> So this very much depends on the policy style you want. The firefox > profile in its current form is very permissive. And I don't see a > problem adding them to it and an abstraction does seem the right > place > to do it so
I'm using my own firefox policy (I think I started with the ubuntu one, and ported to debian) https://github.com/detrout/apparmor-det/blob/master/usr.bin.firefox Though I also saw the tor-browser apparmor policy deny access to the flatpak resources, and so thought other software might also be scanning for flatpak resources. (And I just don't have them contained) Given the other abstractions like fonts or dbus, I thought a flatpak abstraction might make sense. Diane -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor