Hi Seth Today (based on your opinion, see 1.), I've added "lsb_release" child profile to the Firefox existing profile. I had to make a few small changes, due to the version of Python etc. Your "lsb_release" child contains - for example - rule related to the python3.[0-4] version, which is not available on my system and so on.
However, it seems that everything is okay. After adding "lsb_release" child profile, using apparmor_parser(8) to load a "new" Firefox profile into the kernel, restart AppArmor via '/etc/init.d/', there was not DENIED message about "/usr/bin/lsb_release" and requested_mask="x" denied_mask="x", which I saw earlier after every first Firefox start etc. (see 2.) Anyway, could You check if "my" version of "lsb_release" child profile is okay? Here it's: /usr/bin/lsb_release Cxr -> lsb_release, profile lsb_release { #include <abstractions/base> #include <abstractions/python> /usr/bin/lsb_release r, /bin/dash ixr, /usr/bin/dpkg-query ixr, # THERE IS ONLY "python-2.7" FOLDER ON MY SYSTEM # USE JUST: "/usr/include/python2.7/pyconfig.h r," RULE? /usr/include/python2.[4567]/pyconfig.h r, /etc/lsb-release r, /etc/debian_version r, /var/lib/dpkg/** r, ##/usr/local/lib/python3.[0-4]/dist-packages/ r, # THERE IS "python-2.7" FOLDER ON MY SYSTEM. USE THIS: #/usr/local/lib/python2.[0-7]/dist-packages/ r, # OR THIS RULE? (FOR NOW, I'M USING THIS ONE): /usr/local/lib/python2.7/dist-packages/ r, /usr/bin/ r, # THERE ARE: "python python2 python2.7" ON MY SYSTEM # IT'S OKAY? /usr/bin/python2.[0-7] r, # file_inherit deny /tmp/gtalkplugin.log w, } Once again; thank You very much Seth for all the help etc. Especially in this case. Your example of "lsb_release" child profile, helped me a lot. Really. Thanks. I hope, that "my" version is also okay :- ) Best regards. _____________ 1; https://lists.ubuntu.com/archives/apparmor/2017-January/010517.html 2; https://lists.ubuntu.com/archives/apparmor/2017-January/010506.html
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor