I am using FF ver 5.0.1 from here After reading [URL] I did Code: sudo aa-logprof /path to firefox Allowed all when asked. But when I try to start FF in enforce mode I get
[Code]....
I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,
But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):
Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?
Where is some good documentation with concrete examples on the best practices for how to update AppArmor profiles?
View 2 Replies View RelatedAnyone set up an Apparmor profile for Firefox?
View 9 Replies View RelatedInspite i have read through the sticky link but i have a query.
Example,
If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.
If not,how to disable the apparmor in firefox.Is it as below?
Code:
Tried the apparmor profile for Firefox. how to turn it off. No matter what I do, it still shows up as being on in apparmor status.
View 3 Replies View RelatedI'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:
1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?
Since Ubuntu 9.10 I used:
"sudo apt-get install apparmor-profiles
sudo enforce firefox"
However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.
This page [URL] shows how to enable apparmor firefox profile. Why isnt apparmor firefox profile enabled by default? I would postulate that this would be because there must be some limitation by having the profile enabled. If so, what would the limitation be?
View 9 Replies View RelatedI have quiet splash disabled so I can see what boot processes are run on startup, and I notice that on every time I boot my computer the Firefox profile is skipped. Here's the message: Code: Skipping profile in /etc/ apparmor.d/disable: usr.bin.firefox,I checked /etc/apparmor.d/disable, and see that there is indeed a link to usr.bin.firefox. So I'm wondering how/why it got there. I haven't touched anything in AppArmor since my clean install of Natty.
View 6 Replies View RelatedBut I couldn't find a modified version of it for Swiftfox anywhere, so I decided to modify it myself. But I'm not 100% sure that I did it correctly, so I thought I'd ask here.
Also, will Swiftfox 3.6.4 be able to use this same profile? I thought it might not because of the new "Out of process plugins" feature being added.
Ubuntu 9.10 stops booting with apparmor profiles failed to load error message in recovery mode.In the usual mode it hangs at the logo stage.I tried all the kernels listed but the boot process hangs every time.I searched for a solution but could not find it. Windows 7 boots fine.I haven't installed grub to the MBR.I had to reinstall the windows bootloader but I am not sure if it's related to the problem.I would like not to reinstall the os.
View 7 Replies View RelatedI have a problem when I want to use su I get this error:Code:su: pam_start: error 26I have googled it so I found this topic (http://www.linuxquestions.org/questi...r-26-a-615024/) but it didn't really help me. There was a reply on that topic and his question was what the output of this was:
Code:
ldd /usr/bin/passwd
and
[code]....
While reading some papers on securing apache with selinux, I have tried to bind httpd to port 3000 expecting to be blocked by the selinux, since port tcp 3000 isn't on the http_port_t list. However I was able to start the service...
I'm preety sure selinux is enforcing. Also, if I bind httpd to tcp 81 selinux denies the start of the service, as expected!Did I miss something? Why is httpd allowed to start binded to a port that's not explicitly allowed?
Or do you just use Ubuntu feeling safe enough without them? If you do use AppArmor and other security measures, what do you use them for? Obviously Firefox and Chrome would be two things. But what else?
View 9 Replies View RelatedWhen I installed Ubuntu (Lucid) on my new computer, As well as the login password I was asked for a keyring password. I gave one, but I am not sure exactly why I need this password. It seems that it was required to let me access the wifi - even though this has its own security code. I found I could stop the system asking for it every time I tried to connect to the internet using wifi by checking a button in the network setup, but when I registered for Ubuntu One, I was again asked for it - twice, once when I registered and again when I set up Tomboy notes sync. Now I get asked for it again every time I switch on.
I would like to know why the keyring passwords are needed in addition to the login password for a single user computer, which mine is and also how I can stop it asking for this password when I switch the computer on. One suggestion I have seen is to make the keyring password the same as my login password. If that is the case, then how do I change the keyring password?
I have quite a few things running, and walk away from the laptop. When I return and wake up the computer, I have a period of between 10-15 seconds before a password prompt is shown. I would expect the password prompt to come up before I am able to type and do any system commands.
View 2 Replies View RelatedI have a question about GNU-PG security for email clients. I have read that this is the best email protection available. I have it among available Ubuntu packages, too, but when I wanted to use it the registration process asked my real name. considering full or the best possible privacy claim, why real name? or is it ok just not to give the real name? I am not advanced in cryptography, could/can this not be avoided?
View 4 Replies View RelatedAfter installing a number of security updates that were listed in the update manager, I can no longer run the "sudo firefox" command.
I got the error message:No protocol specified cannot open display
I found this thread: [url]
Through which I found that I am able to run "sudo firefox" after running:
HTML Code:
I realize this doesn't give you a lot to go on.
Question: Is there a way to view which updates were last installed on my system?
Hello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies View RelatedHow do I get the new Firefox 3.6 to let me chose between different profiles when I start it?ith Firefox 3.5 I could do that with the command:Code:/usr/bin/firefox -p -no-remoteBut that doesn't seem to work anymore.
View 3 Replies View RelatedDoes anyone know if Apparmor will work on the Ubuntu 10.04 livecd? I know there are currently issues running Apparmor on stacked filesystems with aufs. Currently a casper scripts disables Apparmor during boot up. Would be very useful if it could be run in a live session.
View 4 Replies View RelatedSo I activated the Firefox profile:
Code:
And restarted Firefox (even rebooted), but it doesn't seem to be working. When I open Firefox I am able to perform a "Save Page As" in locations I shouldn't be able to, like my Desktop or Pictures folder.
The following command says the Firefox process is in enforce mode:
Code:
Of the following lines, the only directory which is "rw" is /Downloads, why am I still able to write to other places?
Code:
OS: Ubuntu 10.10
Can someone with an active Firefox profile do this simple test for me? Click File -> Save As and try to save somewhere the Apparmor profile shouldn't let you, and let me know the results.
I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
When I enable a new AppArmor profile that is not in the kernel, I've used this command:
Code:
apparmor_parser -r /path/to/profile
But when I recently read the manual for AppArmor, it says to use this command for new profiles:
Code:
apparmor_parser -a /path/to/profile
Have I done something wrong by using -r instead of -a?
When I use a package manager (aptitude or synaptic) to install updates to firefox (3.6), I get the following error:
[Code]...
I'm using both firefox 3.5 and firefox b11 in my fedora 14. The problem is I need diffrent profiles to work with in ff4. BUt once I create a new profile ff4 is not working. But the profiles are working properly with ff3.5. Some please help me in this regard because i need to different profiles, as I'm in process of developing a ff4 addon
View 8 Replies View RelatedInstead of upgrading to 10.10, I decided to install everything from scratch. Since the installation I can't make Firefox and Thunderbird work with the profiles I have always used on an NFS share. Locally Everything seems to work fine, but when I use the profiles on my NFS server I get in trouble. With Thunderbird I can read the email that is already there, but I can't get new one. It seems to hang during the connection. I can also write Drafts, and save them. RSS seems to work too. With Firefox I get the error "the bookmark and history system will not be functional because one of Firefox's files is in use by another application". When I try to open a url it doesn't work. Both applications start very slowly, but only when I open the profiles on the NFS share. I can happily read and write files on that share, so it can't be an access problem. I have a 64 bit machine, and I am using the Firefox 3.6.11 32 bit that I downloaded separately. Thunderbird is the one coming with the distribution.
View 1 Replies View RelatedI am trying to do as the title states, I am however having problems. I have tried deleting the profile and profile.ini in kubuntu and copying over the windows profile to home/user/.mozilla/firefox for example with firefox, this didn't work. I tried copying it there with the existing profile and changing the path of the ini file, to the windows profile name, this didn't work either. The only thing that I can think is that I am using 64 bit windows and 32 bit kubuntu.I have tried using firefox sync, this didn't work either.
View 9 Replies View Related