Hi there. I’m a relatively new linux user and would like some help using
yast to set up apparmor protection for firefox.
I have read some articles on how to do this from various sources,
however, every time I get to a particular point in the process what
actually happens deviates from what I was told would happen.
Essentially, I understand I have to create a profile for both firefox
and firefox.sh
When I go to make the profile through yast I get to the point where I
have run firefox for a few minutes - I do some browsing, watch some
youtube etc. Then when I get back to yast and I’m running the rest of
the configuration process I get lost. The articles I read told me that
all I would have to do for each privilege or file firefox accessed was
push “Allow” or “Deny” or something to that affect.
In reality I had several options to choose from at each turn. For every
privilege or file accessed, I had to choose from about six options,
including “Inherit” or even to create a whole new profile for the file
itself. It became very confusing. Would it be a good or bad idea to
click “inherit” for each item? Probably not I assume.
Secondly, most of the literature I have read on apparmor states that
while you are creating a new profile on an application, you should make
an attack impossible. Well, how can I do this when I’m profiling firefox
and therefore have to access the internet with it in order for apparmor
to profile it - thus making it to some extent vulnerable to attack,
especially considering I’m running root privileges through yast at the
time?
Sorry, if I have not made myself very clear. If someone has the
patience to help me out with this one, it would be greatly appreciated.
I really wish firefox was set up by default in apparmor - although I
realise there is probably a good reason it is not.
–
steve_2
steve_2’s Profile: http://forums.opensuse.org/member.php?userid=15212
View this thread: http://forums.opensuse.org/showthread.php?t=404681