevel hidden files and directories. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: