12:54 <rbasak> I believe that's by design. 12:54 <rbasak> Restricting Firefox makes sense, but it destroys considerable functionality. So there's a trade-off.
12:54 <rbasak> If various functional parts of Firefox don't work by default because the profile is too restrictive, then users wouldn't use Ubuntu. 12:55 <rbasak> AFAIK, the profile is not enabled by default anyway for this reason. 12:55 <rbasak> Also the bug is against the wrong package. It's the firefox package that ships the AppArmor profile, not apparmor. 12:55 <rbasak> So I'll move it and flag it as security as that's your concern, and the security team can triage it. 12:56 <rbasak> We have a better way of containing browsers BTW. Use a snap instead. I don't know if there's one for Firefox yet. 12:57 <rbasak> https://blog.mozilla.org/futurereleases/2016/04/21 /firefox-default-browser-for-linux-users-ubuntu-new-snap-format-coming- soon/ 12:57 <rbasak> "Firefox is the default browser for Linux users on Ubuntu, new snap format coming soon" 12:58 <blackflow> rbasak: no the report is against AppArmor, because the real issue is in the ubuntu-browsers abstraction 12:58 <blackflow> if the profile is not enabled by default, then all the more reason to make it stricter and those users who are aware and explicitly enable it, will have saner defaults 12:58 <rbasak> Oh, fair enough. 12:59 <rbasak> But really, if you care about this stuff, you should look into snaps. ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662501 Title: AppArmor profile for ubuntu-browsers allows too much read access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1662501/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
