Setting up Apparmor to protect firefox

Hi there. I’m a relatively new linux user and would like some help using yast to set up apparmor protection for firefox.

I have read some articles on how to do this from various sources, however, every time I get to a particular point in the process what actually happens deviates from what I was told would happen.

Essentially, I understand I have to create a profile for both firefox and

When I go to make the profile through yast I get to the point where I have run firefox for a few minutes - I do some browsing, watch some youtube etc. Then when I get back to yast and I’m running the rest of the configuration process I get lost. The articles I read told me that all I would have to do for each privilege or file firefox accessed was push “Allow” or “Deny” or something to that affect.

In reality I had several options to choose from at each turn. For every privilege or file accessed, I had to choose from about six options, including “Inherit” or even to create a whole new profile for the file itself. It became very confusing. Would it be a good or bad idea to click “inherit” for each item? Probably not I assume.

Secondly, most of the literature I have read on apparmor states that while you are creating a new profile on an application, you should make an attack impossible. Well, how can I do this when I’m profiling firefox and therefore have to access the internet with it in order for apparmor to profile it - thus making it to some extent vulnerable to attack, especially considering I’m running root privileges through yast at the time?

Sorry, if I have not made myself very clear. If someone has the patience to help me out with this one, it would be greatly appreciated. I really wish firefox was set up by default in apparmor - although I realise there is probably a good reason it is not.

I think the reason that Firefox is not set up as default in apparmor is that it is not really necessary.
Very difficult to attack Linux via Firefox. Firstly there is no activex and it is run as a normal user and therefor cannot execute programs. I actually remove apparmor on my system.
I googled for Firefox and apparmor i didn’t find anything.

Didn’t answer your question but as i said not needed IMHO


geoffro schreef:

> and it is run as a normal user and therefor cannot execute programs.

You’re saying normal users can’t execute programs?
I don’t think so.
And the files a user has acces to happen to be the files he or she cares

Saying a user can’t do any harm is wrong, it only easyer to get the harm
undone IF you make backups.

Firefox is pretty safe to use i’m sure, it’s the trillion extensions you
should be carefull with.

Chris Maaskant