Hi there. I’m a relatively new linux user and would like some help using yast to set up apparmor protection for firefox.
I have read some articles on how to do this from various sources, however, every time I get to a particular point in the process what actually happens deviates from what I was told would happen.
Essentially, I understand I have to create a profile for both firefox and firefox.sh
When I go to make the profile through yast I get to the point where I have run firefox for a few minutes - I do some browsing, watch some youtube etc. Then when I get back to yast and I’m running the rest of the configuration process I get lost. The articles I read told me that all I would have to do for each privilege or file firefox accessed was push “Allow” or “Deny” or something to that affect.
In reality I had several options to choose from at each turn. For every privilege or file accessed, I had to choose from about six options, including “Inherit” or even to create a whole new profile for the file itself. It became very confusing. Would it be a good or bad idea to click “inherit” for each item? Probably not I assume.
Secondly, most of the literature I have read on apparmor states that while you are creating a new profile on an application, you should make an attack impossible. Well, how can I do this when I’m profiling firefox and therefore have to access the internet with it in order for apparmor to profile it - thus making it to some extent vulnerable to attack, especially considering I’m running root privileges through yast at the time?
Sorry, if I have not made myself very clear. If someone has the patience to help me out with this one, it would be greatly appreciated. I really wish firefox was set up by default in apparmor - although I realise there is probably a good reason it is not.