Apparmor and skype.

To: debian-user@lists.debian.org
Subject: Apparmor and skype.
From: G <gpdsbe@mailbox.org>
Date: Fri, 8 Feb 2019 17:47:45 +0200
Message-id: <[🔎] 5e192d40-9021-d7b9-2c2c-8c241d066159@mailbox.org>
In-reply-to: <[🔎] 181614e3-b4ad-40d5-dc28-783aa2a1fa14@disroot.org>
References: <[🔎] 181614e3-b4ad-40d5-dc28-783aa2a1fa14@disroot.org>

Hi!
Im trying to setup apparmor on my computer.

Im trying to confine firefox-esr to just the necessary staff.
Config files and Download, Desktop directory.

This is my config file and i cant understand why it doesn't work. It
allows me to save everywhere i want.

I attach my apparmor profile


Thanks in Advance!!

# Last Modified: Fri Feb  8 16:08:56 2019
#include <tunables/global>

/usr/lib/firefox-esr/firefox-esr flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/lightdm>

  deny "/home/*/Computer Science/**" rw,
  deny /home/*/Data/** rw,
  deny /home/*/Data/Security/** rw,
  deny /home/*/Documents/** rw,
  deny /home/*/Music/** rw,
  deny /home/*/Pictures/** rw,
  deny /home/*/Public/** rw,
  deny /home/*/Templates/** rw,
  deny /home/*/Videos/** rw,

  /home/*/Desktop/** rw,
  /home/*/Downloads/** rw,

  "/home/*/.mozilla/firefox/Crash Reports/*" r,
  "/home/*/.mozilla/firefox/Pending Pings/" r,
  /dev/shm/org.chromium.* rw,
  /home/*/ r,
  /home/*/** rwk,
  /home/*/.ICEauthority r,
  /home/*/.Xauthority r,
  /home/*/.bash_history r,
  /home/*/.bash_logout r,
  /home/*/.bashrc r,
  /home/*/.cache/* rwk,
  /home/*/.cache/fontconfig/* r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/ r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/.startup-incomplete w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/activity-stream.tippytop.json r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/ r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/doomed/ r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/doomed/* w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/entries/* rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/index rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/index.log rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/index.tmp rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-backup/ rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/ rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/allow-flashallow-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/allow-flashallow-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/base-track-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/base-track-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flash-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flash-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flashsubdoc-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flash-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flash-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashallow-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashallow-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashsubdoc-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/google4/ rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozplugin-block-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozplugin-block-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore w,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-block-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-block-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-block-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-harmful-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-harmful-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-harmful-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-malware-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-malware-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-malware-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-phish-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-phish-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-phish-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-track-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-track-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-track-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-trackwhite-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-trackwhite-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-unwanted-simple-1.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-unwanted-simple.pset rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-unwanted-simple.sbstore rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/ rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/allow-flashallow-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/allow-flashallow-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/base-track-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/base-track-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flash-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flash-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flashsubdoc-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flashsubdoc-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flash-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flash-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashallow-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashallow-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashsubdoc-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashsubdoc-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/google4/ r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozplugin-block-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozplugin-block-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozstd-trackwhite-digest256.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozstd-trackwhite-digest256.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-block-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-block-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-harmful-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-harmful-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-malware-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-malware-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-phish-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-phish-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-track-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-track-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-trackwhite-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-trackwhite-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-unwanted-simple.pset r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-unwanted-simple.sbstore r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache-child-current.bin r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache-current.bin rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache-new.bin rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache.bin rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/startupCache.*.little r,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/urlCache-current.bin rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/urlCache-new.bin rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/urlCache.bin rw,
  /home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/webext.sc.lz4 r,
  /home/*/.config/dconf/user r,
  /home/*/.config/gtk-3.0/bookmarks r,
  /home/*/.config/mimeapps.list r,
  /home/*/.config/user-dirs.dirs r,
  /home/*/.dmrc r,
  /home/*/.local/share/* rw,
  /home/*/.local/share/applications/ r,
  /home/*/.local/share/applications/mimeapps.list r,
  /home/*/.local/share/applications/mimeinfo.cache r,
  /home/*/.local/share/gvfs-metadata/*.log r,
  /home/*/.local/share/gvfs-metadata/home r,
  /home/*/.local/share/mime/mime.cache r,
  /home/*/.mozilla/firefox/jjdjufjv.default/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/*.db rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/.parentlock wk,
  /home/*/.mozilla/firefox/jjdjufjv.default/AlternateServices.txt rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/SecurityPreloadState.txt rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/SiteSecurityServiceState.txt rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/TRRBlacklist.txt rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/addonStartup.json.lz4 r,
  /home/*/.mozilla/firefox/jjdjufjv.default/addons.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/blocklist.xml r,
  /home/*/.mozilla/firefox/jjdjufjv.default/bookmarkbackups/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/browser-extension-data/* r,
  /home/*/.mozilla/firefox/jjdjufjv.default/browser-extension-data/** rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/compatibility.ini r,
  /home/*/.mozilla/firefox/jjdjufjv.default/containers.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/content-prefs.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/cookies.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/cookies.sqlite-shm rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/cookies.sqlite-wal rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/aborted-session-ping w,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/aborted-session-ping.tmp rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/archived/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/archived/** rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/archived/*/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/session-state.json rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/session-state.json.tmp rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/datareporting/state.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/extension-settings.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/extensions.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/extensions/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/extensions/*.xpi r,
  /home/*/.mozilla/firefox/jjdjufjv.default/favicons.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/favicons.sqlite-shm rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/favicons.sqlite-wal rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/handlers.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/lock w,
  /home/*/.mozilla/firefox/jjdjufjv.default/permissions.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/pkcs11.txt r,
  /home/*/.mozilla/firefox/jjdjufjv.default/places.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/places.sqlite-shm rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/places.sqlite-wal rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/pluginreg.dat r,
  /home/*/.mozilla/firefox/jjdjufjv.default/prefs-1.js rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/prefs.js rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/revocations.txt r,
  /home/*/.mozilla/firefox/jjdjufjv.default/saved-telemetry-pings/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/search.json.mozlz4 r,
  /home/*/.mozilla/firefox/jjdjufjv.default/sessionCheckpoints.json rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/sessionCheckpoints.json.tmp rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage-sync.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage-sync.sqlite-journal rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/.metadata-v2 r,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/ r,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/*.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/*.sqlite-shm rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/*.sqlite-wal rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/times.json r,
  /home/*/.mozilla/firefox/jjdjufjv.default/webappsstore.sqlite rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/webappsstore.sqlite-shm rwk,
  /home/*/.mozilla/firefox/jjdjufjv.default/webappsstore.sqlite-wal rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/xulstore.json rw,
  /home/*/.mozilla/firefox/jjdjufjv.default/xulstore.json.tmp rw,
  /home/*/.mozilla/firefox/profiles.ini r,
  /home/*/.profile r,
  /home/*/.xfce4-session.verbose-log r,
  /home/*/.xfce4-session.verbose-log.last r,
  /home/*/.xsession-errors r,

  /lib/x86_64-linux-gnu/ld-*.so mr,
  /proc/*/fd/ r,
  /proc/*/maps r,
  /proc/*/mountinfo r,
  /proc/*/net/arp r,
  /proc/*/net/route r,
  /proc/*/stat r,
  /proc/*/task/*/stat r,
  /proc/filesystems r,
  /run/user/*/dconf/user rw,
  /sys/devices/pci0000:00/0000:00:02.0/config r,
  /sys/devices/pci0000:00/0000:00:02.0/uevent r,
  /tmp/** rwk,
  /tmp/*/ rw,
  /usr/bin/lsb_release Px,
  /usr/share/firefox-esr/browser/chrome/icons/default/*.png r,
  /usr/share/mozilla/extensions/\{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}/ r,
  /var/** mrwk,
  /{usr/,}lib{,32,64}/** mr,

}

Reply to:

Follow-Ups:
- Re: Apparmor and firefox!
  - From: G <gpdsbe@mailbox.org>

References:
- Stretch to buster
  - From: Paul Sutton <zleap@disroot.org>

Prev by Date: Re: Stretch to buster
Next by Date: Re: Apparmor and firefox!
Previous by thread: Re: Stretch to buster
Next by thread: Re: Apparmor and firefox!
Index(es):
- Date
- Thread