Please provide an AppArmor profile for Firefox
Ulrike Uhlig
ulrike at debian.org
Sun Mar 19 11:43:00 UTC 2017
Package: firefox
Severity: normal
Hi,
as you might know, AppArmor confines programs according to a set of
rules that specify what files a given program can access. This approach
helps protect the system against both known and unknown vulnerabilities.
In several distributions such as Ubuntu or Tails, AppArmor is enabled by
default.
I've not been able to find such a profile in the current Firefox package.
There is an AppArmor profile for Firefox available upstream:
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/firefox/vivid/view/head:/debian/usr.bin.firefox.apparmor.10.04
(this is the upstream profile which has been integrated into Ubuntu's
packaging of Firefox).
This profile is only active if people have installed AppArmor in first
case, so it should never break the package for users without AppArmor.
The profile can be included in your packaging quite easily.
All the necessary steps are documented here:
https://wiki.debian.org/AppArmor/Contribute/FirstTimeProfileImport
Please also see examples in the packages torbrowser-launcher or in
Icedove
(https://anonscm.debian.org/cgit/pkg-mozilla/icedove.git/tree/debian).
Please let me know if you need help.
Cheers!
ulrike
More information about the pkg-mozilla-maintainers
mailing list