[pkg-apparmor] Bug#865206: [apparmor] Bug#865206: apparmor: Should apparmor abstractions allow flatpak directories?
Diane Trout
diane at ghic.org
Fri Jun 30 22:18:16 UTC 2017
> So this very much depends on the policy style you want. The firefox
> profile in its current form is very permissive. And I don't see a
> problem adding them to it and an abstraction does seem the right
> place
> to do it so
I'm using my own firefox policy (I think I started with the ubuntu one,
and ported to debian)
https://github.com/detrout/apparmor-det/blob/master/usr.bin.firefox
Though I also saw the tor-browser apparmor policy deny access to the
flatpak resources, and so thought other software might also be scanning
for flatpak resources. (And I just don't have them contained)
Given the other abstractions like fonts or dbus, I thought a flatpak
abstraction might make sense.
Diane
More information about the pkg-apparmor-team
mailing list