149866 – AppArmor - profiles are missing

Bug 149866 - AppArmor - profiles are missing

Summary: AppArmor - profiles are missing

Status:	RESOLVED WONTFIX

Alias:	None

Product:	SUSE Linux 10.1
Classification:	openSUSE
Component:	AppArmor (show other bugs)
Version:	Beta 3
Hardware:	i386 Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Seth R Arnold
QA Contact:	Dominic W Reynolds

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2006-02-10 08:56 UTC by Petra Gutmann
Modified:	2006-02-22 21:31 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petra Gutmann 2006-02-10 08:56:53 UTC

The "firefox profile" is missing in AppArmor.

Comment 1 Seth R Arnold 2006-02-22 21:31:29 UTC

We have included a profile for /usr/lib/firefox/firefox.sh in the /etc/apparmor/profiles/extras directory. Profiles in this directory are not enforced by default, and are provided solely in case system administrators wish to use our profiles as a base.

We have decided to disable the firefox profile because users expect their web browsers to do many different things. What is acceptible for one user is not acceptible for another. If we ship a profile designed to least inconvenience users, the profile will provide very little security value -- except when firefox is run by root. If we ship a profile designed to provide reasonable security value, we will irritate an unreasonable number of users.

Thus, we've decided to have firefox be an 'opt-in' profile, rather than an 'opt-out' profile.

Thanks