[Apparmor-general] Re: Firefox not confined (openSUSE 10.3)?
Dominic Reynolds
dominicreynolds at gmail.com
Fri Oct 12 16:36:11 MDT 2007
Hi,
+++ Marcus Meissner [13/10/07 00:24 +0200]:
> On Sat, Oct 13, 2007 at 12:20:43AM +0200, Malte Gell wrote:
> > Hi there,
> >
> > I just installed openSUSE 10.3 from donwloadable DVD ISO. There are tons
> > of new profiles.
> >
> > However, when I use Firefox and invoke
> >
> > rcapparmor status
> >
> > I get this:
> >
> > apparmor module is loaded.
> > 10 profiles are loaded.
> > 10 profiles are in enforce mode.
> > /usr/sbin/ntpd
> > /usr/sbin/identd
> > /sbin/klogd
> > /sbin/syslogd
> > /sbin/syslog-ng
> > /usr/sbin/traceroute
> > /usr/sbin/nscd
> > /usr/sbin/mdnsd
> > /bin/ping
> > /usr/sbin/avahi-daemon
> > 0 profiles are in complain mode.
> > 4 processes have profiles defined.
> > 4 processes are in enforce mode :
> > /usr/sbin/nscd (2919)
> > /sbin/klogd (2097)
> > /sbin/syslog-ng (2098)
> > /usr/sbin/avahi-daemon (2696)
> > 0 processes are in complain mode.
> > 0 processes are unconfined but have a profile defined.
> >
> >
> > So, Firefox seems not to be among the confined processes, what is wrong
> > there or am I wrong?
>
> This is correct, there is just a very small number of profiles enabled
> by default.
>
> /etc/apparmor/profiles/extras/ has some more, just copy over *firefox*
> to /etc/apparmor.d/ and try it.
>
> Ciao, Marcus
> _______________________________________________
> Apparmor-general mailing list
> Apparmor-general at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-general
>
Also note that the profiles under /etc/apparmor/profiles/extras/ are
accesible by the tools (genprof/logprof/yast wizards) - so running genprof
firefox-bin will prompt you to use the profile under extras.
hth.
-dom
More information about the Apparmor-general
mailing list