|
Bugzilla – Full Text Bug Listing |
| Summary: | AppArmor - profiles are missing | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE Linux 10.1 | Reporter: | Petra Gutmann <pgutmann> |
| Component: | AppArmor | Assignee: | Seth R Arnold <seth.arnold> |
| Status: | RESOLVED WONTFIX | QA Contact: | Dominic W Reynolds <dreynolds> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | suse-beta |
| Version: | Beta 3 | ||
| Target Milestone: | --- | ||
| Hardware: | i386 | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Petra Gutmann
2006-02-10 08:56:53 UTC
We have included a profile for /usr/lib/firefox/firefox.sh in the /etc/apparmor/profiles/extras directory. Profiles in this directory are not enforced by default, and are provided solely in case system administrators wish to use our profiles as a base. We have decided to disable the firefox profile because users expect their web browsers to do many different things. What is acceptible for one user is not acceptible for another. If we ship a profile designed to least inconvenience users, the profile will provide very little security value -- except when firefox is run by root. If we ship a profile designed to provide reasonable security value, we will irritate an unreasonable number of users. Thus, we've decided to have firefox be an 'opt-in' profile, rather than an 'opt-out' profile. Thanks |