Ubuntu Security :: Set Up An Apparmor Profile For Firefox?
Apr 28, 2010Anyone set up an Apparmor profile for Firefox?
View 9 Replies
ADVERTISEMENT
Ubuntu Security :: No Firefox Profile In Apparmor?
Nov 15, 2010I'm trying to understand the Apparmor and would like to get FF profile from Bodhi.zazen [thank you],but I'm kinda new to Linux.Did lots of reading but missing one thing:
1.where is FF profile? I can't see any usr.lib.firefox-3.6.12
2. how do I do copy FF profile from Bodhi.zazen?
Ubuntu Security :: Cannot Enforce Firefox 4.0 Apparmor Profile
Apr 29, 2011Since Ubuntu 9.10 I used:
"sudo apt-get install apparmor-profiles
sudo enforce firefox"
However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.
Ubuntu Security :: Why Isn't Apparmor Firefox Profile Enabled By Default
Apr 25, 2010This page [URL] shows how to enable apparmor firefox profile. Why isnt apparmor firefox profile enabled by default? I would postulate that this would be because there must be some limitation by having the profile enabled. If so, what would the limitation be?
View 9 Replies View RelatedUbuntu Security :: Firefox Profile In Apparmor Skipped On Startup
Aug 9, 2011I have quiet splash disabled so I can see what boot processes are run on startup, and I notice that on every time I boot my computer the Firefox profile is skipped. Here's the message: Code: Skipping profile in /etc/ apparmor.d/disable: usr.bin.firefox,I checked /etc/apparmor.d/disable, and see that there is indeed a link to usr.bin.firefox. So I'm wondering how/why it got there. I haven't touched anything in AppArmor since my clean install of Natty.
View 6 Replies View RelatedUbuntu Security :: Use Lucid's Default Firefox AppArmor Profile For Swiftfox?
May 14, 2010But I couldn't find a modified version of it for Swiftfox anywhere, so I decided to modify it myself. But I'm not 100% sure that I did it correctly, so I thought I'd ask here.
Also, will Swiftfox 3.6.4 be able to use this same profile? I thought it might not because of the new "Out of process plugins" feature being added.
Ubuntu Security :: Enabling A New Profile In AppArmor?
Jun 18, 2011When I enable a new AppArmor profile that is not in the kernel, I've used this command:
Code:
apparmor_parser -r /path/to/profile
But when I recently read the manual for AppArmor, it says to use this command for new profiles:
Code:
apparmor_parser -a /path/to/profile
Have I done something wrong by using -r instead of -a?
Ubuntu Security :: Apparmor Profile Deleted / Can't Get It Back
Jun 21, 2011i was trying to edit my firefox apparmor profile. I used aa-genprof, and accidentally closed the terminal before the program was finished. Firefox wouldn't load properly after that whenever it was enforced. I uninstalled and reinstalled the profiles, but it didn't help.Finally I deleted the files for the profile itself ... now it will not reinstall them..I marked all the apparmor packages for complete removal and then reinstalled them but it will not put the original firefox profile back in.
View 2 Replies View RelatedUbuntu Security :: Generic AppArmor Profile For Untrusted Application
Sep 3, 2010I've read and re-read everything I can find about AppArmor, to no avail. On the whole, AppArmor isn't for me. However, rather than give up on it completely, I have an idea: create a profile that I could use as a template for any untrusted application, with the aim of 1) blocking it from network access and 2) blocking it from installing other applications. I've got as far as creating an empty profile:
Code:
# Generic AppArmor Profile for UntrustedApplication
#include <tunables/global>
/usr/sbin/UntrustedApplication {
#include <abstractions/base> }
What do I need to add to make this profile 100% permissive, except for the two exceptions stated above?
Fedora Security :: Possible To Create Selinux Profile For Program Like With Apparmor?
Jan 15, 2011Is it possible to create a selinux profile for a program like with Apparmor?
View 4 Replies View RelatedUbuntu Security :: Migrate - Default "Simple Application" AppArmor Profile
Sep 6, 2010I'm a Windows user, but now trying to migrate to Ubuntu. I have read AppArmor Docs/FAQs, and very impressed with it's possibilities. But I'm still not sure, can I have a profile which is applied to all applications I run (not listed in other profiles)? That would be great to have a "Simple Application" default profile, with permissions, say, to read/write to app's folder and to display graphics/play sounds!
View 1 Replies View RelatedUbuntu Security :: Disable The Apparmor In Firefox
Aug 8, 2010Inspite i have read through the sticky link but i have a query.
Example,
If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.
If not,how to disable the apparmor in firefox.Is it as below?
Code:
Ubuntu Security :: Apparmor For Firefox - How To Turn It Off
Nov 12, 2010Tried the apparmor profile for Firefox. how to turn it off. No matter what I do, it still shows up as being on in apparmor status.
View 3 Replies View RelatedUbuntu Security :: Write Allowed Even AppArmor Forced In Firefox
Feb 28, 2011I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,
But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):
Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?
Ubuntu Security :: Apparmor Profiles - Sudo Aa-logprof / Path To Firefox Allowed All When Asked
Jul 29, 2011I am using FF ver 5.0.1 from here After reading [URL] I did Code: sudo aa-logprof /path to firefox Allowed all when asked. But when I try to start FF in enforce mode I get
[Code]....
Debian Configuration :: Apparmor Profile For Iceweasel?
Feb 2, 2014I'm trying to figure out Apparmor,in doing so I've seen that there are no pre-configured profiles for Iceweasel,but there are two for Firefox in /usr/share/doc/apparmor-profiles/extras/ : Will it work if I simply replace "iceweasel" for "firefox" and set those profiles to complain mode,just to see what will eventually happen? Is that too obvious?
View 9 Replies View RelatedOpenSUSE :: Create A Profile In Apparmor For Applications?
Apr 16, 2011Is recommended to create a profile in apparmor for applications like amule, firefox, thunderbird, amsn ....?
View 7 Replies View RelatedGeneral :: Login MUCH Slower - Some Reference To AppArmor Profile - Screen Corruption ?
Jul 5, 2010I am new to linux but will try and be as precise as I can. I have a Dell Insp. 1545 with 3GB ram with 10.04_64
Problem: Rather out of the blue upon login, from the time of entering password to the desktop, is MUCH slower. I have no splash enabled and there is some reference to AppArmour profiles (it sits there at this apparmour reference , then sits trying to load desktop). However, I have never configured apparmor. Finally, on last login, there was some sort of screen corruption prior to getting to desktop.
Prior to all this i noticed that firefox "blinked" when I was using it, and then said that it needed to shutdown/restart for updates. I did notice at that time two of my previous tabs sortof acted oddly (moved around then disappeared).
I have no SSH/Server software etc activated.
I did change visudo so that sudo timeout shorter than it was. However that is the only modification to the system recently.
Ubuntu Security :: Recommend AppArmor And Other Security Measures?
Aug 31, 2010Or do you just use Ubuntu feeling safe enough without them? If you do use AppArmor and other security measures, what do you use them for? Obviously Firefox and Chrome would be two things. But what else?
View 9 Replies View RelatedUbuntu :: Force Firefox To Recognize A Certain Default Firefox Profile
Jun 16, 2010How do I force Firefox to recognize a certain default firefox profile I have?
For whatever reason I can't get FF to show all of the add-ons I have. Yes, they are installed and they appear when as icons when I first boot up but after I close FF and start it again there are no icons (like Adblock).
Ubuntu Security :: AppArmor For All Users
Jun 10, 2011I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies View RelatedUbuntu Security :: Apparmor Will Work On The 10.04 Livecd?
Jan 29, 2010Does anyone know if Apparmor will work on the Ubuntu 10.04 livecd? I know there are currently issues running Apparmor on stacked filesystems with aufs. Currently a casper scripts disables Apparmor during boot up. Would be very useful if it could be run in a live session.
View 4 Replies View RelatedUbuntu Security :: How To Test That Apparmor Is Working
Oct 9, 2010So I activated the Firefox profile:
Code:
And restarted Firefox (even rebooted), but it doesn't seem to be working. When I open Firefox I am able to perform a "Save Page As" in locations I shouldn't be able to, like my Desktop or Pictures folder.
The following command says the Firefox process is in enforce mode:
Code:
Of the following lines, the only directory which is "rw" is /Downloads, why am I still able to write to other places?
Code:
OS: Ubuntu 10.10
Can someone with an active Firefox profile do this simple test for me? Click File -> Save As and try to save somewhere the Apparmor profile shouldn't let you, and let me know the results.
Ubuntu Security :: Certain Commands Not Working In Apparmor?
Jun 7, 2011I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
Ubuntu Security :: Updating AppArmor Profiles?
Jun 12, 2011Where is some good documentation with concrete examples on the best practices for how to update AppArmor profiles?
View 2 Replies View RelatedUbuntu Installation :: [Jaunty] Apparmor Error When Upgrading Firefox
Jan 23, 2010When I use a package manager (aptitude or synaptic) to install updates to firefox (3.6), I get the following error:
[Code]...
Ubuntu Security :: Using Apparmor To Restrict File Browser?
Sep 21, 2010I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.
View 2 Replies View RelatedUbuntu Security :: Apparmor Protecting Files From Users
Jan 8, 2011It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies View RelatedUbuntu Security :: AppArmor Enforce Program Without Logging?
Apr 19, 2011I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.
Is there a way to let it enforce restrictions but not log denials?
Ubuntu Security :: Using Apparmor To Restrict Networking To Specific Ports?
Jun 12, 2011Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.