[Apparmor-general] Re: Firefox not confined (openSUSE 10.3)?
Crispin Cowan
crispin at mercenarylinux.com
Fri Oct 12 16:41:30 MDT 2007
Dominic Reynolds wrote:
> +++ Marcus Meissner [13/10/07 00:24 +0200]:
>
>> On Sat, Oct 13, 2007 at 12:20:43AM +0200, Malte Gell wrote:
>>
>>> I just installed openSUSE 10.3 from donwloadable DVD ISO. There are tons
>>> of new profiles.
>>> ...
>>> So, Firefox seems not to be among the confined processes, what is wrong
>>> there or am I wrong?
>>>
> Also note that the profiles under /etc/apparmor/profiles/extras/ are
> accesible by the tools (genprof/logprof/yast wizards) - so running genprof
> firefox-bin will prompt you to use the profile under extras.
>
This is IMHO the most important new AppArmor feature in openSUSE 10.3.
The tools now prompt you to download profiles from the opensuse.org
profile repository, and they prompt you to upload profiles that you
create back to the portal.
This automation should go a long way towards helping the community
cooperate to develop a great pool of application profiles, and improve
the use case coverage by allowing users to upload changes needed by
their use cases.
Hmmm. This makes AppArmor profiling even easier, and profiling is one of
the services Mercenary Linux offers. Maybe it wasn't such a good idea
after all :-)
Crispin
--
Crispin Cowan, Ph.D. http://mercenarylinux.com/
Itanium. Vista. GPLv3. Complexity at work
More information about the Apparmor-general
mailing list