Re: Apparmor: 1 processes are unconfined but have a profile defined
Hi!
Thanks for your detail reply.
On 07/13/2018 11:42 PM, Reco wrote:
> Hi.
>
> I accept on-list communication only.
>
> On Fri, Jul 13, 2018 at 11:09:19PM +0300, Ge wrote:
>> Hi i couldn't figure out so i delete all Firefox profiles and i started
>> again from the beginning
>
> If you just deleted the files from /etc/apparmor.d - that won't be
> enough as old profiles are still loaded into the running kernel.
> See if it sticks after the reboot.
>
> But,
I also reboot my laptop
>
>> My Firefox profile now seems to work.
>>
>> sudo cat ./usr.lib.firefox-esr.firefox-esr
>
> If your Apparmor profile is not world-readable then you're doing it
> wrong (i.e. sudo should not be needed for this).
>
Why?
>> [sudo] password for gssd:
>> # Last Modified: Fri Jul 13 19:58:57 2018
>> #include <tunables/global>
>>
>> /usr/lib/firefox-esr/firefox-esr {
>
> That line's crucial. Enabling and disabling should be done via
> aa-enforce/aa-complain /usr/lib/firefox-esr/firefox-esr.
>
Yes i used aa-enforce and aa-disable. I didnt use aa-complain that much.
>
>> "/home/gssd/.mozilla/firefox/Crash Reports/*" r,
>
> This one and everything like it are better written as:
>
> owner "@{HOME}/.mozilla/firefox/Crash Reports/*" r
>
> And I wonder whenever disabling writing crash reports was intentional.
>
>> /home/*/.mozilla/firefox/72z9u2as.default/browser-extension-data/** rw,
>
> This one:
>
> owner @{HOME}/.mozilla/firefox/*/browser-extension-data/** rw,
>
>
I didnt write the profile files. I used aa-genprof and aa-logprof to
automatically created them.
Thanks again for your help!
> Everything else is more or less ok.
>
> Reco
>
Reply to: